create an empty jail with libjail

joris dedieu joris.dedieu at gmail.com
Fri Oct 5 16:40:44 UTC 2012 

2012/10/5 joris dedieu <joris.dedieu at gmail.com>:
> 2012/10/5 joris dedieu <joris.dedieu at gmail.com>:
>> Hi,
>> I try to create an empty jail using libjail. Something equivalent to
>> "jail -c name=empty host.hostname=empty path=/var/empty persist". I've
>> tried with jailparam_import and jail_setv on 8.3 and 9.1 but both
>> failed. I can't find where my code is wrong.

Works too after reinstalling libc + fix a typo.

Working code :

int
main(int argc, char **argv)
{
        int jid;
        if((jid = jail_setv(JAIL_CREATE,
                        "name", "empty",
                        "path", "/var/empty",
                        "host.hostname", "empty",
                        "persist", NULL,
                        )) == -1)
                err(1, "jail_setv");
        printf("jid is %d", jid);
        return 0;
}

int
main(int argc, char **argv)
{
        struct jailparam params[4];
        int jid;
        jailparam_init(&params[0], "name");
        jailparam_import(&params[0], "empty");
        jailparam_init(&params[1], "host.hostname");
        jailparam_import(&params[1], "empty.rmdir.fr");
        jailparam_init(&params[2], "path");
        jailparam_import(&params[2], "/var/empty");
        jailparam_init(&params[3], "persist");
        jailparam_import(&params[3], NULL);

        if((jid = jailparam_set(params, 4, JAIL_CREATE)) == -1)
                err(1, "jailparam_set");
        printf("jid is %d", jid);
        return 0;
}

Sorry for the noise
Joris
>>
>> Eg 1:
>>
>> #include <sys/param.h>
>> #include <sys/jail.h>
>> #include <jail.h>
>>
>> int
>> main(int argc, char **argv)
>> {
>>         struct jailparam params[4];
>>         int jid;
>>         jailparam_init(&params[0], "name");
>>         jailparam_import(&params[0], "empty");
>>         jailparam_init(&params[1], "host.hostname");
>>         jailparam_import(&params[1], "empty.rmdir.fr");
>>         jailparam_init(&params[2], "path");
>>         jailparam_import(&params[2], "/var/empty");
>>         /*jailparam_init(&params[3], "persist");
>>         jailparam_import(&params[3], NULL);*/
>>
>>         if((jid = jailparam_set(params, 4, JAIL_CREATE)) == -1)
>>                 err(1, "jailparam_set");
>>         printf("jid is %d", jid);
>>         return 0;
>> }
>
> The problem with this code (except the comments) was in my world. It
> works fot me after reinstalling the libc.
> The second code (with jail_setv, still not working). I will try to
> find what's wrong with it.
>
> Joris
>>
>>
>>  jailparam_import fails with EINVAL  (from libc's jail_set but i don't
>> know why)
>>
>>
>> Eg 2:
>>
>> #include <sys/param.h>
>> #include <sys/jail.h>
>> #include <jail.h>
>>
>> int
>> main(int argc, char **argv)
>> {
>>         int jid;
>>         if((jid = jail_setv(JAIL_CREATE,
>>                         "name", "empty"
>>                         "host.hostname", "empty",
>>                         "path", "/var/empty",
>>                         "persist", NULL, NULL
>>                         )) == -1)
>>                 err(1, "jail_setv");
>>         printf("jid is %d", jid);
>>         return 0;
>> }
>>
>> jail_setv fails with ENOENT. I think it comes from  libjail's
>> jailparam_type as persist is not in security.jail.param's mib in
>> prison 0 (see .lib/libjail/jail.c:854).
>>
>>
>> I really don't understand why it doesn't work. If someone could have a
>> little look, it would be grate.
>>
>> Regards
>> Joris

More information about the freebsd-jail mailing list