svn commit: r338221 - head/sbin/bectl

Thu Aug 23 01:45:20 UTC 2018

Author: kevans
Date: Thu Aug 23 01:45:18 2018
New Revision: 338221
URL: https://svnweb.freebsd.org/changeset/base/338221

Log:
  bectl(8): jail: Tear down jail by default after command exits
  
  Add a -U flag to get back the old behavior. The new behavior is a little
  more friendly to the common use cases, jail the BE and execute a script.
  Having the jail torn down automatically when the script is finished, or when
  you exit the shell, is a little more friendly than having to remember to
  `bectl ujail`.
  
  Batch mode (-b) will continue to leave the jail up, as it's assumed the
  caller has other intentions.
  
  Submitted by:	Shawn Webb (partially)

Modified:
  head/sbin/bectl/bectl.8
  head/sbin/bectl/bectl.c
  head/sbin/bectl/bectl_jail.c

Modified: head/sbin/bectl/bectl.8
==============================================================================

--- head/sbin/bectl/bectl.8	Thu Aug 23 01:42:45 2018	(r338220)
+++ head/sbin/bectl/bectl.8	Thu Aug 23 01:45:18 2018	(r338221)
@@ -18,7 +18,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 17, 2018
+.Dd August 22, 2018
 .Dt BECTL 8
 .Os
 .Sh NAME
@@ -50,7 +50,7 @@ import
 .Ao Ar targetBe Ac
 .Nm
 jail
-.Op Fl b
+.Op Fl b | Fl U
 .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
 .Ao Ar jailID | jailName Ac
 .Ao Ar bootenv Ac
@@ -148,6 +148,7 @@ Import
 from
 .Dv stdin .
 .It Ic jail
+.Op Fl b | Fl U
 .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
 .Ao Ar jailID | jailName Ac
 .Ao Ar bootenv Ac
@@ -172,10 +173,17 @@ If
 .Ar utility
 is specified, it will be executed instead of
 .Pa /bin/sh .
+The jail will be destroyed and the boot environment unmounted when the command
+finishes executing, unless the
+.Fl U
+argument is specified.
 .Pp
 The
 .Fl b
 argument enables batch mode, thereby disabling interactive mode.
+The
+.Fl U
+argument will be ignored in batch mode.
 .Pp
 The
 .Va name ,

Modified: head/sbin/bectl/bectl.c
==============================================================================
--- head/sbin/bectl/bectl.c	Thu Aug 23 01:42:45 2018	(r338220)
+++ head/sbin/bectl/bectl.c	Thu Aug 23 01:45:18 2018	(r338221)
@@ -77,7 +77,7 @@ usage(bool explicit)
 #if SOON
 	    "\tbectl add (path)*\n"
 #endif
-	    "\tbectl jail [-b] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n"
+	    "\tbectl jail [-b | -U] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n"
 	    "\tbectl list [-a] [-D] [-H] [-s]\n"
 	    "\tbectl mount beName [mountpoint]\n"
 	    "\tbectl rename origBeName newBeName\n"

Modified: head/sbin/bectl/bectl_jail.c
==============================================================================
--- head/sbin/bectl/bectl_jail.c	Thu Aug 23 01:42:45 2018	(r338220)
+++ head/sbin/bectl/bectl_jail.c	Thu Aug 23 01:45:18 2018	(r338221)
@@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/jail.h>
 #include <sys/mount.h>
+#include <sys/wait.h>
 #include <err.h>
 #include <jail.h>
 #include <stdbool.h>
@@ -179,10 +180,11 @@ int
 bectl_cmd_jail(int argc, char *argv[])
 {
 	char *bootenv, *mountpoint;
-	int jflags, jid, opt, ret;
-	bool default_hostname, default_name, interactive;
+	int jid, opt, ret;
+	bool default_hostname, default_name, interactive, unjail;
+	pid_t pid;
 
-	default_hostname = default_name = interactive = true;
+	default_hostname = default_name = interactive = unjail = true;
 	jpcnt = INIT_PARAMCOUNT;
 	jp = malloc(jpcnt * sizeof(*jp));
 	if (jp == NULL)
@@ -193,7 +195,7 @@ bectl_cmd_jail(int argc, char *argv[])
 	jailparam_add("allow.mount.devfs", "true");
 	jailparam_add("enforce_statfs", "1");
 
-	while ((opt = getopt(argc, argv, "bo:u:")) != -1) {
+	while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) {
 		switch (opt) {
 		case 'b':
 			interactive = false;
@@ -210,6 +212,9 @@ bectl_cmd_jail(int argc, char *argv[])
 					default_hostname = false;
 			}
 			break;
+		case 'U':
+			unjail = false;
+			break;
 		case 'u':
 			if ((ret = jailparam_delarg(optarg)) == 0) {
 				if (strcmp(optarg, "name") == 0)
@@ -259,16 +264,14 @@ bectl_cmd_jail(int argc, char *argv[])
 	if (default_hostname)
 		jailparam_add("host.hostname", bootenv);
 
-	jflags = JAIL_CREATE;
-	if (interactive)
-		jflags |= JAIL_ATTACH;
 	/*
 	 * This is our indicator that path was not set by the user, so we'll use
 	 * the path that libbe generated for us.
 	 */
 	if (mountpoint == NULL)
 		jailparam_add("path", mnt_loc);
-	jid = jailparam_set(jp, jpused, jflags);
+	/* Create the jail for now, attach later as-needed */
+	jid = jailparam_set(jp, jpused, JAIL_CREATE);
 	if (jid == -1) {
 		fprintf(stderr, "unable to create jail.  error: %d\n", errno);
 		return (1);
@@ -277,14 +280,34 @@ bectl_cmd_jail(int argc, char *argv[])
 	jailparam_free(jp, jpused);
 	free(jp);
 
-	if (interactive) {
+	/* We're not interactive, nothing more to do here. */
+	if (!interactive)
+		return (0);
+
+	pid = fork();
+	switch(pid) {
+	case -1:
+		perror("fork");
+		return (1);
+	case 0:
+		jail_attach(jid);
 		/* We're attached within the jail... good bye! */
 		chdir("/");
 		if (argc > 1)
 			execve(argv[1], &argv[1], NULL);
 		else
 			execl("/bin/sh", "/bin/sh", NULL);
-		return (1);
+		fprintf(stderr, "bectl jail: failed to execute %s\n",
+		    (argc > 1 ? argv[1] : "/bin/sh"));
+		_exit(1);
+	default:
+		/* Wait for the child to get back, see if we need to unjail */
+		waitpid(pid, NULL, 0);
+	}
+
+	if (unjail) {
+		jail_remove(jid);
+		unmount(mnt_loc, 0);
 	}
 
 	return (0);
