head	1.56;
access;
symbols
	RELENG_8_4:1.56.0.2
	RELENG_9_1_0_RELEASE:1.47.2.3.2.2
	RELENG_9_1:1.47.2.3.0.2
	RELENG_9_1_BP:1.47.2.3
	RELENG_8_3_0_RELEASE:1.43.2.3.2.1
	RELENG_8_3:1.43.2.3.0.2
	RELENG_8_3_BP:1.43.2.3
	RELENG_9_0_0_RELEASE:1.47.2.1.2.1
	RELENG_9_0:1.47.2.1.0.2
	RELENG_9_0_BP:1.47.2.1
	RELENG_9:1.47.0.2
	RELENG_9_BP:1.47
	RELENG_7_4_0_RELEASE:1.37.2.4.4.1
	RELENG_8_2_0_RELEASE:1.43.2.1.6.1
	RELENG_7_4:1.37.2.4.0.4
	RELENG_7_4_BP:1.37.2.4
	RELENG_8_2:1.43.2.1.0.6
	RELENG_8_2_BP:1.43.2.1
	RELENG_8_1_0_RELEASE:1.43.2.1.4.1
	RELENG_8_1:1.43.2.1.0.4
	RELENG_8_1_BP:1.43.2.1
	RELENG_7_3_0_RELEASE:1.37.2.4.2.1
	RELENG_7_3:1.37.2.4.0.2
	RELENG_7_3_BP:1.37.2.4
	RELENG_8_0_0_RELEASE:1.43.2.1.2.1
	RELENG_8_0:1.43.2.1.0.2
	RELENG_8_0_BP:1.43.2.1
	RELENG_8:1.43.0.2
	RELENG_8_BP:1.43
	RELENG_7_2_0_RELEASE:1.37.2.3.2.1
	RELENG_7_2:1.37.2.3.0.2
	RELENG_7_2_BP:1.37.2.3
	RELENG_7_1_0_RELEASE:1.37.2.1.2.1
	RELENG_6_4_0_RELEASE:1.23.2.10.2.1
	RELENG_7_1:1.37.2.1.0.2
	RELENG_7_1_BP:1.37.2.1
	RELENG_6_4:1.23.2.10.0.2
	RELENG_6_4_BP:1.23.2.10
	RELENG_7_0_0_RELEASE:1.37.4.1
	RELENG_6_3_0_RELEASE:1.23.2.9
	RELENG_7_0:1.37.0.4
	RELENG_7_0_BP:1.37
	RELENG_6_3:1.23.2.9.0.2
	RELENG_6_3_BP:1.23.2.9
	RELENG_7:1.37.0.2
	RELENG_7_BP:1.37
	RELENG_6_2_0_RELEASE:1.23.2.7.2.1
	RELENG_6_2:1.23.2.7.0.2
	RELENG_6_2_BP:1.23.2.7
	RELENG_5_5_0_RELEASE:1.15.2.5
	RELENG_5_5:1.15.2.5.0.2
	RELENG_5_5_BP:1.15.2.5
	RELENG_6_1_0_RELEASE:1.23.2.3.2.1
	RELENG_6_1:1.23.2.3.0.2
	RELENG_6_1_BP:1.23.2.3
	RELENG_6_0_0_RELEASE:1.23.2.2
	RELENG_6_0:1.23.2.2.0.2
	RELENG_6_0_BP:1.23.2.2
	RELENG_6:1.23.0.2
	RELENG_6_BP:1.23
	RELENG_5_4_0_RELEASE:1.15.2.4
	RELENG_5_4:1.15.2.4.0.2
	RELENG_5_4_BP:1.15.2.4
	RELENG_5_3_0_RELEASE:1.15.2.2
	RELENG_5_3:1.15.2.2.0.2
	RELENG_5_3_BP:1.15.2.2
	RELENG_5:1.15.0.2
	RELENG_5_BP:1.15
	RELENG_5_2_1_RELEASE:1.7
	RELENG_5_2_0_RELEASE:1.7
	RELENG_5_2:1.7.0.2
	RELENG_5_2_BP:1.7
	RELENG_5_1_0_RELEASE:1.4
	RELENG_5_1:1.4.0.2
	RELENG_5_1_BP:1.4;
locks; strict;
comment	@# @;


1.56
date	2013.01.18.00.26.57;	author svnexp;	state Exp;
branches
	1.56.2.1;
next	1.55;

1.55
date	2012.11.17.04.30.31;	author svnexp;	state Exp;
branches;
next	1.54;

1.54
date	2012.11.17.01.49.05;	author svnexp;	state Exp;
branches;
next	1.53;

1.53
date	2012.09.11.05.04.59;	author obrien;	state Exp;
branches;
next	1.52;

1.52
date	2012.08.19.08.15.32;	author kuriyama;	state Exp;
branches;
next	1.51;

1.51
date	2012.07.18.23.01.23;	author des;	state Exp;
branches;
next	1.50;

1.50
date	2012.07.04.13.37.44;	author des;	state Exp;
branches;
next	1.49;

1.49
date	2012.01.20.22.55.19;	author brooks;	state Exp;
branches;
next	1.48;

1.48
date	2012.01.14.02.18.41;	author dougb;	state Exp;
branches;
next	1.47;

1.47
date	2011.03.30.01.19.00;	author emaste;	state Exp;
branches
	1.47.2.1;
next	1.46;

1.46
date	2010.03.07.04.26.21;	author dougb;	state Exp;
branches;
next	1.45;

1.45
date	2010.03.05.14.34.33;	author netchild;	state Exp;
branches;
next	1.44;

1.44
date	2009.11.02.09.56.46;	author remko;	state Exp;
branches;
next	1.43;

1.43
date	2009.06.10.18.18.14;	author ed;	state Exp;
branches
	1.43.2.1;
next	1.42;

1.42
date	2009.04.28.09.45.32;	author ru;	state Exp;
branches;
next	1.41;

1.41
date	2009.01.26.12.59.11;	author bz;	state Exp;
branches;
next	1.40;

1.40
date	2008.09.24.15.18.27;	author ru;	state Exp;
branches;
next	1.39;

1.39
date	2008.09.16.20.18.25;	author thompsa;	state Exp;
branches;
next	1.38;

1.38
date	2008.01.13.14.27.53;	author simon;	state Exp;
branches;
next	1.37;

1.37
date	2007.05.24.06.01.06;	author rse;	state Exp;
branches
	1.37.2.1
	1.37.4.1;
next	1.36;

1.36
date	2007.01.11.18.16.23;	author simon;	state Exp;
branches;
next	1.35;

1.35
date	2007.01.02.11.07.13;	author flz;	state Exp;
branches;
next	1.34;

1.34
date	2006.05.30.16.20.48;	author matteo;	state Exp;
branches;
next	1.33;

1.33
date	2006.05.30.16.07.59;	author matteo;	state Exp;
branches;
next	1.32;

1.32
date	2006.05.11.14.23.43;	author flz;	state Exp;
branches;
next	1.31;

1.31
date	2006.05.11.13.29.01;	author matteo;	state Exp;
branches;
next	1.30;

1.30
date	2006.05.09.17.50.16;	author matteo;	state Exp;
branches;
next	1.29;

1.29
date	2006.05.08.17.32.45;	author flz;	state Exp;
branches;
next	1.28;

1.28
date	2006.05.07.23.15.39;	author flz;	state Exp;
branches;
next	1.27;

1.27
date	2006.04.08.12.15.35;	author flz;	state Exp;
branches;
next	1.26;

1.26
date	2006.03.08.20.40.37;	author fjoe;	state Exp;
branches;
next	1.25;

1.25
date	2005.08.07.23.19.02;	author pjd;	state Exp;
branches;
next	1.24;

1.24
date	2005.08.07.22.38.41;	author pjd;	state Exp;
branches;
next	1.23;

1.23
date	2005.06.26.16.30.20;	author pjd;	state Exp;
branches
	1.23.2.1;
next	1.22;

1.22
date	2005.04.30.00.16.00;	author csjp;	state Exp;
branches;
next	1.21;

1.21
date	2005.01.16.03.12.03;	author obrien;	state Exp;
branches;
next	1.20;

1.20
date	2004.12.14.14.36.35;	author rse;	state Exp;
branches;
next	1.19;

1.19
date	2004.11.24.10.44.39;	author mux;	state Exp;
branches;
next	1.18;

1.18
date	2004.11.23.20.09.58;	author mux;	state Exp;
branches;
next	1.17;

1.17
date	2004.10.07.13.55.26;	author mtm;	state Exp;
branches;
next	1.16;

1.16
date	2004.08.19.08.55.24;	author des;	state Exp;
branches;
next	1.15;

1.15
date	2004.08.16.16.37.06;	author nectar;	state Exp;
branches
	1.15.2.1;
next	1.14;

1.14
date	2004.03.08.12.25.05;	author pjd;	state Exp;
branches;
next	1.13;

1.13
date	2004.02.03.12.59.30;	author mtm;	state Exp;
branches;
next	1.12;

1.12
date	2004.02.03.07.15.32;	author mtm;	state Exp;
branches;
next	1.11;

1.11
date	2004.02.02.13.25.28;	author mtm;	state Exp;
branches;
next	1.10;

1.10
date	2003.12.09.08.51.11;	author mtm;	state Exp;
branches;
next	1.9;

1.9
date	2003.12.09.08.32.43;	author mtm;	state Exp;
branches;
next	1.8;

1.8
date	2003.12.09.08.09.04;	author mtm;	state Exp;
branches;
next	1.7;

1.7
date	2003.10.13.08.20.55;	author dougb;	state Exp;
branches;
next	1.6;

1.6
date	2003.08.24.06.29.32;	author mtm;	state Exp;
branches;
next	1.5;

1.5
date	2003.08.19.03.49.30;	author kuriyama;	state Exp;
branches;
next	1.4;

1.4
date	2003.05.05.15.38.41;	author mtm;	state Exp;
branches;
next	1.3;

1.3
date	2003.04.19.07.50.32;	author mtm;	state Exp;
branches;
next	1.2;

1.2
date	2003.04.16.16.44.00;	author mtm;	state Exp;
branches;
next	1.1;

1.1
date	2003.04.16.16.27.23;	author mtm;	state Exp;
branches;
next	;

1.56.2.1
date	2013.01.18.00.26.57;	author svnexp;	state dead;
branches;
next	1.56.2.2;

1.56.2.2
date	2013.03.28.13.02.43;	author svnexp;	state Exp;
branches;
next	;

1.47.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.47.2.1.2.1;
next	1.47.2.2;

1.47.2.2
date	2012.02.10.15.54.17;	author brooks;	state Exp;
branches;
next	1.47.2.3;

1.47.2.3
date	2012.02.14.10.16.56;	author dougb;	state Exp;
branches
	1.47.2.3.2.1;
next	1.47.2.4;

1.47.2.4
date	2012.08.24.11.44.47;	author des;	state Exp;
branches;
next	1.47.2.5;

1.47.2.5
date	2012.10.21.10.19.07;	author kuriyama;	state Exp;
branches;
next	1.47.2.6;

1.47.2.6
date	2012.10.26.18.06.49;	author obrien;	state Exp;
branches;
next	1.47.2.7;

1.47.2.7
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	1.47.2.8;

1.47.2.8
date	2012.12.01.16.47.47;	author svnexp;	state Exp;
branches;
next	1.47.2.9;

1.47.2.9
date	2013.04.11.23.01.44;	author svnexp;	state Exp;
branches;
next	;

1.47.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.47.2.1.2.2;

1.47.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.47.2.3.2.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.47.2.3.2.2;

1.47.2.3.2.2
date	2012.11.17.08.47.01;	author svnexp;	state Exp;
branches;
next	;

1.43.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.43.2.1.2.1
	1.43.2.1.4.1
	1.43.2.1.6.1;
next	1.43.2.2;

1.43.2.2
date	2012.02.10.15.54.39;	author brooks;	state Exp;
branches;
next	1.43.2.3;

1.43.2.3
date	2012.02.14.10.17.14;	author dougb;	state Exp;
branches
	1.43.2.3.2.1;
next	1.43.2.4;

1.43.2.4
date	2012.10.25.15.25.17;	author kuriyama;	state Exp;
branches;
next	1.43.2.5;

1.43.2.5
date	2012.11.17.10.35.56;	author svnexp;	state Exp;
branches;
next	1.43.2.6;

1.43.2.6
date	2013.04.11.22.22.01;	author svnexp;	state Exp;
branches;
next	;

1.43.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.43.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.43.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.43.2.3.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.43.2.3.2.2;

1.43.2.3.2.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.37.2.1
date	2008.01.29.00.18.08;	author dougb;	state Exp;
branches
	1.37.2.1.2.1;
next	1.37.2.2;

1.37.2.2
date	2009.01.07.15.31.46;	author bz;	state Exp;
branches;
next	1.37.2.3;

1.37.2.3
date	2009.02.07.14.04.35;	author bz;	state Exp;
branches
	1.37.2.3.2.1;
next	1.37.2.4;

1.37.2.4
date	2010.01.24.16.59.04;	author ru;	state Exp;
branches
	1.37.2.4.2.1
	1.37.2.4.4.1;
next	1.37.2.5;

1.37.2.5
date	2012.02.14.10.17.30;	author dougb;	state Exp;
branches;
next	1.37.2.6;

1.37.2.6
date	2012.11.17.08.01.21;	author svnexp;	state Exp;
branches;
next	;

1.37.2.1.2.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.37.2.3.2.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.37.2.4.2.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.37.2.4.4.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.37.2.4.4.2;

1.37.2.4.4.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.37.4.1
date	2008.01.29.00.22.33;	author dougb;	state Exp;
branches;
next	;

1.23.2.1
date	2005.08.10.14.30.05;	author pjd;	state Exp;
branches;
next	1.23.2.2;

1.23.2.2
date	2005.08.16.08.43.06;	author pjd;	state Exp;
branches
	1.23.2.2.2.1;
next	1.23.2.3;

1.23.2.3
date	2006.03.11.08.00.57;	author fjoe;	state Exp;
branches
	1.23.2.3.2.1;
next	1.23.2.4;

1.23.2.4
date	2006.05.04.16.17.47;	author flz;	state Exp;
branches;
next	1.23.2.5;

1.23.2.5
date	2006.05.10.13.05.52;	author flz;	state Exp;
branches;
next	1.23.2.6;

1.23.2.6
date	2006.05.26.13.33.45;	author matteo;	state Exp;
branches;
next	1.23.2.7;

1.23.2.7
date	2006.06.06.15.04.39;	author flz;	state Exp;
branches
	1.23.2.7.2.1;
next	1.23.2.8;

1.23.2.8
date	2007.01.02.11.14.07;	author flz;	state Exp;
branches;
next	1.23.2.9;

1.23.2.9
date	2007.01.11.18.16.58;	author simon;	state Exp;
branches;
next	1.23.2.10;

1.23.2.10
date	2008.01.29.00.33.16;	author dougb;	state Exp;
branches
	1.23.2.10.2.1;
next	1.23.2.11;

1.23.2.11
date	2012.11.17.07.39.07;	author svnexp;	state Exp;
branches;
next	;

1.23.2.2.2.1
date	2007.01.11.18.18.35;	author simon;	state Exp;
branches;
next	;

1.23.2.3.2.1
date	2006.05.05.09.58.13;	author flz;	state Exp;
branches;
next	1.23.2.3.2.2;

1.23.2.3.2.2
date	2006.07.07.07.25.21;	author cperciva;	state Exp;
branches;
next	1.23.2.3.2.3;

1.23.2.3.2.3
date	2007.01.11.18.18.08;	author simon;	state Exp;
branches;
next	;

1.23.2.7.2.1
date	2007.01.11.18.17.24;	author simon;	state Exp;
branches;
next	1.23.2.7.2.2;

1.23.2.7.2.2
date	2007.02.28.18.24.37;	author simon;	state Exp;
branches;
next	;

1.23.2.10.2.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.15.2.1
date	2004.08.22.14.19.03;	author des;	state Exp;
branches;
next	1.15.2.2;

1.15.2.2
date	2004.10.10.09.50.53;	author mtm;	state Exp;
branches;
next	1.15.2.3;

1.15.2.3
date	2004.12.10.14.18.52;	author rse;	state Exp;
branches;
next	1.15.2.4;

1.15.2.4
date	2004.12.28.10.43.33;	author rse;	state Exp;
branches;
next	1.15.2.5;

1.15.2.5
date	2005.07.03.12.40.13;	author pjd;	state Exp;
branches
	1.15.2.5.2.1;
next	1.15.2.6;

1.15.2.6
date	2007.01.11.18.18.57;	author simon;	state Exp;
branches;
next	1.15.2.7;

1.15.2.7
date	2007.08.01.20.47.12;	author simon;	state Exp;
branches;
next	;

1.15.2.5.2.1
date	2007.01.11.18.19.33;	author simon;	state Exp;
branches;
next	1.15.2.5.2.2;

1.15.2.5.2.2
date	2007.08.01.20.48.19;	author simon;	state Exp;
branches;
next	;


desc
@@


1.56
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/245525
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/jail 245525 2013-01-17 01:27:39Z bz $
#

# PROVIDE: jail
# REQUIRE: LOGIN FILESYSTEMS
# BEFORE: securelevel
# KEYWORD: nojail shutdown

# WARNING: This script deals with untrusted data (the data and
# processes inside the jails) and care must be taken when changing the
# code related to this!  If you have any doubt whether a change is
# correct and have security impact, please get the patch reviewed by
# the FreeBSD Security Team prior to commit.

. /etc/rc.subr

name="jail"
rcvar="jail_enable"

start_precmd="jail_prestart"
start_cmd="jail_start"
stop_cmd="jail_stop"

# init_variables _j
#	Initialize the various jail variables for jail _j.
#
init_variables()
{
	_j="$1"

	if [ -z "$_j" ]; then
		warn "init_variables: you must specify a jail"
		return
	fi

	eval _rootdir=\"\$jail_${_j}_rootdir\"
	_devdir="${_rootdir}/dev"
	_fdescdir="${_devdir}/fd"
	_procdir="${_rootdir}/proc"
	eval _hostname=\"\$jail_${_j}_hostname\"
	eval _ip=\"\$jail_${_j}_ip\"
	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
	eval _exec=\"\$jail_${_j}_exec\"

	i=0
	while : ; do
		eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break
		i=$((i + 1))
	done

	eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"

	i=1
	while : ; do
		eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\"
		[ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] &&  break
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break
		i=$((i + 1))
	done

	eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"

	i=0
	while : ; do
		eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break
		i=$((i + 1))
	done

	if [ -n "${_exec}" ]; then
		#   simple/backward-compatible execution
		_exec_start="${_exec}"
		_exec_stop=""
	else
		#   flexible execution
		if [ -z "${_exec_start}" ]; then
			_exec_start="/bin/sh /etc/rc"
			if [ -z "${_exec_stop}" ]; then
				_exec_stop="/bin/sh /etc/rc.shutdown"
			fi
		fi
	fi

	# The default jail ruleset will be used by rc.subr if none is specified.
	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
	[ -z "${_devfs}" ] && _devfs="NO"
	eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
	[ -z "${_fdescfs}" ] && _fdescfs="NO"
	eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
	[ -z "${_procfs}" ] && _procfs="NO"

	eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
	[ -z "${_mount}" ] && _mount="NO"
	# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
	[ -z "${_flags}" ] && _flags="-l -U root"
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
	eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
	[ -z "${_parameters}" ] && _parameters=""
	eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"

	# Debugging aid
	#
	debug "$_j devfs enable: $_devfs"
	debug "$_j fdescfs enable: $_fdescfs"
	debug "$_j procfs enable: $_procfs"
	debug "$_j mount enable: $_mount"
	debug "$_j hostname: $_hostname"
	debug "$_j ip: $_ip"
	jail_show_addresses ${_j}
	debug "$_j interface: $_interface"
	debug "$_j fib: $_fib"
	debug "$_j root: $_rootdir"
	debug "$_j devdir: $_devdir"
	debug "$_j fdescdir: $_fdescdir"
	debug "$_j procdir: $_procdir"
	debug "$_j ruleset: $_ruleset"
	debug "$_j fstab: $_fstab"

	i=0
	while : ; do
		eval out=\"\${_exec_prestart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-start #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j exec start: $_exec_start"

	i=1
	while : ; do
		eval out=\"\${_exec_afterstart${i}:-''}\"

		if [ -z "$out" ]; then
			break;
		fi

		debug "$_j exec after start #${i}: ${out}"
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval out=\"\${_exec_poststart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-start #${i}: ${out}"
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval out=\"\${_exec_prestop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-stop #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j exec stop: $_exec_stop"

	i=0
	while : ; do
		eval out=\"\${_exec_poststop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-stop #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j flags: $_flags"
	debug "$_j consolelog: $_consolelog"
	debug "$_j parameters: $_parameters"

	if [ -z "${_hostname}" ]; then
		err 3 "$name: No hostname has been defined for ${_j}"
	fi
	if [ -z "${_rootdir}" ]; then
		err 3 "$name: No root directory has been defined for ${_j}"
	fi
}

# set_sysctl rc_knob mib msg
#	If the mib sysctl is set according to what rc_knob
#	specifies, this function does nothing. However if
#	rc_knob is set differently than mib, then the mib
#	is set accordingly and msg is displayed followed by
#	an '=" sign and the word 'YES' or 'NO'.
#
set_sysctl()
{
	_knob="$1"
	_mib="$2"
	_msg="$3"

	_current=`${SYSCTL} -n $_mib 2>/dev/null`
	if checkyesno $_knob ; then
		if [ "$_current" -ne 1 ]; then
			echo -n " ${_msg}=YES"
			${SYSCTL} 1>/dev/null ${_mib}=1
		fi
	else
		if [ "$_current" -ne 0 ]; then
			echo -n " ${_msg}=NO"
			${SYSCTL} 1>/dev/null ${_mib}=0
		fi
	fi
}

# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


# jail_umount_fs
#	This function unmounts certain special filesystems in the
#	currently selected jail. The caller must call the init_variables()
#	routine before calling this one.
#
jail_umount_fs()
{
	local _device _mountpt _rest

	if checkyesno _fdescfs; then
		if [ -d "${_fdescdir}" ] ; then
			secure_umount ${_fdescdir}
		fi
	fi
	if checkyesno _devfs; then
		if [ -d "${_devdir}" ] ; then
			secure_umount ${_devdir}
		fi
	fi
	if checkyesno _procfs; then
		if [ -d "${_procdir}" ] ; then
			secure_umount ${_procdir}
		fi
	fi
	if checkyesno _mount; then
		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
		tail -r ${_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
	fi
}

# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${_fstab}"
}

# jail_show_addresses jail
#	Debug print the input for the given _multi aliases
#	for a jail for init_variables().
#
jail_show_addresses()
{
	local _j _type alias
	_j="$1"
	alias=0

	if [ -z "${_j}" ]; then
		warn "jail_show_addresses: you must specify a jail"
		return
	fi

	while : ; do
		eval _addr=\"\$jail_${_j}_ip_multi${alias}\"
		if [ -n "${_addr}" ]; then
			debug "${_j} ip_multi${alias}: $_addr"
			alias=$((${alias} + 1))
		else
			break
		fi
	done
}

# jail_extract_address argument
#	The second argument is the string from one of the _ip
#	or the _multi variables. In case of a comma separated list
#	only one argument must be passed in at a time.
#	The function alters the _type, _iface, _addr and _mask variables.
#
jail_extract_address()
{
	local _i
	_i=$1

	if [ -z "${_i}" ]; then
		warn "jail_extract_address: called without input"
		return
	fi

	# Check if we have an interface prefix given and split into
	# iFace and rest.
	case "${_i}" in
	*\|*)	# ifN|.. prefix there
		_iface=${_i%%|*}
		_r=${_i##*|}
		;;
	*)	_iface=""
		_r=${_i}
		;;
	esac

	# In case the IP has no interface given, check if we have a global one.
	_iface=${_iface:-${_interface}}

	# Set address, cut off any prefix/netmask/prefixlen.
	_addr=${_r}
	_addr=${_addr%%[/ ]*}

	# Theoretically we can return here if interface is not set,
	# as we only care about the _mask if we call ifconfig.
	# This is not done because we may want to santize IP addresses
	# based on _type later, and optionally change the type as well.

	# Extract the prefix/netmask/prefixlen part by cutting off the address.
	_mask=${_r}
	_mask=`expr "${_mask}" : "${_addr}\(.*\)"`

	# Identify type {inet,inet6}.
	case "${_addr}" in
	*\.*\.*\.*)	_type="inet" ;;
	*:*)		_type="inet6" ;;
	*)		warn "jail_extract_address: type not identified"
			;;
	esac

	# Handle the special /netmask instead of /prefix or
	# "netmask xxx" case for legacy IP.
	# We do NOT support shortend class-full netmasks.
	if [ "${_type}" = "inet" ]; then
		case "${_mask}" in
		/*\.*\.*\.*)	_mask=" netmask ${_mask#/}" ;;
		*)		;;
		esac

		# In case _mask is still not set use /32.
		_mask=${_mask:-/32}

	elif [ "${_type}" = "inet6" ]; then
		# In case _maske is not set for IPv6, use /128.
		_mask=${_mask:-/128}
	fi
}

# jail_handle_ips_option {add,del} input
#	Handle a single argument imput which can be a comma separated
#	list of addresses (theoretically with an option interface and
#	prefix/netmask/prefixlen).
#
jail_handle_ips_option()
{
	local _x _action _type _i
	_action=$1
	_x=$2

	if [ -z "${_x}" ]; then
		# No IP given. This can happen for the primary address
		# of each address family.
		return
	fi

	# Loop, in case we find a comma separated list, we need to handle
	# each argument on its own.
	while [ ${#_x} -gt 0 ]; do
		case "${_x}" in
		*,*)	# Extract the first argument and strip it off the list.
			_i=`expr "${_x}" : '^\([^,]*\)'`
			_x=`expr "${_x}" : "^[^,]*,\(.*\)"`
			;;
		*)	_i=${_x}
			_x=""
			;;
		esac

		_type=""
		_iface=""
		_addr=""
		_mask=""
		jail_extract_address "${_i}"

		# make sure we got an address.
		case "${_addr}" in
		"")	continue ;;
		*)	;;
		esac

		# Append address to list of addresses for the jail command.
		case "${_type}" in
		inet)
			case "${_addrl}" in
			"")	_addrl="${_addr}" ;;
			*)	_addrl="${_addrl},${_addr}" ;;
			esac
			;;
		inet6)
			case "${_addr6l}" in
			"")	_addr6l="${_addr}" ;;
			*)	_addr6l="${_addr6l},${_addr}" ;;
			esac
			;;
		esac

		# Configure interface alias if requested by a given interface
		# and if we could correctly parse everything.
		case "${_iface}" in
		"")	continue ;;
		esac
		case "${_type}" in
		inet)	;;
		inet6)	ipv6_address_count=$((ipv6_address_count + 1)) ;;
		*)	warn "Could not determine address family.  Not going" \
			    "to ${_action} address '${_addr}' for ${_jail}."
			continue
			;;
		esac
		case "${_action}" in
		add)	ifconfig ${_iface} ${_type} ${_addr}${_mask} alias
			;;
		del)	# When removing the IP, ignore the _mask.
			ifconfig ${_iface} ${_type} ${_addr} -alias
			;;
		esac
	done
}

# jail_ips {add,del}
#	Extract the comma separated list of addresses and return them
#	for the jail command.
#	Handle more than one address via the _multi option as well.
#	If an interface is given also add/remove an alias for the
#	address with an optional netmask.
#
jail_ips()
{
	local _action
	_action=$1

	case "${_action}" in
	add)	;;
	del)	;;
	*)	warn "jail_ips: invalid action '${_action}'"
		return
		;;
	esac

	# Handle addresses.
	ipv6_address_count=0
	jail_handle_ips_option ${_action} "${_ip}"
	# Handle jail_xxx_ip_multi<N>
	alias=0
	while : ; do
		eval _x=\"\$jail_${_jail}_ip_multi${alias}\"
		case "${_x}" in
		"")	break ;;
		*)	jail_handle_ips_option ${_action} "${_x}"
			alias=$((${alias} + 1))
			;;
		esac
	done
	case ${ipv6_address_count} in
	0)	;;
	*)	# Sleep 1 second to let DAD complete before starting services.
		sleep 1
		;;
	esac
}

jail_prestart()
{
	if checkyesno jail_parallel_start; then
		command_args='&'
	fi
}

jail_start()
{
	echo -n 'Configuring jails:'
	set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \
	    set_hostname_allow
	set_sysctl jail_socket_unixiproute_only \
	    security.jail.socket_unixiproute_only unixiproute_only
	set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \
	    sysvipc_allow
	echo '.'

	echo -n 'Starting jails:'
	_tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \
	    err 3 "$name: Can't create temp dir, exiting..."
	for _jail in ${jail_list}
	do
		init_variables $_jail
		if [ -f /var/run/jail_${_jail}.id ]; then
			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
			continue;
		fi
		_addrl=""
		_addr6l=""
		jail_ips "add"
		if [ -n "${_fib}" ]; then
			_setfib="setfib -F '${_fib}'"
		else
			_setfib=""
		fi
		if checkyesno _mount; then
			info "Mounting fstab for jail ${_jail} (${_fstab})"
			if [ ! -f "${_fstab}" ]; then
				err 3 "$name: ${_fstab} does not exist"
			fi
			jail_mount_fstab
		fi
		if checkyesno _devfs; then
			# If devfs is already mounted here, skip it.
			df -t devfs "${_devdir}" >/dev/null
			if [ $? -ne 0 ]; then
				if is_symlinked_mountpoint ${_devdir}; then
					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
				info "Mounting devfs on ${_devdir}"
				devfs_mount_jail "${_devdir}" ${_ruleset}
				# Transitional symlink for old binaries
				if [ ! -L "${_devdir}/log" ]; then
					ln -sf ../var/run/log "${_devdir}/log"
				fi
			fi

			# XXX - It seems symlinks don't work when there
			#	is a devfs(5) device of the same name.
			# Jail console output
			#	__pwd="`pwd`"
			#	cd "${_devdir}"
			#	ln -sf ../var/log/console console
			#	cd "$__pwd"
		fi
		if checkyesno _fdescfs; then
			if is_symlinked_mountpoint ${_fdescdir}; then
				warn "${_fdescdir} has symlink as parent, not mounting"
			else
				info "Mounting fdescfs on ${_fdescdir}"
				mount -t fdescfs fdesc "${_fdescdir}"
			fi
		fi
		if checkyesno _procfs; then
			if is_symlinked_mountpoint ${_procdir}; then
				warn "${_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${_procdir}"
				if [ -d "${_procdir}" ] ; then
					mount -t procfs proc "${_procdir}"
				fi
			fi
		fi
		_tmp_jail=${_tmp_dir}/jail.$$

		i=0
		while : ; do
			eval out=\"\${_exec_prestart${i}:-''}\"
			[ -z "$out" ] && break
			${out}
			i=$((i + 1))
		done

		eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
			</dev/null

		if [ "$?" -eq 0 ] ; then
			_jail_id=$(head -1 ${_tmp_jail})
			i=1
			while : ; do
				eval out=\"\${_exec_afterstart${i}:-''}\"

				if [ -z "$out" ]; then
					break;
				fi

				jexec "${_jail_id}" ${out}
				i=$((i + 1))
			done

			echo -n " $_hostname"
			tail +2 ${_tmp_jail} >${_consolelog}
			echo ${_jail_id} > /var/run/jail_${_jail}.id

			i=0
			while : ; do
				eval out=\"\${_exec_poststart${i}:-''}\"
				[ -z "$out" ] && break
				${out}
				i=$((i + 1))
			done
		else
			jail_umount_fs
			jail_ips "del"
			echo " cannot start jail \"${_jail}\": "
			tail +2 ${_tmp_jail}
		fi
		rm -f ${_tmp_jail}
	done
	rmdir ${_tmp_dir}
	echo '.'
}

jail_stop()
{
	echo -n 'Stopping jails:'
	for _jail in ${jail_list}
	do
		if [ -f "/var/run/jail_${_jail}.id" ]; then
			_jail_id=$(cat /var/run/jail_${_jail}.id)
			if [ ! -z "${_jail_id}" ]; then
				init_variables $_jail

				i=0
				while : ; do
					eval out=\"\${_exec_prestop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done

				if [ -n "${_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
						>> ${_consolelog} 2>&1
				fi
				killall -j ${_jail_id} -TERM > /dev/null 2>&1
				sleep 1
				killall -j ${_jail_id} -KILL > /dev/null 2>&1
				jail_umount_fs
				echo -n " $_hostname"

				i=0
				while : ; do
					eval out=\"\${_exec_poststop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done
			fi
			jail_ips "del"
			rm /var/run/jail_${_jail}.id
		else
			echo " cannot stop jail ${_jail}. No jail id in /var/run"
		fi
	done
	echo '.'
}

load_rc_config $name
cmd="$1"
if [ $# -gt 0 ]; then
	shift
fi
if [ -n "$*" ]; then
	jail_list="$*"
fi

run_rc_command "${cmd}"
@


1.56.2.1
log
@file jail was added on branch RELENG_8_4 on 2013-03-28 13:02:43 +0000
@
text
@d1 761
@


1.56.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 742
#!/bin/sh
#
# $FreeBSD: releng/8.4/etc/rc.d/jail 242083 2012-10-25 15:25:17Z kuriyama $
#

# PROVIDE: jail
# REQUIRE: LOGIN cleanvar
# BEFORE: securelevel
# KEYWORD: nojail shutdown

# WARNING: This script deals with untrusted data (the data and
# processes inside the jails) and care must be taken when changing the
# code related to this!  If you have any doubt whether a change is
# correct and have security impact, please get the patch reviewed by
# the FreeBSD Security Team prior to commit.

. /etc/rc.subr

name="jail"
rcvar="jail_enable"
start_cmd="jail_start"
stop_cmd="jail_stop"

# init_variables _j
#	Initialize the various jail variables for jail _j.
#
init_variables()
{
	_j="$1"

	if [ -z "$_j" ]; then
		warn "init_variables: you must specify a jail"
		return
	fi

	eval _rootdir=\"\$jail_${_j}_rootdir\"
	_devdir="${_rootdir}/dev"
	_fdescdir="${_devdir}/fd"
	_procdir="${_rootdir}/proc"
	eval _hostname=\"\$jail_${_j}_hostname\"
	eval _ip=\"\$jail_${_j}_ip\"
	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
	eval _exec=\"\$jail_${_j}_exec\"

	i=0
	while : ; do
		eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break
		i=$((i + 1))
	done

	eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"

	i=1
	while : ; do
		eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\"
		[ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] &&  break
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break
		i=$((i + 1))
	done

	eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"

	i=0
	while : ; do
		eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break
		i=$((i + 1))
	done

	if [ -n "${_exec}" ]; then
		#   simple/backward-compatible execution
		_exec_start="${_exec}"
		_exec_stop=""
	else
		#   flexible execution
		if [ -z "${_exec_start}" ]; then
			_exec_start="/bin/sh /etc/rc"
			if [ -z "${_exec_stop}" ]; then
				_exec_stop="/bin/sh /etc/rc.shutdown"
			fi
		fi
	fi

	# The default jail ruleset will be used by rc.subr if none is specified.
	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
	[ -z "${_devfs}" ] && _devfs="NO"
	eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
	[ -z "${_fdescfs}" ] && _fdescfs="NO"
	eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
	[ -z "${_procfs}" ] && _procfs="NO"

	eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
	[ -z "${_mount}" ] && _mount="NO"
	# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
	[ -z "${_flags}" ] && _flags="-l -U root"
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
	eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
	[ -z "${_parameters}" ] && _parameters=""
	eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"

	# Debugging aid
	#
	debug "$_j devfs enable: $_devfs"
	debug "$_j fdescfs enable: $_fdescfs"
	debug "$_j procfs enable: $_procfs"
	debug "$_j mount enable: $_mount"
	debug "$_j hostname: $_hostname"
	debug "$_j ip: $_ip"
	jail_show_addresses ${_j}
	debug "$_j interface: $_interface"
	debug "$_j fib: $_fib"
	debug "$_j root: $_rootdir"
	debug "$_j devdir: $_devdir"
	debug "$_j fdescdir: $_fdescdir"
	debug "$_j procdir: $_procdir"
	debug "$_j ruleset: $_ruleset"
	debug "$_j fstab: $_fstab"

	i=0
	while : ; do
		eval out=\"\${_exec_prestart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-start #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j exec start: $_exec_start"

	i=1
	while : ; do
		eval out=\"\${_exec_afterstart${i}:-''}\"

		if [ -z "$out" ]; then
			break;
		fi

		debug "$_j exec after start #${i}: ${out}"
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval out=\"\${_exec_poststart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-start #${i}: ${out}"
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval out=\"\${_exec_prestop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-stop #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j exec stop: $_exec_stop"

	i=0
	while : ; do
		eval out=\"\${_exec_poststop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-stop #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j flags: $_flags"
	debug "$_j consolelog: $_consolelog"
	debug "$_j parameters: $_parameters"

	if [ -z "${_hostname}" ]; then
		err 3 "$name: No hostname has been defined for ${_j}"
	fi
	if [ -z "${_rootdir}" ]; then
		err 3 "$name: No root directory has been defined for ${_j}"
	fi
}

# set_sysctl rc_knob mib msg
#	If the mib sysctl is set according to what rc_knob
#	specifies, this function does nothing. However if
#	rc_knob is set differently than mib, then the mib
#	is set accordingly and msg is displayed followed by
#	an '=" sign and the word 'YES' or 'NO'.
#
set_sysctl()
{
	_knob="$1"
	_mib="$2"
	_msg="$3"

	_current=`${SYSCTL} -n $_mib 2>/dev/null`
	if checkyesno $_knob ; then
		if [ "$_current" -ne 1 ]; then
			echo -n " ${_msg}=YES"
			${SYSCTL_W} 1>/dev/null ${_mib}=1
		fi
	else
		if [ "$_current" -ne 0 ]; then
			echo -n " ${_msg}=NO"
			${SYSCTL_W} 1>/dev/null ${_mib}=0
		fi
	fi
}

# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


# jail_umount_fs
#	This function unmounts certain special filesystems in the
#	currently selected jail. The caller must call the init_variables()
#	routine before calling this one.
#
jail_umount_fs()
{
	local _device _mountpt _rest

	if checkyesno _fdescfs; then
		if [ -d "${_fdescdir}" ] ; then
			secure_umount ${_fdescdir}
		fi
	fi
	if checkyesno _devfs; then
		if [ -d "${_devdir}" ] ; then
			secure_umount ${_devdir}
		fi
	fi
	if checkyesno _procfs; then
		if [ -d "${_procdir}" ] ; then
			secure_umount ${_procdir}
		fi
	fi
	if checkyesno _mount; then
		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
		tail -r ${_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
	fi
}

# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${_fstab}"
}

# jail_show_addresses jail
#	Debug print the input for the given _multi aliases
#	for a jail for init_variables().
#
jail_show_addresses()
{
	local _j _type alias
	_j="$1"
	alias=0

	if [ -z "${_j}" ]; then
		warn "jail_show_addresses: you must specify a jail"
		return
	fi

	while : ; do
		eval _addr=\"\$jail_${_j}_ip_multi${alias}\"
		if [ -n "${_addr}" ]; then
			debug "${_j} ip_multi${alias}: $_addr"
			alias=$((${alias} + 1))
		else
			break
		fi
	done
}

# jail_extract_address argument
#	The second argument is the string from one of the _ip
#	or the _multi variables. In case of a comma separated list
#	only one argument must be passed in at a time.
#	The function alters the _type, _iface, _addr and _mask variables.
#
jail_extract_address()
{
	local _i
	_i=$1

	if [ -z "${_i}" ]; then
		warn "jail_extract_address: called without input"
		return
	fi

	# Check if we have an interface prefix given and split into
	# iFace and rest.
	case "${_i}" in
	*\|*)	# ifN|.. prefix there
		_iface=${_i%%|*}
		_r=${_i##*|}
		;;
	*)	_iface=""
		_r=${_i}
		;;
	esac

	# In case the IP has no interface given, check if we have a global one.
	_iface=${_iface:-${_interface}}

	# Set address, cut off any prefix/netmask/prefixlen.
	_addr=${_r}
	_addr=${_addr%%[/ ]*}

	# Theoretically we can return here if interface is not set,
	# as we only care about the _mask if we call ifconfig.
	# This is not done because we may want to santize IP addresses
	# based on _type later, and optionally change the type as well.

	# Extract the prefix/netmask/prefixlen part by cutting off the address.
	_mask=${_r}
	_mask=`expr "${_mask}" : "${_addr}\(.*\)"`

	# Identify type {inet,inet6}.
	case "${_addr}" in
	*\.*\.*\.*)	_type="inet" ;;
	*:*)		_type="inet6" ;;
	*)		warn "jail_extract_address: type not identified"
			;;
	esac

	# Handle the special /netmask instead of /prefix or
	# "netmask xxx" case for legacy IP.
	# We do NOT support shortend class-full netmasks.
	if [ "${_type}" = "inet" ]; then
		case "${_mask}" in
		/*\.*\.*\.*)	_mask=" netmask ${_mask#/}" ;;
		*)		;;
		esac

		# In case _mask is still not set use /32.
		_mask=${_mask:-/32}

	elif [ "${_type}" = "inet6" ]; then
		# In case _maske is not set for IPv6, use /128.
		_mask=${_mask:-/128}
	fi
}

# jail_handle_ips_option {add,del} input
#	Handle a single argument imput which can be a comma separated
#	list of addresses (theoretically with an option interface and
#	prefix/netmask/prefixlen).
#
jail_handle_ips_option()
{
	local _x _action _type _i
	_action=$1
	_x=$2

	if [ -z "${_x}" ]; then
		# No IP given. This can happen for the primary address
		# of each address family.
		return
	fi

	# Loop, in case we find a comma separated list, we need to handle
	# each argument on its own.
	while [ ${#_x} -gt 0 ]; do
		case "${_x}" in
		*,*)	# Extract the first argument and strip it off the list.
			_i=`expr "${_x}" : '^\([^,]*\)'`
			_x=`expr "${_x}" : "^[^,]*,\(.*\)"`
			;;
		*)	_i=${_x}
			_x=""
			;;
		esac

		_type=""
		_iface=""
		_addr=""
		_mask=""
		jail_extract_address "${_i}"

		# make sure we got an address.
		case "${_addr}" in
		"")	continue ;;
		*)	;;
		esac

		# Append address to list of addresses for the jail command.
		case "${_type}" in
		inet)
			case "${_addrl}" in
			"")	_addrl="${_addr}" ;;
			*)	_addrl="${_addrl},${_addr}" ;;
			esac
			;;
		inet6)
			case "${_addr6l}" in
			"")	_addr6l="${_addr}" ;;
			*)	_addr6l="${_addr6l},${_addr}" ;;
			esac
			;;
		esac

		# Configure interface alias if requested by a given interface
		# and if we could correctly parse everything.
		case "${_iface}" in
		"")	continue ;;
		esac
		case "${_type}" in
		inet)	;;
		inet6)	;;
		*)	warn "Could not determine address family.  Not going" \
			    "to ${_action} address '${_addr}' for ${_jail}."
			continue
			;;
		esac
		case "${_action}" in
		add)	ifconfig ${_iface} ${_type} ${_addr}${_mask} alias
			;;
		del)	# When removing the IP, ignore the _mask.
			ifconfig ${_iface} ${_type} ${_addr} -alias
			;;
		esac
	done
}

# jail_ips {add,del}
#	Extract the comma separated list of addresses and return them
#	for the jail command.
#	Handle more than one address via the _multi option as well.
#	If an interface is given also add/remove an alias for the
#	address with an optional netmask.
#
jail_ips()
{
	local _action
	_action=$1

	case "${_action}" in
	add)	;;
	del)	;;
	*)	warn "jail_ips: invalid action '${_action}'"
		return
		;;
	esac

	# Handle addresses.
	jail_handle_ips_option ${_action} "${_ip}"
	# Handle jail_xxx_ip_multi<N>
	alias=0
	while : ; do
		eval _x=\"\$jail_${_jail}_ip_multi${alias}\"
		case "${_x}" in
		"")	break ;;
		*)	jail_handle_ips_option ${_action} "${_x}"
			alias=$((${alias} + 1))
			;;
		esac
	done
}

jail_start()
{
	echo -n 'Configuring jails:'
	set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \
	    set_hostname_allow
	set_sysctl jail_socket_unixiproute_only \
	    security.jail.socket_unixiproute_only unixiproute_only
	set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \
	    sysvipc_allow
	echo '.'

	echo -n 'Starting jails:'
	_tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \
	    err 3 "$name: Can't create temp dir, exiting..."
	for _jail in ${jail_list}
	do
		init_variables $_jail
		if [ -f /var/run/jail_${_jail}.id ]; then
			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
			continue;
		fi
		_addrl=""
		_addr6l=""
		jail_ips "add"
		if [ -n "${_fib}" ]; then
			_setfib="setfib -F '${_fib}'"
		else
			_setfib=""
		fi
		if checkyesno _mount; then
			info "Mounting fstab for jail ${_jail} (${_fstab})"
			if [ ! -f "${_fstab}" ]; then
				err 3 "$name: ${_fstab} does not exist"
			fi
			jail_mount_fstab
		fi
		if checkyesno _devfs; then
			# If devfs is already mounted here, skip it.
			df -t devfs "${_devdir}" >/dev/null
			if [ $? -ne 0 ]; then
				if is_symlinked_mountpoint ${_devdir}; then
					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
				info "Mounting devfs on ${_devdir}"
				devfs_mount_jail "${_devdir}" ${_ruleset}
				# Transitional symlink for old binaries
				if [ ! -L "${_devdir}/log" ]; then
					ln -sf ../var/run/log "${_devdir}/log"
				fi
			fi

			# XXX - It seems symlinks don't work when there
			#	is a devfs(5) device of the same name.
			# Jail console output
			#	__pwd="`pwd`"
			#	cd "${_devdir}"
			#	ln -sf ../var/log/console console
			#	cd "$__pwd"
		fi
		if checkyesno _fdescfs; then
			if is_symlinked_mountpoint ${_fdescdir}; then
				warn "${_fdescdir} has symlink as parent, not mounting"
			else
				info "Mounting fdescfs on ${_fdescdir}"
				mount -t fdescfs fdesc "${_fdescdir}"
			fi
		fi
		if checkyesno _procfs; then
			if is_symlinked_mountpoint ${_procdir}; then
				warn "${_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${_procdir}"
				if [ -d "${_procdir}" ] ; then
					mount -t procfs proc "${_procdir}"
				fi
			fi
		fi
		_tmp_jail=${_tmp_dir}/jail.$$

		i=0
		while : ; do
			eval out=\"\${_exec_prestart${i}:-''}\"
			[ -z "$out" ] && break
			${out}
			i=$((i + 1))
		done

		eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1

		if [ "$?" -eq 0 ] ; then
			_jail_id=$(head -1 ${_tmp_jail})
			i=1
			while : ; do
				eval out=\"\${_exec_afterstart${i}:-''}\"

				if [ -z "$out" ]; then
					break;
				fi

				jexec "${_jail_id}" ${out}
				i=$((i + 1))
			done

			echo -n " $_hostname"
			tail +2 ${_tmp_jail} >${_consolelog}
			echo ${_jail_id} > /var/run/jail_${_jail}.id

			i=0
			while : ; do
				eval out=\"\${_exec_poststart${i}:-''}\"
				[ -z "$out" ] && break
				${out}
				i=$((i + 1))
			done
		else
			jail_umount_fs
			jail_ips "del"
			echo " cannot start jail \"${_jail}\": "
			tail +2 ${_tmp_jail}
		fi
		rm -f ${_tmp_jail}
	done
	rmdir ${_tmp_dir}
	echo '.'
}

jail_stop()
{
	echo -n 'Stopping jails:'
	for _jail in ${jail_list}
	do
		if [ -f "/var/run/jail_${_jail}.id" ]; then
			_jail_id=$(cat /var/run/jail_${_jail}.id)
			if [ ! -z "${_jail_id}" ]; then
				init_variables $_jail

				i=0
				while : ; do
					eval out=\"\${_exec_prestop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done

				if [ -n "${_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
						>> ${_consolelog} 2>&1
				fi
				killall -j ${_jail_id} -TERM > /dev/null 2>&1
				sleep 1
				killall -j ${_jail_id} -KILL > /dev/null 2>&1
				jail_umount_fs
				echo -n " $_hostname"

				i=0
				while : ; do
					eval out=\"\${_exec_poststop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done
			fi
			jail_ips "del"
			rm /var/run/jail_${_jail}.id
		else
			echo " cannot stop jail ${_jail}. No jail id in /var/run"
		fi
	done
	echo '.'
}

load_rc_config $name
cmd="$1"
if [ $# -gt 0 ]; then
	shift
fi
if [ -n "$*" ]; then
	jail_list="$*"
fi
run_rc_command "${cmd}"
@


1.55
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/243080
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r243080 | eadler | 2012-11-15 15:06:15 +0000 (Thu, 15 Nov 2012) | 7 lines
## SVN ##
## SVN ## Only pass ip[46].addr when _addrl contains a value
## SVN ##
## SVN ## Submitted by:	crees
## SVN ## Reviewed by:	Mike Jakubik <mike.jakubik@@intertainservices.com>
## SVN ## Approved by:	cperciva
## SVN ## MFC after:	2 weeks
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: head/etc/rc.d/jail 243080 2012-11-15 15:06:15Z eadler $
d512 1
a512 1
		inet6)	;;
d549 1
d562 6
@


1.54
log
@Switching exporter and resync
@
text
@d3 1
a3 1
# $FreeBSD: head/etc/rc.d/jail 240336 2012-09-11 05:04:59Z obrien $
d659 2
a660 1
			ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
@


1.53
log
@SVN rev 240336 on 2012-09-11 05:04:59Z by obrien

Simply things so that "#REQUIRE: FILESYSTEMS" means the file
systems are fully "ready to go".

'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting."  However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted.  Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing.  Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.52
log
@SVN rev 239382 on 2012-08-19 08:15:32Z by kuriyama

- Allow to pass extra parameters for each jails.
- To achieve above, convert jail(8) invocation to use new style
  command line "-c" flag.

Reviewed at:	freebsd-jail@@
@
text
@d7 1
a7 1
# REQUIRE: LOGIN cleanvar
@


1.51
log
@SVN rev 238605 on 2012-07-18 23:01:23Z by des

Move -n ${_jail} before ${_flags} so that any -n options in ${_flags}
will override ours instead of the other way around.
@
text
@d118 2
d198 1
d490 13
a502 3
		case "${_addrl}" in
		"")	_addrl="${_addr}" ;;
		*)	_addrl="${_addrl},${_addr}" ;;
d592 1
d658 2
a659 2
		eval ${_setfib} jail -n ${_jail} ${_flags} -i ${_rootdir} ${_hostname} \
			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
@


1.50
log
@SVN rev 238102 on 2012-07-04 13:37:44Z by des

Name jails automatically.

MFC after:	1 week
@
text
@d644 1
a644 1
		eval ${_setfib} jail ${_flags} -n ${_jail} -i ${_rootdir} ${_hostname} \
@


1.49
log
@SVN rev 230403 on 2012-01-20 22:55:19Z by brooks

When creating the jails /dev/log symlink, do it by full path to avoid
creating stray "log" symlinks if the mount fails.  That apparently
happens in some ezjail configs.

PR:		conf/143084
Submitted by:	Dirk Engling <erdgeist at erdgeist.org>
Reviewed by:	simon
MFC after:	2 weeks
@
text
@d644 1
a644 1
		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
@


1.48
log
@SVN rev 230099 on 2012-01-14 02:18:41Z by dougb

Prepare for the removal of set_rcvar() by changing the rcvar=
assignments to the literal values it would have returned.

The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.

During the discussion on freebsd-rc@@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
@
text
@d604 1
a604 4
					__pwd="`pwd`"
					cd "${_devdir}"
					ln -sf ../var/run/log log
					cd "$__pwd"
@


1.47
log
@SVN rev 220153 on 2011-03-30 01:19:00Z by emaste

Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical.
This is a further clean up after r202988.

SYSCTL_W is still initialized in rc.subr as some ports may still use it.
@
text
@d20 1
a20 1
rcvar=`set_rcvar`
@


1.47.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.47.2.2
log
@SVN rev 231388 on 2012-02-10 15:54:17Z by brooks

MFC r230403.

When creating the jails /dev/log symlink, do it by full path to avoid
creating stray "log" symlinks if the mount fails.  That apparently
happens in some ezjail configs.

PR:		conf/143084
Submitted by:	Dirk Engling <erdgeist at erdgeist.org>
@
text
@d604 4
a607 1
					ln -sf ../var/run/log "${_devdir}/log"
@


1.47.2.3
log
@SVN rev 231653 on 2012-02-14 10:16:56Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d20 1
a20 1
rcvar="jail_enable"
@


1.47.2.3.2.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.47.2.3.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.1/etc/rc.d/jail 231653 2012-02-14 10:16:56Z dougb $
@


1.47.2.4
log
@SVN rev 239647 on 2012-08-24 11:44:47Z by des

MFH (r238102, r238605): automatically name jails.
@
text
@d644 1
a644 1
		eval ${_setfib} jail -n ${_jail} ${_flags} -i ${_rootdir} ${_hostname} \
@


1.47.2.5
log
@SVN rev 241801 on 2012-10-21 10:19:07Z by kuriyama

MFC r239382:

- Allow to pass extra parameters for each jails.
- To achieve above, convert jail(8) invocation to use new style
  command line "-c" flag.
@
text
@a117 2
	eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
	[ -z "${_parameters}" ] && _parameters=""
a195 1
	debug "$_j parameters: $_parameters"
d487 3
a489 13
		case "${_type}" in
		inet)
			case "${_addrl}" in
			"")	_addrl="${_addr}" ;;
			*)	_addrl="${_addrl},${_addr}" ;;
			esac
			;;
		inet6)
			case "${_addr6l}" in
			"")	_addr6l="${_addr}" ;;
			*)	_addr6l="${_addr6l},${_addr}" ;;
			esac
			;;
a578 1
		_addr6l=""
d644 2
a645 2
		eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
@


1.47.2.6
log
@SVN rev 242153 on 2012-10-26 18:06:49Z by obrien

MFC: r240336:
  Simply things so that "#REQUIRE: FILESYSTEMS" means the file
  systems are fully "ready to go".

  'FILESYSTEMS' states: "This is a dummy dependency, for services which
  require file systems to be mounted before starting."  However, we have
  'var' which is was run after 'FILESYSTEMS' and can mount /var if it
  already isn't mounted.  Furthermore, several scripts cannot use /var
  until 'cleanvar' has done its thing.  Thus "FILESYSTEMS" hasn't really
  meant all critical file systems are fully usable.
@
text
@d7 1
a7 1
# REQUIRE: LOGIN FILESYSTEMS
@


1.47.2.7
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/jail 242153 2012-10-26 18:06:49Z obrien $
@


1.47.2.8
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/243757
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r243757 | eadler | 2012-12-01 16:44:33 +0000 (Sat, 01 Dec 2012) | 5 lines
## SVN ##
## SVN ## MFC r243080:
## SVN ## 	Only pass ip[46].addr when _addrl contains a value
## SVN ##
## SVN ## Approved by:	cperciva (implicit)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/jail 243757 2012-12-01 16:44:33Z eadler $
d659 1
a659 2
			${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \
			${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \
@


1.47.2.9
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/249387
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/jail 249387 2013-04-11 22:04:19Z bz $
d512 1
a512 1
		inet6)	ipv6_address_count=$((ipv6_address_count + 1)) ;;
a548 1
	ipv6_address_count=0
a560 6
	case ${ipv6_address_count} in
	0)	;;
	*)	# Sleep 1 second to let DAD complete before starting services.
		sleep 1
		;;
	esac
@


1.47.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.47.2.1.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.0/etc/rc.d/jail 220153 2011-03-30 01:19:00Z emaste $
@


1.46
log
@SVN rev 204818 on 2010-03-07 04:26:21Z by dougb

Implement the idea of parallel-only-at-start-time in a cleaner, more
rc.d'ish way.

Not objected to by:	netchild
@
text
@d222 1
a222 1
			${SYSCTL_W} 1>/dev/null ${_mib}=1
d227 1
a227 1
			${SYSCTL_W} 1>/dev/null ${_mib}=0
@


1.45
log
@SVN rev 204759 on 2010-03-05 14:34:33Z by netchild

Redirect stdin from /dev/null when starting a jail:
  At least in RELENG_7 this fixes some start problems for some programs
  from the ports. It is also more correct, as a jail shall not expect
  input (interactivity) from the jail-host.

Revert the current behavior of starting jails in the background and
make it optional only for the start of jails (jail_parallell_start=YES
in rc.conf):
 - The stop can not be done in the background, the system needs to wait
   until everything is stopped correctly before it can reboot or power
   down.
 - The start should not be done in parallel by default, this not only
   breaks POLA for people comming from RELENG_x, it may also break a
   dependency chain with other scripts in the jail-host, which need to
   do some stuff after the jails are up and running (e.g. hardlinking
   a mysql socket from one jail into another one).

Discussed on:	freebsd-jails@@
@
text
@d21 2
d550 7
d742 1
a742 15
# Only allow the parallel start of jails, other commands are not
# safe to execute in parallel.
case "${cmd}" in
*start)
	;;
*)
	jail_parallel_start=NO
esac

if checkyesno jail_parallel_start; then
	run_rc_command "${cmd}" &
else
	run_rc_command "${cmd}"
fi

@


1.44
log
@SVN rev 198785 on 2009-11-02 09:56:46Z by remko

Execute the start/stop process of a jail in the background.
This will prevent that the script hangs during startup, which
could cause annoying effects after rebooting for example.

PR:		kern/139422
Submitted by:	Andrey Groshev <greenx at yartv dot ru>
Approved by:	imp (mentor, implicit)
MFC after:	3 days
Facilitated by:	Snow B.V.
@
text
@d639 2
a640 1
			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
d732 16
a747 1
run_rc_command "${cmd}" &
@


1.43
log
@SVN rev 193939 on 2009-06-10 18:18:14Z by ed

Small cleanups to the jail script:

- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
  places as well.

Submitted by:	Jille Timmermans <jille quis cx> (not jilles)
Reviewed by:	jilles
@
text
@d731 1
a731 1
run_rc_command "${cmd}"
@


1.43.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.43.2.2
log
@SVN rev 231389 on 2012-02-10 15:54:39Z by brooks

MFC r230403.

When creating the jails /dev/log symlink, do it by full path to avoid
creating stray "log" symlinks if the mount fails.  That apparently
happens in some ezjail configs.

PR:		conf/143084
Submitted by:	Dirk Engling <erdgeist at erdgeist.org>
@
text
@d595 4
a598 1
					ln -sf ../var/run/log "${_devdir}/log"
@


1.43.2.3
log
@SVN rev 231655 on 2012-02-14 10:17:14Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d20 1
a20 1
rcvar="jail_enable"
@


1.43.2.4
log
@SVN rev 242083 on 2012-10-25 15:25:17Z by kuriyama

Merge r239382:

- Allow to pass extra parameters for each jails.
- To achieve above, convert jail(8) invocation to use new style
  command line "-c" flag.

Thanks to: lstewart
@
text
@a115 2
	eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
	[ -z "${_parameters}" ] && _parameters=""
a193 1
	debug "$_j parameters: $_parameters"
d485 3
a487 13
		case "${_type}" in
		inet)
			case "${_addrl}" in
			"")	_addrl="${_addr}" ;;
			*)	_addrl="${_addrl},${_addr}" ;;
			esac
			;;
		inet6)
			case "${_addr6l}" in
			"")	_addr6l="${_addr}" ;;
			*)	_addr6l="${_addr6l},${_addr}" ;;
			esac
			;;
a569 1
		_addr6l=""
d635 2
a636 2
		eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \
			ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1
@


1.43.2.5
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/8/etc/rc.d/jail 242083 2012-10-25 15:25:17Z kuriyama $
@


1.43.2.6
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/249388
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d3 1
a3 1
# $FreeBSD: stable/8/etc/rc.d/jail 249388 2013-04-11 22:08:59Z bz $
d510 1
a510 1
		inet6)	ipv6_address_count=$((ipv6_address_count + 1)) ;;
a546 1
	ipv6_address_count=0
a558 6
	case ${ipv6_address_count} in
	0)	;;
	*)	# Sleep 1 second to let DAD complete before starting services.
		sleep 1
		;;
	esac
@


1.43.2.3.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.43.2.3.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/8.3/etc/rc.d/jail 231655 2012-02-14 10:17:14Z dougb $
@


1.43.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.43.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.43.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.42
log
@SVN rev 191620 on 2009-04-28 09:45:32Z by ru

Added (pre|post)(start|stop) jail hooks.  These can be used to run
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.

Reviewed by:	simon
@
text
@d55 1
a55 1
	while [ true ]; do
a134 1
	debug "$_j consolelog: $_consolelog"
d149 1
a149 1
	while [ true ]; do
d644 1
a644 1
			while [ true ]; do
@


1.41
log
@SVN rev 187708 on 2009-01-26 12:59:11Z by bz

Update jail startup script for multi-IPv4/v6/no-IP jails.

Note: this is only really necessary because of the ifconfig
      logic to add/remove the jail IPs upon start/stop.
      Consensus among simon and I is that the logic should
      really be factored out from the startup script and put
      into a proper management solution.

- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
  helpful to set netmasks/prefixes for the right address
  family and per address.
- Implement jail_<jname>_ip options to support both
  address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
  option to configure additional addresses to avoid overlong,
  unreadbale jail_<jname>_ip lines with lots of addresses.

Submitted by:	initial work from Ruben van Staveren
Discussed on:	freebsd-jail in Nov 2008.
Reviewed by:	simon, ru (partial, older version)
MFC after:	1 week
@
text
@d44 8
d60 15
a74 1
	
d76 8
d135 12
a147 1
	debug "$_j consolelog: $_consolelog"
d161 20
d182 11
d630 9
d659 8
d688 9
d706 8
@


1.40
log
@SVN rev 183325 on 2008-09-24 15:18:27Z by ru

Allow a jail's IP alias to be created with an arbitrary netmask.

MFC after:	3 days
@
text
@a41 1
	eval _netmask=\"\${jail_${_j}_netmask:-255.255.255.255}\"
d96 1
a96 1
	debug "$_j netmask: $_netmask"
a129 4
	if [ -z "${_ip}" ]; then
		err 3 "$name: No IP address has been defined for ${_j}"
	fi

d275 202
d498 2
a499 3
		if [ -n "${_interface}" ]; then
			ifconfig ${_interface} alias ${_ip} netmask ${_netmask}
		fi
d559 1
a559 1
			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
d580 1
a580 3
			if [ -n "${_interface}" ]; then
				ifconfig ${_interface} -alias ${_ip}
			fi
d609 1
a609 3
			if [ -n "${_interface}" ]; then
				ifconfig ${_interface} -alias ${_ip}
			fi
@


1.39
log
@SVN rev 183100 on 2008-09-16 20:18:25Z by thompsa

Allow a jail to be started with a specific route fib.

Reviewed by:	secteam (simon)
Reviewed by:	brooks, bz
@
text
@d42 1
d97 1
d302 1
a302 1
			ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
@


1.38
log
@Add warning about this script dealing with untrusted data.

MFC after:	1 week
@
text
@d86 1
d97 1
d302 5
d360 1
a360 1
		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
@


1.37
log
@Fix indentation.
@
text
@d11 6
@


1.37.4.1
log
@MFC functional changes to etc:
1. yar's "dry run" patch to Makefile
2. Add zfs to the list of filesystems to check in
periodic/security/100.chksetuid
3. GC the nfslocking script, which has been superseded by lockd and statd
4. Add security warning to rc.d/jail
5. Add stop_cmd=':' to those rc.d scripts that do not start services,
but did not already have a stop_cmd.

And update comments in rc.firewall* and defaults/rc.conf.

Approved by:	re (kensmith)
@
text
@a10 6
# WARNING: This script deals with untrusted data (the data and
# processes inside the jails) and care must be taken when changing the
# code related to this!  If you have any doubt whether a change is
# correct and have security impact, please get the patch reviewed by
# the FreeBSD Security Team prior to commit.

@


1.37.2.1
log
@MFC functional changes to etc:
1. yar's "dry run" patch to Makefile
2. Add zfs to the list of filesystems to check in
periodic/security/100.chksetuid
3. GC the nfslocking script, which has been superseded by lockd and statd
4. Add security warning to rc.d/jail
5. Add stop_cmd=':' to those rc.d scripts that do not start services,
but did not already have a stop_cmd.
@
text
@a10 6
# WARNING: This script deals with untrusted data (the data and
# processes inside the jails) and care must be taken when changing the
# code related to this!  If you have any doubt whether a change is
# correct and have security impact, please get the patch reviewed by
# the FreeBSD Security Team prior to commit.

@


1.37.2.2
log
@SVN rev 186863 on 2009-01-07 15:31:46Z by bz

MFC: r183100
  Allow a jail to be started with a specific route fib.
@
text
@a85 1
	eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"
a95 1
	debug "$_j fib: $_fib"
a299 5
		if [ -n "${_fib}" ]; then
			_setfib="setfib -F '${_fib}'"
		else
			_setfib=""
		fi
d353 1
a353 1
		eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
@


1.37.2.3
log
@SVN rev 188287 on 2009-02-07 14:04:35Z by bz

MFC: r187708

  Update jail startup script for multi-IPv4/v6/no-IP jails.

  Note: this is only really necessary because of the ifconfig
        logic to add/remove the jail IPs upon start/stop.
        Consensus among simon and I is that the logic should
        really be factored out from the startup script and put
        into a proper management solution.

  - We now support starting of no-IP jails.
  - Implement jail_<jname>_ip options to support both
    address familes with regard to ifconfig logic.
  - Implement _multi<n> support suffix to the jail_<jname>_ip
    option to configure additional addresses to avoid overlong,
    unreadbale jail_<jname>_ip lines with lots of addresses.
@
text
@a95 1
	jail_show_addresses ${_j}
d129 4
a277 202
# jail_show_addresses jail
#	Debug print the input for the given _multi aliases
#	for a jail for init_variables().
#
jail_show_addresses()
{
	local _j _type alias
	_j="$1"
	alias=0

	if [ -z "${_j}" ]; then
		warn "jail_show_addresses: you must specify a jail"
		return
	fi

	while : ; do
		eval _addr=\"\$jail_${_j}_ip_multi${alias}\"
		if [ -n "${_addr}" ]; then
			debug "${_j} ip_multi${alias}: $_addr"
			alias=$((${alias} + 1))
		else
			break
		fi
	done
}

# jail_extract_address argument
#	The second argument is the string from one of the _ip
#	or the _multi variables. In case of a comma separated list
#	only one argument must be passed in at a time.
#	The function alters the _type, _iface, _addr and _mask variables.
#
jail_extract_address()
{
	local _i
	_i=$1

	if [ -z "${_i}" ]; then
		warn "jail_extract_address: called without input"
		return
	fi

	# Check if we have an interface prefix given and split into
	# iFace and rest.
	case "${_i}" in
	*\|*)	# ifN|.. prefix there
		_iface=${_i%%|*}
		_r=${_i##*|}
		;;
	*)	_iface=""
		_r=${_i}
		;;
	esac

	# In case the IP has no interface given, check if we have a global one.
	_iface=${_iface:-${_interface}}

	# Set address, cut off any prefix/netmask/prefixlen.
	_addr=${_r}
	_addr=${_addr%%[/ ]*}

	# Theoretically we can return here if interface is not set,
	# as we only care about the _mask if we call ifconfig.
	# This is not done because we may want to santize IP addresses
	# based on _type later, and optionally change the type as well.

	# Extract the prefix/netmask/prefixlen part by cutting off the address.
	_mask=${_r}
	_mask=`expr "${_mask}" : "${_addr}\(.*\)"`

	# Identify type {inet,inet6}.
	case "${_addr}" in
	*\.*\.*\.*)	_type="inet" ;;
	*:*)		_type="inet6" ;;
	*)		warn "jail_extract_address: type not identified"
			;;
	esac

	# Handle the special /netmask instead of /prefix or
	# "netmask xxx" case for legacy IP.
	# We do NOT support shortend class-full netmasks.
	if [ "${_type}" = "inet" ]; then
		case "${_mask}" in
		/*\.*\.*\.*)	_mask=" netmask ${_mask#/}" ;;
		*)		;;
		esac

		# In case _mask is still not set use /32.
		_mask=${_mask:-/32}

	elif [ "${_type}" = "inet6" ]; then
		# In case _maske is not set for IPv6, use /128.
		_mask=${_mask:-/128}
	fi
}

# jail_handle_ips_option {add,del} input
#	Handle a single argument imput which can be a comma separated
#	list of addresses (theoretically with an option interface and
#	prefix/netmask/prefixlen).
#
jail_handle_ips_option()
{
	local _x _action _type _i
	_action=$1
	_x=$2

	if [ -z "${_x}" ]; then
		# No IP given. This can happen for the primary address
		# of each address family.
		return
	fi

	# Loop, in case we find a comma separated list, we need to handle
	# each argument on its own.
	while [ ${#_x} -gt 0 ]; do
		case "${_x}" in
		*,*)	# Extract the first argument and strip it off the list.
			_i=`expr "${_x}" : '^\([^,]*\)'`
			_x=`expr "${_x}" : "^[^,]*,\(.*\)"`
			;;
		*)	_i=${_x}
			_x=""
			;;
		esac

		_type=""
		_iface=""
		_addr=""
		_mask=""
		jail_extract_address "${_i}"

		# make sure we got an address.
		case "${_addr}" in
		"")	continue ;;
		*)	;;
		esac

		# Append address to list of addresses for the jail command.
		case "${_addrl}" in
		"")	_addrl="${_addr}" ;;
		*)	_addrl="${_addrl},${_addr}" ;;
		esac

		# Configure interface alias if requested by a given interface
		# and if we could correctly parse everything.
		case "${_iface}" in
		"")	continue ;;
		esac
		case "${_type}" in
		inet)	;;
		inet6)	;;
		*)	warn "Could not determine address family.  Not going" \
			    "to ${_action} address '${_addr}' for ${_jail}."
			continue
			;;
		esac
		case "${_action}" in
		add)	ifconfig ${_iface} ${_type} ${_addr}${_mask} alias
			;;
		del)	# When removing the IP, ignore the _mask.
			ifconfig ${_iface} ${_type} ${_addr} -alias
			;;
		esac
	done
}

# jail_ips {add,del}
#	Extract the comma separated list of addresses and return them
#	for the jail command.
#	Handle more than one address via the _multi option as well.
#	If an interface is given also add/remove an alias for the
#	address with an optional netmask.
#
jail_ips()
{
	local _action
	_action=$1

	case "${_action}" in
	add)	;;
	del)	;;
	*)	warn "jail_ips: invalid action '${_action}'"
		return
		;;
	esac

	# Handle addresses.
	jail_handle_ips_option ${_action} "${_ip}"
	# Handle jail_xxx_ip_multi<N>
	alias=0
	while : ; do
		eval _x=\"\$jail_${_jail}_ip_multi${alias}\"
		case "${_x}" in
		"")	break ;;
		*)	jail_handle_ips_option ${_action} "${_x}"
			alias=$((${alias} + 1))
			;;
		esac
	done
}

d299 3
a301 2
		_addrl=""
		jail_ips "add"
d361 1
a361 1
			\"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1
d382 3
a384 1
			jail_ips "del"
d413 3
a415 1
			jail_ips "del"
@


1.37.2.4
log
@SVN rev 202937 on 2010-01-24 16:59:04Z by ru

MFC: r191620: Added (pre|post)(start|stop) jail hooks.

PR:		143137
Approved by:	re (bz)
@
text
@a43 8

	i=0
	while : ; do
		eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break
		i=$((i + 1))
	done

d52 1
a52 15

	i=0
	while : ; do
		eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\"
		[ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break
		i=$((i + 1))
	done

a53 8

	i=0
	while : ; do
		eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\"
		[ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break
		i=$((i + 1))
	done

d105 1
a107 12
	i=0
	while : ; do
		eval out=\"\${_exec_prestart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-start #${i}: ${out}"
		i=$((i + 1))
	done

	debug "$_j exec start: $_exec_start"

a119 20
	i=0
	while : ; do
		eval out=\"\${_exec_poststart${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-start #${i}: ${out}"
		i=$((i + 1))
	done

	i=0
	while : ; do
		eval out=\"\${_exec_prestop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec pre-stop #${i}: ${out}"
		i=$((i + 1))
	done

a120 11

	i=0
	while : ; do
		eval out=\"\${_exec_poststop${i}:-''}\"
		if [ -z "$out" ]; then
			break
		fi
		debug "$_j exec post-stop #${i}: ${out}"
		i=$((i + 1))
	done

a557 9

		i=0
		while : ; do
			eval out=\"\${_exec_prestart${i}:-''}\"
			[ -z "$out" ] && break
			${out}
			i=$((i + 1))
		done

a577 8

			i=0
			while : ; do
				eval out=\"\${_exec_poststart${i}:-''}\"
				[ -z "$out" ] && break
				${out}
				i=$((i + 1))
			done
a598 9

				i=0
				while : ; do
					eval out=\"\${_exec_prestop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done

a607 8

				i=0
				while : ; do
					eval out=\"\${_exec_poststop${i}:-''}\"
					[ -z "$out" ] && break
					${out}
					i=$((i + 1))
				done
@


1.37.2.5
log
@SVN rev 231656 on 2012-02-14 10:17:30Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d20 1
a20 1
rcvar="jail_enable"
@


1.37.2.6
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/7/etc/rc.d/jail 231656 2012-02-14 10:17:30Z dougb $
@


1.37.2.4.4.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.37.2.4.4.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/7.4/etc/rc.d/jail 202937 2010-01-24 16:59:04Z ru $
@


1.37.2.4.2.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.37.2.3.2.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.37.2.1.2.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.36
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
@
text
@d43 1
a43 1
	[ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] &&  break
@


1.35
log
@Jail_ip and jail_interface local variables were renamed to _ip and _interface
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.

Reported by:	Philipp Wuensche <cryx-freebsd@@h3q.com>
@
text
@d78 2
d97 1
d113 1
d154 50
d211 2
d215 1
a215 1
			umount -f ${_fdescdir} >/dev/null 2>&1
d220 1
a220 1
			umount -f ${_devdir} >/dev/null 2>&1
d225 1
a225 1
			umount -f ${_procdir} >/dev/null 2>&1
d230 8
a237 1
		umount -a -F "${_fstab}" >/dev/null 2>&1
d241 29
d299 1
a299 1
			mount -a -F "${_fstab}"
d305 4
d329 6
a334 2
			info "Mounting fdescfs on ${_fdescdir}"
			mount -t fdescfs fdesc "${_fdescdir}"
d337 7
a343 3
			info "Mounting procfs onto ${_procdir}"
			if [ -d "${_procdir}" ] ; then
				mount -t procfs proc "${_procdir}"
d365 1
a365 1
			tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
d392 1
a392 1
						>> ${_rootdir}/var/log/console.log 2>&1
@


1.34
log
@Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is
1,2 and so on.
It specifies the command to be run as Nth after jail startup.

sh(1)-fu by: Dario Freni
PR: 	conf/97697
MFC after: 2 weeks
Reviewed by: ru@@ (man page)
@
text
@d265 2
a266 2
			if [ -n "${jail_interface}" ]; then
				ifconfig ${jail_interface} -alias ${jail_ip}
@


1.33
log
@style(9)
@
text
@d39 8
d95 13
d245 1
d247 13
a260 1
			_jail_id=$(head -1 ${_tmp_jail})
@


1.32
log
@- Change the "jail_" prefix for internal script variables. This fixes an
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by:	pjd [1], clsung [2]
Approved by:	cperciva
X-MFC after:	i got sufficient testing from people using rc.d/jail
@
text
@d224 9
a232 12
			if [ "$?" -eq 0 ] ; then
				echo -n " $_hostname"
				_jail_id=$(head -1 ${_tmp_jail})
				tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
				echo ${_jail_id} > /var/run/jail_${_jail}.id
			else
				jail_umount_fs
				if [ -n "${jail_interface}" ]; then
					ifconfig ${jail_interface} -alias ${jail_ip}
				fi
				echo " cannot start jail \"${_jail}\": "
				tail +2 ${_tmp_jail}
d234 3
@


1.31
log
@if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set, umount those filesystem before exiting. If we set up an alias for jail's IP, remove that alias before exiting.

MFC after:	2 weeks
@
text
@d30 11
a40 11
	eval jail_rootdir=\"\$jail_${_j}_rootdir\"
	jail_devdir="${jail_rootdir}/dev"
	jail_fdescdir="${jail_devdir}/fd"
	jail_procdir="${jail_rootdir}/proc"
	eval jail_hostname=\"\$jail_${_j}_hostname\"
	eval jail_ip=\"\$jail_${_j}_ip\"
	eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
	eval jail_exec=\"\$jail_${_j}_exec\"
	eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
	eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
	if [ -n "${jail_exec}" ]; then
d42 2
a43 2
		jail_exec_start="${jail_exec}"
		jail_exec_stop=""
d46 4
a49 4
		if [ -z "${jail_exec_start}" ]; then
			jail_exec_start="/bin/sh /etc/rc"
			if [ -z "${jail_exec_stop}" ]; then
				jail_exec_stop="/bin/sh /etc/rc.shutdown"
d55 7
a61 7
	eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
	[ -z "${jail_devfs}" ] && jail_devfs="NO"
	eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
	[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
	eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
	[ -z "${jail_procfs}" ] && jail_procfs="NO"
d63 2
a64 2
	eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
	[ -z "${jail_mount}" ] && jail_mount="NO"
d66 4
a69 4
	eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
	eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
d73 16
a88 16
	debug "$_j devfs enable: $jail_devfs"
	debug "$_j fdescfs enable: $jail_fdescfs"
	debug "$_j procfs enable: $jail_procfs"
	debug "$_j mount enable: $jail_mount"
	debug "$_j hostname: $jail_hostname"
	debug "$_j ip: $jail_ip"
	debug "$_j interface: $jail_interface"
	debug "$_j root: $jail_rootdir"
	debug "$_j devdir: $jail_devdir"
	debug "$_j fdescdir: $jail_fdescdir"
	debug "$_j procdir: $jail_procdir"
	debug "$_j ruleset: $jail_ruleset"
	debug "$_j fstab: $jail_fstab"
	debug "$_j exec start: $jail_exec_start"
	debug "$_j exec stop: $jail_exec_stop"
	debug "$_j flags: $jail_flags"
d90 1
a90 1
	if [ -z "${jail_hostname}" ]; then
d93 1
a93 1
	if [ -z "${jail_rootdir}" ]; then
d96 1
a96 1
	if [ -z "${jail_ip}" ]; then
d136 3
a138 3
	if checkyesno jail_fdescfs; then
		if [ -d "${jail_fdescdir}" ] ; then
			umount -f ${jail_fdescdir} >/dev/null 2>&1
d141 3
a143 3
	if checkyesno jail_devfs; then
		if [ -d "${jail_devdir}" ] ; then
			umount -f ${jail_devdir} >/dev/null 2>&1
d146 3
a148 3
	if checkyesno jail_procfs; then
		if [ -d "${jail_procdir}" ] ; then
			umount -f ${jail_procdir} >/dev/null 2>&1
d151 3
a153 3
	if checkyesno jail_mount; then
		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
		umount -a -F "${jail_fstab}" >/dev/null 2>&1
d175 1
a175 1
			echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
d178 2
a179 2
		if [ -n "${jail_interface}" ]; then
			ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
d181 4
a184 4
		if checkyesno jail_mount; then
			info "Mounting fstab for jail ${_jail} (${jail_fstab})"
			if [ ! -f "${jail_fstab}" ]; then
				err 3 "$name: ${jail_fstab} does not exist"
d186 1
a186 1
			mount -a -F "${jail_fstab}"
d188 1
a188 1
		if checkyesno jail_devfs; then
d190 1
a190 1
			df -t devfs "${jail_devdir}" >/dev/null
d192 2
a193 2
				info "Mounting devfs on ${jail_devdir}"
				devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
d195 1
a195 1
				if [ ! -L "${jail_devdir}/log" ]; then
d197 1
a197 1
					cd "${jail_devdir}"
d207 1
a207 1
			#	cd "${jail_devdir}"
d211 8
a218 8
		if checkyesno jail_fdescfs; then
			info "Mounting fdescfs on ${jail_fdescdir}"
			mount -t fdescfs fdesc "${jail_fdescdir}"
		fi
		if checkyesno jail_procfs; then
			info "Mounting procfs onto ${jail_procdir}"
			if [ -d "${jail_procdir}" ] ; then
				mount -t procfs proc "${jail_procdir}"
d222 2
a223 2
		eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \
			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
d225 1
a225 1
				echo -n " $jail_hostname"
d227 1
a227 1
				tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
d252 3
a254 3
				if [ -n "${jail_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
						>> ${jail_rootdir}/var/log/console.log 2>&1
d260 1
a260 1
				echo -n " $jail_hostname"
d262 2
a263 2
			if [ -n "${jail_interface}" ]; then
				ifconfig ${jail_interface} -alias ${jail_ip}
@


1.30
log
@if a jail fails to start, don't add its jid to /var/run and print a message with the error.

PR:	conf/97024
MFC after:	1 week
@
text
@d230 4
@


1.29
log
@- Fix quoting.

Reported by:	Dirk Engling <erdgeist@@erdgeist.org>
Pointyhat to:	self
@
text
@d224 9
a232 3
		[ "$?" -eq 0 ] && echo -n " $jail_hostname"
		_jail_id=$(head -1 ${_tmp_jail})
		tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
a233 1
		echo ${_jail_id} > /var/run/jail_${_jail}.id
d263 1
a263 1
			echo "cannot stop jail ${_jail}. No jail id in /var/run"
@


1.28
log
@- Check for some mandatory variables.

Approved by:	cperciva (mentor)
MFC after:	1 week
@
text
@d178 1
a178 1
		if [ -n ${jail_interface} ]; then
d253 1
a253 1
			if [ -n ${jail_interface} ]; then
@


1.27
log
@- Add following global jail options, used if no jail-specific options are
set:
 * jail_mount_enable
 * jail_devfs_ruleset
 * jail_devfs_enable
 * jail_fdescfs_enable
 * jail_procfs_enable
 * jail_fstab
 * jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	2 weeks
@
text
@d89 11
@


1.26
log
@Fix overriding jail_list from command line.

MFC after:	3 days
@
text
@d36 1
d38 2
a39 2
	eval jail_exec_start=\"\$jail_${_j}_exec_start\"
	eval jail_exec_stop=\"\$jail_${_j}_exec_stop\"
d55 2
a56 2
	eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\"
	eval jail_devfs=\"\$jail_${_j}_devfs_enable\"
d58 1
a58 1
	eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\"
d60 1
a60 1
	eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
d63 1
a63 1
	eval jail_mount=\"\$jail_${_j}_mount_enable\"
d66 1
a66 1
	eval jail_fstab=\"\$jail_${_j}_fstab\"
d68 1
a68 1
	eval jail_flags=\"\$jail_${_j}_flags\"
d79 1
d167 3
d242 3
@


1.25
log
@Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

MFC after:	1 week
@
text
@d250 3
a252 1
[ -n "$*" ] && jail_list="$*"
@


1.24
log
@Allow to give more than one jail's name, eg.:

	# /etc/rc.d/jail start www mail

MFC after:	3 days
@
text
@d161 4
@


1.23
log
@Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@@pinky.sax.de>
PR:		conf/80244
Approved by:	re (scottl)
MFC after:	1 week
@
text
@d242 6
a247 2
[ -n "$2" ] && jail_list="$2"
run_rc_command "$1"
@


1.23.2.1
log
@MFC:	rc.d/jail	1.24

Allow to give more than one jail's name, eg.:

	# /etc/rc.d/jail start www mail

Approved by:	re (kensmith)
@
text
@d242 2
a243 6
cmd="$1"
if [ $# -gt 0 ]; then
	shift
fi
[ -n "$*" ] && jail_list="$*"
run_rc_command "${cmd}"
@


1.23.2.2
log
@MFC:	etc/rc.d/jail	1.25

Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

Approved by:	re (kensmith)
@
text
@a160 4
		if [ -f /var/run/jail_${_jail}.id ]; then
			echo -n " [${jail_hostname} already running (/var/run/jail_${_jail}.id exists)]"
			continue;
		fi
@


1.23.2.2.2.1
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
Approved by:	so (simon)
@
text
@a68 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a86 1
	debug "$_j consolelog: $_consolelog"
a115 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a122 2
	local _device _mountpt _rest

d125 1
a125 1
			secure_umount ${jail_fdescdir}
d130 1
a130 1
			secure_umount ${jail_devdir}
d135 1
a135 1
			secure_umount ${jail_procdir}
d140 1
a140 8
		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a143 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${jail_fstab}"
}

d170 1
a170 1
			jail_mount_fstab
a175 4
				if is_symlinked_mountpoint ${jail_devdir}; then
					warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
d196 2
a197 6
 			if is_symlinked_mountpoint ${jail_fdescdir}; then
 				warn "${jail_fdescdir} has symlink as parent, not mounting"
 			else
				info "Mounting fdescfs on ${jail_fdescdir}"
				mount -t fdescfs fdesc "${jail_fdescdir}"
			fi
d200 3
a202 7
			if is_symlinked_mountpoint ${jail_procdir}; then
				warn "${jail_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${jail_procdir}"
				if [ -d "${jail_procdir}" ] ; then
					mount -t procfs proc "${jail_procdir}"
				fi
d210 1
a210 1
		tail +2 ${_tmp_jail} >${_consolelog}
d229 1
a229 1
						>> ${_consolelog} 2>&1
@


1.23.2.3
log
@MFC: rev. 1.26

Fix overriding jail_list from command line.

Approved by:	re (mux)
@
text
@d250 1
a250 3
if [ -n "$*" ]; then
	jail_list="$*"
fi
@


1.23.2.3.2.1
log
@MFC:

  - Add following global jail options, used if no jail-specific options are
  set:
   * jail_mount_enable
   * jail_devfs_ruleset
   * jail_devfs_enable
   * jail_fdescfs_enable
   * jail_procfs_enable
   * jail_fstab
   * jail_flags
  - Add a jail_interface / jail_<jid>_interface option. An ip alias will be
  created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
  This is not a mandatory option.
  - Document all missing jail_* options in rc.conf(5).

      src/share/man/man5/rc.conf.5: rev 1.289 -> 1.290
      src/etc/rc.d/jail: rev 1.26 -> 1.27

Approved by:	re (scottl)
@
text
@a35 1
	eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
d37 2
a38 2
	eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
	eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
d54 2
a55 2
	eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
d57 1
a57 1
	eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
d59 1
a59 1
	eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
d62 1
a62 1
	eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
d65 1
a65 1
	eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
d67 1
a67 1
	eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
a77 1
	debug "$_j interface: $jail_interface"
a164 3
		if [ -n ${jail_interface} ]; then
			ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
		fi
a236 3
			if [ -n ${jail_interface} ]; then
				ifconfig ${jail_interface} -alias ${jail_ip}
			fi
@


1.23.2.3.2.2
log
@Fix problems in the startup scripts for jails.

Errata:		FreeBSD-EN-06:01.jail
Approved by:	so (cperciva)
@
text
@d30 11
a40 11
	eval _rootdir=\"\$jail_${_j}_rootdir\"
	_devdir="${_rootdir}/dev"
	_fdescdir="${_devdir}/fd"
	_procdir="${_rootdir}/proc"
	eval _hostname=\"\$jail_${_j}_hostname\"
	eval _ip=\"\$jail_${_j}_ip\"
	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
	eval _exec=\"\$jail_${_j}_exec\"
	eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
	eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
	if [ -n "${_exec}" ]; then
d42 2
a43 2
		_exec_start="${_exec}"
		_exec_stop=""
d46 4
a49 4
		if [ -z "${_exec_start}" ]; then
			_exec_start="/bin/sh /etc/rc"
			if [ -z "${_exec_stop}" ]; then
				_exec_stop="/bin/sh /etc/rc.shutdown"
d55 7
a61 7
	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
	[ -z "${_devfs}" ] && _devfs="NO"
	eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
	[ -z "${_fdescfs}" ] && _fdescfs="NO"
	eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
	[ -z "${_procfs}" ] && _procfs="NO"
d63 2
a64 2
	eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
	[ -z "${_mount}" ] && _mount="NO"
d66 4
a69 4
	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
	[ -z "${_flags}" ] && _flags="-l -U root"
d73 16
a88 27
	debug "$_j devfs enable: $_devfs"
	debug "$_j fdescfs enable: $_fdescfs"
	debug "$_j procfs enable: $_procfs"
	debug "$_j mount enable: $_mount"
	debug "$_j hostname: $_hostname"
	debug "$_j ip: $_ip"
	debug "$_j interface: $_interface"
	debug "$_j root: $_rootdir"
	debug "$_j devdir: $_devdir"
	debug "$_j fdescdir: $_fdescdir"
	debug "$_j procdir: $_procdir"
	debug "$_j ruleset: $_ruleset"
	debug "$_j fstab: $_fstab"
	debug "$_j exec start: $_exec_start"
	debug "$_j exec stop: $_exec_stop"
	debug "$_j flags: $_flags"

	if [ -z "${_hostname}" ]; then
		err 3 "$name: No hostname has been defined for ${_j}"
	fi
	if [ -z "${_rootdir}" ]; then
		err 3 "$name: No root directory has been defined for ${_j}"
	fi
	if [ -z "${_ip}" ]; then
		err 3 "$name: No IP address has been defined for ${_j}"
	fi

d125 3
a127 3
	if checkyesno _fdescfs; then
		if [ -d "${_fdescdir}" ] ; then
			umount -f ${_fdescdir} >/dev/null 2>&1
d130 3
a132 3
	if checkyesno _devfs; then
		if [ -d "${_devdir}" ] ; then
			umount -f ${_devdir} >/dev/null 2>&1
d135 3
a137 3
	if checkyesno _procfs; then
		if [ -d "${_procdir}" ] ; then
			umount -f ${_procdir} >/dev/null 2>&1
d140 3
a142 3
	if checkyesno _mount; then
		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
		umount -a -F "${_fstab}" >/dev/null 2>&1
d164 1
a164 1
			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
d167 2
a168 2
		if [ -n "${_interface}" ]; then
			ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
d170 4
a173 4
		if checkyesno _mount; then
			info "Mounting fstab for jail ${_jail} (${_fstab})"
			if [ ! -f "${_fstab}" ]; then
				err 3 "$name: ${_fstab} does not exist"
d175 1
a175 1
			mount -a -F "${_fstab}"
d177 1
a177 1
		if checkyesno _devfs; then
d179 1
a179 1
			df -t devfs "${_devdir}" >/dev/null
d181 2
a182 2
				info "Mounting devfs on ${_devdir}"
				devfs_mount_jail "${_devdir}" ${_ruleset}
d184 1
a184 1
				if [ ! -L "${_devdir}/log" ]; then
d186 1
a186 1
					cd "${_devdir}"
d196 1
a196 1
			#	cd "${_devdir}"
d200 8
a207 8
		if checkyesno _fdescfs; then
			info "Mounting fdescfs on ${_fdescdir}"
			mount -t fdescfs fdesc "${_fdescdir}"
		fi
		if checkyesno _procfs; then
			info "Mounting procfs onto ${_procdir}"
			if [ -d "${_procdir}" ] ; then
				mount -t procfs proc "${_procdir}"
d211 3
a213 3
		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
		[ "$?" -eq 0 ] && echo -n " $_hostname"
d215 1
a215 1
		tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
d232 3
a234 3
				if [ -n "${_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
						>> ${_rootdir}/var/log/console.log 2>&1
d240 1
a240 1
				echo -n " $_hostname"
d242 2
a243 2
			if [ -n "${_interface}" ]; then
				ifconfig ${_interface} -alias ${_ip}
@


1.23.2.3.2.3
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
Approved by:	so (simon)
@
text
@a69 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a88 1
	debug "$_j consolelog: $_consolelog"
a128 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a135 2
	local _device _mountpt _rest

d138 1
a138 1
			secure_umount ${_fdescdir}
d143 1
a143 1
			secure_umount ${_devdir}
d148 1
a148 1
			secure_umount ${_procdir}
d153 1
a153 8
		tail -r ${_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a156 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${_fstab}"
}

d186 1
a186 1
			jail_mount_fstab
a191 4
				if is_symlinked_mountpoint ${_devdir}; then
					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
d212 2
a213 6
			if is_symlinked_mountpoint ${_fdescdir}; then
				warn "${_fdescdir} has symlink as parent, not mounting"
			else
				info "Mounting fdescfs on ${_fdescdir}"
				mount -t fdescfs fdesc "${_fdescdir}"
			fi
d216 3
a218 7
			if is_symlinked_mountpoint ${_procdir}; then
				warn "${_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${_procdir}"
				if [ -d "${_procdir}" ] ; then
					mount -t procfs proc "${_procdir}"
				fi
d226 1
a226 1
		tail +2 ${_tmp_jail} >${_consolelog}
d245 1
a245 1
						>> ${_consolelog} 2>&1
@


1.23.2.4
log
@MFC:

  - Add following global jail options, used if no jail-specific options are
  set:
   * jail_mount_enable
   * jail_devfs_ruleset
   * jail_devfs_enable
   * jail_fdescfs_enable
   * jail_procfs_enable
   * jail_fstab
   * jail_flags
  - Add a jail_interface / jail_<jid>_interface option. An ip alias will be
  created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
  This is not a mandatory option.
  - Document all missing jail_* options in rc.conf(5).

      src/share/man/man5/rc.conf.5: rev 1.289 -> 1.290
      src/etc/rc.d/jail: rev 1.26 -> 1.27

Approved by:	re (scottl)
@
text
@a35 1
	eval jail_interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
d37 2
a38 2
	eval jail_exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
	eval jail_exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
d54 2
a55 2
	eval jail_ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval jail_devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
d57 1
a57 1
	eval jail_fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
d59 1
a59 1
	eval jail_procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
d62 1
a62 1
	eval jail_mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
d65 1
a65 1
	eval jail_fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
d67 1
a67 1
	eval jail_flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
a77 1
	debug "$_j interface: $jail_interface"
a164 3
		if [ -n ${jail_interface} ]; then
			ifconfig ${jail_interface} alias ${jail_ip} netmask 255.255.255.255
		fi
a236 3
			if [ -n ${jail_interface} ]; then
				ifconfig ${jail_interface} -alias ${jail_ip}
			fi
@


1.23.2.5
log
@MFC: Fix quoting.

  src/etc/rc.d/jail: rev 1.28 -> 1.29

Reported by:	Dirk Engling <erdgeist at erdgeist.org>
Approved by:	pjd
@
text
@d167 1
a167 1
		if [ -n "${jail_interface}" ]; then
d242 1
a242 1
			if [ -n "${jail_interface}" ]; then
@


1.23.2.6
log
@MFC rev 1.30 - 1.31
if a jail fails to start, don't add its jid to /var/run and print a message with the error.
if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set,
umount those filesystem before exiting.
If we set up an alias for jail's IP, remove that alias before exiting.
@
text
@d213 3
a215 13
			if [ "$?" -eq 0 ] ; then
				echo -n " $jail_hostname"
				_jail_id=$(head -1 ${_tmp_jail})
				tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
				echo ${_jail_id} > /var/run/jail_${_jail}.id
			else
				jail_umount_fs
				if [ -n "${jail_interface}" ]; then
					ifconfig ${jail_interface} -alias ${jail_ip}
				fi
				echo " cannot start jail \"${_jail}\": "
				tail +2 ${_tmp_jail}
			fi
d217 1
d247 1
a247 1
			echo " cannot stop jail ${_jail}. No jail id in /var/run"
@


1.23.2.7
log
@MFC:

  - Change the "jail_" prefix for internal script variables. This fixes an
  issue where some global jail_* variables were overriden in the script. [1]
  - Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
  jail id. [1]
  - Update examples and comments in defaults/rc.conf to advertise new
  variables and the fact that some of the jail-specific variables may be made
  jail-global. [2]

      src/share/man/man5/rc.conf.5: rev 1.293 -> 1.294
      src/etc/rc.d/jail: rev 1.31 -> 1.32
      src/etc/defaults/rc.conf: rev 1.282 -> 1.283

Reported by:	pjd [1], clsung [2]
@
text
@d30 11
a40 11
	eval _rootdir=\"\$jail_${_j}_rootdir\"
	_devdir="${_rootdir}/dev"
	_fdescdir="${_devdir}/fd"
	_procdir="${_rootdir}/proc"
	eval _hostname=\"\$jail_${_j}_hostname\"
	eval _ip=\"\$jail_${_j}_ip\"
	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
	eval _exec=\"\$jail_${_j}_exec\"
	eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
	eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
	if [ -n "${_exec}" ]; then
d42 2
a43 2
		_exec_start="${_exec}"
		_exec_stop=""
d46 4
a49 4
		if [ -z "${_exec_start}" ]; then
			_exec_start="/bin/sh /etc/rc"
			if [ -z "${_exec_stop}" ]; then
				_exec_stop="/bin/sh /etc/rc.shutdown"
d55 7
a61 7
	eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
	eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
	[ -z "${_devfs}" ] && _devfs="NO"
	eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
	[ -z "${_fdescfs}" ] && _fdescfs="NO"
	eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
	[ -z "${_procfs}" ] && _procfs="NO"
d63 2
a64 2
	eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
	[ -z "${_mount}" ] && _mount="NO"
d66 4
a69 4
	eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
	[ -z "${_flags}" ] && _flags="-l -U root"
d73 16
a88 27
	debug "$_j devfs enable: $_devfs"
	debug "$_j fdescfs enable: $_fdescfs"
	debug "$_j procfs enable: $_procfs"
	debug "$_j mount enable: $_mount"
	debug "$_j hostname: $_hostname"
	debug "$_j ip: $_ip"
	debug "$_j interface: $_interface"
	debug "$_j root: $_rootdir"
	debug "$_j devdir: $_devdir"
	debug "$_j fdescdir: $_fdescdir"
	debug "$_j procdir: $_procdir"
	debug "$_j ruleset: $_ruleset"
	debug "$_j fstab: $_fstab"
	debug "$_j exec start: $_exec_start"
	debug "$_j exec stop: $_exec_stop"
	debug "$_j flags: $_flags"

	if [ -z "${_hostname}" ]; then
		err 3 "$name: No hostname has been defined for ${_j}"
	fi
	if [ -z "${_rootdir}" ]; then
		err 3 "$name: No root directory has been defined for ${_j}"
	fi
	if [ -z "${_ip}" ]; then
		err 3 "$name: No IP address has been defined for ${_j}"
	fi

d125 3
a127 3
	if checkyesno _fdescfs; then
		if [ -d "${_fdescdir}" ] ; then
			umount -f ${_fdescdir} >/dev/null 2>&1
d130 3
a132 3
	if checkyesno _devfs; then
		if [ -d "${_devdir}" ] ; then
			umount -f ${_devdir} >/dev/null 2>&1
d135 3
a137 3
	if checkyesno _procfs; then
		if [ -d "${_procdir}" ] ; then
			umount -f ${_procdir} >/dev/null 2>&1
d140 3
a142 3
	if checkyesno _mount; then
		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
		umount -a -F "${_fstab}" >/dev/null 2>&1
d164 1
a164 1
			echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
d167 2
a168 2
		if [ -n "${_interface}" ]; then
			ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
d170 4
a173 4
		if checkyesno _mount; then
			info "Mounting fstab for jail ${_jail} (${_fstab})"
			if [ ! -f "${_fstab}" ]; then
				err 3 "$name: ${_fstab} does not exist"
d175 1
a175 1
			mount -a -F "${_fstab}"
d177 1
a177 1
		if checkyesno _devfs; then
d179 1
a179 1
			df -t devfs "${_devdir}" >/dev/null
d181 2
a182 2
				info "Mounting devfs on ${_devdir}"
				devfs_mount_jail "${_devdir}" ${_ruleset}
d184 1
a184 1
				if [ ! -L "${_devdir}/log" ]; then
d186 1
a186 1
					cd "${_devdir}"
d196 1
a196 1
			#	cd "${_devdir}"
d200 8
a207 8
		if checkyesno _fdescfs; then
			info "Mounting fdescfs on ${_fdescdir}"
			mount -t fdescfs fdesc "${_fdescdir}"
		fi
		if checkyesno _procfs; then
			info "Mounting procfs onto ${_procdir}"
			if [ -d "${_procdir}" ] ; then
				mount -t procfs proc "${_procdir}"
d211 2
a212 2
		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
d214 1
a214 1
				echo -n " $_hostname"
d216 1
a216 1
				tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
d241 3
a243 3
				if [ -n "${_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
						>> ${_rootdir}/var/log/console.log 2>&1
d249 1
a249 1
				echo -n " $_hostname"
d251 2
a252 2
			if [ -n "${_interface}" ]; then
				ifconfig ${_interface} -alias ${_ip}
@


1.23.2.7.2.1
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
Approved by:	re (bmah)
@
text
@a69 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a88 1
	debug "$_j consolelog: $_consolelog"
a128 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a135 2
	local _device _mountpt _rest

d138 1
a138 1
			secure_umount ${_fdescdir}
d143 1
a143 1
			secure_umount ${_devdir}
d148 1
a148 1
			secure_umount ${_procdir}
d153 1
a153 8
		tail -r ${_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a156 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${_fstab}"
}

d186 1
a186 1
			jail_mount_fstab
a191 4
				if is_symlinked_mountpoint ${_devdir}; then
					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
d212 2
a213 6
			if is_symlinked_mountpoint ${_fdescdir}; then
				warn "${_fdescdir} has symlink as parent, not mounting"
			else
				info "Mounting fdescfs on ${_fdescdir}"
				mount -t fdescfs fdesc "${_fdescdir}"
			fi
d216 3
a218 7
			if is_symlinked_mountpoint ${_procdir}; then
				warn "${_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${_procdir}"
				if [ -d "${_procdir}" ] ; then
					mount -t procfs proc "${_procdir}"
				fi
d227 1
a227 1
				tail +2 ${_tmp_jail} >${_consolelog}
d254 1
a254 1
						>> ${_consolelog} 2>&1
@


1.23.2.7.2.2
log
@MFS sys/netinet6/nd6.c rev 1.48.2.18: Fix behavior of IPv6 over
point-to-point gif(4) interfaces. [EN-07:02]

MFS etc/rc.d/jail rev 1.23.2.8: Fix rc.d jail script interface IP
alias removal. [EN-07:03]

Approved by:	so (simon)
Submitted by:	re (bmah) [EN-07:02]; Philipp Wuensche, simon [EN-07:03]
Errata:		FreeBSD-EN-07:02.net FreeBSD-EN-07:03.rc.d_jail
@
text
@d334 2
a335 2
				if [ -n "${_interface}" ]; then
					ifconfig ${_interface} -alias ${_ip}
@


1.23.2.8
log
@Jail_ip and jail_interface local variables were renamed to _ip and _interface
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.

Reported by:	Philipp Wuensche <cryx-freebsd@@h3q.com>
@
text
@d231 2
a232 2
				if [ -n "${_interface}" ]; then
					ifconfig ${_interface} -alias ${_ip}
@


1.23.2.9
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
@
text
@a69 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a88 1
	debug "$_j consolelog: $_consolelog"
a128 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a135 2
	local _device _mountpt _rest

d138 1
a138 1
			secure_umount ${_fdescdir}
d143 1
a143 1
			secure_umount ${_devdir}
d148 1
a148 1
			secure_umount ${_procdir}
d153 1
a153 8
		tail -r ${_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a156 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${_fstab}"
}

d186 1
a186 1
			jail_mount_fstab
a191 4
				if is_symlinked_mountpoint ${_devdir}; then
					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
					continue
				fi
d212 2
a213 6
			if is_symlinked_mountpoint ${_fdescdir}; then
				warn "${_fdescdir} has symlink as parent, not mounting"
			else
				info "Mounting fdescfs on ${_fdescdir}"
				mount -t fdescfs fdesc "${_fdescdir}"
			fi
d216 3
a218 7
			if is_symlinked_mountpoint ${_procdir}; then
				warn "${_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${_procdir}"
				if [ -d "${_procdir}" ] ; then
					mount -t procfs proc "${_procdir}"
				fi
d227 1
a227 1
				tail +2 ${_tmp_jail} >${_consolelog}
d254 1
a254 1
						>> ${_consolelog} 2>&1
@


1.23.2.10
log
@MFC a more limited set of changes that make sense for this branch:

1. GC the nfslocking script, which has been superseded by lockd and statd
2. Add security warning to rc.d/jail
3. Add stop_cmd=':' to those rc.d scripts that do not start services,
but did not already have a stop_cmd.
@
text
@a10 6
# WARNING: This script deals with untrusted data (the data and
# processes inside the jails) and care must be taken when changing the
# code related to this!  If you have any doubt whether a change is
# correct and have security impact, please get the patch reviewed by
# the FreeBSD Security Team prior to commit.

@


1.23.2.11
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/6/etc/rc.d/jail 175784 2008-01-29 00:33:16Z dougb $
@


1.23.2.10.2.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.22
log
@Do not unconditionally mount devfs to ${jail_devdir}/dev. First check
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.

Discussed with:	pjd
MFC after:	1 week
@
text
@d67 2
d86 1
d202 1
a202 1
		eval jail -l -U root -i ${jail_rootdir} ${jail_hostname} \
@


1.21
log
@"REQUIRE: cleanvar" for all RC's writing into /var/run.
@
text
@d166 12
a177 9
			info "Mounting devfs on ${jail_devdir}"
			devfs_mount_jail "${jail_devdir}" ${jail_ruleset}

			# Transitional symlink for old binaries
			if [ ! -L "${jail_devdir}/log" ]; then
				__pwd="`pwd`"
				cd "${jail_devdir}"
				ln -sf ../var/run/log log
				cd "$__pwd"
@


1.20
log
@Improve the RC framework for the clean booting/shutdown of Jails:

1. Feature: for flexibility reasons and as a prerequisite to clean
   shutdowns, allow the configuration of a stop/shutdown command
   via rc.conf variable "jail_<name>_exec_stop" in addition to the
   start/boot command (rc.conf variable "jail_<name>_exec_start"). For
   backward compatibility reasons, rc.conf variable "jail_<name>_exec"
   is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
   the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
   to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
   "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
   before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
   time to actually perform their termination sequence. Without this the
   subsequent umount(8) operations usually fail because the resources
   are still in use. Additionally, if after trying to TERM-inate the
   processes there are still processes hanging around, finally just KILL
   them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
   scripts which are flagged with the KEYWORD "nojail" to allow the
   correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
   /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
#  /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
#  /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
#  /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------

Reviewed by:	freebsd-hackers
MFC after:	2 weeks
@
text
@d7 1
a7 1
# REQUIRE: LOGIN
@


1.19
log
@Fix a typo in an error message.

Spotted by:	ceri
@
text
@d37 15
a51 1
	[ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc"
d82 2
d196 2
a197 2
		jail -i ${jail_rootdir} ${jail_hostname} \
			${jail_ip} ${jail_exec} > ${_tmp_jail} 2>&1
d217 4
d222 2
@


1.18
log
@Implement per-jail fstab(5) files.  Here's a rc.conf sample using
this feature for a jail named foo :

jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"

The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.

MFC after:	3 days
Submitted by:	Jeremie Le Hen <jeremie@@le-hen.org>
@
text
@d145 1
a145 1
				err 3 "$name: ${jail_fstab} doest not exist"
@


1.17
log
@Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
@
text
@d48 6
d59 1
d67 1
d119 4
d142 7
@


1.16
log
@Always quote variables in tests, to ensure correct evaluation even when
they are empty or undefined.

MFC after:	3 days
@
text
@d9 1
a9 1
# KEYWORD: FreeBSD nojail shutdown
@


1.15
log
@Create temporary files safely.

Submitted by:	Jon Passki <cykyc@@yahoo.com>
@
text
@d97 1
a97 1
		if [ -d ${jail_fdescdir} ] ; then
d102 1
a102 1
		if [ -d ${jail_devdir} ] ; then
d107 1
a107 1
		if [ -d ${jail_procdir} ] ; then
d135 1
a135 1
			if [ ! -L ${jail_devdir}/log ]; then
d156 1
a156 1
			if [ -d ${jail_procdir} ] ; then
d178 1
a178 1
		if [ -f /var/run/jail_${_jail}.id ]; then
d180 1
a180 1
			if [ ! -z ${_jail_id} ]; then
@


1.15.2.1
log
@MFC: (1.16) quote variables used as command-line arguments.

Approved by:	re (kensmith)
@
text
@d97 1
a97 1
		if [ -d "${jail_fdescdir}" ] ; then
d102 1
a102 1
		if [ -d "${jail_devdir}" ] ; then
d107 1
a107 1
		if [ -d "${jail_procdir}" ] ; then
d135 1
a135 1
			if [ ! -L "${jail_devdir}/log" ]; then
d156 1
a156 1
			if [ -d "${jail_procdir}" ] ; then
d178 1
a178 1
		if [ -f "/var/run/jail_${_jail}.id" ]; then
d180 1
a180 1
			if [ ! -z "${_jail_id}" ]; then
@


1.15.2.2
log
@RCS file: /home/ncvs/src/etc/rc,v
----------------------------
revision 1.335
date: 2004/10/08 14:23:49;  author: mtm;  state: Exp;  lines: +0 -1
Remove an unused variable.

Submitted by: Pawel Worach <pawel.worach@@telia.com>
----------------------------
revision 1.334
date: 2004/10/07 13:55:25;  author: mtm;  state: Exp;  lines: +1 -1
Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/nsswitch,v
----------------------------
revision 1.4
date: 2004/09/16 17:03:12;  author: keramida;  state: Exp;  lines: +1 -1
Fix requirement of `network' to `NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
----------------------------
revision 1.3
date: 2004/09/16 17:04:20;  author: keramida;  state: Exp;  lines: +1 -1
We don't have any providers of `beforenetlkm' in FreeBSD.  Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
=============================================================================

Approved by: re/scottl
@
text
@d9 1
a9 1
# KEYWORD: nojail shutdown
@


1.15.2.3
log
@MFC rc.d/jail 1.18/1.19, defaults/rc.conf 1.232:
    Implement per-jail fstab(5) files.
@
text
@a47 6
	eval jail_mount=\"\$jail_${_j}_mount_enable\"
	[ -z "${jail_mount}" ] && jail_mount="NO"
	# "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
	eval jail_fstab=\"\$jail_${_j}_fstab\"
	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"

a52 1
	debug "$_j mount enable: $jail_mount"
a59 1
	debug "$_j fstab: $jail_fstab"
a110 4
	if checkyesno jail_mount; then
		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
		umount -a -F "${jail_fstab}" >/dev/null 2>&1
	fi
a129 7
		if checkyesno jail_mount; then
			info "Mounting fstab for jail ${_jail} (${jail_fstab})"
			if [ ! -f "${jail_fstab}" ]; then
				err 3 "$name: ${jail_fstab} does not exist"
			fi
			mount -a -F "${jail_fstab}"
		fi
@


1.15.2.4
log
@MFC: src/etc/defaults/rc.conf:1.234
     src/etc/rc.d/jail:1.20
     src/etc/rc.shutdown:1.30

Improve the RC framework for the clean booting/shutdown of Jails:

1. Feature: for flexibility reasons and as a prerequisite to clean
   shutdowns, allow the configuration of a stop/shutdown command
   via rc.conf variable "jail_<name>_exec_stop" in addition to the
   start/boot command (rc.conf variable "jail_<name>_exec_start"). For
   backward compatibility reasons, rc.conf variable "jail_<name>_exec"
   is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
   the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
   to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
   "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
   before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
   time to actually perform their termination sequence. Without this the
   subsequent umount(8) operations usually fail because the resources
   are still in use. Additionally, if after trying to TERM-inate the
   processes there are still processes hanging around, finally just KILL
   them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
   scripts which are flagged with the KEYWORD "nojail" to allow the
   correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
   /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
#  /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
#  /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
#  /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
@
text
@d37 1
a37 15
	eval jail_exec_start=\"\$jail_${_j}_exec_start\"
	eval jail_exec_stop=\"\$jail_${_j}_exec_stop\"
	if [ -n "${jail_exec}" ]; then
		#   simple/backward-compatible execution
		jail_exec_start="${jail_exec}"
		jail_exec_stop=""
	else
		#   flexible execution
		if [ -z "${jail_exec_start}" ]; then
			jail_exec_start="/bin/sh /etc/rc"
			if [ -z "${jail_exec_stop}" ]; then
				jail_exec_stop="/bin/sh /etc/rc.shutdown"
			fi
		fi
	fi
a67 2
	debug "$_j exec start: $jail_exec_start"
	debug "$_j exec stop: $jail_exec_stop"
d180 2
a181 2
		eval jail -l -U root -i ${jail_rootdir} ${jail_hostname} \
			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
a200 4
				if [ -n "${jail_exec_stop}" ]; then
					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
						>> ${jail_rootdir}/var/log/console.log 2>&1
				fi
a201 2
				sleep 1
				killall -j ${_jail_id} -KILL > /dev/null 2>&1
@


1.15.2.5
log
@MFC:	rc.d/jail		1.23
	defaults/rc.conf	1.252

Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@@pinky.sax.de>
PR:		conf/80244
@
text
@a66 2
	eval jail_flags=\"\$jail_${_j}_flags\"
	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
a83 1
	debug "$_j flags: $jail_flags"
d196 1
a196 1
		eval jail ${jail_flags} -i ${jail_rootdir} ${jail_hostname} \
@


1.15.2.5.2.1
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
Approved by:	so (simon)
@
text
@a68 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a86 1
	debug "$_j consolelog: $_consolelog"
a115 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a122 2
	local _device _mountpt _rest

d125 1
a125 1
			secure_umount ${jail_fdescdir}
d130 1
a130 1
			secure_umount ${jail_devdir}
d135 1
a135 1
			secure_umount ${jail_procdir}
d140 1
a140 8
		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a143 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${jail_fstab}"
}

d166 1
a166 1
			jail_mount_fstab
a168 4
			if is_symlinked_mountpoint ${jail_devdir}; then
				warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
				continue
			fi
d189 2
a190 6
 			if is_symlinked_mountpoint ${jail_fdescdir}; then
 				warn "${jail_fdescdir} has symlink as parent, not mounting"
 			else
				info "Mounting fdescfs on ${jail_fdescdir}"
				mount -t fdescfs fdesc "${jail_fdescdir}"
			fi
d193 3
a195 7
			if is_symlinked_mountpoint ${jail_procdir}; then
				warn "${jail_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${jail_procdir}"
				if [ -d "${jail_procdir}" ] ; then
					mount -t procfs proc "${jail_procdir}"
				fi
d203 1
a203 1
		tail +2 ${_tmp_jail} >${_consolelog}
d222 1
a222 1
						>> ${_consolelog} 2>&1
@


1.15.2.5.2.2
log
@Correct a bug in the patch for FreeBSD-SA-07:01.jail which prevented
jails with custom fstab's from starting due to use of incorrect
variable. [1]

Correct buffer overflow in tcpdump(1). [SA-07:06]

Correct predictable query ids in named(8). [SA-07:07]

Reported by:	Joel Hatton <joel@@auscert.org.au> [1]
Security:	FreeBSD-SA-07:06.tcpdump
Security:	FreeBSD-SA-07:07.bind
Approved by:	so (simon)
@
text
@d231 1
a231 1
	done <${jail_fstab}
@


1.15.2.6
log
@Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
@
text
@a68 2
	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
a86 1
	debug "$_j consolelog: $_consolelog"
a115 50
# is_current_mountpoint()
#	Is the directory mount point for a currently mounted file
#	system?
#
is_current_mountpoint()
{
	local _dir _dir2

	_dir=$1

	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
	[ ! -d "${_dir}" ] && return 1
	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
	[ "${_dir}" = "${_dir2}" ]
	return $?
}

# is_symlinked_mountpoint()
#	Is a mount point, or any of its parent directories, a symlink?
#
is_symlinked_mountpoint()
{
	local _dir

	_dir=$1

	[ -L "$_dir" ] && return 0
	[ "$_dir" = "/" ] && return 1
	is_symlinked_mountpoint `dirname $_dir`
	return $?
}

# secure_umount
#	Try to unmount a mount point without being vulnerable to
#	symlink attacks.
#
secure_umount()
{
	local _dir

	_dir=$1

	if is_current_mountpoint ${_dir}; then
		umount -f ${_dir} >/dev/null 2>&1
	else
		debug "Nothing mounted on ${_dir} - not unmounting"
	fi
}


a122 2
	local _device _mountpt _rest

d125 1
a125 1
			secure_umount ${jail_fdescdir}
d130 1
a130 1
			secure_umount ${jail_devdir}
d135 1
a135 1
			secure_umount ${jail_procdir}
d140 1
a140 8
		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
			case ":${_device}" in
			:#* | :)
				continue
				;;
			esac
			secure_umount ${_mountpt}
		done
a143 29
# jail_mount_fstab()
#	Mount file systems from a per jail fstab while trying to
#	secure against symlink attacks at the mount points.
#
#	If we are certain we cannot secure against symlink attacks we
#	do not mount all of the file systems (since we cannot just not
#	mount the file system with the problematic mount point).
#
#	The caller must call the init_variables() routine before
#	calling this one.
#
jail_mount_fstab()
{
	local _device _mountpt _rest

	while read _device _mountpt _rest; do
		case ":${_device}" in
		:#* | :)
			continue
			;;
		esac
		if is_symlinked_mountpoint ${_mountpt}; then
			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
			return
		fi
	done <${_fstab}
	mount -a -F "${jail_fstab}"
}

d166 1
a166 1
			jail_mount_fstab
a168 4
			if is_symlinked_mountpoint ${jail_devdir}; then
				warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
				continue
			fi
d189 2
a190 6
 			if is_symlinked_mountpoint ${jail_fdescdir}; then
 				warn "${jail_fdescdir} has symlink as parent, not mounting"
 			else
				info "Mounting fdescfs on ${jail_fdescdir}"
				mount -t fdescfs fdesc "${jail_fdescdir}"
			fi
d193 3
a195 7
			if is_symlinked_mountpoint ${jail_procdir}; then
				warn "${jail_procdir} has symlink as parent, not mounting"
			else
				info "Mounting procfs onto ${jail_procdir}"
				if [ -d "${jail_procdir}" ] ; then
					mount -t procfs proc "${jail_procdir}"
				fi
d203 1
a203 1
		tail +2 ${_tmp_jail} >${_consolelog}
d222 1
a222 1
						>> ${_consolelog} 2>&1
@


1.15.2.7
log
@Correct a bug in the patch for FreeBSD-SA-07:01.jail which prevented
jails with custom fstab's from starting due to use of incorrect
variable. [1]

Correct buffer overflow in tcpdump(1). [SA-07:06]

Reported by:	Joel Hatton <joel@@auscert.org.au> [1]
Security:	FreeBSD-SA-07:06.tcpdump
@
text
@d231 1
a231 1
	done <${jail_fstab}
@


1.14
log
@Mark scripts as not usable inside a jail by adding keyword 'nojail'.

Some suggestions from:	rwatson, Ruben de Groot <mail25@@bzerk.org>
@
text
@d125 2
d160 1
a160 1
		_tmp_jail=/tmp/jail.$$
d169 1
@


1.13
log
@o Unbreak the individual jail starting patch that I broke when
  I committed it. Apologies to Juergen Unger <j.unger@@addict.de>.
o When stopping jails output the hostname of the jails that
  were stopped.
o Refactor
o Remove extraneous empty line
o Correct spelling error
@
text
@d9 1
a9 1
# KEYWORD: FreeBSD shutdown
@


1.12
log
@Configure a jail sysctl value only if it is different than
what the rc.conf(5) knob specifies. Also, correct a minor
capitalization error.
@
text
@d48 1
a48 1
	# Debuggin aid
d89 24
d172 1
a172 1
	echo 'Stopping jails.'
d178 1
d180 2
d185 1
a185 24
			echo "cannot stop jail ${_jail}. no jail id saved in /var/run"
			jail_list=$(echo ${jail_list} | \
				tr ' ' '\n' | \
				grep -v "^${_jail}$" | \
				tr '\n' ' ')
		fi
	done
	for _jail in ${jail_list}
	do
		init_variables $_jail
		if checkyesno jail_fdescfs; then
			if [ -d ${jail_fdescdir} ] ; then
				umount -f ${jail_fdescdir} >/dev/null 2>&1
			fi
		fi
		if checkyesno jail_devfs; then
			if [ -d ${jail_devdir} ] ; then
				umount -f ${jail_devdir} >/dev/null 2>&1
			fi
		fi
		if checkyesno jail_procfs; then
			if [ -d ${jail_procdir} ] ; then
				umount -f ${jail_procdir} >/dev/null 2>&1
			fi
d188 1
d191 1
a191 1

a192 1
load_rc_config $name
@


1.11
log
@Support starting/stoping of jails individually.

This commit also removes the support for the sysutils/jailer port. This
is inline with the general policy to keep ports related knobs out
of the base system's configuration mechanism.

Submitted by: Juergen Unger <j.unger@@addict.de>
@
text
@d62 8
a69 1
jail_start()
d71 3
a73 9
	echo -n 'Configuring jails:'
	echo -n ' set_hostname_allowed='
	if checkyesno jail_set_hostname_allow ; then
		echo -n 'YES'
		${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=1
	else
		echo -n 'NO'
		${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=0
	fi
d75 6
a80 4
	echo -n ' unixiproute_only='
	if checkyesno jail_socket_unixiproute_only ; then
		echo -n 'YES'
		${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=1
d82 4
a85 2
		echo -n 'NO'
		${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=0
d87 1
d89 9
a97 8
	echo -n ' sysvipc_allow='
	if checkyesno jail_sysvipc_allow ; then
		echo -n 'YES'
		${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=1
	else
		echo -n 'NO'
		${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=0
	fi
d100 1
a100 1
	echo -n 'Starting Jails:'
@


1.10
log
@o Rename devfs_link() to make_symlink() and turn it into a generic
  symlinking routine.
o Modify rc.d/jail to create its own symlink relative to the jail's
  filesystem
@
text
@d127 3
a129 2
		jail 1>${jail_rootdir}/var/log/console.log 2>&1 \
		    ${jail_rootdir} ${jail_hostname} ${jail_ip} ${jail_exec}
d131 4
d141 17
a157 10
	echo 'Stopping all jails.'
	if checkyesno jail_stop_jailer; then
		rc_pid=$(ps aux | grep "jailer" | awk '$8 ~ /.*J/ {print  $2};')
	else
		rc_pid=$(ps aux | awk '$8 ~ /.*J/ {print  $2};')
	fi
	if [ -n "${rc_pid}" ]; then
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
	fi
d180 1
@


1.9
log
@If fdescfs(5) is mounted in a jail unmount it before devfs(5).

Submitted by:	"Scot W. Hetzel" <hetzelsw@@westbend.net>
@
text
@d103 4
a106 1
				devfs_link ${jail_devdir} ../var/run/log log
d109 2
d112 4
a115 1
			devfs_link ${jail_devdir} ../var/log/console console
@


1.8
log
@Redirect rc(8) output to a file in the jail's /var/log directory.
Previously it was redirected to /dev/null.

Submitted by: phk
@
text
@d141 5
a149 3
		fi
		if checkyesno jail_fdescfs; then
			umount -f ${jail_fdescdir} >/dev/null 2>&1
@


1.7
log
@Remove trailing whitespace
@
text
@d119 1
a119 1
		jail 1>/dev/null 2>&1 \
@


1.6
log
@Enhance the jail start/stop script.
o The following additional configuration attributes of a jail can be
  controlled from rc.conf:
	- mounting devfs(5)
	- mounting fdescfs(5)
	- mounting procfs(5)
	- custom devfs(8) ruleset
	  If no ruleset is specified, the default jail ruleset is used.

o The output of executing /etc/rc in the jail is now redirected
  to /dev/null. Instead, the hostname of the jail is echoed if
  the jail(8) command exited successfully. If the output is wanted
  it can probably be redirected to a file (/var/run/$jail maybe)
  instead of /dev/null.

Submitted by:	Scot W. Hetzel <hetzels@@westbend.net>
		with modifications by Jens Rehsack <rehsack@@liwing.de>
		and me.
@
text
@d66 1
a66 1
	if checkyesno jail_set_hostname_allow ; then 
d75 1
a75 1
	if checkyesno jail_socket_unixiproute_only ; then 
d94 1
a94 1
	for _jail in ${jail_list} 
@


1.5
log
@Quote $jail_exec with double-quote to avoid "[: unexpected operator".
@
text
@d9 1
a9 1
# KEYWORD: FreeBSD
d18 44
d93 1
a93 1
	echo 'Starting Jails.'
d96 26
a121 7
		eval jail_rootdir=\"\$jail_${_jail}_rootdir\"
		eval jail_hostname=\"\$jail_${_jail}_hostname\"
		eval jail_ip=\"\$jail_${_jail}_ip\"
		eval jail_exec=\"\$jail_${_jail}_exec\"
		[ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc"
		
		jail ${jail_rootdir} ${jail_hostname} ${jail_ip} ${jail_exec}
d123 1
d128 27
a154 1
	kill -TERM $(ps aux | awk '$8 ~ /.*J/ {print  $2};')
@


1.4
log
@Move securelevel further back in the boot order.

Approved by:	markm (mentor)(implicit)
Reviewed by:	dougb
@
text
@d56 1
a56 1
		[ -z ${jail_exec} ] && jail_exec="/bin/sh /etc/rc"
@


1.3
log
@Spell ${_jail} correctly

Submitted by: Shizuka Kudo <shizukakudo_99@@yahoo.com>
Approved by:	markm (mentor) (implicit)
@
text
@d8 1
@


1.2
log
@Fix typo (and make it more explicit/self-documenting).

Noticed by:	gshapiro
@
text
@d54 1
a54 1
		eval jail_exec=\"\$jail_${_jail_name}_exec\"
@


1.1
log
@o Add a script to start jails on boot.
o Hook it up to the build

Approved by:	markm (mentor)
Submitted by:	Clement Laforet <sheepkiller@@cultdeadsheep.org> (modified)
Prodded by:	mike
@
text
@d63 1
a63 1
	kill -5 $(ps aux | awk '$8 ~ /.*J/ {print  $2};')
@

