1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-04 09:09:56 +00:00
freebsd/sbin/bectl/bectl_jail.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

492 lines
11 KiB
C
Raw Normal View History

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2018 Kyle Evans <kevans@FreeBSD.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/mount.h>
#include <sys/wait.h>
#include <err.h>
#include <jail.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <be.h>
#include "bectl.h"
#define MNTTYPE_ZFS 222
static void jailparam_add(const char *name, const char *val);
static int jailparam_del(const char *name);
static bool jailparam_addarg(char *arg);
static int jailparam_delarg(char *arg);
static int bectl_search_jail_paths(const char *mnt);
static int bectl_locate_jail(const char *ident);
static int bectl_jail_cleanup(char *mountpoint, int jid);
static char mnt_loc[BE_MAXPATHLEN];
static nvlist_t *jailparams;
static const char *disabled_params[] = {
"command", "exec.start", "nopersist", "persist", NULL
};
static void
jailparam_add(const char *name, const char *val)
{
nvlist_add_string(jailparams, name, val);
}
static int
jailparam_del(const char *name)
{
nvlist_remove_all(jailparams, name);
return (0);
}
static bool
jailparam_addarg(char *arg)
{
char *name, *val;
size_t i, len;
if (arg == NULL)
return (false);
name = arg;
if ((val = strchr(arg, '=')) == NULL) {
fprintf(stderr, "bectl jail: malformed jail option '%s'\n",
arg);
return (false);
}
*val++ = '\0';
if (strcmp(name, "path") == 0) {
if (strlen(val) >= BE_MAXPATHLEN) {
fprintf(stderr,
"bectl jail: skipping too long path assignment '%s' (max length = %d)\n",
val, BE_MAXPATHLEN);
return (false);
}
strlcpy(mnt_loc, val, sizeof(mnt_loc));
}
for (i = 0; disabled_params[i] != NULL; i++) {
len = strlen(disabled_params[i]);
if (strncmp(disabled_params[i], name, len) == 0) {
fprintf(stderr, "invalid jail parameter: %s\n", name);
return (false);
}
}
jailparam_add(name, val);
return (true);
}
static int
jailparam_delarg(char *arg)
{
char *name, *val;
if (arg == NULL)
return (EINVAL);
name = arg;
if ((val = strchr(name, '=')) != NULL)
*val++ = '\0';
if (strcmp(name, "path") == 0)
*mnt_loc = '\0';
return (jailparam_del(name));
}
static int
build_jailcmd(char ***argvp, bool interactive, int argc, char *argv[])
{
zfs: merge openzfs/zfs@431083f75 Notable upstream pull request merges: #12194 Fix short-lived txg caused by autotrim #13368 ZFS_IOC_COUNT_FILLED does unnecessary txg_wait_synced() #13392 Implementation of block cloning for ZFS #13741 SHA2 reworking and API for iterating over multiple implementations #14282 Sync thread should avoid holding the spa config write lock when possible #14283 txg_sync should handle write errors in ZIL #14359 More adaptive ARC eviction #14469 Fix NULL pointer dereference in zio_ready() #14479 zfs redact fails when dnodesize=auto #14496 improve error message of zfs redact #14500 Skip memory allocation when compressing holes #14501 FreeBSD: don't verify recycled vnode for zfs control directory #14502 partially revert PR 14304 (eee9362a7) #14509 Fix per-jail zfs.mount_snapshot setting #14514 Fix data race between zil_commit() and zil_suspend() #14516 System-wide speculative prefetch limit #14517 Use rw_tryupgrade() in dmu_bonus_hold_by_dnode() #14519 Do not hold spa_config in ZIL while blocked on IO #14523 Move dmu_buf_rele() after dsl_dataset_sync_done() #14524 Ignore too large stack in case of dsl_deadlist_merge #14526 Use .section .rodata instead of .rodata on FreeBSD #14528 ICP: AES-GCM: Refactor gcm_clear_ctx() #14529 ICP: AES-GCM: Unify gcm_init_ctx() and gmac_init_ctx() #14532 Handle unexpected errors in zil_lwb_commit() without ASSERT() #14544 icp: Prevent compilers from optimizing away memset() in gcm_clear_ctx() #14546 Revert zfeature_active() to static #14556 Remove bad kmem_free() oversight from previous zfsdev_state_list patch #14563 Optimize the is_l2cacheable functions #14565 FreeBSD: zfs_znode_alloc: lock the vnode earlier #14566 FreeBSD: fix false assert in cache_vop_rmdir when replaying ZIL #14567 spl: Add cmn_err_once() to log a message only on the first call #14568 Fix incremental receive silently failing for recursive sends #14569 Restore ASMABI and other Unify work #14576 Fix detection of IBM Power8 machines (ISA 2.07) #14577 Better handling for future crypto parameters #14600 zcommon: Refactor FPU state handling in fletcher4 #14603 Fix prefetching of indirect blocks while destroying #14633 Fixes in persistent error log #14639 FreeBSD: Remove extra arc_reduce_target_size() call #14641 Additional limits on hole reporting #14649 Drop lying to the compiler in the fletcher4 code #14652 panic loop when removing slog device #14653 Update vdev state for spare vdev #14655 Fix cloning into already dirty dbufs #14678 Revert "Do not hold spa_config in ZIL while blocked on IO" Obtained from: OpenZFS OpenZFS commit: 431083f75bdd3efaee992bdd672625ec7240d252
2023-04-03 14:49:30 +00:00
char *cmd, **jargv;
const char *name, *val;
nvpair_t *nvp;
size_t i, iarg, nargv;
cmd = NULL;
nvp = NULL;
iarg = i = 0;
if (nvlist_size(jailparams, &nargv, NV_ENCODE_NATIVE) != 0)
return (1);
/*
* Number of args + "/usr/sbin/jail", "-c", and ending NULL.
* If interactive also include command.
*/
nargv += 3;
if (interactive) {
if (argc == 0)
nargv++;
else
nargv += argc;
}
jargv = *argvp = calloc(nargv, sizeof(*jargv));
if (jargv == NULL)
err(2, "calloc");
jargv[iarg++] = strdup("/usr/sbin/jail");
jargv[iarg++] = strdup("-c");
while ((nvp = nvlist_next_nvpair(jailparams, nvp)) != NULL) {
name = nvpair_name(nvp);
if (nvpair_value_string(nvp, &val) != 0)
continue;
if (asprintf(&jargv[iarg++], "%s=%s", name, val) < 0)
goto error;
}
if (interactive) {
if (argc < 1)
cmd = strdup("/bin/sh");
else {
cmd = argv[0];
argc--;
argv++;
}
if (asprintf(&jargv[iarg++], "command=%s", cmd) < 0) {
goto error;
}
if (argc < 1) {
free(cmd);
cmd = NULL;
}
for (; argc > 0; argc--) {
if (asprintf(&jargv[iarg++], "%s", argv[0]) < 0)
goto error;
argv++;
}
}
return (0);
error:
if (interactive && argc < 1)
free(cmd);
for (; i < iarg - 1; i++) {
free(jargv[i]);
}
free(jargv);
return (1);
}
/* Remove jail and cleanup any non zfs mounts. */
static int
bectl_jail_cleanup(char *mountpoint, int jid)
{
struct statfs *mntbuf;
size_t i, searchlen, mntsize;
if (jid >= 0 && jail_remove(jid) != 0) {
fprintf(stderr, "unable to remove jail");
return (1);
}
searchlen = strnlen(mountpoint, MAXPATHLEN);
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mountpoint, mntbuf[i].f_mntonname, searchlen) == 0 &&
mntbuf[i].f_type != MNTTYPE_ZFS) {
if (unmount(mntbuf[i].f_mntonname, 0) != 0) {
fprintf(stderr, "bectl jail: unable to unmount filesystem %s",
mntbuf[i].f_mntonname);
return (1);
}
}
}
return (0);
}
int
bectl_cmd_jail(int argc, char *argv[])
{
char *bootenv, **jargv, *mountpoint;
int i, jid, mntflags, opt, ret;
bool default_hostname, interactive, unjail;
pid_t pid;
/* XXX TODO: Allow shallow */
mntflags = BE_MNT_DEEP;
default_hostname = interactive = unjail = true;
if ((nvlist_alloc(&jailparams, NV_UNIQUE_NAME, 0)) != 0) {
fprintf(stderr, "nvlist_alloc() failed\n");
return (1);
}
jailparam_add("persist", "true");
jailparam_add("allow.mount", "true");
jailparam_add("allow.mount.devfs", "true");
jailparam_add("enforce_statfs", "1");
while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) {
switch (opt) {
case 'b':
interactive = false;
break;
case 'o':
if (jailparam_addarg(optarg)) {
/*
* optarg has been modified to null terminate
* at the assignment operator.
*/
if (strcmp(optarg, "host.hostname") == 0)
default_hostname = false;
} else {
return (1);
}
break;
case 'U':
unjail = false;
break;
case 'u':
if ((ret = jailparam_delarg(optarg)) == 0) {
if (strcmp(optarg, "host.hostname") == 0)
default_hostname = true;
} else if (ret != ENOENT) {
fprintf(stderr,
"bectl jail: error unsetting \"%s\"\n",
optarg);
return (ret);
}
break;
default:
fprintf(stderr, "bectl jail: unknown option '-%c'\n",
optopt);
return (usage(false));
}
}
argc -= optind;
argv += optind;
if (argc < 1) {
fprintf(stderr, "bectl jail: missing boot environment name\n");
return (usage(false));
}
bootenv = argv[0];
argc--;
argv++;
/*
* XXX TODO: if its already mounted, perhaps there should be a flag to
* indicate its okay to proceed??
*/
if (*mnt_loc == '\0')
mountpoint = NULL;
else
mountpoint = mnt_loc;
if (be_mount(be, bootenv, mountpoint, mntflags, mnt_loc) != BE_ERR_SUCCESS) {
fprintf(stderr, "could not mount bootenv\n");
return (1);
}
if (default_hostname)
jailparam_add("host.hostname", bootenv);
/*
* This is our indicator that path was not set by the user, so we'll use
* the path that libbe generated for us.
*/
if (mountpoint == NULL) {
jailparam_add("path", mnt_loc);
mountpoint = mnt_loc;
}
if ((build_jailcmd(&jargv, interactive, argc, argv)) != 0) {
fprintf(stderr, "unable to build argument list for jail command\n");
return (1);
}
pid = fork();
switch (pid) {
case -1:
perror("fork");
return (1);
case 0:
execv("/usr/sbin/jail", jargv);
fprintf(stderr, "bectl jail: failed to execute\n");
return (1);
default:
waitpid(pid, NULL, 0);
}
for (i = 0; jargv[i] != NULL; i++) {
free(jargv[i]);
}
free(jargv);
/* Non-interactive (-b) mode means the jail sticks around. */
if (interactive && unjail) {
/*
* We're not checking the jail id result here because in the
* case of invalid param, or last command in jail was an error
* the jail will not exist upon exit. bectl_jail_cleanup will
* only jail_remove if the jid is >= 0.
*/
jid = bectl_locate_jail(bootenv);
bectl_jail_cleanup(mountpoint, jid);
be_unmount(be, bootenv, 0);
}
return (0);
}
static int
bectl_search_jail_paths(const char *mnt)
{
int jid;
char lastjid[16];
char jailpath[MAXPATHLEN];
/* jail_getv expects name/value strings */
snprintf(lastjid, sizeof(lastjid), "%d", 0);
while ((jid = jail_getv(0, "lastjid", lastjid, "path", &jailpath,
NULL)) != -1) {
/* the jail we've been looking for */
if (strcmp(jailpath, mnt) == 0)
return (jid);
/* update lastjid and keep on looking */
snprintf(lastjid, sizeof(lastjid), "%d", jid);
}
return (-1);
}
/*
* Locate a jail based on an arbitrary identifier. This may be either a name,
* a jid, or a BE name. Returns the jid or -1 on failure.
*/
static int
bectl_locate_jail(const char *ident)
{
nvlist_t *belist, *props;
zfs: merge openzfs/zfs@431083f75 Notable upstream pull request merges: #12194 Fix short-lived txg caused by autotrim #13368 ZFS_IOC_COUNT_FILLED does unnecessary txg_wait_synced() #13392 Implementation of block cloning for ZFS #13741 SHA2 reworking and API for iterating over multiple implementations #14282 Sync thread should avoid holding the spa config write lock when possible #14283 txg_sync should handle write errors in ZIL #14359 More adaptive ARC eviction #14469 Fix NULL pointer dereference in zio_ready() #14479 zfs redact fails when dnodesize=auto #14496 improve error message of zfs redact #14500 Skip memory allocation when compressing holes #14501 FreeBSD: don't verify recycled vnode for zfs control directory #14502 partially revert PR 14304 (eee9362a7) #14509 Fix per-jail zfs.mount_snapshot setting #14514 Fix data race between zil_commit() and zil_suspend() #14516 System-wide speculative prefetch limit #14517 Use rw_tryupgrade() in dmu_bonus_hold_by_dnode() #14519 Do not hold spa_config in ZIL while blocked on IO #14523 Move dmu_buf_rele() after dsl_dataset_sync_done() #14524 Ignore too large stack in case of dsl_deadlist_merge #14526 Use .section .rodata instead of .rodata on FreeBSD #14528 ICP: AES-GCM: Refactor gcm_clear_ctx() #14529 ICP: AES-GCM: Unify gcm_init_ctx() and gmac_init_ctx() #14532 Handle unexpected errors in zil_lwb_commit() without ASSERT() #14544 icp: Prevent compilers from optimizing away memset() in gcm_clear_ctx() #14546 Revert zfeature_active() to static #14556 Remove bad kmem_free() oversight from previous zfsdev_state_list patch #14563 Optimize the is_l2cacheable functions #14565 FreeBSD: zfs_znode_alloc: lock the vnode earlier #14566 FreeBSD: fix false assert in cache_vop_rmdir when replaying ZIL #14567 spl: Add cmn_err_once() to log a message only on the first call #14568 Fix incremental receive silently failing for recursive sends #14569 Restore ASMABI and other Unify work #14576 Fix detection of IBM Power8 machines (ISA 2.07) #14577 Better handling for future crypto parameters #14600 zcommon: Refactor FPU state handling in fletcher4 #14603 Fix prefetching of indirect blocks while destroying #14633 Fixes in persistent error log #14639 FreeBSD: Remove extra arc_reduce_target_size() call #14641 Additional limits on hole reporting #14649 Drop lying to the compiler in the fletcher4 code #14652 panic loop when removing slog device #14653 Update vdev state for spare vdev #14655 Fix cloning into already dirty dbufs #14678 Revert "Do not hold spa_config in ZIL while blocked on IO" Obtained from: OpenZFS OpenZFS commit: 431083f75bdd3efaee992bdd672625ec7240d252
2023-04-03 14:49:30 +00:00
const char *mnt;
int jid;
/* Try the easy-match first */
jid = jail_getid(ident);
/*
* jail_getid(0) will always return 0, because this prison does exist.
* bectl(8) knows that this is not what it wants, so we should fall
* back to mount point search.
*/
if (jid > 0)
return (jid);
/* Attempt to try it as a BE name, first */
if (be_prop_list_alloc(&belist) != 0)
return (-1);
if (be_get_bootenv_props(be, belist) != 0)
return (-1);
if (nvlist_lookup_nvlist(belist, ident, &props) == 0) {
/* path where a boot environment is mounted */
if (nvlist_lookup_string(props, "mounted", &mnt) == 0) {
/* looking for a jail that matches our bootenv path */
jid = bectl_search_jail_paths(mnt);
be_prop_list_free(belist);
return (jid);
}
be_prop_list_free(belist);
}
return (-1);
}
int
bectl_cmd_unjail(int argc, char *argv[])
{
char path[MAXPATHLEN];
char *cmd, *name, *target;
int jid;
/* Store alias used */
cmd = argv[0];
if (argc != 2) {
fprintf(stderr, "bectl %s: wrong number of arguments\n", cmd);
return (usage(false));
}
target = argv[1];
/* Locate the jail */
if ((jid = bectl_locate_jail(target)) == -1) {
fprintf(stderr, "bectl %s: failed to locate BE by '%s'\n", cmd,
target);
return (1);
}
bzero(&path, MAXPATHLEN);
name = jail_getname(jid);
if (jail_getv(0, "name", name, "path", path, NULL) != jid) {
free(name);
fprintf(stderr,
"bectl %s: failed to get path for jail requested by '%s'\n",
cmd, target);
return (1);
}
free(name);
if (be_mounted_at(be, path, NULL) != 0) {
fprintf(stderr, "bectl %s: jail requested by '%s' not a BE\n",
cmd, target);
return (1);
}
bectl_jail_cleanup(path, jid);
be_unmount(be, target, 0);
return (0);
}