mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-24 11:29:10 +00:00
Move the actual create/remove (IP__OP) handling into run_command,
and the cost of an ugly single-use global variable.
This commit is contained in:
parent
d8352076b1
commit
2b00f7ba65
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/projects/jailconf/; revision=223263
@ -94,7 +94,7 @@ next_command(struct cfjail *j)
|
||||
|
||||
rval = 0;
|
||||
create_failed = (j->flags & (JF_STOP | JF_FAILED)) == JF_FAILED;
|
||||
for (; (comparam = *j->comparam) && comparam != IP__OP;
|
||||
for (; (comparam = *j->comparam);
|
||||
j->comparam += create_failed ? -1 : 1) {
|
||||
if (j->comstring == NULL) {
|
||||
switch (comparam) {
|
||||
@ -102,6 +102,7 @@ next_command(struct cfjail *j)
|
||||
if (!bool_param(j->intparams[IP_MOUNT_DEVFS]))
|
||||
continue;
|
||||
/* FALLTHROUGH */
|
||||
case IP__OP:
|
||||
case IP_STOP_TIMEOUT:
|
||||
j->comstring = &dummystring;
|
||||
break;
|
||||
@ -256,19 +257,43 @@ run_command(struct cfjail *j)
|
||||
|
||||
static char *cleanenv;
|
||||
|
||||
/* Perform some operations that aren't actually commands */
|
||||
comparam = *j->comparam;
|
||||
down = j->flags & (JF_STOP | JF_FAILED);
|
||||
switch (comparam) {
|
||||
case IP_STOP_TIMEOUT:
|
||||
return term_procs(j);
|
||||
|
||||
case IP__OP:
|
||||
if (down) {
|
||||
if (jail_remove(j->jid) == 0 && verbose >= 0 &&
|
||||
(verbose > 0 || (j->flags & JF_STOP
|
||||
? note_remove : j->name != NULL)))
|
||||
jail_note(j, "removed\n");
|
||||
j->jid = -1;
|
||||
if (j->flags & JF_STOP)
|
||||
dep_done(j, DF_LIGHT);
|
||||
else
|
||||
j->flags &= ~JF_PERSIST;
|
||||
} else {
|
||||
if (create_jail(j) < 0) {
|
||||
failed(j);
|
||||
return -1;
|
||||
}
|
||||
if (verbose >= 0 && (j->name || verbose > 0))
|
||||
jail_note(j, "created\n");
|
||||
dep_done(j, DF_LIGHT);
|
||||
}
|
||||
requeue(j, &ready);
|
||||
return 1;
|
||||
}
|
||||
/*
|
||||
* Collect exec arguments. Internal commands for network and
|
||||
* mounting build their own argument lists.
|
||||
*/
|
||||
comparam = *j->comparam;
|
||||
comstring = j->comstring;
|
||||
bg = 0;
|
||||
down = j->flags & (JF_STOP | JF_FAILED);
|
||||
switch (comparam) {
|
||||
case IP_STOP_TIMEOUT:
|
||||
/* This isn't really a command */
|
||||
return term_procs(j);
|
||||
|
||||
case IP__IP4_IFADDR:
|
||||
argv = alloca(8 * sizeof(char *));
|
||||
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
||||
|
@ -55,9 +55,9 @@ struct permspec {
|
||||
};
|
||||
|
||||
const char *cfname;
|
||||
int note_remove;
|
||||
int verbose;
|
||||
|
||||
static int create_jail(struct cfjail *j);
|
||||
static void clear_persist(struct cfjail *j);
|
||||
static int update_jail(struct cfjail *j);
|
||||
static int rdtun_params(struct cfjail *j, int dofail);
|
||||
@ -271,6 +271,7 @@ main(int argc, char **argv)
|
||||
if ((docf = !Rflag &&
|
||||
(!strcmp(cfname, "-") || stat(cfname, &st) == 0)))
|
||||
load_config();
|
||||
note_remove = docf || argc > 1 || wild_jail_name(argv[0]);
|
||||
} else if (argc > 1 || (argc == 1 && strchr(argv[0], '='))) {
|
||||
/* Single jail specified on the command line */
|
||||
if (Rflag)
|
||||
@ -388,25 +389,7 @@ main(int argc, char **argv)
|
||||
continue;
|
||||
if (j->jid > 0)
|
||||
goto jail_create_done;
|
||||
j->comparam == startcommands + 1;
|
||||
} else if (*j->comparam == IP__OP) {
|
||||
if (j->flags & JF_FAILED) {
|
||||
if (jail_remove(j->jid) == 0 &&
|
||||
verbose >= 0 &&
|
||||
(j->name || verbose > 0))
|
||||
jail_note(j, "removed\n");
|
||||
j->jid = -1;
|
||||
j->flags &= ~JF_PERSIST;
|
||||
j->comparam--;
|
||||
} else if (create_jail(j) < 0) {
|
||||
j->comparam--;
|
||||
} else {
|
||||
if (verbose >= 0 &&
|
||||
(j->name || verbose > 0))
|
||||
jail_note(j, "created\n");
|
||||
dep_done(j, DF_LIGHT);
|
||||
j->comparam++;
|
||||
}
|
||||
j->comparam = startcommands + 1;
|
||||
}
|
||||
if (next_command(j))
|
||||
continue;
|
||||
@ -449,19 +432,9 @@ main(int argc, char **argv)
|
||||
j->name);
|
||||
goto jail_remove_done;
|
||||
}
|
||||
j->comparam == stopcommands + 1;
|
||||
} else if ((j->flags & JF_FAILED) && j->jid > 0) {
|
||||
j->comparam = stopcommands + 1;
|
||||
} else if ((j->flags & JF_FAILED) && j->jid > 0)
|
||||
goto jail_remove_done;
|
||||
} else if (*j->comparam == IP__OP) {
|
||||
if (jail_remove(j->jid) == 0 &&
|
||||
verbose >= 0 &&
|
||||
(docf || argc > 1 ||
|
||||
wild_jail_name(argv[0]) || verbose > 0))
|
||||
jail_note(j, "removed\n");
|
||||
j->jid = -1;
|
||||
dep_done(j, DF_LIGHT);
|
||||
j->comparam++;
|
||||
}
|
||||
if (next_command(j))
|
||||
continue;
|
||||
jail_remove_done:
|
||||
@ -578,7 +551,7 @@ jail_warnx(const struct cfjail *j, const char *fmt, ...)
|
||||
/*
|
||||
* Create a new jail.
|
||||
*/
|
||||
static int
|
||||
int
|
||||
create_jail(struct cfjail *j)
|
||||
{
|
||||
struct iovec jiov[4];
|
||||
@ -595,17 +568,14 @@ create_jail(struct cfjail *j)
|
||||
if (path[0] != '/') {
|
||||
jail_warnx(j, "path %s: not an absolute pathname",
|
||||
path);
|
||||
failed(j);
|
||||
return -1;
|
||||
}
|
||||
if (stat(path, &st) < 0) {
|
||||
jail_warnx(j, "path %s: %s", path, strerror(errno));
|
||||
failed(j);
|
||||
return -1;
|
||||
}
|
||||
if (!S_ISDIR(st.st_mode)) {
|
||||
jail_warnx(j, "path %s: %s", path, strerror(ENOTDIR));
|
||||
failed(j);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -621,7 +591,6 @@ create_jail(struct cfjail *j)
|
||||
alloca((j->njp + dopersist) * sizeof(struct jailparam));
|
||||
if (dopersist && jailparam_init(sjp++, "persist") < 0) {
|
||||
jail_warnx(j, "%s", jail_errmsg);
|
||||
failed(j);
|
||||
return -1;
|
||||
}
|
||||
for (jp = j->jp; jp < j->jp + j->njp; jp++)
|
||||
|
@ -182,6 +182,7 @@ struct cfdepend {
|
||||
extern void *emalloc(size_t);
|
||||
extern void *erealloc(void *, size_t);
|
||||
extern char *estrdup(const char *);
|
||||
extern int create_jail(struct cfjail *j);
|
||||
extern void failed(struct cfjail *j);
|
||||
extern void jail_note(const struct cfjail *j, const char *fmt, ...);
|
||||
extern void jail_warnx(const struct cfjail *j, const char *fmt, ...);
|
||||
@ -219,5 +220,6 @@ extern struct cfjails cfjails;
|
||||
extern struct cfjails ready;
|
||||
extern struct cfjails depend;
|
||||
extern const char *cfname;
|
||||
extern int note_remove;
|
||||
extern int paralimit;
|
||||
extern int verbose;
|
||||
|
Loading…
Reference in New Issue
Block a user