git: 3af770071046 - stable/13 - ifconfig(8): Teach ifconfig to attach and run itself in a jail

Wed, 16 Aug 2023 05:32:21 -0700 

The branch stable/13 has been updated by dfr:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=3af7700710466b330e54307ff5bc5ea6bb91fec4

commit 3af7700710466b330e54307ff5bc5ea6bb91fec4
Author:     Yan Ka Chiu <[email protected]>
AuthorDate: 2023-05-23 20:39:22 +0000
Commit:     Doug Rabson <[email protected]>
CommitDate: 2023-08-16 12:25:57 +0000

    ifconfig(8): Teach ifconfig to attach and run itself in a jail
    
    Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
    jail. This allow parent to configure network interfaces of its children
    even if ifconfig is not available in child's tree (e.g. Linux Jails)
    
    Reviewed by:    emaste, khng, melifaro
    Event:          Kitchener-Waterloo Hackathon 202305
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D40213
    
    (cherry picked from commit 7e49aa86a2824e76e9d9becf61db12066bc0d79d)
---
 sbin/ifconfig/ifconfig.8 | 22 ++++++++++++++++++++++
 sbin/ifconfig/ifconfig.c | 40 ++++++++++++++++++++++++++++++++++------
 2 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index e7d41da45bec..651d64fb31df 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -36,6 +36,7 @@
 .Nd configure network interface parameters
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ar jail
 .Op Fl kLmn
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Ar interface
@@ -49,9 +50,11 @@
 .Oc
 .Op Ar parameters
 .Nm
+.Op Fl j Ar jail
 .Ar interface
 .Cm destroy
 .Nm
+.Op Fl j Ar jail
 .Fl a
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
@@ -61,13 +64,16 @@
 .Nm
 .Fl C
 .Nm
+.Op Fl j Ar jail
 .Fl g Ar groupname
 .Nm
+.Op Fl j Ar jail
 .Fl l
 .Op Fl du
 .Op Fl g Ar groupname
 .Op Ar address_family
 .Nm
+.Op Fl j Ar jail
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Sh DESCRIPTION
@@ -233,6 +239,22 @@ Setting
 to
 .Cm all
 selects all interfaces.
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail .
+.Pp
+The
+.Cm ifconfig
+will first attach to the
+.Ar jail
+(by jail id or jail name) before performing the effects.
+.Pp
+This allow network interfaces of
+.Ar jail
+to be configured even if the
+.Cm ifconfig
+binary is not available in
+.Ar jail .
 .It Fl k
 Print keying information for the
 .Ar interface ,
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 6deeebba9f01..f93a97572a78 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -42,6 +42,9 @@ static const char rcsid[] =
 
 #include <sys/param.h>
 #include <sys/ioctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
 #include <sys/module.h>
 #include <sys/linker.h>
 #include <sys/queue.h>
@@ -189,12 +192,12 @@ usage(void)
        }
 
        fprintf(stderr,
-       "usage: ifconfig [-f type:format] %sinterface address_family\n"
+       "usage: ifconfig [-j jail] [-f type:format] %sinterface 
address_family\n"
        "                [address [dest_address]] [parameters]\n"
-       "       ifconfig interface create\n"
-       "       ifconfig -a %s[-d] [-m] [-u] [-v] [address_family]\n"
-       "       ifconfig -l [-d] [-u] [address_family]\n"
-       "       ifconfig %s[-d] [-m] [-u] [-v]\n",
+       "       ifconfig [-j jail] interface create\n"
+       "       ifconfig [-j jail] -a %s[-d] [-m] [-u] [-v] [address_family]\n"
+       "       ifconfig [-j jail] -l [-d] [-u] [address_family]\n"
+       "       ifconfig [-j jail] %s[-d] [-m] [-u] [-v]\n",
                options, options, options);
        exit(1);
 }
@@ -412,12 +415,18 @@ main(int argc, char *argv[])
        struct ifreq paifr;
        const struct sockaddr_dl *sdl;
        char options[1024], *cp, *envformat, *namecp = NULL;
+#ifdef JAIL
+       char *jail_name = NULL;
+#endif
        struct ifa_queue q = TAILQ_HEAD_INITIALIZER(q);
        struct ifa_order_elt *cur, *tmp;
        const char *ifname, *matchgroup, *nogroup;
        struct option *p;
        size_t iflen;
        int flags;
+#ifdef JAIL
+        int jid;
+#endif
 
        all = downonly = uponly = namesonly = noload = verbose = 0;
        f_inet = f_inet6 = f_ether = f_addr = NULL;
@@ -438,7 +447,7 @@ main(int argc, char *argv[])
        atexit(printifnamemaybe);
 
        /* Parse leading line options */
-       strlcpy(options, "G:adf:klmnuv", sizeof(options));
+       strlcpy(options, "G:adf:j:klmnuv", sizeof(options));
        for (p = opts; p != NULL; p = p->next)
                strlcat(options, p->opt, sizeof(options));
        while ((c = getopt(argc, argv, options)) != -1) {
@@ -459,6 +468,15 @@ main(int argc, char *argv[])
                                usage();
                        nogroup = optarg;
                        break;
+               case 'j':
+#ifdef JAIL
+                       if (optarg == NULL)
+                               usage();
+                       jail_name = optarg;
+#else
+                       Perror("not built with jail support");
+#endif
+                       break;
                case 'k':
                        printkeys++;
                        break;
@@ -511,6 +529,16 @@ main(int argc, char *argv[])
        if (!namesonly && argc < 1)
                all = 1;
 
+#ifdef JAIL
+       if (jail_name) {
+               jid = jail_getid(jail_name);
+               if (jid == -1)
+                       Perror("jail not found");
+               if (jail_attach(jid) != 0)
+                       Perror("cannot attach to jail");
+       }
+#endif
+
        /* -a and -l allow an address family arg to limit the output */
        if (all || namesonly) {
                if (argc > 1)

Reply via email to