git: 18fd1443d205 - main - ifconfig: Enter jail as soon as possible

Mon, 15 Sep 2025 10:57:43 -0700 

The branch main has been updated by des:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=18fd1443d205aed6be22966125a4820f77571948

commit 18fd1443d205aed6be22966125a4820f77571948
Author:     Dag-Erling Smørgrav <d...@freebsd.org>
AuthorDate: 2025-09-15 17:56:33 +0000
Commit:     Dag-Erling Smørgrav <d...@freebsd.org>
CommitDate: 2025-09-15 17:56:33 +0000

    ifconfig: Enter jail as soon as possible
    
    Some options (in particular, -g) are processed immediately upon being
    parsed.  This will produce the wrong result in combination with -j since
    we only attach to the jail after we're done parsing arguments.  Solve
    this by attaching to the jail immediately when -j is encountered.  The
    downside is that e.g. `ifconfig -j foo -j bar` would previously attach
    to jail “bar”, whereas now it will attempt to attach to jail “foo”, and
    if successful, attempt to attach to jail “bar” within jail “foo”.  This
    may be considered a feature.
    
    PR:             289134
    MFC after:      1 week
    Reviewed by:    zlei
    Differential Revision:  https://reviews.freebsd.org/D52501
---
 sbin/ifconfig/ifconfig.8 | 42 +++++++++++++++++++++---------------------
 sbin/ifconfig/ifconfig.c | 22 ++++++++--------------
 sbin/ifconfig/ifconfig.h |  1 -
 3 files changed, 29 insertions(+), 36 deletions(-)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index b580191383b3..c4184ba61ee4 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 10, 2025
+.Dd September 12, 2025
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -36,7 +36,7 @@
 .Nd configure network interface parameters
 .Sh SYNOPSIS
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Op Fl DkLmn
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Ar interface
@@ -50,11 +50,11 @@
 .Oc
 .Op Ar parameters
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Ar interface
 .Cm destroy
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl a
 .Op Fl dDkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
@@ -64,16 +64,16 @@
 .Nm
 .Fl C
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl g Ar groupname
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl l
 .Op Fl du
 .Op Fl g Ar groupname
 .Op Ar address_family
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Sh DESCRIPTION
@@ -257,22 +257,22 @@ Setting
 to
 .Cm all
 selects all interfaces.
-.It Fl j Ar jail
-Perform the actions inside the
-.Ar jail .
+.It Fl j Ar jid
+Perform the actions inside the jail specified by
+.Ar jid ,
+which may be either a jail name or a numeric jail ID.
 .Pp
 The
-.Cm ifconfig
-will first attach to the
-.Ar jail
-(by jail id or jail name) before performing the effects.
-.Pp
-This allow network interfaces of
-.Ar jail
-to be configured even if the
-.Cm ifconfig
-binary is not available in
-.Ar jail .
+.Nm
+utility will attach to the specified jail immediately upon
+encountering the option on the command line.
+The option may be specified multiple times to attach to a nested jail
+(jail within a jail).
+.Pp
+This makes it possible to configure network interfaces within a vnet
+jail even if the
+.Nm
+binary is not available inside the jail.
 .It Fl k
 Print keying information for the
 .Ar interface ,
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 3f998b7f2b52..c323a26ec1a8 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -463,6 +463,9 @@ args_parse(struct ifconfig_args *args, int argc, char 
*argv[])
 {
        char options[1024];
        struct option *p;
+#ifdef JAIL
+       int jid;
+#endif
        int c;
 
        /* Parse leading line options */
@@ -494,7 +497,11 @@ args_parse(struct ifconfig_args *args, int argc, char 
*argv[])
 #ifdef JAIL
                        if (optarg == NULL)
                                usage();
-                       args->jail_name = optarg;
+                       jid = jail_getid(optarg);
+                       if (jid == -1)
+                               Perror("jail not found");
+                       if (jail_attach(jid) != 0)
+                               Perror("cannot attach to jail");
 #else
                        Perror("not built with jail support");
 #endif
@@ -611,9 +618,6 @@ main(int ac, char *av[])
 {
        char *envformat;
        int flags;
-#ifdef JAIL
-       int jid;
-#endif
        struct ifconfig_args _args = {};
        struct ifconfig_args *args = &_args;
 
@@ -638,16 +642,6 @@ main(int ac, char *av[])
 
        args_parse(args, ac, av);
 
-#ifdef JAIL
-       if (args->jail_name) {
-               jid = jail_getid(args->jail_name);
-               if (jid == -1)
-                       Perror("jail not found");
-               if (jail_attach(jid) != 0)
-                       Perror("cannot attach to jail");
-       }
-#endif
-
        if (!args->all && !args->namesonly) {
                /* not listing, need an argument */
                args->ifname = args_pop(args);
diff --git a/sbin/ifconfig/ifconfig.h b/sbin/ifconfig/ifconfig.h
index 468c9b4e80da..672020443b8c 100644
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@@ -249,7 +249,6 @@ struct ifconfig_args {
        const char *matchgroup;         /* Group name to match */
        const char *nogroup;            /* Group name to exclude */
        const struct afswtch *afp;      /* AF we're operating on */
-       const char *jail_name;  /* Jail name or jail id specified */
 };
 
 struct option {

Reply via email to