| config.c (214649) | config.c (214783) |
|---|---|
| 1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2010 James Gritton 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 11 unchanged lines hidden (view full) --- 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> |
| 28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214649 2010-11-01 21:37:28Z jamie $"); | 28__FBSDID("$FreeBSD: projects/jailconf/usr.sbin/jail/config.c 214783 2010-11-04 17:01:21Z jamie $"); |
| 29 30#include <sys/types.h> | 29 30#include <sys/types.h> |
| 31#include <sys/errno.h> |
|
| 31#include <sys/socket.h> 32#include <sys/sysctl.h> 33 34#include <arpa/inet.h> 35#include <netinet/in.h> 36 37#include <err.h> 38#include <netdb.h> --- 41 unchanged lines hidden (view full) --- 80 [IP_MOUNT_DEVFS_RULESET]= {"mount.devfs.ruleset", PF_INTERNAL}, 81 [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, 82 [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT}, 83 [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, 84 [IP__IP4_IFADDR] = {"ip4.addr", PF_INTERNAL | PF_CONV}, 85#ifdef INET6 86 [IP__IP6_IFADDR] = {"ip6.addr", PF_INTERNAL | PF_CONV}, 87#endif | 32#include <sys/socket.h> 33#include <sys/sysctl.h> 34 35#include <arpa/inet.h> 36#include <netinet/in.h> 37 38#include <err.h> 39#include <netdb.h> --- 41 unchanged lines hidden (view full) --- 81 [IP_MOUNT_DEVFS_RULESET]= {"mount.devfs.ruleset", PF_INTERNAL}, 82 [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, 83 [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT}, 84 [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, 85 [IP__IP4_IFADDR] = {"ip4.addr", PF_INTERNAL | PF_CONV}, 86#ifdef INET6 87 [IP__IP6_IFADDR] = {"ip6.addr", PF_INTERNAL | PF_CONV}, 88#endif |
| 89 [IP__MOUNT_FROM_FSTAB] = {"mount.fstab", PF_INTERNAL | PF_CONV}, |
|
| 88 [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0}, 89 [KP_ALLOW_MOUNT] = {"allow.mount", 0}, 90 [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0}, 91 [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0}, 92 [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, 93 [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, 94 [KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, 95 [KP_HOST_HOSTNAME] = {"host.hostname", 0}, --- 329 unchanged lines hidden (view full) --- 425int 426check_intparams(struct cfjail *j) 427{ 428 struct in_addr addr4; 429 struct addrinfo hints; 430 struct addrinfo *ai0, *ai; 431 struct cfparam *p; 432 struct cfstring *s, *ns; | 90 [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0}, 91 [KP_ALLOW_MOUNT] = {"allow.mount", 0}, 92 [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0}, 93 [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0}, 94 [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, 95 [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, 96 [KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, 97 [KP_HOST_HOSTNAME] = {"host.hostname", 0}, --- 329 unchanged lines hidden (view full) --- 427int 428check_intparams(struct cfjail *j) 429{ 430 struct in_addr addr4; 431 struct addrinfo hints; 432 struct addrinfo *ai0, *ai; 433 struct cfparam *p; 434 struct cfstring *s, *ns; |
| 435 FILE *f; |
|
| 433 const char *hostname, *val; | 436 const char *hostname, *val; |
| 434 char *cs, *ep; 435 size_t size; | 437 char *cs, *ep, *ln; 438 size_t size, lnlen; |
| 436 int error, gicode, ip4ok, defif, prefix; 437 int mib[4]; 438 char avalue4[INET_ADDRSTRLEN]; 439#ifdef INET6 440 struct in6_addr addr6; 441 int ip6ok, isip6; 442 char avalue6[INET6_ADDRSTRLEN]; 443#endif --- 152 unchanged lines hidden (view full) --- 596 *cs = '\0'; 597 s->len = cs - s->s + 1; 598 } 599 } 600 } 601#ifndef INET6 602 while (0); 603#endif | 439 int error, gicode, ip4ok, defif, prefix; 440 int mib[4]; 441 char avalue4[INET_ADDRSTRLEN]; 442#ifdef INET6 443 struct in6_addr addr6; 444 int ip6ok, isip6; 445 char avalue6[INET6_ADDRSTRLEN]; 446#endif --- 152 unchanged lines hidden (view full) --- 599 *cs = '\0'; 600 s->len = cs - s->s + 1; 601 } 602 } 603 } 604#ifndef INET6 605 while (0); 606#endif |
| 607 608 /* 609 * Read mount.fstab file(s), and treat each line as its own mount 610 * parameter. 611 */ 612 if (j->intparams[IP_MOUNT_FSTAB] != NULL) { 613 STAILQ_FOREACH(s, &j->intparams[IP_MOUNT_FSTAB]->val, tq) { 614 if (s->len == 0) 615 continue; 616 f = fopen(s->s, "r"); 617 if (f == NULL) { 618 jail_warnx(j, "mount.fstab: %s: %s", 619 s->s, strerror(errno)); 620 error = -1; 621 continue; 622 } 623 while ((ln = fgetln(f, &lnlen))) { 624 if ((cs = memchr(ln, '#', lnlen - 1))) 625 lnlen = cs - ln + 1; 626 if (ln[lnlen - 1] == '\n' || 627 ln[lnlen - 1] == '#') 628 ln[lnlen - 1] = '\0'; 629 else { 630 cs = alloca(lnlen + 1); 631 strlcpy(cs, ln, lnlen + 1); 632 ln = cs; 633 } 634 add_param(j, NULL, IP__MOUNT_FROM_FSTAB, ln); 635 } 636 fclose(f); 637 } 638 } 639 if (error) 640 failed(j); |
|
| 604 return error; 605} 606 607/* 608 * Import parameters into libjail's binary jailparam format. 609 */ 610int 611import_params(struct cfjail *j) --- 161 unchanged lines hidden --- | 641 return error; 642} 643 644/* 645 * Import parameters into libjail's binary jailparam format. 646 */ 647int 648import_params(struct cfjail *j) --- 161 unchanged lines hidden --- |