263 */ 264static int 265run_command(struct cfjail *j) 266{ 267 const struct passwd *pwd; 268 const struct cfstring *comstring, *s; 269 login_cap_t *lcap; 270 const char **argv; 271 char *acs, *cs, *comcs, *devpath; 272 const char *jidstr, *conslog, *path, *ruleset, *term, *username; 273 enum intparam comparam; 274 size_t comlen; 275 pid_t pid; 276 int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; 277#if defined(INET) || defined(INET6) 278 char *addr, *extrap, *p, *val; 279#endif 280 281 static char *cleanenv; 282 283 /* Perform some operations that aren't actually commands */ 284 comparam = *j->comparam; 285 down = j->flags & (JF_STOP | JF_FAILED); 286 switch (comparam) { 287 case IP_STOP_TIMEOUT: 288 return term_procs(j); 289 290 case IP__OP: 291 if (down) { 292 if (jail_remove(j->jid) < 0 && errno == EPERM) { 293 jail_warnx(j, "jail_remove: %s", 294 strerror(errno)); 295 return -1; 296 } 297 if (verbose > 0 || (verbose == 0 && (j->flags & JF_STOP 298 ? note_remove : j->name != NULL))) 299 jail_note(j, "removed\n"); 300 j->jid = -1; 301 if (j->flags & JF_STOP) 302 dep_done(j, DF_LIGHT); 303 else 304 j->flags &= ~JF_PERSIST; 305 } else { 306 if (create_jail(j) < 0) 307 return -1; 308 if (iflag) 309 printf("%d\n", j->jid); 310 if (verbose >= 0 && (j->name || verbose > 0)) 311 jail_note(j, "created\n"); 312 dep_done(j, DF_LIGHT); 313 } 314 return 0; 315 316 default: ; 317 } 318 /* 319 * Collect exec arguments. Internal commands for network and 320 * mounting build their own argument lists. 321 */ 322 comstring = j->comstring; 323 bg = 0; 324 switch (comparam) { 325#ifdef INET 326 case IP__IP4_IFADDR: 327 argc = 0; 328 val = alloca(strlen(comstring->s) + 1); 329 strcpy(val, comstring->s); 330 cs = val; 331 extrap = NULL; 332 while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { 333 if (extrap == NULL) { 334 *p = '\0'; 335 extrap = p + 1; 336 } 337 cs = p + 1; 338 argc++; 339 } 340 341 argv = alloca((8 + argc) * sizeof(char *)); 342 argv[0] = _PATH_IFCONFIG; 343 if ((cs = strchr(val, '|'))) { 344 argv[1] = acs = alloca(cs - val + 1); 345 strlcpy(acs, val, cs - val + 1); 346 addr = cs + 1; 347 } else { 348 argv[1] = string_param(j->intparams[IP_INTERFACE]); 349 addr = val; 350 } 351 argv[2] = "inet"; 352 if (!(cs = strchr(addr, '/'))) { 353 argv[3] = addr; 354 argv[4] = "netmask"; 355 argv[5] = "255.255.255.255"; 356 argc = 6; 357 } else if (strchr(cs + 1, '.')) { 358 argv[3] = acs = alloca(cs - addr + 1); 359 strlcpy(acs, addr, cs - addr + 1); 360 argv[4] = "netmask"; 361 argv[5] = cs + 1; 362 argc = 6; 363 } else { 364 argv[3] = addr; 365 argc = 4; 366 } 367 368 if (!down) { 369 for (cs = strtok(extrap, " "); cs; 370 cs = strtok(NULL, " ")) { 371 size_t len = strlen(cs) + 1; 372 argv[argc++] = acs = alloca(len); 373 strlcpy(acs, cs, len); 374 } 375 } 376 377 argv[argc] = down ? "-alias" : "alias"; 378 argv[argc + 1] = NULL; 379 break; 380#endif 381 382#ifdef INET6 383 case IP__IP6_IFADDR: 384 argc = 0; 385 val = alloca(strlen(comstring->s) + 1); 386 strcpy(val, comstring->s); 387 cs = val; 388 extrap = NULL; 389 while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { 390 if (extrap == NULL) { 391 *p = '\0'; 392 extrap = p + 1; 393 } 394 cs = p + 1; 395 argc++; 396 } 397 398 argv = alloca((8 + argc) * sizeof(char *)); 399 argv[0] = _PATH_IFCONFIG; 400 if ((cs = strchr(val, '|'))) { 401 argv[1] = acs = alloca(cs - val + 1); 402 strlcpy(acs, val, cs - val + 1); 403 addr = cs + 1; 404 } else { 405 argv[1] = string_param(j->intparams[IP_INTERFACE]); 406 addr = val; 407 } 408 argv[2] = "inet6"; 409 argv[3] = addr; 410 if (!(cs = strchr(addr, '/'))) { 411 argv[4] = "prefixlen"; 412 argv[5] = "128"; 413 argc = 6; 414 } else 415 argc = 4; 416 417 if (!down) { 418 for (cs = strtok(extrap, " "); cs; 419 cs = strtok(NULL, " ")) { 420 size_t len = strlen(cs) + 1; 421 argv[argc++] = acs = alloca(len); 422 strlcpy(acs, cs, len); 423 } 424 } 425 426 argv[argc] = down ? "-alias" : "alias"; 427 argv[argc + 1] = NULL; 428 break; 429#endif 430 431 case IP_VNET_INTERFACE: 432 argv = alloca(5 * sizeof(char *)); 433 argv[0] = _PATH_IFCONFIG; 434 argv[1] = comstring->s; 435 argv[2] = down ? "-vnet" : "vnet"; 436 jidstr = string_param(j->intparams[KP_JID]); 437 argv[3] = jidstr ? jidstr : string_param(j->intparams[KP_NAME]); 438 argv[4] = NULL; 439 break; 440 441 case IP_MOUNT: 442 case IP__MOUNT_FROM_FSTAB: 443 argv = alloca(8 * sizeof(char *)); 444 comcs = alloca(comstring->len + 1); 445 strcpy(comcs, comstring->s); 446 argc = 0; 447 for (cs = strtok(comcs, " \t\f\v\r\n"); cs && argc < 4; 448 cs = strtok(NULL, " \t\f\v\r\n")) { 449 if (argc <= 1 && strunvis(cs, cs) < 0) { 450 jail_warnx(j, "%s: %s: fstab parse error", 451 j->intparams[comparam]->name, comstring->s); 452 return -1; 453 } 454 argv[argc++] = cs; 455 } 456 if (argc == 0) 457 return 0; 458 if (argc < 3) { 459 jail_warnx(j, "%s: %s: missing information", 460 j->intparams[comparam]->name, comstring->s); 461 return -1; 462 } 463 if (check_path(j, j->intparams[comparam]->name, argv[1], 0, 464 down ? argv[2] : NULL) < 0) 465 return -1; 466 if (down) { 467 argv[4] = NULL; 468 argv[3] = argv[1]; 469 argv[0] = "/sbin/umount"; 470 } else { 471 if (argc == 4) { 472 argv[7] = NULL; 473 argv[6] = argv[1]; 474 argv[5] = argv[0]; 475 argv[4] = argv[3]; 476 argv[3] = "-o"; 477 } else { 478 argv[5] = NULL; 479 argv[4] = argv[1]; 480 argv[3] = argv[0]; 481 } 482 argv[0] = _PATH_MOUNT; 483 } 484 argv[1] = "-t"; 485 break; 486 487 case IP_MOUNT_DEVFS: 488 argv = alloca(7 * sizeof(char *)); 489 path = string_param(j->intparams[KP_PATH]); 490 if (path == NULL) { 491 jail_warnx(j, "mount.devfs: no path"); 492 return -1; 493 } 494 devpath = alloca(strlen(path) + 5); 495 sprintf(devpath, "%s/dev", path); 496 if (check_path(j, "mount.devfs", devpath, 0, 497 down ? "devfs" : NULL) < 0) 498 return -1; 499 if (down) { 500 argv[0] = "/sbin/umount"; 501 argv[1] = devpath; 502 argv[2] = NULL; 503 } else { 504 argv[0] = _PATH_MOUNT; 505 argv[1] = "-t"; 506 argv[2] = "devfs"; 507 ruleset = string_param(j->intparams[KP_DEVFS_RULESET]); 508 if (!ruleset) 509 ruleset = "4"; /* devfsrules_jail */ 510 argv[3] = acs = alloca(11 + strlen(ruleset)); 511 sprintf(acs, "-oruleset=%s", ruleset); 512 argv[4] = "."; 513 argv[5] = devpath; 514 argv[6] = NULL; 515 } 516 break; 517 518 case IP_MOUNT_FDESCFS: 519 argv = alloca(7 * sizeof(char *)); 520 path = string_param(j->intparams[KP_PATH]); 521 if (path == NULL) { 522 jail_warnx(j, "mount.fdescfs: no path"); 523 return -1; 524 } 525 devpath = alloca(strlen(path) + 8); 526 sprintf(devpath, "%s/dev/fd", path); 527 if (check_path(j, "mount.fdescfs", devpath, 0, 528 down ? "fdescfs" : NULL) < 0) 529 return -1; 530 if (down) { 531 argv[0] = "/sbin/umount"; 532 argv[1] = devpath; 533 argv[2] = NULL; 534 } else { 535 argv[0] = _PATH_MOUNT; 536 argv[1] = "-t"; 537 argv[2] = "fdescfs"; 538 argv[3] = "."; 539 argv[4] = devpath; 540 argv[5] = NULL; 541 } 542 break; 543 544 case IP_MOUNT_PROCFS: 545 argv = alloca(7 * sizeof(char *)); 546 path = string_param(j->intparams[KP_PATH]); 547 if (path == NULL) { 548 jail_warnx(j, "mount.procfs: no path"); 549 return -1; 550 } 551 devpath = alloca(strlen(path) + 6); 552 sprintf(devpath, "%s/proc", path); 553 if (check_path(j, "mount.procfs", devpath, 0, 554 down ? "procfs" : NULL) < 0) 555 return -1; 556 if (down) { 557 argv[0] = "/sbin/umount"; 558 argv[1] = devpath; 559 argv[2] = NULL; 560 } else { 561 argv[0] = _PATH_MOUNT; 562 argv[1] = "-t"; 563 argv[2] = "procfs"; 564 argv[3] = "."; 565 argv[4] = devpath; 566 argv[5] = NULL; 567 } 568 break; 569 570 case IP_COMMAND: 571 if (j->name != NULL) 572 goto default_command; 573 argc = 0; 574 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq) 575 argc++; 576 argv = alloca((argc + 1) * sizeof(char *)); 577 argc = 0; 578 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq) 579 argv[argc++] = s->s; 580 argv[argc] = NULL; 581 j->comstring = &dummystring; 582 break; 583 584 default: 585 default_command: 586 if ((cs = strpbrk(comstring->s, "!\"$&'()*;<>?[\\]`{|}~")) && 587 !(cs[0] == '&' && cs[1] == '\0')) { 588 argv = alloca(4 * sizeof(char *)); 589 argv[0] = _PATH_BSHELL; 590 argv[1] = "-c"; 591 argv[2] = comstring->s; 592 argv[3] = NULL; 593 } else { 594 if (cs) { 595 *cs = 0; 596 bg = 1; 597 } 598 comcs = alloca(comstring->len + 1); 599 strcpy(comcs, comstring->s); 600 argc = 0; 601 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 602 cs = strtok(NULL, " \t\f\v\r\n")) 603 argc++; 604 argv = alloca((argc + 1) * sizeof(char *)); 605 strcpy(comcs, comstring->s); 606 argc = 0; 607 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 608 cs = strtok(NULL, " \t\f\v\r\n")) 609 argv[argc++] = cs; 610 argv[argc] = NULL; 611 } 612 } 613 if (argv[0] == NULL) 614 return 0; 615 616 if (int_param(j->intparams[IP_EXEC_TIMEOUT], &timeout) && 617 timeout != 0) { 618 clock_gettime(CLOCK_REALTIME, &j->timeout); 619 j->timeout.tv_sec += timeout; 620 } else 621 j->timeout.tv_sec = 0; 622 623 injail = comparam == IP_EXEC_START || comparam == IP_COMMAND || 624 comparam == IP_EXEC_STOP; 625 clean = bool_param(j->intparams[IP_EXEC_CLEAN]); 626 username = string_param(j->intparams[injail 627 ? IP_EXEC_JAIL_USER : IP_EXEC_SYSTEM_USER]); 628 sjuser = bool_param(j->intparams[IP_EXEC_SYSTEM_JAIL_USER]); 629 630 consfd = 0; 631 if (injail && 632 (conslog = string_param(j->intparams[IP_EXEC_CONSOLELOG]))) { 633 if (check_path(j, "exec.consolelog", conslog, 1, NULL) < 0) 634 return -1; 635 consfd = 636 open(conslog, O_WRONLY | O_CREAT | O_APPEND, DEFFILEMODE); 637 if (consfd < 0) { 638 jail_warnx(j, "open %s: %s", conslog, strerror(errno)); 639 return -1; 640 } 641 } 642 643 comlen = 0; 644 for (i = 0; argv[i]; i++) 645 comlen += strlen(argv[i]) + 1; 646 j->comline = cs = emalloc(comlen); 647 for (i = 0; argv[i]; i++) { 648 strcpy(cs, argv[i]); 649 if (argv[i + 1]) { 650 cs += strlen(argv[i]) + 1; 651 cs[-1] = ' '; 652 } 653 } 654 if (verbose > 0) 655 jail_note(j, "run command%s%s%s: %s\n", 656 injail ? " in jail" : "", username ? " as " : "", 657 username ? username : "", j->comline); 658 659 pid = fork(); 660 if (pid < 0) 661 err(1, "fork"); 662 if (pid > 0) { 663 if (bg || !add_proc(j, pid)) { 664 free(j->comline); 665 j->comline = NULL; 666 return 0; 667 } else { 668 paralimit--; 669 return 1; 670 } 671 } 672 if (bg) 673 setsid(); 674 675 /* Set up the environment and run the command */ 676 pwd = NULL; 677 lcap = NULL; 678 if ((clean || username) && injail && sjuser && 679 get_user_info(j, username, &pwd, &lcap) < 0) 680 exit(1); 681 if (injail) { 682 /* jail_attach won't chdir along with its chroot. */ 683 path = string_param(j->intparams[KP_PATH]); 684 if (path && chdir(path) < 0) { 685 jail_warnx(j, "chdir %s: %s", path, strerror(errno)); 686 exit(1); 687 } 688 if (int_param(j->intparams[IP_EXEC_FIB], &fib) && 689 setfib(fib) < 0) { 690 jail_warnx(j, "setfib: %s", strerror(errno)); 691 exit(1); 692 } 693 if (jail_attach(j->jid) < 0) { 694 jail_warnx(j, "jail_attach: %s", strerror(errno)); 695 exit(1); 696 } 697 } 698 if (clean || username) { 699 if (!(injail && sjuser) && 700 get_user_info(j, username, &pwd, &lcap) < 0) 701 exit(1); 702 if (clean) { 703 term = getenv("TERM"); 704 environ = &cleanenv; 705 setenv("PATH", "/bin:/usr/bin", 0); 706 if (term != NULL) 707 setenv("TERM", term, 1); 708 } 709 if (setgid(pwd->pw_gid) < 0) { 710 jail_warnx(j, "setgid %d: %s", pwd->pw_gid, 711 strerror(errno)); 712 exit(1); 713 } 714 if (setusercontext(lcap, pwd, pwd->pw_uid, username 715 ? LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN 716 : LOGIN_SETPATH | LOGIN_SETENV) < 0) { 717 jail_warnx(j, "setusercontext %s: %s", pwd->pw_name, 718 strerror(errno)); 719 exit(1); 720 } 721 login_close(lcap); 722 setenv("USER", pwd->pw_name, 1); 723 setenv("HOME", pwd->pw_dir, 1); 724 setenv("SHELL", 725 *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); 726 if (clean && chdir(pwd->pw_dir) < 0) { 727 jail_warnx(j, "chdir %s: %s", 728 pwd->pw_dir, strerror(errno)); 729 exit(1); 730 } 731 endpwent(); 732 } 733 734 if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) { 735 jail_warnx(j, "exec.consolelog: %s", strerror(errno)); 736 exit(1); 737 } 738 closefrom(3); 739 execvp(argv[0], __DECONST(char *const*, argv)); 740 jail_warnx(j, "exec %s: %s", argv[0], strerror(errno)); 741 exit(1); 742} 743 744/* 745 * Add a process to the hash, tied to a jail. 746 */ 747static int 748add_proc(struct cfjail *j, pid_t pid) 749{ 750 struct kevent ke; 751 struct cfjail *tj; 752 struct phash *ph; 753 754 if (!kq && (kq = kqueue()) < 0) 755 err(1, "kqueue"); 756 EV_SET(&ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL); 757 if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) { 758 if (errno == ESRCH) 759 return 0; 760 err(1, "kevent"); 761 } 762 ph = emalloc(sizeof(struct phash)); 763 ph->j = j; 764 ph->pid = pid; 765 LIST_INSERT_HEAD(&phash[pid % PHASH_SIZE], ph, le); 766 j->nprocs++; 767 j->flags |= JF_SLEEPQ; 768 if (j->timeout.tv_sec == 0) 769 requeue(j, &sleeping); 770 else { 771 /* File the jail in the sleep queue according to its timeout. */ 772 TAILQ_REMOVE(j->queue, j, tq); 773 TAILQ_FOREACH(tj, &sleeping, tq) { 774 if (!tj->timeout.tv_sec || 775 j->timeout.tv_sec < tj->timeout.tv_sec || 776 (j->timeout.tv_sec == tj->timeout.tv_sec && 777 j->timeout.tv_nsec <= tj->timeout.tv_nsec)) { 778 TAILQ_INSERT_BEFORE(tj, j, tq); 779 break; 780 } 781 } 782 if (tj == NULL) 783 TAILQ_INSERT_TAIL(&sleeping, j, tq); 784 j->queue = &sleeping; 785 } 786 return 1; 787} 788 789/* 790 * Remove any processes from the hash that correspond to a jail. 791 */ 792static void 793clear_procs(struct cfjail *j) 794{ 795 struct kevent ke; 796 struct phash *ph, *tph; 797 int i; 798 799 j->nprocs = 0; 800 for (i = 0; i < PHASH_SIZE; i++) 801 LIST_FOREACH_SAFE(ph, &phash[i], le, tph) 802 if (ph->j == j) { 803 EV_SET(&ke, ph->pid, EVFILT_PROC, EV_DELETE, 804 NOTE_EXIT, 0, NULL); 805 (void)kevent(kq, &ke, 1, NULL, 0, NULL); 806 LIST_REMOVE(ph, le); 807 free(ph); 808 } 809} 810 811/* 812 * Find the jail that corresponds to an exited process. 813 */ 814static struct cfjail * 815find_proc(pid_t pid) 816{ 817 struct cfjail *j; 818 struct phash *ph; 819 820 LIST_FOREACH(ph, &phash[pid % PHASH_SIZE], le) 821 if (ph->pid == pid) { 822 j = ph->j; 823 LIST_REMOVE(ph, le); 824 free(ph); 825 return --j->nprocs ? NULL : j; 826 } 827 return NULL; 828} 829 830/* 831 * Send SIGTERM to all processes in a jail and wait for them to die. 832 */ 833static int 834term_procs(struct cfjail *j) 835{ 836 struct kinfo_proc *ki; 837 int i, noted, pcnt, timeout; 838 839 static kvm_t *kd; 840 841 if (!int_param(j->intparams[IP_STOP_TIMEOUT], &timeout)) 842 timeout = DEFAULT_STOP_TIMEOUT; 843 else if (timeout == 0) 844 return 0; 845 846 if (kd == NULL) { 847 kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); 848 if (kd == NULL) 849 return 0; 850 } 851 852 ki = kvm_getprocs(kd, KERN_PROC_PROC, 0, &pcnt); 853 if (ki == NULL) 854 return 0; 855 noted = 0; 856 for (i = 0; i < pcnt; i++) 857 if (ki[i].ki_jid == j->jid && 858 kill(ki[i].ki_pid, SIGTERM) == 0) { 859 (void)add_proc(j, ki[i].ki_pid); 860 if (verbose > 0) { 861 if (!noted) { 862 noted = 1; 863 jail_note(j, "sent SIGTERM to:"); 864 } 865 printf(" %d", ki[i].ki_pid); 866 } 867 } 868 if (noted) 869 printf("\n"); 870 if (j->nprocs > 0) { 871 clock_gettime(CLOCK_REALTIME, &j->timeout); 872 j->timeout.tv_sec += timeout; 873 return 1; 874 } 875 return 0; 876} 877 878/* 879 * Look up a user in the passwd and login.conf files. 880 */ 881static int 882get_user_info(struct cfjail *j, const char *username, 883 const struct passwd **pwdp, login_cap_t **lcapp) 884{ 885 const struct passwd *pwd; 886 887 errno = 0; 888 *pwdp = pwd = username ? getpwnam(username) : getpwuid(getuid()); 889 if (pwd == NULL) { 890 if (errno) 891 jail_warnx(j, "getpwnam%s%s: %s", username ? " " : "", 892 username ? username : "", strerror(errno)); 893 else if (username) 894 jail_warnx(j, "%s: no such user", username); 895 else 896 jail_warnx(j, "unknown uid %d", getuid()); 897 return -1; 898 } 899 *lcapp = login_getpwclass(pwd); 900 if (*lcapp == NULL) { 901 jail_warnx(j, "getpwclass %s: %s", pwd->pw_name, 902 strerror(errno)); 903 return -1; 904 } 905 /* Set the groups while the group file is still available */ 906 if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { 907 jail_warnx(j, "initgroups %s: %s", pwd->pw_name, 908 strerror(errno)); 909 return -1; 910 } 911 return 0; 912} 913 914/* 915 * Make sure a mount or consolelog path is a valid absolute pathname 916 * with no symlinks. 917 */ 918static int 919check_path(struct cfjail *j, const char *pname, const char *path, int isfile, 920 const char *umount_type) 921{ 922 struct stat st, mpst; 923 struct statfs stfs; 924 char *tpath, *p; 925 const char *jailpath; 926 size_t jplen; 927 928 if (path[0] != '/') { 929 jail_warnx(j, "%s: %s: not an absolute pathname", 930 pname, path); 931 return -1; 932 } 933 /* 934 * Only check for symlinks in components below the jail's path, 935 * since that's where the security risk lies. 936 */ 937 jailpath = string_param(j->intparams[KP_PATH]); 938 if (jailpath == NULL) 939 jailpath = ""; 940 jplen = strlen(jailpath); 941 if (!strncmp(path, jailpath, jplen) && path[jplen] == '/') { 942 tpath = alloca(strlen(path) + 1); 943 strcpy(tpath, path); 944 for (p = tpath + jplen; p != NULL; ) { 945 p = strchr(p + 1, '/'); 946 if (p) 947 *p = '\0'; 948 if (lstat(tpath, &st) < 0) { 949 if (errno == ENOENT && isfile && !p) 950 break; 951 jail_warnx(j, "%s: %s: %s", pname, tpath, 952 strerror(errno)); 953 return -1; 954 } 955 if (S_ISLNK(st.st_mode)) { 956 jail_warnx(j, "%s: %s is a symbolic link", 957 pname, tpath); 958 return -1; 959 } 960 if (p) 961 *p = '/'; 962 } 963 } 964 if (umount_type != NULL) { 965 if (stat(path, &st) < 0 || statfs(path, &stfs) < 0) { 966 jail_warnx(j, "%s: %s: %s", pname, path, 967 strerror(errno)); 968 return -1; 969 } 970 if (stat(stfs.f_mntonname, &mpst) < 0) { 971 jail_warnx(j, "%s: %s: %s", pname, stfs.f_mntonname, 972 strerror(errno)); 973 return -1; 974 } 975 if (st.st_ino != mpst.st_ino) { 976 jail_warnx(j, "%s: %s: not a mount point", 977 pname, path); 978 return -1; 979 } 980 if (strcmp(stfs.f_fstypename, umount_type)) { 981 jail_warnx(j, "%s: %s: not a %s mount", 982 pname, path, umount_type); 983 return -1; 984 } 985 } 986 return 0; 987}
| 270 */ 271static int 272run_command(struct cfjail *j) 273{ 274 const struct passwd *pwd; 275 const struct cfstring *comstring, *s; 276 login_cap_t *lcap; 277 const char **argv; 278 char *acs, *cs, *comcs, *devpath; 279 const char *jidstr, *conslog, *path, *ruleset, *term, *username; 280 enum intparam comparam; 281 size_t comlen; 282 pid_t pid; 283 int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; 284#if defined(INET) || defined(INET6) 285 char *addr, *extrap, *p, *val; 286#endif 287 288 static char *cleanenv; 289 290 /* Perform some operations that aren't actually commands */ 291 comparam = *j->comparam; 292 down = j->flags & (JF_STOP | JF_FAILED); 293 switch (comparam) { 294 case IP_STOP_TIMEOUT: 295 return term_procs(j); 296 297 case IP__OP: 298 if (down) { 299 if (jail_remove(j->jid) < 0 && errno == EPERM) { 300 jail_warnx(j, "jail_remove: %s", 301 strerror(errno)); 302 return -1; 303 } 304 if (verbose > 0 || (verbose == 0 && (j->flags & JF_STOP 305 ? note_remove : j->name != NULL))) 306 jail_note(j, "removed\n"); 307 j->jid = -1; 308 if (j->flags & JF_STOP) 309 dep_done(j, DF_LIGHT); 310 else 311 j->flags &= ~JF_PERSIST; 312 } else { 313 if (create_jail(j) < 0) 314 return -1; 315 if (iflag) 316 printf("%d\n", j->jid); 317 if (verbose >= 0 && (j->name || verbose > 0)) 318 jail_note(j, "created\n"); 319 dep_done(j, DF_LIGHT); 320 } 321 return 0; 322 323 default: ; 324 } 325 /* 326 * Collect exec arguments. Internal commands for network and 327 * mounting build their own argument lists. 328 */ 329 comstring = j->comstring; 330 bg = 0; 331 switch (comparam) { 332#ifdef INET 333 case IP__IP4_IFADDR: 334 argc = 0; 335 val = alloca(strlen(comstring->s) + 1); 336 strcpy(val, comstring->s); 337 cs = val; 338 extrap = NULL; 339 while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { 340 if (extrap == NULL) { 341 *p = '\0'; 342 extrap = p + 1; 343 } 344 cs = p + 1; 345 argc++; 346 } 347 348 argv = alloca((8 + argc) * sizeof(char *)); 349 argv[0] = _PATH_IFCONFIG; 350 if ((cs = strchr(val, '|'))) { 351 argv[1] = acs = alloca(cs - val + 1); 352 strlcpy(acs, val, cs - val + 1); 353 addr = cs + 1; 354 } else { 355 argv[1] = string_param(j->intparams[IP_INTERFACE]); 356 addr = val; 357 } 358 argv[2] = "inet"; 359 if (!(cs = strchr(addr, '/'))) { 360 argv[3] = addr; 361 argv[4] = "netmask"; 362 argv[5] = "255.255.255.255"; 363 argc = 6; 364 } else if (strchr(cs + 1, '.')) { 365 argv[3] = acs = alloca(cs - addr + 1); 366 strlcpy(acs, addr, cs - addr + 1); 367 argv[4] = "netmask"; 368 argv[5] = cs + 1; 369 argc = 6; 370 } else { 371 argv[3] = addr; 372 argc = 4; 373 } 374 375 if (!down) { 376 for (cs = strtok(extrap, " "); cs; 377 cs = strtok(NULL, " ")) { 378 size_t len = strlen(cs) + 1; 379 argv[argc++] = acs = alloca(len); 380 strlcpy(acs, cs, len); 381 } 382 } 383 384 argv[argc] = down ? "-alias" : "alias"; 385 argv[argc + 1] = NULL; 386 break; 387#endif 388 389#ifdef INET6 390 case IP__IP6_IFADDR: 391 argc = 0; 392 val = alloca(strlen(comstring->s) + 1); 393 strcpy(val, comstring->s); 394 cs = val; 395 extrap = NULL; 396 while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { 397 if (extrap == NULL) { 398 *p = '\0'; 399 extrap = p + 1; 400 } 401 cs = p + 1; 402 argc++; 403 } 404 405 argv = alloca((8 + argc) * sizeof(char *)); 406 argv[0] = _PATH_IFCONFIG; 407 if ((cs = strchr(val, '|'))) { 408 argv[1] = acs = alloca(cs - val + 1); 409 strlcpy(acs, val, cs - val + 1); 410 addr = cs + 1; 411 } else { 412 argv[1] = string_param(j->intparams[IP_INTERFACE]); 413 addr = val; 414 } 415 argv[2] = "inet6"; 416 argv[3] = addr; 417 if (!(cs = strchr(addr, '/'))) { 418 argv[4] = "prefixlen"; 419 argv[5] = "128"; 420 argc = 6; 421 } else 422 argc = 4; 423 424 if (!down) { 425 for (cs = strtok(extrap, " "); cs; 426 cs = strtok(NULL, " ")) { 427 size_t len = strlen(cs) + 1; 428 argv[argc++] = acs = alloca(len); 429 strlcpy(acs, cs, len); 430 } 431 } 432 433 argv[argc] = down ? "-alias" : "alias"; 434 argv[argc + 1] = NULL; 435 break; 436#endif 437 438 case IP_VNET_INTERFACE: 439 argv = alloca(5 * sizeof(char *)); 440 argv[0] = _PATH_IFCONFIG; 441 argv[1] = comstring->s; 442 argv[2] = down ? "-vnet" : "vnet"; 443 jidstr = string_param(j->intparams[KP_JID]); 444 argv[3] = jidstr ? jidstr : string_param(j->intparams[KP_NAME]); 445 argv[4] = NULL; 446 break; 447 448 case IP_MOUNT: 449 case IP__MOUNT_FROM_FSTAB: 450 argv = alloca(8 * sizeof(char *)); 451 comcs = alloca(comstring->len + 1); 452 strcpy(comcs, comstring->s); 453 argc = 0; 454 for (cs = strtok(comcs, " \t\f\v\r\n"); cs && argc < 4; 455 cs = strtok(NULL, " \t\f\v\r\n")) { 456 if (argc <= 1 && strunvis(cs, cs) < 0) { 457 jail_warnx(j, "%s: %s: fstab parse error", 458 j->intparams[comparam]->name, comstring->s); 459 return -1; 460 } 461 argv[argc++] = cs; 462 } 463 if (argc == 0) 464 return 0; 465 if (argc < 3) { 466 jail_warnx(j, "%s: %s: missing information", 467 j->intparams[comparam]->name, comstring->s); 468 return -1; 469 } 470 if (check_path(j, j->intparams[comparam]->name, argv[1], 0, 471 down ? argv[2] : NULL) < 0) 472 return -1; 473 if (down) { 474 argv[4] = NULL; 475 argv[3] = argv[1]; 476 argv[0] = "/sbin/umount"; 477 } else { 478 if (argc == 4) { 479 argv[7] = NULL; 480 argv[6] = argv[1]; 481 argv[5] = argv[0]; 482 argv[4] = argv[3]; 483 argv[3] = "-o"; 484 } else { 485 argv[5] = NULL; 486 argv[4] = argv[1]; 487 argv[3] = argv[0]; 488 } 489 argv[0] = _PATH_MOUNT; 490 } 491 argv[1] = "-t"; 492 break; 493 494 case IP_MOUNT_DEVFS: 495 argv = alloca(7 * sizeof(char *)); 496 path = string_param(j->intparams[KP_PATH]); 497 if (path == NULL) { 498 jail_warnx(j, "mount.devfs: no path"); 499 return -1; 500 } 501 devpath = alloca(strlen(path) + 5); 502 sprintf(devpath, "%s/dev", path); 503 if (check_path(j, "mount.devfs", devpath, 0, 504 down ? "devfs" : NULL) < 0) 505 return -1; 506 if (down) { 507 argv[0] = "/sbin/umount"; 508 argv[1] = devpath; 509 argv[2] = NULL; 510 } else { 511 argv[0] = _PATH_MOUNT; 512 argv[1] = "-t"; 513 argv[2] = "devfs"; 514 ruleset = string_param(j->intparams[KP_DEVFS_RULESET]); 515 if (!ruleset) 516 ruleset = "4"; /* devfsrules_jail */ 517 argv[3] = acs = alloca(11 + strlen(ruleset)); 518 sprintf(acs, "-oruleset=%s", ruleset); 519 argv[4] = "."; 520 argv[5] = devpath; 521 argv[6] = NULL; 522 } 523 break; 524 525 case IP_MOUNT_FDESCFS: 526 argv = alloca(7 * sizeof(char *)); 527 path = string_param(j->intparams[KP_PATH]); 528 if (path == NULL) { 529 jail_warnx(j, "mount.fdescfs: no path"); 530 return -1; 531 } 532 devpath = alloca(strlen(path) + 8); 533 sprintf(devpath, "%s/dev/fd", path); 534 if (check_path(j, "mount.fdescfs", devpath, 0, 535 down ? "fdescfs" : NULL) < 0) 536 return -1; 537 if (down) { 538 argv[0] = "/sbin/umount"; 539 argv[1] = devpath; 540 argv[2] = NULL; 541 } else { 542 argv[0] = _PATH_MOUNT; 543 argv[1] = "-t"; 544 argv[2] = "fdescfs"; 545 argv[3] = "."; 546 argv[4] = devpath; 547 argv[5] = NULL; 548 } 549 break; 550 551 case IP_MOUNT_PROCFS: 552 argv = alloca(7 * sizeof(char *)); 553 path = string_param(j->intparams[KP_PATH]); 554 if (path == NULL) { 555 jail_warnx(j, "mount.procfs: no path"); 556 return -1; 557 } 558 devpath = alloca(strlen(path) + 6); 559 sprintf(devpath, "%s/proc", path); 560 if (check_path(j, "mount.procfs", devpath, 0, 561 down ? "procfs" : NULL) < 0) 562 return -1; 563 if (down) { 564 argv[0] = "/sbin/umount"; 565 argv[1] = devpath; 566 argv[2] = NULL; 567 } else { 568 argv[0] = _PATH_MOUNT; 569 argv[1] = "-t"; 570 argv[2] = "procfs"; 571 argv[3] = "."; 572 argv[4] = devpath; 573 argv[5] = NULL; 574 } 575 break; 576 577 case IP_COMMAND: 578 if (j->name != NULL) 579 goto default_command; 580 argc = 0; 581 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq) 582 argc++; 583 argv = alloca((argc + 1) * sizeof(char *)); 584 argc = 0; 585 TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq) 586 argv[argc++] = s->s; 587 argv[argc] = NULL; 588 j->comstring = &dummystring; 589 break; 590 591 default: 592 default_command: 593 if ((cs = strpbrk(comstring->s, "!\"$&'()*;<>?[\\]`{|}~")) && 594 !(cs[0] == '&' && cs[1] == '\0')) { 595 argv = alloca(4 * sizeof(char *)); 596 argv[0] = _PATH_BSHELL; 597 argv[1] = "-c"; 598 argv[2] = comstring->s; 599 argv[3] = NULL; 600 } else { 601 if (cs) { 602 *cs = 0; 603 bg = 1; 604 } 605 comcs = alloca(comstring->len + 1); 606 strcpy(comcs, comstring->s); 607 argc = 0; 608 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 609 cs = strtok(NULL, " \t\f\v\r\n")) 610 argc++; 611 argv = alloca((argc + 1) * sizeof(char *)); 612 strcpy(comcs, comstring->s); 613 argc = 0; 614 for (cs = strtok(comcs, " \t\f\v\r\n"); cs; 615 cs = strtok(NULL, " \t\f\v\r\n")) 616 argv[argc++] = cs; 617 argv[argc] = NULL; 618 } 619 } 620 if (argv[0] == NULL) 621 return 0; 622 623 if (int_param(j->intparams[IP_EXEC_TIMEOUT], &timeout) && 624 timeout != 0) { 625 clock_gettime(CLOCK_REALTIME, &j->timeout); 626 j->timeout.tv_sec += timeout; 627 } else 628 j->timeout.tv_sec = 0; 629 630 injail = comparam == IP_EXEC_START || comparam == IP_COMMAND || 631 comparam == IP_EXEC_STOP; 632 clean = bool_param(j->intparams[IP_EXEC_CLEAN]); 633 username = string_param(j->intparams[injail 634 ? IP_EXEC_JAIL_USER : IP_EXEC_SYSTEM_USER]); 635 sjuser = bool_param(j->intparams[IP_EXEC_SYSTEM_JAIL_USER]); 636 637 consfd = 0; 638 if (injail && 639 (conslog = string_param(j->intparams[IP_EXEC_CONSOLELOG]))) { 640 if (check_path(j, "exec.consolelog", conslog, 1, NULL) < 0) 641 return -1; 642 consfd = 643 open(conslog, O_WRONLY | O_CREAT | O_APPEND, DEFFILEMODE); 644 if (consfd < 0) { 645 jail_warnx(j, "open %s: %s", conslog, strerror(errno)); 646 return -1; 647 } 648 } 649 650 comlen = 0; 651 for (i = 0; argv[i]; i++) 652 comlen += strlen(argv[i]) + 1; 653 j->comline = cs = emalloc(comlen); 654 for (i = 0; argv[i]; i++) { 655 strcpy(cs, argv[i]); 656 if (argv[i + 1]) { 657 cs += strlen(argv[i]) + 1; 658 cs[-1] = ' '; 659 } 660 } 661 if (verbose > 0) 662 jail_note(j, "run command%s%s%s: %s\n", 663 injail ? " in jail" : "", username ? " as " : "", 664 username ? username : "", j->comline); 665 666 pid = fork(); 667 if (pid < 0) 668 err(1, "fork"); 669 if (pid > 0) { 670 if (bg || !add_proc(j, pid)) { 671 free(j->comline); 672 j->comline = NULL; 673 return 0; 674 } else { 675 paralimit--; 676 return 1; 677 } 678 } 679 if (bg) 680 setsid(); 681 682 /* Set up the environment and run the command */ 683 pwd = NULL; 684 lcap = NULL; 685 if ((clean || username) && injail && sjuser && 686 get_user_info(j, username, &pwd, &lcap) < 0) 687 exit(1); 688 if (injail) { 689 /* jail_attach won't chdir along with its chroot. */ 690 path = string_param(j->intparams[KP_PATH]); 691 if (path && chdir(path) < 0) { 692 jail_warnx(j, "chdir %s: %s", path, strerror(errno)); 693 exit(1); 694 } 695 if (int_param(j->intparams[IP_EXEC_FIB], &fib) && 696 setfib(fib) < 0) { 697 jail_warnx(j, "setfib: %s", strerror(errno)); 698 exit(1); 699 } 700 if (jail_attach(j->jid) < 0) { 701 jail_warnx(j, "jail_attach: %s", strerror(errno)); 702 exit(1); 703 } 704 } 705 if (clean || username) { 706 if (!(injail && sjuser) && 707 get_user_info(j, username, &pwd, &lcap) < 0) 708 exit(1); 709 if (clean) { 710 term = getenv("TERM"); 711 environ = &cleanenv; 712 setenv("PATH", "/bin:/usr/bin", 0); 713 if (term != NULL) 714 setenv("TERM", term, 1); 715 } 716 if (setgid(pwd->pw_gid) < 0) { 717 jail_warnx(j, "setgid %d: %s", pwd->pw_gid, 718 strerror(errno)); 719 exit(1); 720 } 721 if (setusercontext(lcap, pwd, pwd->pw_uid, username 722 ? LOGIN_SETALL & ~LOGIN_SETGROUP & ~LOGIN_SETLOGIN 723 : LOGIN_SETPATH | LOGIN_SETENV) < 0) { 724 jail_warnx(j, "setusercontext %s: %s", pwd->pw_name, 725 strerror(errno)); 726 exit(1); 727 } 728 login_close(lcap); 729 setenv("USER", pwd->pw_name, 1); 730 setenv("HOME", pwd->pw_dir, 1); 731 setenv("SHELL", 732 *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); 733 if (clean && chdir(pwd->pw_dir) < 0) { 734 jail_warnx(j, "chdir %s: %s", 735 pwd->pw_dir, strerror(errno)); 736 exit(1); 737 } 738 endpwent(); 739 } 740 741 if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) { 742 jail_warnx(j, "exec.consolelog: %s", strerror(errno)); 743 exit(1); 744 } 745 closefrom(3); 746 execvp(argv[0], __DECONST(char *const*, argv)); 747 jail_warnx(j, "exec %s: %s", argv[0], strerror(errno)); 748 exit(1); 749} 750 751/* 752 * Add a process to the hash, tied to a jail. 753 */ 754static int 755add_proc(struct cfjail *j, pid_t pid) 756{ 757 struct kevent ke; 758 struct cfjail *tj; 759 struct phash *ph; 760 761 if (!kq && (kq = kqueue()) < 0) 762 err(1, "kqueue"); 763 EV_SET(&ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL); 764 if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) { 765 if (errno == ESRCH) 766 return 0; 767 err(1, "kevent"); 768 } 769 ph = emalloc(sizeof(struct phash)); 770 ph->j = j; 771 ph->pid = pid; 772 LIST_INSERT_HEAD(&phash[pid % PHASH_SIZE], ph, le); 773 j->nprocs++; 774 j->flags |= JF_SLEEPQ; 775 if (j->timeout.tv_sec == 0) 776 requeue(j, &sleeping); 777 else { 778 /* File the jail in the sleep queue according to its timeout. */ 779 TAILQ_REMOVE(j->queue, j, tq); 780 TAILQ_FOREACH(tj, &sleeping, tq) { 781 if (!tj->timeout.tv_sec || 782 j->timeout.tv_sec < tj->timeout.tv_sec || 783 (j->timeout.tv_sec == tj->timeout.tv_sec && 784 j->timeout.tv_nsec <= tj->timeout.tv_nsec)) { 785 TAILQ_INSERT_BEFORE(tj, j, tq); 786 break; 787 } 788 } 789 if (tj == NULL) 790 TAILQ_INSERT_TAIL(&sleeping, j, tq); 791 j->queue = &sleeping; 792 } 793 return 1; 794} 795 796/* 797 * Remove any processes from the hash that correspond to a jail. 798 */ 799static void 800clear_procs(struct cfjail *j) 801{ 802 struct kevent ke; 803 struct phash *ph, *tph; 804 int i; 805 806 j->nprocs = 0; 807 for (i = 0; i < PHASH_SIZE; i++) 808 LIST_FOREACH_SAFE(ph, &phash[i], le, tph) 809 if (ph->j == j) { 810 EV_SET(&ke, ph->pid, EVFILT_PROC, EV_DELETE, 811 NOTE_EXIT, 0, NULL); 812 (void)kevent(kq, &ke, 1, NULL, 0, NULL); 813 LIST_REMOVE(ph, le); 814 free(ph); 815 } 816} 817 818/* 819 * Find the jail that corresponds to an exited process. 820 */ 821static struct cfjail * 822find_proc(pid_t pid) 823{ 824 struct cfjail *j; 825 struct phash *ph; 826 827 LIST_FOREACH(ph, &phash[pid % PHASH_SIZE], le) 828 if (ph->pid == pid) { 829 j = ph->j; 830 LIST_REMOVE(ph, le); 831 free(ph); 832 return --j->nprocs ? NULL : j; 833 } 834 return NULL; 835} 836 837/* 838 * Send SIGTERM to all processes in a jail and wait for them to die. 839 */ 840static int 841term_procs(struct cfjail *j) 842{ 843 struct kinfo_proc *ki; 844 int i, noted, pcnt, timeout; 845 846 static kvm_t *kd; 847 848 if (!int_param(j->intparams[IP_STOP_TIMEOUT], &timeout)) 849 timeout = DEFAULT_STOP_TIMEOUT; 850 else if (timeout == 0) 851 return 0; 852 853 if (kd == NULL) { 854 kd = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL); 855 if (kd == NULL) 856 return 0; 857 } 858 859 ki = kvm_getprocs(kd, KERN_PROC_PROC, 0, &pcnt); 860 if (ki == NULL) 861 return 0; 862 noted = 0; 863 for (i = 0; i < pcnt; i++) 864 if (ki[i].ki_jid == j->jid && 865 kill(ki[i].ki_pid, SIGTERM) == 0) { 866 (void)add_proc(j, ki[i].ki_pid); 867 if (verbose > 0) { 868 if (!noted) { 869 noted = 1; 870 jail_note(j, "sent SIGTERM to:"); 871 } 872 printf(" %d", ki[i].ki_pid); 873 } 874 } 875 if (noted) 876 printf("\n"); 877 if (j->nprocs > 0) { 878 clock_gettime(CLOCK_REALTIME, &j->timeout); 879 j->timeout.tv_sec += timeout; 880 return 1; 881 } 882 return 0; 883} 884 885/* 886 * Look up a user in the passwd and login.conf files. 887 */ 888static int 889get_user_info(struct cfjail *j, const char *username, 890 const struct passwd **pwdp, login_cap_t **lcapp) 891{ 892 const struct passwd *pwd; 893 894 errno = 0; 895 *pwdp = pwd = username ? getpwnam(username) : getpwuid(getuid()); 896 if (pwd == NULL) { 897 if (errno) 898 jail_warnx(j, "getpwnam%s%s: %s", username ? " " : "", 899 username ? username : "", strerror(errno)); 900 else if (username) 901 jail_warnx(j, "%s: no such user", username); 902 else 903 jail_warnx(j, "unknown uid %d", getuid()); 904 return -1; 905 } 906 *lcapp = login_getpwclass(pwd); 907 if (*lcapp == NULL) { 908 jail_warnx(j, "getpwclass %s: %s", pwd->pw_name, 909 strerror(errno)); 910 return -1; 911 } 912 /* Set the groups while the group file is still available */ 913 if (initgroups(pwd->pw_name, pwd->pw_gid) < 0) { 914 jail_warnx(j, "initgroups %s: %s", pwd->pw_name, 915 strerror(errno)); 916 return -1; 917 } 918 return 0; 919} 920 921/* 922 * Make sure a mount or consolelog path is a valid absolute pathname 923 * with no symlinks. 924 */ 925static int 926check_path(struct cfjail *j, const char *pname, const char *path, int isfile, 927 const char *umount_type) 928{ 929 struct stat st, mpst; 930 struct statfs stfs; 931 char *tpath, *p; 932 const char *jailpath; 933 size_t jplen; 934 935 if (path[0] != '/') { 936 jail_warnx(j, "%s: %s: not an absolute pathname", 937 pname, path); 938 return -1; 939 } 940 /* 941 * Only check for symlinks in components below the jail's path, 942 * since that's where the security risk lies. 943 */ 944 jailpath = string_param(j->intparams[KP_PATH]); 945 if (jailpath == NULL) 946 jailpath = ""; 947 jplen = strlen(jailpath); 948 if (!strncmp(path, jailpath, jplen) && path[jplen] == '/') { 949 tpath = alloca(strlen(path) + 1); 950 strcpy(tpath, path); 951 for (p = tpath + jplen; p != NULL; ) { 952 p = strchr(p + 1, '/'); 953 if (p) 954 *p = '\0'; 955 if (lstat(tpath, &st) < 0) { 956 if (errno == ENOENT && isfile && !p) 957 break; 958 jail_warnx(j, "%s: %s: %s", pname, tpath, 959 strerror(errno)); 960 return -1; 961 } 962 if (S_ISLNK(st.st_mode)) { 963 jail_warnx(j, "%s: %s is a symbolic link", 964 pname, tpath); 965 return -1; 966 } 967 if (p) 968 *p = '/'; 969 } 970 } 971 if (umount_type != NULL) { 972 if (stat(path, &st) < 0 || statfs(path, &stfs) < 0) { 973 jail_warnx(j, "%s: %s: %s", pname, path, 974 strerror(errno)); 975 return -1; 976 } 977 if (stat(stfs.f_mntonname, &mpst) < 0) { 978 jail_warnx(j, "%s: %s: %s", pname, stfs.f_mntonname, 979 strerror(errno)); 980 return -1; 981 } 982 if (st.st_ino != mpst.st_ino) { 983 jail_warnx(j, "%s: %s: not a mount point", 984 pname, path); 985 return -1; 986 } 987 if (strcmp(stfs.f_fstypename, umount_type)) { 988 jail_warnx(j, "%s: %s: not a %s mount", 989 pname, path, umount_type); 990 return -1; 991 } 992 } 993 return 0; 994}
|