jail: Don't allow substitution of valueless jail parameters.
PR: 256544
Reported by: cryptogranny at gmail.com

(cherry picked from commit 5bf6dca2c6dbf63d382e97905e205ded3e8525d2)

Git Hash: 75befde07bdf1e3059c8c5e8928a695e5e59d698
Git Author: jamie@FreeBSD.org

MFC r326276:

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Don't bother checking an ip[46].addr netmask/prefixlen. This is already
handled by ifconfig, and it was doing it wrong when the paramater included
extra ifconfig options.

PR: 205926
MFC after: 5 days

Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters. This flag disallows redefinition of the parameter.

"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.

Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.

PR: 196574
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D3017

Fix offset calculation in variable substitution
in jail.conf. The following did not work correctly:

A="A_${B}_C_${D}"
B="BBBBB"
D="DDDD_${E}_FFFFF"
E="EEEEE"

PR: 189139
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D3018

Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR: 197237 197066
MFC after: 3 days

Added support for extra ifconfig args to jail ip4.addr & ip6.addr params

This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"

Before this change using exec.prestart to configure a CARP address
would result in the wrong MAC being broadcast on startup as jail creates
IP aliases to support ip[4|6].addr before exec.prestart is executed.

PR: 191832
Reviewed by: jamie
MFC after: 1 week
X-MFC-With: r269340
Phabric: D528
Sponsored by: Multiplay

- Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)

Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails. This matters particularly for nested filesystem
mounts.

PR: kern/177325
Submitted by: Harald Schmalzbauer
MFC after: 3 days

Move properly to the next parameter when jailparam_init fails
(i.e. on an unknown parameter), to avoid freeing bogus pointers.

Partially roll back r239601 - keep parameter strings both length-delimited
and null-terminated at the same time, because they're later passed to
libjail as null-terminated. That means I also need to add a nul byte when
comma-combining array parameters.

MFC after: 6 days

Remember that I'm using length-defined strings in parameters:

Remove a bogus null terminator when stripping the netmask from
IP addresses. This was causing later addresses in a comma-separated
string to disappear.

Use memcpy instead of strcpy. This could just cause Bad Things.

PR: 170832
MFC after: 1 week

Fix world after byacc import:
- old yacc(1) use to magicially append stdlib.h, while new one don't
- new yacc(1) do declare yyparse by itself, fix redundant declaration of
'yyparse'

Approved by: des (mentor)

Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes. This keeps clang happy (and is just good form).

Submitted by: dim

A new jail(8) with a configuration file, ultimately to replace the work
currently done by /etc/rc.d/jail.

MFC after: 3 months

Use the defvs_ruleset paramater when mounting a jail's /dev,
instead of a mount.devfs.ruleset pseudo-parameter.

Following r222465:

Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.

Linty stuff.

Update copyright dates and other whitespacey stuff.

Split run_command up into an outer function (next_command) that chooses
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.

Change cfstrings from an STAILQ into a TAILQ to allow commands to be
traversed in reverse order.

Reads the mount.fstab file, and put its lines separately into the
IP__MOUNT_FROM_FSTAB internal parameter.

Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.

Use a little more "ifdef INET6".

Keep all internal/known parameter names in one place, and use
enum constants everywhere else.

Initial work on the new jail(8). There are more features to add, and some
cleaning up to do on existing features, but this is pretty much what the
final product will look like.