History log of /freebsd-current/usr.sbin/jls/jls.c
Revision Date Author Comments
# 4d65a7c6 24-Nov-2023 Warner Losh <imp@FreeBSD.org>

usr.sbin: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix


# 1d386b48 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/


# fda83023 05-Jul-2023 Mateusz Guzik <mjg@FreeBSD.org>

jls: low-effort fix to make it compilable with neither inet nor inet6


# 4d846d26 10-May-2023 Warner Losh <imp@FreeBSD.org>

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix


# 3050aced 15-Dec-2020 Jamie Gritton <jamie@FreeBSD.org>

Bugfix to not hide jailparam flags, which for example changes the output
"vnet=2" to the less opaque "vnet=inherit"

Reported by: kevans
MFC after: 5 days


# d24f17df 04-Nov-2020 Alex Richardson <arichardson@FreeBSD.org>

Fix bad libbxo format strings in jls

The existing format string for the empty case was trying to read varargs
values that weren't passed to xo_emit. This appears to work on x86 (since
the next argument is probably a pointer an empty string), but for CHERI
we can bound variadic arguments and detect a read past the end.

While touching these lines also use the libxo 'a' modifier to avoid having to
construct the libxo format string using asprintf.

Found by: CHERI
Reviewed By: allanjude
Differential Revision: https://reviews.freebsd.org/D26885


# 1de7b4b8 27-Nov-2017 Pedro F. Giffuni <pfg@FreeBSD.org>

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.


# 8fd1ba2a 24-Dec-2016 Jamie Gritton <jamie@FreeBSD.org>

Improve IP address list representation in libxo output.

Extract decision-making about special-case printing of certain
jail parameters into a function.

Refactor emitting of IPv4 and IPv6 address lists into a function.

Resulting user-facing changes:

XO_VERSION is bumped to 2.

In verbose mode (-v), IPv4 and IPv6-Addresses are now properly emitted
as separate lists.
This only affects the output in encoding styles, i.e. xml and json.

{ {
"__version": "1", "__version": "2",
"jail-information": { "jail-information": {
"jail": [ "jail": [
{ {
"jid": 166, "jid": 166,
"hostname": "foo.com", "hostname": "foo.com",
"path": "/var/jail/foo", "path": "/var/jail/foo",
"name": "foo", "name": "foo",
"state": "ACTIVE", "state": "ACTIVE",
"cpusetid": 2, "cpusetid": 2,
"ipv4_addrs": [ "ipv4_addrs": [
"10.1.1.1", "10.1.1.1",
"10.1.1.2", "10.1.1.2",
"10.1.1.3", | "10.1.1.3"
> ],
> "ipv6_addrs": [
"fe80::1000:1", "fe80::1000:1",
"fe80::1000:2" "fe80::1000:2"
] ]
} }
] ]
} }
} }

In -n mode, ip4.addr and ip6.addr are formatted in the encoding styles'
native list types, e.g. instead of comma-separated lists, JSON arrays
are printed.

jls -n all --libxo json
...
"ip4.addr": [
"10.1.1.1",
"10.1.1.2",
"10.1.1.3"
],
"ip4.saddrsel": true,
"ip6.addr": [
"fe80::1000:1",
"fe80::1000:2"
],
...

jls -n all --libxo xml
...
<ip4.addr>10.1.1.1</ip4.addr>
<ip4.addr>10.1.1.2</ip4.addr>
<ip4.addr>10.1.1.3</ip4.addr>
<ip4.saddrsel>true</ip4.saddrsel>
<ip6.addr>fe80::1000:1</ip6.addr>
<ip6.addr>fe80::1000:2</ip6.addr>
...

PR: 215008
Submitted by: Christian Schwarz <me@cschwarz.com>
Differential Revision: https://reviews.freebsd.org/D8766


# cbbaf9b2 21-Dec-2015 Craig Rodrigues <rodrigc@FreeBSD.org>

Add libxo support to jls

PR: 200746
Submitted by: Emmanuel Vadot <manu bidouilliste com>
Reviewed by: allanjude
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4452


# 463a577b 20-Oct-2015 Eitan Adler <eadler@FreeBSD.org>

Fix a ton of speelling errors

arc lint is helpful

Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com
Differential Revision: https://reviews.freebsd.org/D3337


# b2ea411d 21-Feb-2015 Jamie Gritton <jamie@FreeBSD.org>

Allow for parameters added with the JP_OPT flag to not exist.
That's why the flag exists in the first place.

MFC after: 1 week


# b687b02f 20-Feb-2015 Jamie Gritton <jamie@FreeBSD.org>

Fix the logic for skipping parameters (with -s) that have "jailsys"
parents (such as host.hostname); these were being skipped all the time.
That it went this long without anyone noticing is a sign that this feature
isn't actually used by anyone, but it's there so it might as well work.

MFC after: 1 week


# b300bd47 20-Feb-2015 Jamie Gritton <jamie@FreeBSD.org>

Allow parameters listed on the command line to override the -v option,
instead of crashing.

PR: 197701
MFC after: 1 week


# 75f75375 17-May-2013 Dag-Erling Smørgrav <des@FreeBSD.org>

Add a -N option that prints the jail name rather than its number.

MFC after: 3 weeks


# 7412cb7e 06-Mar-2012 Bjoern A. Zeeb <bz@FreeBSD.org>

Fix building with WITHOUT_INET_SUPPORT set.

Reviewed by: jamie (actually provided the real fix)
MFC after: 3 days


# 7bf1e98f 13-Aug-2011 Bjoern A. Zeeb <bz@FreeBSD.org>

Fix jls backward compat mode broken in r222465, correctly
displaying addresses in verbose mode (jls -v) again.

Submitted by: jamie
MFC after: 3 days
Approved by: re (kib)


# e08e8999 18-Jun-2011 Bjoern A. Zeeb <bz@FreeBSD.org>

Add a missing ',' to separate arguments lost for r222465 only found in
case a complete world is built without INET support.

MFC after: 10 days
X-MFC with: 222465


# 15ede760 29-May-2011 Bjoern A. Zeeb <bz@FreeBSD.org>

Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.

Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days


# a7d5f7eb 19-Oct-2010 Jamie Gritton <jamie@FreeBSD.org>

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.


# c2e8cb49 08-Jul-2010 Jamie Gritton <jamie@FreeBSD.org>

Properly recognize a number followed by non-digits as a jail name.
Call "0" a name because zero is used to indicate no specified jid.

MFC after: 3 days


# be243501 23-Mar-2010 Ed Schouten <ed@FreeBSD.org>

MFC r205296:

Properly progress through the list of IPv6 addresses using in6_addr size.

Right now if a jail has multiple IPv6 addresses, it will print them
shifting only 4 bytes at a time. Example:

2001:4dd0:ff41::b23f:a9
2001:4dd0:ff41::b23f:aa

Becomes:

2001:4dd0:ff41::b23f:a9
ff41::b23f:a9:2001:4dd0

By casting to in6_addr, it uses the correct offsets.


# f97f9525 18-Mar-2010 Ed Schouten <ed@FreeBSD.org>

Properly progress through the list of IPv6 addresses using in6_addr size.

Right now if a jail has multiple IPv6 addresses, it will print them
shifting only 4 bytes at a time. Example:

2001:4dd0:ff41::b23f:a9
2001:4dd0:ff41::b23f:aa

Becomes:

2001:4dd0:ff41::b23f:a9
ff41::b23f:a9:2001:4dd0

By casting to in6_addr, it uses the correct offsets.

MFC after: 1 week


# fe0506d7 09-Mar-2010 Marcel Moolenaar <marcel@FreeBSD.org>

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.


# af4411db 19-Dec-2009 Jamie Gritton <jamie@FreeBSD.org>

MFC r200449:

Don't free jail parameter values after printing them - jail_param_get
expects them to be there for the next jail in the list.

PR: bin/141359


# 4576bbe2 12-Dec-2009 Jamie Gritton <jamie@FreeBSD.org>

Don't free jail parameter values after printing them - jail_param_get
expects them to be there for the next jail in the list.

PR: bin/141359
MFC after: 1 week


# 290d3c9f 11-Aug-2009 Bjoern A. Zeeb <bz@FreeBSD.org>

MFC r196137:

Do not truncate IPv6 addresses when printing them in the
jls -av 7.x multi-IP jail backward compat output.

Reported by: ed
Tested by: ed
Reviewed by: rwatson

Approved by: re


# 50580ef7 11-Aug-2009 Bjoern A. Zeeb <bz@FreeBSD.org>

Do not truncate IPv6 addresses when printing them in the
jls -av 7.x multi-IP jail backward compat output.

Reported by: ed
Tested by: ed
Reviewed by: rwatson
Approved by: re


# 7cbf7213 25-Jul-2009 Jamie Gritton <jamie@FreeBSD.org>

Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.

Approved by: re (kib), bz (mentor)
Discussed with: rwatson


# 4d4d8879 08-Jul-2009 Jamie Gritton <jamie@FreeBSD.org>

Give a more expected behavior to -[hns] options, defaulting to all
parameters instead of ignoring the options and giving the old-style
default output.

Approved by: re (kib), bz (mentor)


# de6f3704 24-Jun-2009 Jamie Gritton <jamie@FreeBSD.org>

Add libjail, a (somewhat) simpler interface to the jail_set and jail_get
system calls and the security.jail.param sysctls.

Approved by: bz (mentor)


# baab20bd 17-Jun-2009 Jamie Gritton <jamie@FreeBSD.org>

Use the right jail parameters for -v (cpuset has changed to cpuset.id).

Reported by: netchild
Approved by: bz (mentor)


# 73d0971b 27-May-2009 Jamie Gritton <jamie@FreeBSD.org>

Add support for the arbitrary named jail parameters used by jail_set(2)
and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.

Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).

Approved by: bz (mentor)


# 1f34f30f 14-Dec-2008 Bjoern A. Zeeb <bz@FreeBSD.org>

Make sure that the direct jls invocations prints something
reasonable close to and in the same format as it had always.

r185435 said it would try that but I had been living with jail
patches for too long to actually remember the single-line format
when adding backwards compatibility back in p4.

Reported by: Philipp Wuensche <cryx-freebsd@h3q.com>
Tested by: Philipp Wuensche <cryx-freebsd@h3q.com>
MFC after: 4 weeks (just for me to get the mail)


# 0f1fe22d 10-Dec-2008 Bjoern A. Zeeb <bz@FreeBSD.org>

Correctly check the number of prison states to not access anything
outside the prison_states array.
When checking if there is a name configured for the prison, check the
first character to not be '\0' instead of checking if the char array
is present, which it always is. Note, that this is different for the
*jailname in the syscall.

Found with: Coverity Prevent(tm)
CID: 4156, 4155
MFC after: 4 weeks (just that I get the mail)


# 413628a7 29-Nov-2008 Bjoern A. Zeeb <bz@FreeBSD.org>

MFp4:
Bring in updated jail support from bz_jail branch.

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB 'show jails' command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.

Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible


# d7f03759 19-Oct-2008 Ulf Lilleengen <lulf@FreeBSD.org>

- Import the HEAD csup code which is the basis for the cvsmode work.


# 3a6b8b21 19-Aug-2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>

Sync code with the error report: calloc(number, 1) is equivalent to
malloc(number).


# 8bd435d9 14-Aug-2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>

Not sure why, but SYSCTL_OUT() can sometimes keep returning ENOMEM
in sysctl_jail_list(). Because of this, jls(8) could enter into
an endless loop. The strange thing is, that we can call jls(8) while
the other one is in loop and it will succeed - SYSCTL_OUT() will
not return ENOMEM there.

Maybe SYSCTL_OUT() returns first ENOMEM, because there is no memory,
but is marking some memory range as wired even on failure and another
SYSCTL_OUT() calls are not going to succeed, because process exceeds
limit of wired memory? ENOVMCLUE.

Anyway. Fix jls(8) to ignore ENOMEM and retry only 4 times.

Submitted by: Niklas Saers
PR: kern/79245
MFC after: 3 days


# 90e0c23c 22-Apr-2003 Mike Barcroft <mike@FreeBSD.org>

IP addresses can be up to 15 characters long, not 12.

PR: 50904


# 87d88cec 17-Apr-2003 Bruce Evans <bde@FreeBSD.org>

Fixed an err() format error in rev.1.1. This should have been fatal
since WARNS was high in rev.1.1, but __printf0like() has been temporarily
disabled for 9 months.


# ebf5d9bc 08-Apr-2003 Mike Barcroft <mike@FreeBSD.org>

o Add jls(8) for listing active jails.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.