diff -Naur jailer-1.1/src/Makefile.am jailer-1.1.1/src/Makefile.am --- jailer-1.1/src/Makefile.am Wed May 22 23:39:38 2002 +++ jailer-1.1.1/src/Makefile.am Tue May 28 15:44:41 2002 @@ -1,6 +1,8 @@ -sbin_PROGRAMS = jailer dmesg -jailer_SOURCES = jailer.c +sbin_PROGRAMS = jailer dmesg injail +jailer_SOURCES = jailer.c injail.c +injail_SOURCES = injail.c injail_main.c +LIBS = -lkvm dmesg_SOURCES = dmesg.c -man_MANS = jailer.8 +man_MANS = jailer.8 injail.8 EXTRA_DIST = $(man_MANS) diff -Naur jailer-1.1/src/injail.8 jailer-1.1.1/src/injail.8 --- jailer-1.1/src/injail.8 Wed Dec 31 19:00:00 1969 +++ jailer-1.1.1/src/injail.8 Tue May 28 16:09:55 2002 @@ -0,0 +1,37 @@ +.Dd May 28, 2002 +.Dt INJAIL 8 +.Os +.Sh NAME +.Nm injail +.Nd determine if a process is running in a jail +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +The +.Nm +utility returns a result which indicates the jailed status of +the current process environment. +.Sh DIAGNOSTICS +The +.Nm +utility exits with one of the following values: +.Bl -tag -width indent -compact +.It 0 +the process is running in a jail. +.It 1 +the process is not running in a jail. +.It 2 +an error prevented determining if the process is running in a jail. +.El +.Sh BUGS +.Nm +uses kvm_getprocs(3) to determine process status. Anything which +could cause a failure in either kvm_open(3) or kvm_getprocs(3) can +cause this to fail as well. There aught to be a cleaner way. +.Sh AUTHOR + James E. Quick + +.Sh SEE ALSO +.Xr jailer 8 , +.Xr jail 8 , +.Xr kvm 3 diff -Naur jailer-1.1/src/injail.c jailer-1.1.1/src/injail.c --- jailer-1.1/src/injail.c Wed Dec 31 19:00:00 1969 +++ jailer-1.1.1/src/injail.c Tue May 28 15:15:54 2002 @@ -0,0 +1,52 @@ +/* injail +* A utility function to determine if a process is running in a +* FreeBSD jail. +* +* Compiled with _INJAIL_MAIN will produce an executable to allow +* testing from within scripts. +* +* This code was written by James E. Quick mailto:jq@quick.com +* The code may be freely re-used under the terms of the BSD copyright, +* as long as this comment remains intact. +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if __FreeBSD_version > 500000 +#define P_FLAG ki_flag +#else +#define P_FLAG kp_proc.p_flag +#endif + +/* int injail() +* Return 1 if running in a jail, 0 if not, -1 on error +* jq 05/28/2002 +*/ +int injail () +{ + int count = 0; + kvm_t *kd = 0; + struct kinfo_proc *kp; + char *memf, *nlistf, *swapf, errbuf[_POSIX2_LINE_MAX]; + int result = -1; + + memf = nlistf = swapf = _PATH_DEVNULL; + kd = kvm_openfiles(nlistf, memf, swapf, O_RDONLY, errbuf); + if (kd) { + kp = kvm_getprocs(kd, KERN_PROC_PID, getpid(), &count); + if (kp) { + result = (kp->P_FLAG & P_JAILED) ? 0:1; + } + kvm_close(kd); + } + + return result; +} diff -Naur jailer-1.1/src/injail_main.c jailer-1.1.1/src/injail_main.c --- jailer-1.1/src/injail_main.c Wed Dec 31 19:00:00 1969 +++ jailer-1.1.1/src/injail_main.c Tue May 28 15:30:01 2002 @@ -0,0 +1,36 @@ +/* injail +* A utility function to determine if a process is running in a +* FreeBSD jail. +* +* Compiled with _INJAIL_MAIN will produce an executable to allow +* testing from within scripts. +* +* This code was written by James E. Quick mailto:jq@quick.com +* The code may be freely re-used under the terms of the BSD copyright, +* as long as this comment remains intact. +*/ + +#include + +int injail(); + +/* main for injail +* return 0 if in a jail +* return 1 if not in jail +* return 2 if error prevented determining status +* jq 05/28/2002 +*/ +main(int argc, char *argv[]) +{ + int jailed; + + jailed = injail(); + if (jailed == -1) { + fprintf(stderr, "injail: Could not determine jailed status.\n"); + return 2; + } else if (jailed) { + return 0; + } + + return 1; +} diff -Naur jailer-1.1/src/jailer.c jailer-1.1.1/src/jailer.c --- jailer-1.1/src/jailer.c Tue May 21 16:18:19 2002 +++ jailer-1.1.1/src/jailer.c Tue May 28 15:34:32 2002 @@ -92,15 +92,23 @@ static void getJailName(char* buff, int buffLen); static int createConsole(); static int runCommand(char* command, char* header); +int injail(); int main(int argc, char* argv[]) { + int jailed; char* consoleFile = CONSOLE_LOG; FILE* console = NULL; + jailed = injail(); + if (jailed == 0 || jailed == -1) { + fprintf(stderr, "jailer: Cannot determine if I am in jail.\n"); + return 1; + } /* Get the name of the current jail */ getJailName(g_jailName, MAX_JAIL_NAME); + if(argc > 1) consoleFile = argv[1];