summaryrefslogtreecommitdiff
path: root/srcx/jkill.c
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2004-05-19 16:35:30 +0000
committerStef Walter <stef@memberwebs.com>2004-05-19 16:35:30 +0000
commit298e1a85181102bde3aed73f73a34fe81f7de66a (patch)
treecbdb94d3c824a34f299afc8ccfbe8f89f89cb07f /srcx/jkill.c
parentd86ba2f5a45fd70e6503ba516eea9386bc176e22 (diff)
Create /dev/null before opening kernel interfaces if it doesn't exist
Diffstat (limited to 'srcx/jkill.c')
-rw-r--r--srcx/jkill.c477
1 files changed, 238 insertions, 239 deletions
diff --git a/srcx/jkill.c b/srcx/jkill.c
index 7125350..4311ed8 100644
--- a/srcx/jkill.c
+++ b/srcx/jkill.c
@@ -63,7 +63,7 @@
#endif
/* The timeout to wait between kills */
-#define DEFAULT_TIMEOUT 3
+#define DEFAULT_TIMEOUT 3
int g_timeout = DEFAULT_TIMEOUT;
int g_quiet = 0; /* Supress warnings */
@@ -84,15 +84,15 @@ static void usage_jail(const char* name);
int main(int argc, char* argv[])
{
- int r, jid;
- int ret = 0;
- pid_t child;
+ int r, jid;
+ int ret = 0;
+ pid_t child;
/*
* When running in a jail we do things slightly
* differently, and accept different args
*/
- if(running_in_jail())
+ if(running_in_jail())
{
parse_jail_opts(argc, argv);
@@ -103,8 +103,8 @@ int main(int argc, char* argv[])
if(daemon(0, 1) == -1)
err(1, "couldn't disconnect from console");
- r = kill_jail(argv[0]);
- exit(r);
+ r = kill_jail(argv[0]);
+ exit(r);
}
else
@@ -114,54 +114,54 @@ int main(int argc, char* argv[])
argc -= optind;
argv += optind;
- /* For each jail */
- for(; argc > 0; argc--, argv++)
- {
- jid = translate_jail_name(argv[0]);
- if(jid == -1)
- {
- warnx("unknown jail host name: %s", argv[0]);
- ret = 1;
- continue;
- }
-
- /*
- * We fork and the child goes into the jail and
- * does the dirty work. Unless in debug mode where
+ /* For each jail */
+ for(; argc > 0; argc--, argv++)
+ {
+ jid = translate_jail_name(argv[0]);
+ if(jid == -1)
+ {
+ warnx("unknown jail host name: %s", argv[0]);
+ ret = 1;
+ continue;
+ }
+
+ /*
+ * We fork and the child goes into the jail and
+ * does the dirty work. Unless in debug mode where
* we just do one jail.
- */
+ */
#ifdef _DEBUG
- switch((child = fork()))
- {
- /* Error condition */
- case -1:
- err(1, "couldn't fork child process");
- break;
-
- /* The child */
- case 0:
+ switch((child = fork()))
+ {
+ /* Error condition */
+ case -1:
+ err(1, "couldn't fork child process");
+ break;
+
+ /* The child */
+ case 0:
#endif
if(jail_attach(jid) == -1)
err(1, "couldn't attach to jail");
- r = kill_jail(argv[0]);
- exit(r);
+ r = kill_jail(argv[0]);
+ exit(r);
#ifdef _DEBUG
- break;
+ break;
- /* The parent */
- default:
- if(waitpid(child, &r, 0) == -1)
- err(1, "error waiting for child process");
+ /* The parent */
+ default:
+ if(waitpid(child, &r, 0) == -1)
+ err(1, "error waiting for child process");
- if(WEXITSTATUS(r) != 0)
- ret = WEXITSTATUS(r);
- break;
- };
+ if(WEXITSTATUS(r) != 0)
+ ret = WEXITSTATUS(r);
+ break;
+ };
#endif
- argc--;
- argv++;
+ argc--;
+ argv++;
}
return ret;
@@ -181,7 +181,7 @@ static void parse_jail_opts(int argc, char* argv[])
g_verbose = 1;
g_force = 1;
g_usescripts = 1;
- g_restart = 0;
+ g_restart = 0;
}
else if(strcmp(argv[0], "reboot"))
@@ -202,25 +202,25 @@ static void parse_jail_opts(int argc, char* argv[])
return;
}
- while((ch = getopt(argc, argv, "dk:lnqp")) != -1)
- {
- switch(ch)
- {
- case 'd':
+ while((ch = getopt(argc, argv, "dk:lnqp")) != -1)
+ {
+ switch(ch)
+ {
+ case 'd':
case 'k':
case 'l':
case 'n':
case 'q':
case 'p':
warnx("the '-%c' option is not supported from inside a jail", (char)ch);
- break;
+ break;
- case '?':
- default:
- usage_jail(t);
+ case '?':
+ default:
+ usage_jail(t);
break;
- }
- }
+ }
+ }
argc -= optind;
argv += optind;
@@ -233,224 +233,223 @@ static void parse_host_opts(int argc, char* argv[])
{
int ch;
- while((ch = getopt(argc, argv, "fhkqrt:v")) != -1)
- {
- switch(ch)
- {
- case 'f':
- g_force = 1;
- break;
-
- case 'h':
- /* dummy for compatibility with killjail */
- warnx("the '-h' option has been depreciated");
- break;
-
- case 'k':
- g_usescripts = 0;
- break;
-
- case 'q':
- g_quiet = 1;
- g_verbose = 0;
- break;
-
- case 'r':
- g_restart = 1;
- break;
-
- /* Timeout to use between kills */
- case 't':
- g_timeout = atoi(optarg);
- if(g_timeout <= 0)
- errx(2, "invalid timeout argument: %s", optarg);
- break;
-
- case 'v':
- g_verbose = 1;
- g_quiet = 0;
- break;
-
- case '?':
- default:
- usage();
+ while((ch = getopt(argc, argv, "fhkqrt:v")) != -1)
+ {
+ switch(ch)
+ {
+ case 'f':
+ g_force = 1;
break;
- }
- }
- if(!g_usescripts && g_restart)
- usage();
+ case 'h':
+ /* dummy for compatibility with killjail */
+ warnx("the '-h' option has been depreciated");
+ break;
+
+ case 'k':
+ g_usescripts = 0;
+ break;
- argc -= optind;
- argv += optind;
+ case 'q':
+ g_quiet = 1;
+ g_verbose = 0;
+ break;
+
+ case 'r':
+ g_restart = 1;
+ break;
+
+ /* Timeout to use between kills */
+ case 't':
+ g_timeout = atoi(optarg);
+ if(g_timeout <= 0)
+ errx(2, "invalid timeout argument: %s", optarg);
+ break;
+
+ case 'v':
+ g_verbose = 1;
+ g_quiet = 0;
+ break;
+
+ case '?':
+ default:
+ usage();
+ break;
+ }
+ }
+
+ if(!g_usescripts && g_restart)
+ usage();
+
+ argc -= optind;
+ argv += optind;
if(argc <= 0)
usage();
}
#define SHUTDOWN_SCRIPT "/etc/rc.shutdown"
-static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT };
+static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT };
#define START_SCRIPT "/etc/rc"
-static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT };
+static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT };
static int kill_jail(const char* jail)
{
- kvm_t* kd = NULL;
- char errbuf[_POSIX2_LINE_MAX];
- int pass = 0;
- int timeout = 0;
- int ret = 0;
- int cmdargs = JAIL_RUN_CONSOLE;
-
- /* Open the kernel interface */
- kd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, _PATH_DEVNULL,
- O_RDONLY, errbuf);
- if(kd == NULL)
- errx(1, "couldn't connect to kernel: %s", errbuf);
-
- if(g_verbose)
- cmdargs |= JAIL_RUN_STDERR;
-
- /*
- * Multiple passes are used to do different things.
- * Each time the jails processes are listed.
- */
- while(1)
- {
- while(timeout > 0)
- {
- sleep(1);
- timeout--;
-
- if(!check_running_processes(kd))
- goto done;
- }
-
- switch(pass)
- {
- /* First pass is an orderly shutdown */
- case 0:
-
- /* Check if we have an executable shutdown script */
- if(g_usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT))
- run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs);
-
- break;
-
- /* Okay now quit all processes in jail */
- case 1:
- kill_jail_processes(kd, SIGTERM);
- timeout = g_timeout;
- break;
-
- /* ... and again ... */
- case 2:
- kill_jail_processes(kd, SIGTERM);
- timeout = g_timeout;
- break;
-
- /* Okay now we force kill the processes if necessary */
- case 3:
-
- if(g_force)
- {
- /* If we get here, jailer looks like it's really irresponsive */
- if(!g_quiet)
- warnx("%s: jail won't stop. forcing jail termination...", jail);
-
- kill_jail_processes(kd, SIGKILL);
- timeout = g_timeout;
- }
-
- break;
-
- case 4:
-
- /* And if that didn't do it, well then give up */
- if(!g_quiet)
- warnx("%s: couldn't stop jail, processes wouldn't die", jail);
-
- ret = 1;
- goto done;
- }
-
- pass++;
-
- if(!check_running_processes(kd))
- goto done;
- }
+ kvm_t* kd = NULL;
+ char errbuf[_POSIX2_LINE_MAX];
+ int pass = 0;
+ int timeout = 0;
+ int ret = 0;
+ int cmdargs = JAIL_RUN_CONSOLE;
+
+ /* Open the kernel interface */
+ kd = open_kvm_handle(jail, errbuf);
+ if(kd == NULL)
+ errx(1, "couldn't connect to kernel: %s", errbuf);
+
+ if(g_verbose)
+ cmdargs |= JAIL_RUN_STDERR;
+
+ /*
+ * Multiple passes are used to do different things.
+ * Each time the jails processes are listed.
+ */
+ while(1)
+ {
+ while(timeout > 0)
+ {
+ sleep(1);
+ timeout--;
+
+ if(!check_running_processes(kd))
+ goto done;
+ }
+
+ switch(pass)
+ {
+ /* First pass is an orderly shutdown */
+ case 0:
+
+ /* Check if we have an executable shutdown script */
+ if(g_usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT))
+ run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs);
+
+ break;
+
+ /* Okay now quit all processes in jail */
+ case 1:
+ kill_jail_processes(kd, SIGTERM);
+ timeout = g_timeout;
+ break;
+
+ /* ... and again ... */
+ case 2:
+ kill_jail_processes(kd, SIGTERM);
+ timeout = g_timeout;
+ break;
+
+ /* Okay now we force kill the processes if necessary */
+ case 3:
+
+ if(g_force)
+ {
+ /* If we get here, jailer looks like it's really irresponsive */
+ if(!g_quiet)
+ warnx("%s: jail won't stop. forcing jail termination...", jail);
+
+ kill_jail_processes(kd, SIGKILL);
+ timeout = g_timeout;
+ }
+
+ break;
+
+ case 4:
+
+ /* And if that didn't do it, well then give up */
+ if(!g_quiet)
+ warnx("%s: couldn't stop jail, processes wouldn't die", jail);
+
+ ret = 1;
+ goto done;
+ }
+
+ pass++;
+
+ if(!check_running_processes(kd))
+ goto done;
+ }
done:
- if(g_restart)
- {
- /* Check if we have an executable shutdown script */
- if(check_jail_command(jail, START_SCRIPT))
- run_jail_command(jail, START_ARGS[0], START_ARGS, cmdargs);
- }
+ if(g_restart)
+ {
+ /* Check if we have an executable shutdown script */
+ if(check_jail_command(jail, START_SCRIPT))
+ run_jail_command(jail, START_ARGS[0], START_ARGS, cmdargs);
+ }
- if(kd != NULL)
- kvm_close(kd);
+ if(kd != NULL)
+ kvm_close(kd);
- return ret;
+ return ret;
}
static void kill_jail_processes(kvm_t* kd, int sig)
{
- struct kinfo_proc* kp;
- int nentries, i;
- pid_t cur;
-
- cur = getpid();
-
- /* Get a process listing */
- if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
- errx(1, "couldn't list processes: %s", kvm_geterr(kd));
-
- /* Okay now loop and look at each process' jail */
- for(i = 0; i < nentries; i++)
- {
- if(kp[i].ki_pid == cur)
- continue;
-
- if(kill(kp[i].ki_pid, sig) == -1)
- {
- if(errno != ESRCH)
- errx(1, "couldn't signal process: %d", (int)kp[i].ki_pid);
- }
- }
+ struct kinfo_proc* kp;
+ int nentries, i;
+ pid_t cur;
+
+ cur = getpid();
+
+ /* Get a process listing */
+ if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
+ errx(1, "couldn't list processes: %s", kvm_geterr(kd));
+
+ /* Okay now loop and look at each process' jail */
+ for(i = 0; i < nentries; i++)
+ {
+ if(kp[i].ki_pid == cur)
+ continue;
+
+ if(kill(kp[i].ki_pid, sig) == -1)
+ {
+ if(errno != ESRCH)
+ errx(1, "couldn't signal process: %d", (int)kp[i].ki_pid);
+ }
+ }
}
static int check_running_processes(kvm_t* kd)
{
- struct kinfo_proc* kp;
- int nentries, i;
- pid_t cur;
+ struct kinfo_proc* kp;
+ int nentries, i;
+ pid_t cur;
- cur = getpid();
+ cur = getpid();
- /* Get a process listing */
- if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
- errx(1, "couldn't list processes: %s", kvm_geterr(kd));
+ /* Get a process listing */
+ if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0)
+ errx(1, "couldn't list processes: %s", kvm_geterr(kd));
- if(nentries != 1)
- return 1;
+ if(nentries != 1)
+ return 1;
- /* Okay now loop and look at each process' jail */
- for(i = 0; i < nentries; i++)
- {
- if(kp[i].ki_pid != cur)
- return 1;
- }
+ /* Okay now loop and look at each process' jail */
+ for(i = 0; i < nentries; i++)
+ {
+ if(kp[i].ki_pid != cur)
+ return 1;
+ }
- return 0;
+ return 0;
}
static void usage()
{
- fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n");
- fprintf(stderr, " jkill -r [-fqv] [-t timeout] jail ...\n");
- exit(2);
+ fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n");
+ fprintf(stderr, " jkill -r [-fqv] [-t timeout] jail ...\n");
+ exit(2);
}
static void usage_jail(const char* name)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 12:32:54 +0000