summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--srcx/jails.830
-rw-r--r--srcx/jid.844
-rw-r--r--srcx/jkill.873
-rw-r--r--srcx/jkill.c23
-rw-r--r--srcx/jps.854
-rw-r--r--srcx/jstart.872
-rw-r--r--srcx/jstart.c37
7 files changed, 310 insertions, 23 deletions
diff --git a/srcx/jails.8 b/srcx/jails.8
new file mode 100644
index 0000000..55282de
--- /dev/null
+++ b/srcx/jails.8
@@ -0,0 +1,30 @@
+.\" Process this file with
+.\" groff -mdoc -Tascii jails.8
+.\"
+.Dd April, 2004
+.Dt jails 8
+.Os jails
+.Sh NAME
+.Nm jails
+.Nd lists hostnames of all running jails on the system
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+The
+.Nm
+command will print a list of all the various jails running on your
+system. The hostnames of those jails are printed. The list is not
+ordered.
+.Sh NOTES
+This command is intended only for compatibility with earlier versions
+of the
+.Em jailutils
+package. The
+.Xr jls 8
+command is a better source of jail information.
+.Sh SEE ALSO
+.Xr jls 8 ,
+.Xr jail 8 ,
+.Xr jps 8
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com
diff --git a/srcx/jid.8 b/srcx/jid.8
new file mode 100644
index 0000000..638dfae
--- /dev/null
+++ b/srcx/jid.8
@@ -0,0 +1,44 @@
+.\" Process this file with
+.\" groff -mdoc -Tascii jid.8
+.\"
+.Dd April, 2004
+.Dt jid 8
+.Os jid
+.Sh NAME
+.Nm jid
+.Nd translates jail host names to jail ids and vice versa
+.Sh SYNOPSIS
+.Nm
+.Ar hostname
+.Nm
+.Ar jail-id
+.Sh DESCRIPTION
+.Nm
+translates jail host names to jail ids and vice versa for running jails. When
+called with an integer number as it's argument,
+.Nm
+assumes that it's a jail id and converts it to a host name. When called with
+any other text,
+.Nm
+uses it as a host name and tries to resolve it to a jail id.
+.Sh NOTES
+Jail ids are an integer assigned when a jail starts up. Use
+.Xr jail 8
+or
+.Xr jstart 8
+with a
+.Fl i
+argument to print the jail id for a running jail.
+.Xr jls 8
+will also print jail ids for all jails running on the system.
+.Pp
+It is possible to run two jails with the same host name.
+.Nm
+however always only prints out one jail id for a given jail host name.
+.Sh SEE ALSO
+.Xr jail 2 ,
+.Xr jail 8 ,
+.Xr jls 8 ,
+.Xr jstart 8
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com
diff --git a/srcx/jkill.8 b/srcx/jkill.8
new file mode 100644
index 0000000..bb4d5b8
--- /dev/null
+++ b/srcx/jkill.8
@@ -0,0 +1,73 @@
+.\" Process this file with
+.\" groff -mdoc -Tascii jkill.8
+.\"
+.Dd April, 2004
+.Dt jkill 8
+.Os jkill
+.Sh NAME
+.Nm jkill
+.Nd stop or restart a jail
+.Sh SYNOPSIS
+.Nm
+.Op Fl fkqv
+.Op Fl t Ar timeout
+.Ar jail ...
+.Nm
+.Fl r
+.Op Fl fqv
+.Op Fl t Ar timeout
+.Ar jail ...
+.Sh DESCRIPTION
+The
+.Nm
+utility stops one or more jails in an orderly fashion. It calls the
+shutdown scripts inside the jail and then kills all remaining processes.
+When used with the
+.Fl r
+option it can also restart the jail.
+.Pp
+.Sh OPTIONS
+.Bl -tag -width ".Fl u Ar timeout"
+.It Fl f
+Force the processes to quit. If processes remain after sending them
+a SIGTERM then kill them with SIGKILL which forces the a process exit.
+.It Fl k
+Don't call the shutdown scripts, just kill the processes.
+.It Fl q
+Supress warnings.
+.It Fl r
+After shutting down the jail, restart it by running the
+.Pa /etc/rc
+startup script.
+.It Fl t Ar timeout
+Specify a maximum timeout to wait after running the shutdown scripts and
+between the sending the various kill signals. The default is 3 seconds.
+.It Fl v
+Show the output of shutdown or startup scripts on the console. This also
+enables all warnings.
+.It Ar jail
+Either a jail id (which is an integer) or a jail host name.
+.El
+.Sh NOTES
+It's generally assumed that the jail in question is a 'full jail' with
+startup and shutdown scripts. If that's not the case use the
+.Fl k
+option.
+.Pp
+The startup and shutdown scripts inside the jail must be shell scripts
+and must be owned by root in order to be executed.
+.Pp
+The environment is purged properly before running the scripts in the
+jail in order to prevent unwanted information from leaking into the
+jail.
+.Sh FILES
+.Pa /etc/rc
+.Pa /etc/rc.shutdown
+.Sh SEE ALSO
+.Xr jail 8 ,
+.Xr jails 8 ,
+.Xr jls 8 ,
+.Xr jstart 8 ,
+.Xr kill 1
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com
diff --git a/srcx/jkill.c b/srcx/jkill.c
index fd3c110..3d30c48 100644
--- a/srcx/jkill.c
+++ b/srcx/jkill.c
@@ -34,7 +34,7 @@ int g_quiet = 0;
int g_verbose = 0;
static void kill_jail_processes(kvm_t* kd, int sig);
-static int kill_jail(const char* jail, int restart, int force);
+static int kill_jail(const char* jail, int usescripts, int restart, int force);
static int check_running_processes(kvm_t* kd);
static void usage();
@@ -45,9 +45,10 @@ int main(int argc, char* argv[])
int restart = 0;
int force = 0;
int verbose = 0;
+ int usescripts = 1;
pid_t child;
- while((ch = getopt(argc, argv, "fhqrt:v")) != -1)
+ while((ch = getopt(argc, argv, "fhkqrt:v")) != -1)
{
switch(ch)
{
@@ -60,6 +61,10 @@ int main(int argc, char* argv[])
warnx("the '-h' option has been depreciated");
break;
+ case 'k':
+ usescripts = 0;
+ break;
+
case 'q':
g_quiet = 1;
g_verbose = 0;
@@ -94,6 +99,9 @@ int main(int argc, char* argv[])
if(argc == 0)
usage();
+ if(!usescripts && restart)
+ usage();
+
if(running_in_jail())
errx(1, "can't run inside jail");
@@ -126,7 +134,7 @@ int main(int argc, char* argv[])
if(jail_attach(jid) == -1)
err(1, "couldn't attach to jail");
- r = kill_jail(argv[0], restart, force);
+ r = kill_jail(argv[0], usescripts, restart, force);
exit(r);
#ifdef _DEBUG
break;
@@ -155,7 +163,7 @@ static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT };
#define START_SCRIPT "/etc/rc"
static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT };
-static int kill_jail(const char* jail, int restart, int force)
+static int kill_jail(const char* jail, int usescripts, int restart, int force)
{
kvm_t* kd = NULL;
char errbuf[_POSIX2_LINE_MAX];
@@ -194,8 +202,8 @@ static int kill_jail(const char* jail, int restart, int force)
case 0:
/* Check if we have an executable shutdown script */
- if(check_jail_command(jail, SHUTDOWN_SCRIPT))
- run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs);
+ if(usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT))
+ run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs);
break;
@@ -309,7 +317,8 @@ static int check_running_processes(kvm_t* kd)
static void usage()
{
- fprintf(stderr, "usage: killjail [-fqrv] [-t timeout] jailname ...\n");
+ fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n");
+ fprintf(stderr, "usage: jkill -r [-fqv] [-t timeout] jail ...\n");
exit(2);
}
diff --git a/srcx/jps.8 b/srcx/jps.8
new file mode 100644
index 0000000..9e039fc
--- /dev/null
+++ b/srcx/jps.8
@@ -0,0 +1,54 @@
+.\" Process this file with
+.\" groff -mdoc -Tascii jps.8
+.\"
+.Dd April, 2004
+.Dt jps 8
+.Os jps
+.Sh NAME
+.Nm jps
+.Nd prints processes running in a jail
+.Sh SYNOPSIS
+.Nm
+.Fl x
+.Ar jail
+.Nm
+.Ar jail
+.Op Ar ps-options ...
+.Sh DESCRIPTION
+The
+.Nm
+utility prints out a list of the processes running in a given jail. When run
+with the
+.Fl x
+argument it just prints out the process ids. Otherwise it prints out a full
+.Xr ps 1
+type listing for the processes in the jail. The
+.Xr ps 1
+formatting and other options are available for use.
+.Sh OPTIONS
+.Bl -tag -width ".Fl u Ar ps-options"
+.It Fl x
+Only print out the process ids.
+.It Ar jail
+Either a jail id (which is an integer) or a jail host name.
+.It Ar ps-options
+Formatting and other to be passed to
+.Xr ps 1
+when listing processes in the jail.
+.Sh NOTES
+It is possible to run two jails with the same host name.
+.Nm
+however always only prints out processes for one jail.
+.Pp
+The environment is purged properly before running
+.Xr ps 1
+in the jail in order to prevent unwanted information from
+leaking into the jail.
+.Sh SEE ALSO
+.Xr jail 8 ,
+.Xr jails 8 ,
+.Xr jls 8 ,
+.Xr jstart 8 ,
+.Xr ps 1
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com
diff --git a/srcx/jstart.8 b/srcx/jstart.8
new file mode 100644
index 0000000..fed1655
--- /dev/null
+++ b/srcx/jstart.8
@@ -0,0 +1,72 @@
+.\" Process this file with
+.\" groff -mdoc -Tascii jstart.8
+.\"
+.Dd April, 2004
+.Dt jstart 8
+.Os jstart
+.Sh NAME
+.Nm jstart
+.Nd start a jail
+.Sh SYNOPSIS
+.Nm
+.Op Fl i
+.Ar path
+.Ar hostname
+.Ar ip-number
+.Op Ar command ...
+.Sh DESCRIPTION
+The
+.Nm
+utility starts a jail. It is a more secure replacement for the
+.Xr jail 8
+command. See the
+.Xr jail 8
+man page for details on how to setup a jail, and jail concepts.
+.Pp
+.Nm
+purges down the environment before running the command inside the
+jail in order to prevent information leakage into the jail. If this
+is not desired, then use the
+.Xr jail 8
+command.
+.Sh OPTIONS
+.Bl -tag -width ".Fl u Ar ip-number"
+.It Fl i
+Print the jail identifier of the newly created jail.
+.It Ar path
+Directory which is to be the root of the jail.
+.It Ar hostname
+Hostname of the prison.
+.It Ar ip-number
+IP number assigned to the prison.
+.It Ar command
+Optional command to be executed inside the jail. When not specified
+this defaults to
+.Pa "/bin/sh /etc/rc"
+.El
+.Sh NOTES
+.Nm
+always runs as root, and runs
+.Em command
+as root. If this is not desired, use
+.Xr jail 8
+with the
+.Fl u
+option.
+.Pp
+The command called must be owned by root in order to be executed.
+.Pp
+The environment is purged properly before running the scripts in the
+jail in order to prevent unwanted information from leaking into the
+jail.
+.Sh FILES
+.Pa /etc/rc
+.Sh SEE ALSO
+.Xr jail 2 ,
+.Xr jail 8 ,
+.Xr jails 8 ,
+.Xr jls 8 ,
+.Xr jexec 8 ,
+.Xr jkill 8
+.Sh AUTHOR
+.An Nate Nielsen Aq nielsen@memberwebs.com
diff --git a/srcx/jstart.c b/srcx/jstart.c
index 370c064..ab0c0af 100644
--- a/srcx/jstart.c
+++ b/srcx/jstart.c
@@ -31,10 +31,9 @@ int main(int argc, char* argv[])
int ch, jid;
struct jail j;
int printjid = 0;
- int console = 0;
struct in_addr in;
- while((ch = getopt(argc, argv, "ic")) != -1)
+ while((ch = getopt(argc, argv, "i")) != -1)
{
switch(ch)
{
@@ -42,10 +41,6 @@ int main(int argc, char* argv[])
printjid = 1;
break;
- case 'c':
- console = 1;
- break;
-
case '?':
default:
usage();
@@ -55,7 +50,7 @@ int main(int argc, char* argv[])
argc -= optind;
argv += optind;
- if(argc != 3)
+ if(argc < 3)
usage();
if(getuid() != 0)
@@ -78,27 +73,37 @@ int main(int argc, char* argv[])
if(jid == -1)
err(1, "couldn't create jail");
- if(console)
- {
-
- }
-
if(printjid)
{
printf("%d\n", jid);
fflush(stdout);
}
- if(!check_jail_command(NULL, START_SCRIPT))
- exit(1);
+ argc -= 3;
+ argv += 3;
+
+ if(argc == 0)
+ {
+ if(!check_jail_command(NULL, START_SCRIPT))
+ exit(1);
+
+ run_jail_command(NULL, START_ARGS[0], START_ARGS, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT);
+ }
+
+ else
+ {
+ if(!check_jail_command(NULL, argv[0]))
+ exit(1);
+
+ run_jail_command(NULL, argv[0], argv, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT);
+ }
- run_jail_command(NULL, START_ARGS[0], START_ARGS, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT);
return 0;
}
static void usage()
{
- fprintf(stderr, "usage: jstart [-ic] path hostname ip-number\n");
+ fprintf(stderr, "usage: jstart [-ic] path hostname ip-number [command ...]\n");
exit(2);
}