From 298e1a85181102bde3aed73f73a34fe81f7de66a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 19 May 2004 16:35:30 +0000 Subject: Create /dev/null before opening kernel interfaces if it doesn't exist --- srcx/jkill.c | 477 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 238 insertions(+), 239 deletions(-) (limited to 'srcx/jkill.c') diff --git a/srcx/jkill.c b/srcx/jkill.c index 7125350..4311ed8 100644 --- a/srcx/jkill.c +++ b/srcx/jkill.c @@ -63,7 +63,7 @@ #endif /* The timeout to wait between kills */ -#define DEFAULT_TIMEOUT 3 +#define DEFAULT_TIMEOUT 3 int g_timeout = DEFAULT_TIMEOUT; int g_quiet = 0; /* Supress warnings */ @@ -84,15 +84,15 @@ static void usage_jail(const char* name); int main(int argc, char* argv[]) { - int r, jid; - int ret = 0; - pid_t child; + int r, jid; + int ret = 0; + pid_t child; /* * When running in a jail we do things slightly * differently, and accept different args */ - if(running_in_jail()) + if(running_in_jail()) { parse_jail_opts(argc, argv); @@ -103,8 +103,8 @@ int main(int argc, char* argv[]) if(daemon(0, 1) == -1) err(1, "couldn't disconnect from console"); - r = kill_jail(argv[0]); - exit(r); + r = kill_jail(argv[0]); + exit(r); } else @@ -114,54 +114,54 @@ int main(int argc, char* argv[]) argc -= optind; argv += optind; - /* For each jail */ - for(; argc > 0; argc--, argv++) - { - jid = translate_jail_name(argv[0]); - if(jid == -1) - { - warnx("unknown jail host name: %s", argv[0]); - ret = 1; - continue; - } - - /* - * We fork and the child goes into the jail and - * does the dirty work. Unless in debug mode where + /* For each jail */ + for(; argc > 0; argc--, argv++) + { + jid = translate_jail_name(argv[0]); + if(jid == -1) + { + warnx("unknown jail host name: %s", argv[0]); + ret = 1; + continue; + } + + /* + * We fork and the child goes into the jail and + * does the dirty work. Unless in debug mode where * we just do one jail. - */ + */ #ifdef _DEBUG - switch((child = fork())) - { - /* Error condition */ - case -1: - err(1, "couldn't fork child process"); - break; - - /* The child */ - case 0: + switch((child = fork())) + { + /* Error condition */ + case -1: + err(1, "couldn't fork child process"); + break; + + /* The child */ + case 0: #endif if(jail_attach(jid) == -1) err(1, "couldn't attach to jail"); - r = kill_jail(argv[0]); - exit(r); + r = kill_jail(argv[0]); + exit(r); #ifdef _DEBUG - break; + break; - /* The parent */ - default: - if(waitpid(child, &r, 0) == -1) - err(1, "error waiting for child process"); + /* The parent */ + default: + if(waitpid(child, &r, 0) == -1) + err(1, "error waiting for child process"); - if(WEXITSTATUS(r) != 0) - ret = WEXITSTATUS(r); - break; - }; + if(WEXITSTATUS(r) != 0) + ret = WEXITSTATUS(r); + break; + }; #endif - argc--; - argv++; + argc--; + argv++; } return ret; @@ -181,7 +181,7 @@ static void parse_jail_opts(int argc, char* argv[]) g_verbose = 1; g_force = 1; g_usescripts = 1; - g_restart = 0; + g_restart = 0; } else if(strcmp(argv[0], "reboot")) @@ -202,25 +202,25 @@ static void parse_jail_opts(int argc, char* argv[]) return; } - while((ch = getopt(argc, argv, "dk:lnqp")) != -1) - { - switch(ch) - { - case 'd': + while((ch = getopt(argc, argv, "dk:lnqp")) != -1) + { + switch(ch) + { + case 'd': case 'k': case 'l': case 'n': case 'q': case 'p': warnx("the '-%c' option is not supported from inside a jail", (char)ch); - break; + break; - case '?': - default: - usage_jail(t); + case '?': + default: + usage_jail(t); break; - } - } + } + } argc -= optind; argv += optind; @@ -233,224 +233,223 @@ static void parse_host_opts(int argc, char* argv[]) { int ch; - while((ch = getopt(argc, argv, "fhkqrt:v")) != -1) - { - switch(ch) - { - case 'f': - g_force = 1; - break; - - case 'h': - /* dummy for compatibility with killjail */ - warnx("the '-h' option has been depreciated"); - break; - - case 'k': - g_usescripts = 0; - break; - - case 'q': - g_quiet = 1; - g_verbose = 0; - break; - - case 'r': - g_restart = 1; - break; - - /* Timeout to use between kills */ - case 't': - g_timeout = atoi(optarg); - if(g_timeout <= 0) - errx(2, "invalid timeout argument: %s", optarg); - break; - - case 'v': - g_verbose = 1; - g_quiet = 0; - break; - - case '?': - default: - usage(); + while((ch = getopt(argc, argv, "fhkqrt:v")) != -1) + { + switch(ch) + { + case 'f': + g_force = 1; break; - } - } - if(!g_usescripts && g_restart) - usage(); + case 'h': + /* dummy for compatibility with killjail */ + warnx("the '-h' option has been depreciated"); + break; + + case 'k': + g_usescripts = 0; + break; - argc -= optind; - argv += optind; + case 'q': + g_quiet = 1; + g_verbose = 0; + break; + + case 'r': + g_restart = 1; + break; + + /* Timeout to use between kills */ + case 't': + g_timeout = atoi(optarg); + if(g_timeout <= 0) + errx(2, "invalid timeout argument: %s", optarg); + break; + + case 'v': + g_verbose = 1; + g_quiet = 0; + break; + + case '?': + default: + usage(); + break; + } + } + + if(!g_usescripts && g_restart) + usage(); + + argc -= optind; + argv += optind; if(argc <= 0) usage(); } #define SHUTDOWN_SCRIPT "/etc/rc.shutdown" -static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT }; +static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT }; #define START_SCRIPT "/etc/rc" -static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT }; +static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT }; static int kill_jail(const char* jail) { - kvm_t* kd = NULL; - char errbuf[_POSIX2_LINE_MAX]; - int pass = 0; - int timeout = 0; - int ret = 0; - int cmdargs = JAIL_RUN_CONSOLE; - - /* Open the kernel interface */ - kd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, _PATH_DEVNULL, - O_RDONLY, errbuf); - if(kd == NULL) - errx(1, "couldn't connect to kernel: %s", errbuf); - - if(g_verbose) - cmdargs |= JAIL_RUN_STDERR; - - /* - * Multiple passes are used to do different things. - * Each time the jails processes are listed. - */ - while(1) - { - while(timeout > 0) - { - sleep(1); - timeout--; - - if(!check_running_processes(kd)) - goto done; - } - - switch(pass) - { - /* First pass is an orderly shutdown */ - case 0: - - /* Check if we have an executable shutdown script */ - if(g_usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT)) - run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs); - - break; - - /* Okay now quit all processes in jail */ - case 1: - kill_jail_processes(kd, SIGTERM); - timeout = g_timeout; - break; - - /* ... and again ... */ - case 2: - kill_jail_processes(kd, SIGTERM); - timeout = g_timeout; - break; - - /* Okay now we force kill the processes if necessary */ - case 3: - - if(g_force) - { - /* If we get here, jailer looks like it's really irresponsive */ - if(!g_quiet) - warnx("%s: jail won't stop. forcing jail termination...", jail); - - kill_jail_processes(kd, SIGKILL); - timeout = g_timeout; - } - - break; - - case 4: - - /* And if that didn't do it, well then give up */ - if(!g_quiet) - warnx("%s: couldn't stop jail, processes wouldn't die", jail); - - ret = 1; - goto done; - } - - pass++; - - if(!check_running_processes(kd)) - goto done; - } + kvm_t* kd = NULL; + char errbuf[_POSIX2_LINE_MAX]; + int pass = 0; + int timeout = 0; + int ret = 0; + int cmdargs = JAIL_RUN_CONSOLE; + + /* Open the kernel interface */ + kd = open_kvm_handle(jail, errbuf); + if(kd == NULL) + errx(1, "couldn't connect to kernel: %s", errbuf); + + if(g_verbose) + cmdargs |= JAIL_RUN_STDERR; + + /* + * Multiple passes are used to do different things. + * Each time the jails processes are listed. + */ + while(1) + { + while(timeout > 0) + { + sleep(1); + timeout--; + + if(!check_running_processes(kd)) + goto done; + } + + switch(pass) + { + /* First pass is an orderly shutdown */ + case 0: + + /* Check if we have an executable shutdown script */ + if(g_usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT)) + run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs); + + break; + + /* Okay now quit all processes in jail */ + case 1: + kill_jail_processes(kd, SIGTERM); + timeout = g_timeout; + break; + + /* ... and again ... */ + case 2: + kill_jail_processes(kd, SIGTERM); + timeout = g_timeout; + break; + + /* Okay now we force kill the processes if necessary */ + case 3: + + if(g_force) + { + /* If we get here, jailer looks like it's really irresponsive */ + if(!g_quiet) + warnx("%s: jail won't stop. forcing jail termination...", jail); + + kill_jail_processes(kd, SIGKILL); + timeout = g_timeout; + } + + break; + + case 4: + + /* And if that didn't do it, well then give up */ + if(!g_quiet) + warnx("%s: couldn't stop jail, processes wouldn't die", jail); + + ret = 1; + goto done; + } + + pass++; + + if(!check_running_processes(kd)) + goto done; + } done: - if(g_restart) - { - /* Check if we have an executable shutdown script */ - if(check_jail_command(jail, START_SCRIPT)) - run_jail_command(jail, START_ARGS[0], START_ARGS, cmdargs); - } + if(g_restart) + { + /* Check if we have an executable shutdown script */ + if(check_jail_command(jail, START_SCRIPT)) + run_jail_command(jail, START_ARGS[0], START_ARGS, cmdargs); + } - if(kd != NULL) - kvm_close(kd); + if(kd != NULL) + kvm_close(kd); - return ret; + return ret; } static void kill_jail_processes(kvm_t* kd, int sig) { - struct kinfo_proc* kp; - int nentries, i; - pid_t cur; - - cur = getpid(); - - /* Get a process listing */ - if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) - errx(1, "couldn't list processes: %s", kvm_geterr(kd)); - - /* Okay now loop and look at each process' jail */ - for(i = 0; i < nentries; i++) - { - if(kp[i].ki_pid == cur) - continue; - - if(kill(kp[i].ki_pid, sig) == -1) - { - if(errno != ESRCH) - errx(1, "couldn't signal process: %d", (int)kp[i].ki_pid); - } - } + struct kinfo_proc* kp; + int nentries, i; + pid_t cur; + + cur = getpid(); + + /* Get a process listing */ + if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) + errx(1, "couldn't list processes: %s", kvm_geterr(kd)); + + /* Okay now loop and look at each process' jail */ + for(i = 0; i < nentries; i++) + { + if(kp[i].ki_pid == cur) + continue; + + if(kill(kp[i].ki_pid, sig) == -1) + { + if(errno != ESRCH) + errx(1, "couldn't signal process: %d", (int)kp[i].ki_pid); + } + } } static int check_running_processes(kvm_t* kd) { - struct kinfo_proc* kp; - int nentries, i; - pid_t cur; + struct kinfo_proc* kp; + int nentries, i; + pid_t cur; - cur = getpid(); + cur = getpid(); - /* Get a process listing */ - if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) - errx(1, "couldn't list processes: %s", kvm_geterr(kd)); + /* Get a process listing */ + if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) + errx(1, "couldn't list processes: %s", kvm_geterr(kd)); - if(nentries != 1) - return 1; + if(nentries != 1) + return 1; - /* Okay now loop and look at each process' jail */ - for(i = 0; i < nentries; i++) - { - if(kp[i].ki_pid != cur) - return 1; - } + /* Okay now loop and look at each process' jail */ + for(i = 0; i < nentries; i++) + { + if(kp[i].ki_pid != cur) + return 1; + } - return 0; + return 0; } static void usage() { - fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n"); - fprintf(stderr, " jkill -r [-fqv] [-t timeout] jail ...\n"); - exit(2); + fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n"); + fprintf(stderr, " jkill -r [-fqv] [-t timeout] jail ...\n"); + exit(2); } static void usage_jail(const char* name) -- cgit v1.2.3