From 811897239f2f63dc4e4f67e81f3236e5aa1d870f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 18 May 2004 17:30:47 +0000 Subject: Some argument changes. Documentation files. --- srcx/jails.8 | 30 ++++++++++++++++++++++++ srcx/jid.8 | 44 +++++++++++++++++++++++++++++++++++ srcx/jkill.8 | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ srcx/jkill.c | 23 +++++++++++++------ srcx/jps.8 | 54 +++++++++++++++++++++++++++++++++++++++++++ srcx/jstart.8 | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ srcx/jstart.c | 37 +++++++++++++++++------------- 7 files changed, 310 insertions(+), 23 deletions(-) create mode 100644 srcx/jails.8 create mode 100644 srcx/jid.8 create mode 100644 srcx/jkill.8 create mode 100644 srcx/jps.8 create mode 100644 srcx/jstart.8 (limited to 'srcx') diff --git a/srcx/jails.8 b/srcx/jails.8 new file mode 100644 index 0000000..55282de --- /dev/null +++ b/srcx/jails.8 @@ -0,0 +1,30 @@ +.\" Process this file with +.\" groff -mdoc -Tascii jails.8 +.\" +.Dd April, 2004 +.Dt jails 8 +.Os jails +.Sh NAME +.Nm jails +.Nd lists hostnames of all running jails on the system +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +The +.Nm +command will print a list of all the various jails running on your +system. The hostnames of those jails are printed. The list is not +ordered. +.Sh NOTES +This command is intended only for compatibility with earlier versions +of the +.Em jailutils +package. The +.Xr jls 8 +command is a better source of jail information. +.Sh SEE ALSO +.Xr jls 8 , +.Xr jail 8 , +.Xr jps 8 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/srcx/jid.8 b/srcx/jid.8 new file mode 100644 index 0000000..638dfae --- /dev/null +++ b/srcx/jid.8 @@ -0,0 +1,44 @@ +.\" Process this file with +.\" groff -mdoc -Tascii jid.8 +.\" +.Dd April, 2004 +.Dt jid 8 +.Os jid +.Sh NAME +.Nm jid +.Nd translates jail host names to jail ids and vice versa +.Sh SYNOPSIS +.Nm +.Ar hostname +.Nm +.Ar jail-id +.Sh DESCRIPTION +.Nm +translates jail host names to jail ids and vice versa for running jails. When +called with an integer number as it's argument, +.Nm +assumes that it's a jail id and converts it to a host name. When called with +any other text, +.Nm +uses it as a host name and tries to resolve it to a jail id. +.Sh NOTES +Jail ids are an integer assigned when a jail starts up. Use +.Xr jail 8 +or +.Xr jstart 8 +with a +.Fl i +argument to print the jail id for a running jail. +.Xr jls 8 +will also print jail ids for all jails running on the system. +.Pp +It is possible to run two jails with the same host name. +.Nm +however always only prints out one jail id for a given jail host name. +.Sh SEE ALSO +.Xr jail 2 , +.Xr jail 8 , +.Xr jls 8 , +.Xr jstart 8 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/srcx/jkill.8 b/srcx/jkill.8 new file mode 100644 index 0000000..bb4d5b8 --- /dev/null +++ b/srcx/jkill.8 @@ -0,0 +1,73 @@ +.\" Process this file with +.\" groff -mdoc -Tascii jkill.8 +.\" +.Dd April, 2004 +.Dt jkill 8 +.Os jkill +.Sh NAME +.Nm jkill +.Nd stop or restart a jail +.Sh SYNOPSIS +.Nm +.Op Fl fkqv +.Op Fl t Ar timeout +.Ar jail ... +.Nm +.Fl r +.Op Fl fqv +.Op Fl t Ar timeout +.Ar jail ... +.Sh DESCRIPTION +The +.Nm +utility stops one or more jails in an orderly fashion. It calls the +shutdown scripts inside the jail and then kills all remaining processes. +When used with the +.Fl r +option it can also restart the jail. +.Pp +.Sh OPTIONS +.Bl -tag -width ".Fl u Ar timeout" +.It Fl f +Force the processes to quit. If processes remain after sending them +a SIGTERM then kill them with SIGKILL which forces the a process exit. +.It Fl k +Don't call the shutdown scripts, just kill the processes. +.It Fl q +Supress warnings. +.It Fl r +After shutting down the jail, restart it by running the +.Pa /etc/rc +startup script. +.It Fl t Ar timeout +Specify a maximum timeout to wait after running the shutdown scripts and +between the sending the various kill signals. The default is 3 seconds. +.It Fl v +Show the output of shutdown or startup scripts on the console. This also +enables all warnings. +.It Ar jail +Either a jail id (which is an integer) or a jail host name. +.El +.Sh NOTES +It's generally assumed that the jail in question is a 'full jail' with +startup and shutdown scripts. If that's not the case use the +.Fl k +option. +.Pp +The startup and shutdown scripts inside the jail must be shell scripts +and must be owned by root in order to be executed. +.Pp +The environment is purged properly before running the scripts in the +jail in order to prevent unwanted information from leaking into the +jail. +.Sh FILES +.Pa /etc/rc +.Pa /etc/rc.shutdown +.Sh SEE ALSO +.Xr jail 8 , +.Xr jails 8 , +.Xr jls 8 , +.Xr jstart 8 , +.Xr kill 1 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/srcx/jkill.c b/srcx/jkill.c index fd3c110..3d30c48 100644 --- a/srcx/jkill.c +++ b/srcx/jkill.c @@ -34,7 +34,7 @@ int g_quiet = 0; int g_verbose = 0; static void kill_jail_processes(kvm_t* kd, int sig); -static int kill_jail(const char* jail, int restart, int force); +static int kill_jail(const char* jail, int usescripts, int restart, int force); static int check_running_processes(kvm_t* kd); static void usage(); @@ -45,9 +45,10 @@ int main(int argc, char* argv[]) int restart = 0; int force = 0; int verbose = 0; + int usescripts = 1; pid_t child; - while((ch = getopt(argc, argv, "fhqrt:v")) != -1) + while((ch = getopt(argc, argv, "fhkqrt:v")) != -1) { switch(ch) { @@ -60,6 +61,10 @@ int main(int argc, char* argv[]) warnx("the '-h' option has been depreciated"); break; + case 'k': + usescripts = 0; + break; + case 'q': g_quiet = 1; g_verbose = 0; @@ -94,6 +99,9 @@ int main(int argc, char* argv[]) if(argc == 0) usage(); + if(!usescripts && restart) + usage(); + if(running_in_jail()) errx(1, "can't run inside jail"); @@ -126,7 +134,7 @@ int main(int argc, char* argv[]) if(jail_attach(jid) == -1) err(1, "couldn't attach to jail"); - r = kill_jail(argv[0], restart, force); + r = kill_jail(argv[0], usescripts, restart, force); exit(r); #ifdef _DEBUG break; @@ -155,7 +163,7 @@ static char* SHUTDOWN_ARGS[] = { _PATH_BSHELL, SHUTDOWN_SCRIPT }; #define START_SCRIPT "/etc/rc" static char* START_ARGS[] = { _PATH_BSHELL, START_SCRIPT }; -static int kill_jail(const char* jail, int restart, int force) +static int kill_jail(const char* jail, int usescripts, int restart, int force) { kvm_t* kd = NULL; char errbuf[_POSIX2_LINE_MAX]; @@ -194,8 +202,8 @@ static int kill_jail(const char* jail, int restart, int force) case 0: /* Check if we have an executable shutdown script */ - if(check_jail_command(jail, SHUTDOWN_SCRIPT)) - run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs); + if(usescripts && check_jail_command(jail, SHUTDOWN_SCRIPT)) + run_jail_command(jail, SHUTDOWN_ARGS[0], SHUTDOWN_ARGS, cmdargs); break; @@ -309,7 +317,8 @@ static int check_running_processes(kvm_t* kd) static void usage() { - fprintf(stderr, "usage: killjail [-fqrv] [-t timeout] jailname ...\n"); + fprintf(stderr, "usage: jkill [-fkqv] [-t timeout] jail ...\n"); + fprintf(stderr, "usage: jkill -r [-fqv] [-t timeout] jail ...\n"); exit(2); } diff --git a/srcx/jps.8 b/srcx/jps.8 new file mode 100644 index 0000000..9e039fc --- /dev/null +++ b/srcx/jps.8 @@ -0,0 +1,54 @@ +.\" Process this file with +.\" groff -mdoc -Tascii jps.8 +.\" +.Dd April, 2004 +.Dt jps 8 +.Os jps +.Sh NAME +.Nm jps +.Nd prints processes running in a jail +.Sh SYNOPSIS +.Nm +.Fl x +.Ar jail +.Nm +.Ar jail +.Op Ar ps-options ... +.Sh DESCRIPTION +The +.Nm +utility prints out a list of the processes running in a given jail. When run +with the +.Fl x +argument it just prints out the process ids. Otherwise it prints out a full +.Xr ps 1 +type listing for the processes in the jail. The +.Xr ps 1 +formatting and other options are available for use. +.Sh OPTIONS +.Bl -tag -width ".Fl u Ar ps-options" +.It Fl x +Only print out the process ids. +.It Ar jail +Either a jail id (which is an integer) or a jail host name. +.It Ar ps-options +Formatting and other to be passed to +.Xr ps 1 +when listing processes in the jail. +.Sh NOTES +It is possible to run two jails with the same host name. +.Nm +however always only prints out processes for one jail. +.Pp +The environment is purged properly before running +.Xr ps 1 +in the jail in order to prevent unwanted information from +leaking into the jail. +.Sh SEE ALSO +.Xr jail 8 , +.Xr jails 8 , +.Xr jls 8 , +.Xr jstart 8 , +.Xr ps 1 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/srcx/jstart.8 b/srcx/jstart.8 new file mode 100644 index 0000000..fed1655 --- /dev/null +++ b/srcx/jstart.8 @@ -0,0 +1,72 @@ +.\" Process this file with +.\" groff -mdoc -Tascii jstart.8 +.\" +.Dd April, 2004 +.Dt jstart 8 +.Os jstart +.Sh NAME +.Nm jstart +.Nd start a jail +.Sh SYNOPSIS +.Nm +.Op Fl i +.Ar path +.Ar hostname +.Ar ip-number +.Op Ar command ... +.Sh DESCRIPTION +The +.Nm +utility starts a jail. It is a more secure replacement for the +.Xr jail 8 +command. See the +.Xr jail 8 +man page for details on how to setup a jail, and jail concepts. +.Pp +.Nm +purges down the environment before running the command inside the +jail in order to prevent information leakage into the jail. If this +is not desired, then use the +.Xr jail 8 +command. +.Sh OPTIONS +.Bl -tag -width ".Fl u Ar ip-number" +.It Fl i +Print the jail identifier of the newly created jail. +.It Ar path +Directory which is to be the root of the jail. +.It Ar hostname +Hostname of the prison. +.It Ar ip-number +IP number assigned to the prison. +.It Ar command +Optional command to be executed inside the jail. When not specified +this defaults to +.Pa "/bin/sh /etc/rc" +.El +.Sh NOTES +.Nm +always runs as root, and runs +.Em command +as root. If this is not desired, use +.Xr jail 8 +with the +.Fl u +option. +.Pp +The command called must be owned by root in order to be executed. +.Pp +The environment is purged properly before running the scripts in the +jail in order to prevent unwanted information from leaking into the +jail. +.Sh FILES +.Pa /etc/rc +.Sh SEE ALSO +.Xr jail 2 , +.Xr jail 8 , +.Xr jails 8 , +.Xr jls 8 , +.Xr jexec 8 , +.Xr jkill 8 +.Sh AUTHOR +.An Nate Nielsen Aq nielsen@memberwebs.com diff --git a/srcx/jstart.c b/srcx/jstart.c index 370c064..ab0c0af 100644 --- a/srcx/jstart.c +++ b/srcx/jstart.c @@ -31,10 +31,9 @@ int main(int argc, char* argv[]) int ch, jid; struct jail j; int printjid = 0; - int console = 0; struct in_addr in; - while((ch = getopt(argc, argv, "ic")) != -1) + while((ch = getopt(argc, argv, "i")) != -1) { switch(ch) { @@ -42,10 +41,6 @@ int main(int argc, char* argv[]) printjid = 1; break; - case 'c': - console = 1; - break; - case '?': default: usage(); @@ -55,7 +50,7 @@ int main(int argc, char* argv[]) argc -= optind; argv += optind; - if(argc != 3) + if(argc < 3) usage(); if(getuid() != 0) @@ -78,27 +73,37 @@ int main(int argc, char* argv[]) if(jid == -1) err(1, "couldn't create jail"); - if(console) - { - - } - if(printjid) { printf("%d\n", jid); fflush(stdout); } - if(!check_jail_command(NULL, START_SCRIPT)) - exit(1); + argc -= 3; + argv += 3; + + if(argc == 0) + { + if(!check_jail_command(NULL, START_SCRIPT)) + exit(1); + + run_jail_command(NULL, START_ARGS[0], START_ARGS, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT); + } + + else + { + if(!check_jail_command(NULL, argv[0])) + exit(1); + + run_jail_command(NULL, argv[0], argv, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT); + } - run_jail_command(NULL, START_ARGS[0], START_ARGS, JAIL_RUN_CONSOLE | JAIL_RUN_STDOUT); return 0; } static void usage() { - fprintf(stderr, "usage: jstart [-ic] path hostname ip-number\n"); + fprintf(stderr, "usage: jstart [-ic] path hostname ip-number [command ...]\n"); exit(2); } -- cgit v1.2.3