jail: Let a couple of parameter types be specified as lists

vnet.interface and zfs.dataset can be used to specify multiple
interfaces/datasets in jail.conf, but not on the command-line, which is
a b

jail: Let a couple of parameter types be specified as lists

vnet.interface and zfs.dataset can be used to specify multiple
interfaces/datasets in jail.conf, but not on the command-line, which is
a bit surprising. Extend the handling of ip(4|6).addr to those
parameters, update the description of vnet.interface in jail.8, and add
a rudimentary regression test.

Reviewed by: zlei, jamie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47651

show more ...

jail: add the -C flag to clean up after a partially removed jail

Differential Revision: https://reviews.freebsd.org/D42670

Add a missing space in a warning.

jail(8): add support for ZFS datasets

Add zfs.dataset to jail(8) to add a list of ZFS datasets.
Bump FreeBSD version for jail managers to switch to native
dataset support.

Datasets are attached to

jail(8): add support for ZFS datasets

Add zfs.dataset to jail(8) to add a list of ZFS datasets.
Bump FreeBSD version for jail managers to switch to native
dataset support.

Datasets are attached to the jail after the jail creation and
before the execution of any start command. Unlike current
implementations in jail managers which attach datasets after
the start command, this allows the zfs rc.d script to mount
the datasets on start.

Discussed with: jamie

show more ...

Unbreak build from ed31b3f4a146 (misapplied diff).

Differential Revision: <https://reviews.freebsd.org/D28150

jail: Don't allow jail_set(2) to resurrect dying jails.

Currently, a prison in "dying" state (removed but still holding
resources) can be brought back to alive state via "jail -d", or
the JAIL_DYING

jail: Don't allow jail_set(2) to resurrect dying jails.

Currently, a prison in "dying" state (removed but still holding
resources) can be brought back to alive state via "jail -d", or
the JAIL_DYING flag to jail_set(2). This seemed like a good idea
at the time.

Its main use was to improve support for specifying the jid when
creating a jail, which also seemed like a good idea at the time.
But resurrecting a jail that was partway through thr process of
shutting down is trouble waiting to happen.

This patch deprecates that flag, leaving it as a no-op for creating
jails (but still useful for looking at dying jails). It sill allows
creating a new jail with the same jid as a dying one, but will renumber
the old one in that case. That's imperfect, but allows for current
behavior.

Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D28150

show more ...

usr.sbin: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

usr.sbin: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

show more ...

Move "jail -e" out of the rest of jail(8) flow.

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

Mark usage function as __dead2 in programs where it does not return

In most cases, usage does not return, so mark them as __dead2. For the
cases where they do return, they have not been marked __dea

Mark usage function as __dead2 in programs where it does not return

In most cases, usage does not return, so mark them as __dead2. For the
cases where they do return, they have not been marked __dead2.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/735

show more ...

jail: Use re-entrant versions of lex & yacc, and lex's yylineno

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

jail: handle jailsys parameters in modification permission test

Avoid a null dereference when a value-less jailsys parameter is passed
to "jail -m". There was already code to handle boolean paramet

jail: handle jailsys parameters in modification permission test

Avoid a null dereference when a value-less jailsys parameter is passed
to "jail -m". There was already code to handle boolean parameters,
but in reality any parameter could be passed without a value.

show more ...

jail: fix jail(8) synposis and usage message to match reality.

Reported by: yuri
PR: 254741
MFC after: 5 days

jail: Add exec.prepare and exec.release command hooks

This change introduces new jail command hooks that run before and after any
other actions.

The exec.prepare hook can be used for example to inv

jail: Add exec.prepare and exec.release command hooks

This change introduces new jail command hooks that run before and after any
other actions.

The exec.prepare hook can be used for example to invoke a script that checks
if the jail's root exists, creating it if it does not. Since arbitrary
variables in jail.conf can be passed to the command, it can be pretty useful
for templating jails.

An example use case for exec.release would be to remove the filesystem of an
ephemeral jail.

The names "prepare" and "release" are borrowed from the names of similar hooks
in libvirt.

Reviewed by: jamie, manpages, mmacy
Approved by: mmacy (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24829

show more ...

jail(8): improve manual and usage information with more clear
description for "jail -e" mode to show that it does not take
additional jail name argument.

Reported by: David Marec <david.marec@daven

jail(8): improve manual and usage information with more clear
description for "jail -e" mode to show that it does not take
additional jail name argument.

Reported by: David Marec <david.marec@davenulle.org>
MFC after: 3 days

show more ...

Merge ^/head r340235 through r340367.

jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.

The option -e takes separator argument that is used
to se

jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.

The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.

MFC after: 1 month

show more ...

Merge ^/head r337646 through r338014.

security.jail.enforce_statfs is handled by jail_set(2), so handling it in
userspace jail(8) is redundant.

Differential Revision: D14791

Don't let clobber jailparam values when checking for modification of
init-only parameters.

Compare string parameter values with strncmp, not memcmp.

PR: 230487
Reported by: Jason Mader
MFC after:

Don't let clobber jailparam values when checking for modification of
init-only parameters.

Compare string parameter values with strncmp, not memcmp.

PR: 230487
Reported by: Jason Mader
MFC after: 3 days

show more ...

- Add exec hook "exec.created". This is called when the jail is
created and before exec.start is called. [1]
- Bump __FreeBSD_version.

This allows to attach ZFS datasets and various other things

- Add exec hook "exec.created". This is called when the jail is
created and before exec.start is called. [1]
- Bump __FreeBSD_version.

This allows to attach ZFS datasets and various other things to be
done before any command/service/rc-script is started in the new
jail.

PR: 228066 [1]
Reviewed by: jamie [1]
Submitted by: Stefan Grönke <stefan@gronke.net> [1]
Differential Revision: https://reviews.freebsd.org/D15330 [1]

show more ...

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

show more ...

Merge ^/head r325663 through r325841.

Strip EOL whitespace in usr.sbin/{jail,jexec}