61 	struct cfjail		*j;  member
69 static int run_command(struct cfjail *j);
70 static int add_proc(struct cfjail *j, pid_t pid);
71 static void clear_procs(struct cfjail *j);
73 static int term_procs(struct cfjail *j);
74 static int get_user_info(struct cfjail *j, const char *username,
76 static int check_path(struct cfjail *j, const char *pname, const char *path,
103 next_command(struct cfjail *j)  in next_command()  argument
109 		if (j->flags & JF_FROM_RUNQ)  in next_command()
110 			requeue_head(j, &runnable);  in next_command()
112 			requeue(j, &runnable);  in next_command()
115 	j->flags &= ~JF_FROM_RUNQ;  in next_command()
116 	create_failed = (j->flags & (JF_STOP | JF_FAILED)) == JF_FAILED;  in next_command()
117 	stopping = (j->flags & JF_STOP) != 0;  in next_command()
118 	comparam = *j->comparam;  in next_command()
120 		if (j->comstring == NULL) {  in next_command()
121 			j->comparam += create_failed ? -1 : 1;  in next_command()
122 			switch ((comparam = *j->comparam)) {  in next_command()
126 				if (!bool_param(j->intparams[IP_MOUNT_DEVFS]))  in next_command()
128 				j->comstring = &dummystring;  in next_command()
131 				if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))  in next_command()
133 				j->comstring = &dummystring;  in next_command()
136 				if (!bool_param(j->intparams[IP_MOUNT_PROCFS]))  in next_command()
138 				j->comstring = &dummystring;  in next_command()
142 				j->comstring = &dummystring;  in next_command()
145 				if (j->intparams[comparam] == NULL)  in next_command()
147 				j->comstring = create_failed || (stopping &&  in next_command()
148 				    (j->intparams[comparam]->flags & PF_REV))  in next_command()
149 				    ? TAILQ_LAST(&j->intparams[comparam]->val,  in next_command()
151 				    : TAILQ_FIRST(&j->intparams[comparam]->val);  in next_command()
154 			j->comstring = j->comstring == &dummystring ? NULL :  in next_command()
156 			    (j->intparams[comparam]->flags & PF_REV))  in next_command()
157 			    ? TAILQ_PREV(j->comstring, cfstrings, tq)  in next_command()
158 			    : TAILQ_NEXT(j->comstring, tq);  in next_command()
160 		if (j->comstring == NULL || j->comstring->len == 0 ||  in next_command()
166 		switch (run_command(j)) {  in next_command()
168 			failed(j);  in next_command()
180 finish_command(struct cfjail *j)  in finish_command()  argument
185 	if (!(j->flags & JF_SLEEPQ))  in finish_command()
187 	j->flags &= ~JF_SLEEPQ;  in finish_command()
188 	if (*j->comparam == IP_STOP_TIMEOUT) {  in finish_command()
189 		j->flags &= ~JF_TIMEOUT;  in finish_command()
190 		j->pstatus = 0;  in finish_command()
200 	if (j->flags & JF_TIMEOUT) {  in finish_command()
201 		j->flags &= ~JF_TIMEOUT;  in finish_command()
202 		if (*j->comparam != IP_STOP_TIMEOUT) {  in finish_command()
203 			jail_warnx(j, "%s: timed out", j->comline);  in finish_command()
204 			failed(j);  in finish_command()
207 			jail_note(j, "timed out\n");  in finish_command()
208 	} else if (j->pstatus != 0) {  in finish_command()
209 		if (WIFSIGNALED(j->pstatus))  in finish_command()
210 			jail_warnx(j, "%s: exited on signal %d",  in finish_command()
211 			    j->comline, WTERMSIG(j->pstatus));  in finish_command()
213 			jail_warnx(j, "%s: failed", j->comline);  in finish_command()
214 		j->pstatus = 0;  in finish_command()
215 		failed(j);  in finish_command()
218 	free(j->comline);  in finish_command()
219 	j->comline = NULL;  in finish_command()
232 	struct cfjail *j;  in next_proc()  local
237 		if ((j = TAILQ_FIRST(&sleeping)) && j->timeout.tv_sec) {  in next_proc()
239 			ts.tv_sec = j->timeout.tv_sec - ts.tv_sec;  in next_proc()
240 			ts.tv_nsec = j->timeout.tv_nsec - ts.tv_nsec;  in next_proc()
247 				j->flags |= JF_TIMEOUT;  in next_proc()
248 				clear_procs(j);  in next_proc()
249 				return j;  in next_proc()
265 				j = TAILQ_FIRST(&sleeping);  in next_proc()
266 				j->flags |= JF_TIMEOUT;  in next_proc()
267 				clear_procs(j);  in next_proc()
268 				return j;  in next_proc()
273 			if ((j = find_proc(ke.ident))) {  in next_proc()
274 				j->pstatus = ke.data;  in next_proc()
275 				return j;  in next_proc()
287 run_command(struct cfjail *j)  in run_command()  argument
307 	comparam = *j->comparam;  in run_command()
308 	down = j->flags & (JF_STOP | JF_FAILED);  in run_command()
311 		return term_procs(j);  in run_command()
315 			if (jail_remove(j->jid) < 0 && errno == EPERM) {  in run_command()
316 				jail_warnx(j, "jail_remove: %s",  in run_command()
320 			if (verbose > 0 || (verbose == 0 && (j->flags & JF_STOP  in run_command()
321 			    ? note_remove : j->name != NULL)))  in run_command()
322 			    jail_note(j, "removed\n");  in run_command()
323 			j->jid = -1;  in run_command()
324 			if (j->flags & JF_STOP)  in run_command()
325 				dep_done(j, DF_LIGHT);  in run_command()
327 				j->flags &= ~JF_PERSIST;  in run_command()
329 			if (create_jail(j) < 0)  in run_command()
332 				printf("%d\n", j->jid);  in run_command()
333 			if (verbose >= 0 && (j->name || verbose > 0))  in run_command()
334 				jail_note(j, "created\n");  in run_command()
335 			dep_done(j, DF_LIGHT);  in run_command()
345 	comstring = j->comstring;  in run_command()
371 			argv[1] = string_param(j->intparams[IP_INTERFACE]);  in run_command()
428 			argv[1] = string_param(j->intparams[IP_INTERFACE]);  in run_command()
459 		jidstr = string_param(j->intparams[KP_JID]);  in run_command()
460 		argv[3] = jidstr ? jidstr : string_param(j->intparams[KP_NAME]);  in run_command()
473 				jail_warnx(j, "%s: %s: fstab parse error",  in run_command()
474 				    j->intparams[comparam]->name, comstring->s);  in run_command()
482 			jail_warnx(j, "%s: %s: missing information",  in run_command()
483 			    j->intparams[comparam]->name, comstring->s);  in run_command()
486 		if (check_path(j, j->intparams[comparam]->name, argv[1], 0,  in run_command()
512 		path = string_param(j->intparams[KP_PATH]);  in run_command()
514 			jail_warnx(j, "mount.devfs: no jail root path defined");  in run_command()
519 		if (check_path(j, "mount.devfs", devpath, 0,  in run_command()
530 			ruleset = string_param(j->intparams[KP_DEVFS_RULESET]);  in run_command()
543 		path = string_param(j->intparams[KP_PATH]);  in run_command()
545 			jail_warnx(j, "mount.fdescfs: no jail root path defined");  in run_command()
550 		if (check_path(j, "mount.fdescfs", devpath, 0,  in run_command()
569 		path = string_param(j->intparams[KP_PATH]);  in run_command()
571 			jail_warnx(j, "mount.procfs: no jail root path defined");  in run_command()
576 		if (check_path(j, "mount.procfs", devpath, 0,  in run_command()
595 		jidstr = string_param(j->intparams[KP_JID]) ?  in run_command()
596 		    string_param(j->intparams[KP_JID]) :  in run_command()
597 		    string_param(j->intparams[KP_NAME]);  in run_command()
609 			jail_warnx(j, "internal error in ZFS dataset handling");  in run_command()
619 		if (j->name != NULL)  in run_command()
622 		TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)  in run_command()
626 		TAILQ_FOREACH(s, &j->intparams[IP_COMMAND]->val, tq)  in run_command()
629 		j->comstring = &dummystring;  in run_command()
664 	if (int_param(j->intparams[IP_EXEC_TIMEOUT], &timeout) &&  in run_command()
666 		clock_gettime(CLOCK_REALTIME, &j->timeout);  in run_command()
667 		j->timeout.tv_sec += timeout;  in run_command()
669 		j->timeout.tv_sec = 0;  in run_command()
677 	clean = bool_param(j->intparams[IP_EXEC_CLEAN]);  in run_command()
678 	username = string_param(j->intparams[injail  in run_command()
680 	sjuser = bool_param(j->intparams[IP_EXEC_SYSTEM_JAIL_USER]);  in run_command()
684 	    (conslog = string_param(j->intparams[IP_EXEC_CONSOLELOG]))) {  in run_command()
685 		if (check_path(j, "exec.consolelog", conslog, 1, NULL) < 0)  in run_command()
690 			jail_warnx(j, "open %s: %s", conslog, strerror(errno));  in run_command()
698 	j->comline = cs = emalloc(comlen);  in run_command()
707 		jail_note(j, "run command%s%s%s: %s\n",  in run_command()
709 		    username ? username : "", j->comline);  in run_command()
715 		if (bg || !add_proc(j, pid)) {  in run_command()
716 			free(j->comline);  in run_command()
717 			j->comline = NULL;  in run_command()
731 	    get_user_info(j, username, &pwd, &lcap) < 0)  in run_command()
735 		path = string_param(j->intparams[KP_PATH]);  in run_command()
737 			jail_warnx(j, "chdir %s: %s", path, strerror(errno));  in run_command()
740 		if (int_param(j->intparams[IP_EXEC_FIB], &fib) &&  in run_command()
742 			jail_warnx(j, "setfib: %s", strerror(errno));  in run_command()
758 		if (jail_attach(j->jid) < 0) {  in run_command()
759 			jail_warnx(j, "jail_attach: %s", strerror(errno));  in run_command()
765 		    get_user_info(j, username, &pwd, &lcap) < 0)  in run_command()
775 			jail_warnx(j, "setgid %d: %s", pwd->pw_gid,  in run_command()
782 			jail_warnx(j, "setusercontext %s: %s", pwd->pw_name,  in run_command()
792 			jail_warnx(j, "chdir %s: %s",  in run_command()
800 		jail_warnx(j, "exec.consolelog: %s", strerror(errno));  in run_command()
805 	jail_warnx(j, "exec %s: %s", argv[0], strerror(errno));  in run_command()
813 add_proc(struct cfjail *j, pid_t pid)  in add_proc()  argument
828 	ph->j = j;  in add_proc()
831 	j->nprocs++;  in add_proc()
832 	j->flags |= JF_SLEEPQ;  in add_proc()
833 	if (j->timeout.tv_sec == 0)  in add_proc()
834 		requeue(j, &sleeping);  in add_proc()
837 		TAILQ_REMOVE(j->queue, j, tq);  in add_proc()
840 			    j->timeout.tv_sec < tj->timeout.tv_sec ||  in add_proc()
841 			    (j->timeout.tv_sec == tj->timeout.tv_sec &&  in add_proc()
842 			    j->timeout.tv_nsec <= tj->timeout.tv_nsec)) {  in add_proc()
843 				TAILQ_INSERT_BEFORE(tj, j, tq);  in add_proc()
848 			TAILQ_INSERT_TAIL(&sleeping, j, tq);  in add_proc()
849 		j->queue = &sleeping;  in add_proc()
858 clear_procs(struct cfjail *j)  in clear_procs()  argument
864 	j->nprocs = 0;  in clear_procs()
867 			if (ph->j == j) {  in clear_procs()
882 	struct cfjail *j;  in find_proc()  local
887 			j = ph->j;  in find_proc()
890 			return --j->nprocs ? NULL : j;  in find_proc()
899 term_procs(struct cfjail *j)  in term_procs()  argument
906 	if (!int_param(j->intparams[IP_STOP_TIMEOUT], &timeout))  in term_procs()
922 		if (ki[i].ki_jid == j->jid &&  in term_procs()
924 			(void)add_proc(j, ki[i].ki_pid);  in term_procs()
928 					jail_note(j, "sent SIGTERM to:");  in term_procs()
935 	if (j->nprocs > 0) {  in term_procs()
936 		clock_gettime(CLOCK_REALTIME, &j->timeout);  in term_procs()
937 		j->timeout.tv_sec += timeout;  in term_procs()
947 get_user_info(struct cfjail *j, const char *username,  in get_user_info()  argument
956 			jail_warnx(j, "getpwnam%s%s: %s", username ? " " : "",  in get_user_info()
959 			jail_warnx(j, "%s: no such user", username);  in get_user_info()
961 			jail_warnx(j, "unknown uid %d", getuid());  in get_user_info()
966 		jail_warnx(j, "getpwclass %s: %s", pwd->pw_name,  in get_user_info()
972 		jail_warnx(j, "initgroups %s: %s", pwd->pw_name,  in get_user_info()
984 check_path(struct cfjail *j, const char *pname, const char *path, int isfile,  in check_path()  argument
994 		jail_warnx(j, "%s: %s: not an absolute pathname",  in check_path()
1002 	jailpath = string_param(j->intparams[KP_PATH]);  in check_path()
1016 				jail_warnx(j, "%s: %s: %s", pname, tpath,  in check_path()
1021 				jail_warnx(j, "%s: %s is a symbolic link",  in check_path()
1031 			jail_warnx(j, "%s: %s: %s", pname, path,  in check_path()
1036 			jail_warnx(j, "%s: %s: %s", pname, stfs.f_mntonname,  in check_path()
1041 			jail_warnx(j, "%s: %s: not a mount point",  in check_path()
1046 			jail_warnx(j, "%s: %s: not a %s mount",  in check_path()