FreeBSD Bugzilla – Attachment 153948 Details for
Bug 191181
[jail] Jailnames cannot contain a dash
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Safely map between jail names and rc.conf shell variables
jail.diff (text/plain), 9.65 KB, created by
Jamie Gritton
on 2015-03-07 04:08:15 UTC
(
hide
)
Description:
Safely map between jail names and rc.conf shell variables
Filename:
MIME Type:
Creator:
Jamie Gritton
Created:
2015-03-07 04:08:15 UTC
Size:
9.65 KB
patch
obsolete
>Index: etc/rc.d/jail >=================================================================== >--- etc/rc.d/jail (revision 279719) >+++ etc/rc.d/jail (working copy) >@@ -28,16 +28,16 @@ > > need_dad_wait= > >-# extract_var jail name param num defval >-# Extract value from ${jail_$jail_$name} or ${jail_$name} and >+# extract_var jv name param num defval >+# Extract value from ${jail_$jv_$name} or ${jail_$name} and > # set it to $param. If not defined, $defval is used. >-# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and >+# When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and > # $param is set by using +=. > # When $num is YN or NY, the value is interpret as boolean. > extract_var() > { >- local i _j _name _param _num _def _name1 _name2 >- _j=$1 >+ local i _jv _name _param _num _def _name1 _name2 >+ _jv=$1 > _name=$2 > _param=$3 > _num=$4 >@@ -45,7 +45,7 @@ > > case $_num in > YN) >- _name1=jail_${_j}_${_name} >+ _name1=jail_${_jv}_${_name} > _name2=jail_${_name} > eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" > if checkyesno $_name1; then >@@ -55,7 +55,7 @@ > fi > ;; > NY) >- _name1=jail_${_j}_${_name} >+ _name1=jail_${_jv}_${_name} > _name2=jail_${_name} > eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" > if checkyesno $_name1; then >@@ -67,7 +67,7 @@ > [0-9]*) > i=$_num > while : ; do >- _name1=jail_${_j}_${_name}${i} >+ _name1=jail_${_jv}_${_name}${i} > _name2=jail_${_name}${i} > eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" > if [ -n "$_tmpargs" ]; then >@@ -79,7 +79,7 @@ > done > ;; > *) >- _name1=jail_${_j}_${_name} >+ _name1=jail_${_jv}_${_name} > _name2=jail_${_name} > eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" > if [ -n "$_tmpargs" ]; then >@@ -89,13 +89,14 @@ > esac > } > >-# parse_options _j >+# parse_options _j _jv > # Parse options and create a temporary configuration file if necessary. > # > parse_options() > { >- local _j _p >+ local _j _jv _p > _j=$1 >+ _jv=$2 > > _confwarn=0 > if [ -z "$_j" ]; then >@@ -102,9 +103,9 @@ > warn "parse_options: you must specify a jail" > return > fi >- eval _jconf=\"\${jail_${_j}_conf:-/etc/jail.${_j}.conf}\" >- eval _rootdir=\"\$jail_${_j}_rootdir\" >- eval _hostname=\"\$jail_${_j}_hostname\" >+ eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\" >+ eval _rootdir=\"\$jail_${_jv}_rootdir\" >+ eval _hostname=\"\$jail_${_jv}_hostname\" > if [ -z "$_rootdir" -o \ > -z "$_hostname" ]; then > if [ -r "$_jconf" ]; then >@@ -120,7 +121,7 @@ > fi > return 1 > fi >- eval _ip=\"\$jail_${_j}_ip\" >+ eval _ip=\"\$jail_${_jv}_ip\" > if [ -z "$_ip" ] && ! check_kern_features vimage; then > warn "no ipaddress specified and no vimage support. " \ > "Jail $_j was ignored." >@@ -138,10 +139,10 @@ > fi > /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 > >- eval : \${jail_${_j}_flags:=${jail_flags}} >- eval _exec=\"\$jail_${_j}_exec\" >- eval _exec_start=\"\$jail_${_j}_exec_start\" >- eval _exec_stop=\"\$jail_${_j}_exec_stop\" >+ eval : \${jail_${_jv}_flags:=${jail_flags}} >+ eval _exec=\"\$jail_${_jv}_exec\" >+ eval _exec_start=\"\$jail_${_jv}_exec_start\" >+ eval _exec_stop=\"\$jail_${_jv}_exec_stop\" > if [ -n "${_exec}" ]; then > # simple/backward-compatible execution > _exec_start="${_exec}" >@@ -155,20 +156,20 @@ > fi > fi > fi >- eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" >- eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\" >- eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" >+ eval _interface=\"\${jail_${_jv}_interface:-${jail_interface}}\" >+ eval _parameters=\"\${jail_${_jv}_parameters:-${jail_parameters}}\" >+ eval _fstab=\"\${jail_${_jv}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" > ( > date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S" > echo "$_j {" >- extract_var $_j hostname host.hostname - "" >- extract_var $_j rootdir path - "" >+ extract_var $_jv hostname host.hostname - "" >+ extract_var $_jv rootdir path - "" > if [ -n "$_ip" ]; then >- extract_var $_j interface interface - "" >+ extract_var $_jv interface interface - "" > jail_handle_ips_option $_ip $_interface > alias=0 > while : ; do >- eval _x=\"\$jail_${_j}_ip_multi${alias}\" >+ eval _x=\"\$jail_${_jv}_ip_multi${alias}\" > [ -z "$_x" ] && break > > jail_handle_ips_option $_x $_interface >@@ -184,27 +185,27 @@ > ;; > esac > # These are applicable only to non-vimage jails. >- extract_var $_j fib exec.fib - "" >- extract_var $_j socket_unixiproute_only \ >+ extract_var $_jv fib exec.fib - "" >+ extract_var $_jv socket_unixiproute_only \ > allow.raw_sockets NY YES > else > echo " vnet;" >- extract_var $_j vnet_interface vnet.interface - "" >+ extract_var $_jv vnet_interface vnet.interface - "" > fi > > echo " exec.clean;" > echo " exec.system_user = \"root\";" > echo " exec.jail_user = \"root\";" >- extract_var $_j exec_prestart exec.prestart 0 "" >- extract_var $_j exec_poststart exec.poststart 0 "" >- extract_var $_j exec_prestop exec.prestop 0 "" >- extract_var $_j exec_poststop exec.poststop 0 "" >+ extract_var $_jv exec_prestart exec.prestart 0 "" >+ extract_var $_jv exec_poststart exec.poststart 0 "" >+ extract_var $_jv exec_prestop exec.prestop 0 "" >+ extract_var $_jv exec_poststop exec.poststop 0 "" > > echo " exec.start += \"$_exec_start\";" >- extract_var $_j exec_afterstart exec.start 1 "" >+ extract_var $_jv exec_afterstart exec.start 1 "" > echo " exec.stop = \"$_exec_stop\";" > >- extract_var $_j consolelog exec.consolelog - \ >+ extract_var $_jv consolelog exec.consolelog - \ > /var/log/jail_${_j}_console.log > > if [ -r $_fstab ]; then >@@ -211,10 +212,10 @@ > echo " mount.fstab = \"$_fstab\";" > fi > >- eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}} >- if checkyesno jail_${_j}_devfs_enable; then >+ eval : \${jail_${_jv}_devfs_enable:=${jail_devfs_enable:-NO}} >+ if checkyesno jail_${_jv}_devfs_enable; then > echo " mount.devfs;" >- eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}} >+ eval _ruleset=\${jail_${_jv}_devfs_ruleset:-${jail_devfs_ruleset}} > case $_ruleset in > "") ;; > [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; >@@ -227,22 +228,22 @@ > *) warn "devfs_ruleset must be an integer." ;; > esac > fi >- eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} >- if checkyesno jail_${_j}_fdescfs_enable; then >+ eval : \${jail_${_jv}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} >+ if checkyesno jail_${_jv}_fdescfs_enable; then > echo " mount.fdescfs;" > fi >- eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} >- if checkyesno jail_${_j}_procfs_enable; then >+ eval : \${jail_${_jv}_procfs_enable:=${jail_procfs_enable:-NO}} >+ if checkyesno jail_${_jv}_procfs_enable; then > echo " mount.procfs;" > fi > >- eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} >- if checkyesno jail_${_j}_mount_enable; then >+ eval : \${jail_${_jv}_mount_enable:=${jail_mount_enable:-NO}} >+ if checkyesno jail_${_jv}_mount_enable; then > echo " allow.mount;" >> $_conf > fi > >- extract_var $_j set_hostname_allow allow.set_hostname YN NO >- extract_var $_j sysvipc_allow allow.sysvipc YN NO >+ extract_var $_jv set_hostname_allow allow.set_hostname YN NO >+ extract_var $_jv sysvipc_allow allow.sysvipc YN NO > for _p in $_parameters; do > echo " ${_p%\;};" > done >@@ -380,7 +381,7 @@ > > jail_config() > { >- local _j >+ local _j _jv > > case $1 in > _ALL) return ;; >@@ -387,7 +388,8 @@ > esac > for _j in $@; do > _j=$(echo $_j | tr /. _) >- if parse_options $_j; then >+ _jv=$(echo -n $_j | tr -c '[:alnum:]' _) >+ if parse_options $_j $_jv; then > echo "$_j: parameters are in $_conf." > fi > done >@@ -395,7 +397,7 @@ > > jail_console() > { >- local _j _cmd >+ local _j _jv _cmd > > # One argument that is not _ALL. > case $#:$1 in >@@ -403,9 +405,10 @@ > 1:*) ;; > esac > _j=$(echo $1 | tr /. _) >+ _jv=$(echo -n $1 | tr -c '[:alnum:]' _) > shift > case $# in >- 0) eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;; >+ 0) eval _cmd=\${jail_${_jv}_consolecmd:-$jail_consolecmd} ;; > *) _cmd=$@ ;; > esac > $jail_jexec $_j $_cmd >@@ -419,7 +422,7 @@ > > jail_start() > { >- local _j _jid _jl >+ local _j _jv _jid _jl > > if [ $# = 0 ]; then > return >@@ -453,11 +456,12 @@ > _jl= > for _j in $@; do > _j=$(echo $_j | tr /. _) >- parse_options $_j || continue >+ _jv=$(echo -n $_j | tr -c '[:alnum:]' _) >+ parse_options $_j $_jv || continue > > _jl="$_jl $_j" >- eval rc_flags=\${jail_${_j}_flags:-$jail_flags} >- eval command=\${jail_${_j}_program:-$jail_program} >+ eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} >+ eval command=\${jail_${_jv}_program:-$jail_program} > command_args="-i -f $_conf -c $_j" > $command $rc_flags $command_args \ > >/dev/null 2>&1 </dev/null & >@@ -479,10 +483,11 @@ > # > for _j in $@; do > _j=$(echo $_j | tr /. _) >- parse_options $_j || continue >+ _jv=$(echo -n $_j | tr -c '[:alnum:]' _) >+ parse_options $_j $_jv || continue > >- eval rc_flags=\${jail_${_j}_flags:-$jail_flags} >- eval command=\${jail_${_j}_program:-$jail_program} >+ eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} >+ eval command=\${jail_${_jv}_program:-$jail_program} > command_args="-i -f $_conf -c $_j" > _tmp=`mktemp -t jail` || exit 3 > if $command $rc_flags $command_args \ >@@ -504,7 +509,7 @@ > > jail_stop() > { >- local _j >+ local _j _jv > > if [ $# = 0 ]; then > return >@@ -532,11 +537,12 @@ > esac > for _j in $@; do > _j=$(echo $_j | tr /. _) >- parse_options $_j || continue >+ _jv=$(echo -n $_j | tr -c '[:alnum:]' _) >+ parse_options $_j $_jv || continue > if ! $jail_jls -j $_j > /dev/null 2>&1; then > continue > fi >- eval command=\${jail_${_j}_program:-$jail_program} >+ eval command=\${jail_${_jv}_program:-$jail_program} > echo -n " ${_hostname:-${_j}}" > _tmp=`mktemp -t jail` || exit 3 > $command -q -f $_conf -r $_j >> $_tmp 2>&1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=153948">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 191181
:
153050
| 153948