FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F11.3 2019-06-03T16:47:51Z 2019-06-03T16:47:51Z Kyle Evans kevans@FreeBSD.org 2019-06-03T16:47:51Z urn:sha1:e5fa77979ca54ffc7c3f8df8894330aa7087bb2e As depicted in the comment: jid 0 always exists, but the lookup will fail as it does not appear in the kernel's alljails list being a special jail. Some callers will expect/rely on this, and we have no reason to lie because it does always exist. Approved by: re (gjb) 2019-05-27T13:12:51Z Kyle Evans kevans@FreeBSD.org 2019-05-27T13:12:51Z urn:sha1:fb75a10ef0fd42d7ec9373012ae61eb1981b037f r348215: jail_getid(3): validate jid string input Currently, if jail_getid(3) is passed in a numeric string, it assumes that this is a jid string and passes it back converted to an int without checking that it's a valid/existing jid. This breaks consumers that might use jail_getid(3) to see if it can trivially grab a jid from a name if that name happens to be numeric but not actually the name/jid of the jail. Instead of returning -1 for the jail not existing, it'll return the int version of the input and the consumer will not fallback to trying other methods. Pass the numeric input to jail_get(2) as the jid for validation, rather than the name. This works well- the kernel enforces that jid=name if name is numeric, so doing the safe thing and checking numeric input as a jid will still DTRT based on the description of jail_getid. r348219: bectl(8): Add a test for jail/unjail of numeric BE names Fixed by r348215, bectl ujail first attempts the trivial fetch of a jid by passing the first argument to 'ujail' to jail_getid(3) in case a jid/name have been passed in instead of a BE name. For numerically named BEs, this was doing the wrong thing: instead of failing to locate the jid specified and falling back to mountpath search, jail_getid(3) would return the input as-is. While here, I've fixed bectl_jail_cleanup which still used a hard-coded pool name that was overlooked w.r.t. other work that was in-flight around the same time. Approved by: re (marius) 2018-08-15T22:32:43Z Jamie Gritton jamie@FreeBSD.org 2018-08-15T22:32:43Z urn:sha1:98ac58d7f56bab7260cbd904a20bf5ce5f3ed3e8 PR: 192092 2018-08-15T21:38:10Z Jamie Gritton jamie@FreeBSD.org 2018-08-15T21:38:10Z urn:sha1:5a1305984990134ac6dbc5293cdfcd806fc15e3d If a jail parameter isn't found, try loading a related kernel module. PR: 192092 2018-03-29T02:50:57Z Eitan Adler eadler@FreeBSD.org 2018-03-29T02:50:57Z urn:sha1:4ab2e064d7950be84256d671a7ae93f87cc6aa36 This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code. Revert with prejudice. This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes. Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes. Requested by: gjb (re) 2018-03-14T03:19:51Z Eitan Adler eadler@FreeBSD.org 2018-03-14T03:19:51Z urn:sha1:be5d0b9566b13fdf8cabebb63334cbec12bfc409 These changes are incomplete but are making it difficult to determine what other changes can/should be merged. No objections from: pfg 2017-05-07T01:28:52Z Pedro F. Giffuni pfg@FreeBSD.org 2017-05-07T01:28:52Z urn:sha1:1e899815827bf69e72be1cd2ad5acdf2265820e8 libjail: make allocation in jailparam_all() somewhat more robust. Unsign some variables involved in allocation as they will never be negative anyways. Provide some bounds checking through reallocarray(3). This is all very unlikely to have any visible effect. Reviewed by: jamie 2016-02-04T21:16:35Z Glen Barber gjb@FreeBSD.org 2016-02-04T21:16:35Z urn:sha1:a70cba95822f662d3f9da5119b6a0c433e8f70af Sponsored by: The FreeBSD Foundation 2016-01-20T17:07:13Z Glen Barber gjb@FreeBSD.org 2016-01-20T17:07:13Z urn:sha1:ed0d921874e8d3c8aad7425f630df7fe32252101 Sponsored by: The FreeBSD Foundation 2015-11-25T19:10:28Z Bryan Drewery bdrewery@FreeBSD.org 2015-11-25T19:10:28Z urn:sha1:7b3ea376a27ada7a61eb0c3102f13040fb8c16cb This both avoids some dependencies on xinstall.host and allows bootstrapping on older releases to work due to lack of at least 'install -l' support. Sponsored by: EMC / Isilon Storage Division