From nobody@FreeBSD.org  Mon Dec  5 19:13:53 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E019116A429
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  5 Dec 2005 19:13:53 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1B72243D69
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  5 Dec 2005 19:13:53 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id jB5JDqpj052713
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 5 Dec 2005 19:13:52 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id jB5JDqgs052712;
	Mon, 5 Dec 2005 19:13:52 GMT
	(envelope-from nobody)
Message-Id: <200512051913.jB5JDqgs052712@www.freebsd.org>
Date: Mon, 5 Dec 2005 19:13:52 GMT
From: Lanny Jason Godsey <lannygodsey@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Add option to /usr/sbin/jail: -I (ASCII 73) PID  to specify tryprid within jail(2)
X-Send-Pr-Version: www-2.3

>Number:         89989
>Category:       kern
>Synopsis:       [jail] [patch] Add option -I (ASCII 73) PID  to specify tryprid within jail(2)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 05 19:20:03 GMT 2005
>Closed-Date:    Tue Nov 17 21:15:09 UTC 2009
>Last-Modified:  Tue Nov 17 21:15:09 UTC 2009
>Originator:     Lanny Jason Godsey
>Release:        6.0-RELEASE
>Organization:
>Environment:
FreeBSD ne1.yournix.com 6.0-RELEASE FreeBSD 6.0-RELEASE #6: Mon Dec  5 11:48:50 EST 2005     root@ne1.yournix.com:/usr/obj/usr/src/sys/YOURNIX  i386

>Description:
Add option to /usr/sbin/jail: -I (ASCII 73) PID  to specify tryprid
within jail(2)

On my system, I have multiple jails, one for each service.  The bind
jail has JID 53, apache JID 80, mysql 3306.

I submitted another patch to allow -J to the JID and other info to a
file.  I use these together to help make my life a little easier.

Example: jexec 53 /etc/rc.d/named restart

Forgive me for including my last patch (-J) in here, I'm not sure how
to seperate the changes within RELENG_6_0 which I use for /usr/src.  The
second set is against HEAD and is UNTESTED.

jail(8) man entry:

-I JID       Request jail start with jail identifier (JID).  Normal
             behavior begins JID with 1.

>How-To-Repeat:
              
>Fix:


-- begin RELENG_6_0 cvs diff -u --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.50
diff -u -r1.50 kern_jail.c
--- sys/kern/kern_jail.c        23 Jun 2005 22:13:28 -0000      1.50
+++ sys/kern/kern_jail.c        5 Dec 2005 17:18:53 -0000
@@ -140,7 +140,12 @@

        /* Determine next pr_id and add prison to allprison list. */
        mtx_lock(&allprison_mtx);
-       tryprid = lastprid + 1;
+       /* Use j.tryprid as starting point if requested. */
+       if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+               tryprid = j.tryprid;
+       } else {
+               tryprid = lastprid + 1;
+       }
        if (tryprid == JAIL_MAX)
                tryprid = 1;
 next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h      9 Jun 2005 18:49:19 -0000       1.26
+++ sys/sys/jail.h      5 Dec 2005 14:48:18 -0000
@@ -18,6 +18,7 @@
        char            *path;
        char            *hostname;
        u_int32_t       ip_number;
+       int             tryprid;
 };

 struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.67.2.3
diff -u -r1.67.2.3 jail.8
--- usr.sbin/jail/jail.8        24 Sep 2005 01:59:39 -0000      1.67.2.3
+++ usr.sbin/jail/jail.8        5 Dec 2005 17:41:55 -0000
@@ -53,6 +53,11 @@
 .Bl -tag -width ".Fl u Ar username"
 .It Fl i
 Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID).  Normal behavior begins JID with 1.
+.It Fl J Ar JidFile
+Write a JidFile, like a PidFile, containing JID, path, hostname, ip and
+command used to start the jail.
 .It Fl l
 Run program in the clean environment.
 The environment is discarded except for
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.20
diff -u -r1.20 jail.c
--- usr.sbin/jail/jail.c        17 Nov 2004 10:01:48 -0000      1.20
+++ usr.sbin/jail/jail.c        5 Dec 2005 17:24:55 -0000
@@ -54,19 +54,29 @@
        struct passwd *pwd = NULL;
        struct in_addr in;
        gid_t groups[NGROUPS];
-       int ch, i, iflag, lflag, ngroups, uflag, Uflag;
-       char path[PATH_MAX], *username;
+       int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
+       char path[PATH_MAX], *username, *JidFile;
        static char *cleanenv;
        const char *shell, *p = NULL;
+       FILE *fp;

-       iflag = lflag = uflag = Uflag = 0;
-       username = cleanenv = NULL;
+       iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
+       username = JidFile = cleanenv = NULL;
+       fp = NULL;

-       while ((ch = getopt(argc, argv, "ilu:U:")) != -1) {
+       while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
                switch (ch) {
                case 'i':
                        iflag = 1;
                        break;
+               case 'I':
+                       tryprid = atoi(optarg);
+                       Iflag = 1;
+                       break;
+               case 'J':
+                       JidFile = optarg;
+                       Jflag = 1;
+                       break;
                case 'u':
                        username = optarg;
                        uflag = 1;
@@ -103,6 +113,18 @@
        if (inet_aton(argv[2], &in) == 0)
                errx(1, "Could not make sense of ip-number: %s", argv[2]);
        j.ip_number = ntohl(in.s_addr);
+       if (Iflag) {
+               if (tryprid > 1) {
+                       j.tryprid = tryprid;
+               } else {
+                       errx(1, "Requested JID out of range: %d", tryprid);
+               }
+       }
+       if (Jflag) {
+               fp = fopen(JidFile, "w");
+               if (fp == NULL)
+                       errx(1, "Could not create jid_file: %s", JidFile);
+       }
        i = jail(&j);
        if (i == -1)
                err(1, "jail");
@@ -110,6 +132,15 @@
                printf("%d\n", i);
                fflush(stdout);
        }
+       if (Jflag) {
+               if (fp != NULL) {
+                       fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
+                               i, j.path, j.hostname, argv[2], argv[3]);
+                       (void)fclose(fp);
+               } else {
+                       errx(1, "Could not write jid_file: %s", JidFile);
+               }
+       }
        if (username != NULL) {
                if (Uflag)
                        GET_USER_INFO;
@@ -149,7 +180,7 @@
 {

        (void)fprintf(stderr, "%s%s\n",
-            "usage: jail [-i] [-l -u username | -U username]",
+            "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
             " path hostname ip-number command ...");
        exit(1);
 }
-- end here --

-- Begin HEAD cvs diff -u here --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.51
diff -u -r1.51 kern_jail.c
--- sys/kern/kern_jail.c        28 Sep 2005 00:30:56 -0000      1.51
+++ sys/kern/kern_jail.c        5 Dec 2005 17:46:19 -0000
@@ -139,7 +139,12 @@

        /* Determine next pr_id and add prison to allprison list. */
        mtx_lock(&allprison_mtx);
-       tryprid = lastprid + 1;
+       /* Use j.tryprid as starting point if requested. */
+       if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+               tryprid = j.tryprid;
+       } else {
+               tryprid = lastprid + 1;
+       }
        if (tryprid == JAIL_MAX)
                tryprid = 1;
 next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h      9 Jun 2005 18:49:19 -0000       1.26
+++ sys/sys/jail.h      5 Dec 2005 17:46:27 -0000
@@ -18,6 +18,7 @@
        char            *path;
        char            *hostname;
        u_int32_t       ip_number;
+       int             tryprid;
 };

 struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.72
diff -u -r1.72 jail.8
--- usr.sbin/jail/jail.8        3 Dec 2005 17:32:39 -0000       1.72
+++ usr.sbin/jail/jail.8        5 Dec 2005 17:46:45 -0000
@@ -54,6 +54,8 @@
 .Bl -tag -width ".Fl u Ar username"
 .It Fl i
 Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID).  Normal behavior begins JID with 1.
 .It Fl J Ar jid_file
 Write a JidFile, like a PidFile, containing jailid, path, hostname, ip and
 command used to start the jail.
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.21
diff -u -r1.21 jail.c
--- usr.sbin/jail/jail.c        3 Dec 2005 17:32:39 -0000       1.21
+++ usr.sbin/jail/jail.c        5 Dec 2005 17:46:45 -0000
@@ -54,21 +54,25 @@
        struct passwd *pwd = NULL;
        struct in_addr in;
        gid_t groups[NGROUPS];
-       int ch, i, iflag, Jflag, lflag, ngroups, uflag, Uflag;
+       int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
        char path[PATH_MAX], *username, *JidFile;
        static char *cleanenv;
        const char *shell, *p = NULL;
        FILE *fp;

-       iflag = Jflag = lflag = uflag = Uflag = 0;
+       iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
        username = JidFile = cleanenv = NULL;
        fp = NULL;

-       while ((ch = getopt(argc, argv, "ilu:U:J:")) != -1) {
+       while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
                switch (ch) {
                case 'i':
                        iflag = 1;
                        break;
+               case 'I':
+                       tryprid = atoi(optarg);
+                       Iflag = 1;
+                       break;
                case 'J':
                        JidFile = optarg;
                        Jflag = 1;
@@ -109,6 +113,13 @@
        if (inet_aton(argv[2], &in) == 0)
                errx(1, "Could not make sense of ip-number: %s", argv[2]);
        j.ip_number = ntohl(in.s_addr);
+       if (Iflag) {
+               if (tryprid > 1) {
+                       j.tryprid = tryprid;
+               } else {
+                       errx(1, "Requested JID out of range: %d", tryprid);
+               }
+       }
        if (Jflag) {
                fp = fopen(JidFile, "w");
                if (fp == NULL)
@@ -169,7 +180,7 @@
 {

        (void)fprintf(stderr, "%s%s\n",
-            "usage: jail [-i] [-J jid_file] [-l -u username | -U username]",
+            "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
             " path hostname ip-number command ...");
        exit(1);
 }
-- end here --


>Release-Note:
>Audit-Trail:

From: "Alan, Cheng-Lung Sung" <clsung@gmail.com>
To: bug-followup@FreeBSD.org, lannygodsey@yahoo.com
Cc:  
Subject: Re: bin/89989: [patch] Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2)
Date: Sat, 15 Apr 2006 00:02:07 +0800

 I think
 
 +       if (Iflag) {
 +               if (tryprid > 1) {
 +                       j.tryprid =3D tryprid;
 +               } else {
 +                       errx(1, "Requested JID out of range: %d", tryprid);
 +               }
 +       }
 
 should be
 
 +       if (Iflag) {
 +               if (tryprid > 0 && tryprid < JAIL_MAX) {
 +                       j.tryprid =3D tryprid;
 +               } else {
 +                       errx(1, "Requested JID out of range: %d", tryprid);
 +               }
 +       }
 
 right?
 
 --
 <clsung@FreeBSD.org>
 
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Jan 25 22:03:35 UTC 2008 
Responsible-Changed-Why:  
Reassign to appropriate mailing list. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89989 
Responsible-Changed-From-To: freebsd-jail->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Sat Nov 29 17:15:36 UTC 2008 
Responsible-Changed-Why:  
Jail IDs are system internal. We had even (temporary) changed 
the allocator in the mean time. But jails in HEAD now support 
jail names for management purposes. See if that would work for 
the submitter. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89989 
State-Changed-From-To: open->feedback 
State-Changed-By: bz 
State-Changed-When: Tue Jan 6 19:38:54 UTC 2009 
State-Changed-Why:  
Submitter was asked if jail names as in head would work for him. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89989 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, lannygodsey@yahoo.com
Cc:  
Subject: Re: kern/89989: [jail] [patch] Add option -I (ASCII 73) PID to
 specify tryprid within jail(2)
Date: Tue, 6 Jan 2009 19:38:20 +0000 (UTC)

 Hi,
 
 `jail IDs' are an internal property of prisons.
 
 Changing the allocator to reuse free IDs a while ago turned out to
 cause problems.
 
 With your patch, you may not be able to restart a jail for seconds or
 minutes if there are dangling sockets, for example, or rather you
 won't get the ID you request ("suggest").
 
 In freebsd 8.x (HEAD) and hopefully in 7.x before 7.2 jails (will)
 have optinal names so that you could say
      jexec -n dns ...
 if you keep the names unique. It can even handle "dying jail" as in
 the dangling sockets but not more processes.
 
 Would that work for you and could this PR be closed?
 
 -- 
 Bjoern A. Zeeb                      The greatest risk is not taking one.
State-Changed-From-To: feedback->closed 
State-Changed-By: bz 
State-Changed-When: Tue Nov 17 21:14:55 UTC 2009 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=89989 
>Unformatted:
