route(8): teach route to attach to jails

Add -j <jail> flag to route(8) to allow route to perform actions in a Jail. Differential Revision: https://reviews.freebsd.org/D40377 MFC after: 2 weeks
2024-07-22 18:56:38 +00:00 · 2023-06-13 06:05:17 +00:00 · 2023-06-13 06:05:17 +00:00 · ab4d1b73cb
parent 0eb0d23335
commit ab4d1b73cb
3 changed files with 43 additions and 3 deletions
--- a/sbin/route/Makefile
+++ b/sbin/route/Makefile
@ -25,6 +25,11 @@ SRCS+= route_netlink.c
 CFLAGS+=-DWITHOUT_NETLINK
 .endif

+.if ${MK_JAIL} != "no" && !defined(RESCUE)
+CFLAGS+= -DJAIL
+LIBADD+= jail
+.endif
+
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests

--- a/sbin/route/route.8
+++ b/sbin/route/route.8
@ -28,7 +28,7 @@
 .\"     @(#)route.8	8.3 (Berkeley) 3/19/94
 .\" $FreeBSD$
 .\"
-.Dd March 14, 2023
+.Dd June 13, 2023
 .Dt ROUTE 8
 .Os
 .Sh NAME
@ -36,6 +36,7 @@
 .Nd manually manipulate the routing tables
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ar jail
 .Op Fl dnqtv
 .Ar command
 .Oo
@ -91,6 +92,8 @@ Suppress all output from the
 and
 .Cm flush
 commands.
+.It Fl j Ar jail
+Run inside a jail.
 .El
 .Pp
 The
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@ -48,6 +48,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/file.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
 #include <sys/sysctl.h>
 #include <sys/types.h>
 #include <sys/queue.h>
@ -63,6 +66,9 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#ifdef JAIL
+#include <jail.h>
+#endif
 #include <paths.h>
 #include <signal.h>
 #include <stdbool.h>
@ -91,6 +97,9 @@ static struct keytab {
 };

 int	verbose, debugonly;
+#ifdef JAIL
+char * jail_name;
+#endif
 static struct sockaddr_storage so[RTAX_MAX];
 static int	pid, rtm_addrs;
 static int	nflag, af, aflen, qflag, tflag;
@ -172,7 +181,7 @@ usage(const char *cp)
 {
 	if (cp != NULL)
 		warnx("bad keyword: %s", cp);
-	errx(EX_USAGE, "usage: route [-46dnqtv] command [[modifiers] args]");
+	errx(EX_USAGE, "usage: route [-j jail] [-46dnqtv] command [[modifiers] args]");
 	/* NOTREACHED */
 }

@ -180,12 +189,15 @@ int
 main(int argc, char **argv)
 {
 	int ch;
+#ifdef JAIL
+	int jid;
+#endif
 	size_t len;

 	if (argc < 2)
 		usage(NULL);

-	while ((ch = getopt(argc, argv, "46nqdtv")) != -1)
+	while ((ch = getopt(argc, argv, "46nqdtvj:")) != -1)
 		switch(ch) {
 		case '4':
 #ifdef INET
@ -218,6 +230,15 @@ main(int argc, char **argv)
 		case 'd':
 			debugonly = 1;
 			break;
+		case 'j':
+#ifdef JAIL
+			if (optarg == NULL)
+				usage(NULL);
+			jail_name = optarg;
+#else
+			errx(1, "Jail support is not compiled in");
+#endif
+			break;
 		case '?':
 		default:
 			usage(NULL);
@ -227,6 +248,17 @@ main(int argc, char **argv)

 	pid = getpid();
 	uid = geteuid();
+
+#ifdef JAIL
+	if (jail_name != NULL) {
+		jid = jail_getid(jail_name);
+		if (jid == -1)
+			errx(1, "Jail not found");
+		if (jail_attach(jid) != 0)
+			errx(1, "Cannot attach to jail");
+	}
+#endif
+
 #ifdef WITHOUT_NETLINK
 	if (tflag)
 		s = open(_PATH_DEVNULL, O_WRONLY, 0);