Hi all,
the attached patch exports the jail id for processes and teaches ps(1)
and killall(1) about it. The former can display the jail id with -o
jail, the latter selectively kill processes in a jail (killall -j 5).
It also fixes a buglet in ps to make lastcpu working.
It would be nice if someone could take a moment and teach etc/rc.d/jail
selective starting and stopping of jails by taking parameters after the
command.
Matt, since this in non-intrusive and useful, I'd like to merge this to
1.4 later, what do you think? Newer ps/killall and old kernel would
threat all processes as belonging to jid 0.
Joerg
Index: sys/sys/user.h
===================================================================
RCS file: /cvs/src/sys/sys/user.h,v
retrieving revision 1.12
diff -u -r1.12 user.h
--- sys/sys/user.h 21 Nov 2003 22:46:13 -0000 1.12
+++ sys/sys/user.h 25 Mar 2006 19:31:07 -0000
@@ -106,7 +106,8 @@
#define EPROC_CTTY 0x01 /* controlling tty vnode active */
#define EPROC_SLEADER 0x02 /* session leader */
char e_login[roundup(MAXLOGNAME, sizeof(long))]; /*
setlogin() name */
- long e_spare[2];
+ int e_jailid;
+ long e_spare[1];
} kp_eproc;
struct thread kp_thread; /* thread structure */
};
Index: usr.bin/killall/killall.1
===================================================================
RCS file: /cvs/src/usr.bin/killall/killall.1,v
retrieving revision 1.3
diff -u -r1.3 killall.1
--- usr.bin/killall/killall.1 28 Aug 2003 02:35:54 -0000 1.3
+++ usr.bin/killall/killall.1 25 Mar 2006 19:31:07 -0000
@@ -43,6 +43,7 @@
.Op Fl u Ar user
.Op Fl t Ar tty
.Op Fl c Ar procname
+.Op Fl j Ar jail
.Op Fl SIGNAL
.Op Ar procname ...
.Sh DESCRIPTION
@@ -100,6 +101,9 @@
Limit potentially matching processes to those running on
the specified
.Ar tty .
+.It Fl j Ar jailid
+Limit potentially matching processes to those running in the jail with id
+.Ar jailid .
.It Fl c Ar procname
When used with the
.Fl u
Index: usr.bin/killall/killall.c
===================================================================
RCS file: /cvs/src/usr.bin/killall/killall.c,v
retrieving revision 1.7
diff -u -r1.7 killall.c
--- usr.bin/killall/killall.c 14 Sep 2004 00:33:53 -0000 1.7
+++ usr.bin/killall/killall.c 25 Mar 2006 19:31:07 -0000
@@ -52,7 +52,7 @@
usage(void)
{
- fprintf(stderr, "usage: %s [-l] [-v] [-m] [-sig] [-u user] [-t tty] [-c
cmd] [cmd]...\n", prog);
+ fprintf(stderr, "usage: %s [-l] [-v] [-m] [-sig] [-u user] [-j jail]
[-t tty] [-c cmd] [cmd]...\n", prog);
fprintf(stderr, "At least one option or argument to specify processes
must be given.\n");
exit(1);
}
@@ -112,6 +112,7 @@
int qflag = 0;
int vflag = 0;
int sflag = 0;
+ int jflag = 0, jailid = 0;
int dflag = 0;
int mflag = 0;
uid_t uid = 0;
@@ -167,6 +168,20 @@
--ac;
cmd = *av;
break;
+ case 'j':
+ {
+ const char *errstr;
+ ++*av;
+ if (**av == '\0')
+ ++av;
+ --ac;
+ jailid = strtonum(*av, 1, INT_MAX, &errstr);
+
+ if (errstr)
+ errx(1, "jail id is %s: %s", errstr,
*av);
+ jflag++;
+ break;
+ }
case 'q':
qflag++;
break;
@@ -210,7 +225,7 @@
}
}
- if (user == NULL && tty == NULL && cmd == NULL && ac == 0)
+ if (user == NULL && tty == NULL && cmd == NULL && jflag == 0 && ac == 0)
usage();
if (tty) {
@@ -308,6 +323,10 @@
if (thistdev != tdev)
matched = 0;
}
+ if (jflag) {
+ if (procs[i].kp_eproc.e_jailid != jailid)
+ matched = 0;
+ }
if (cmd) {
if (mflag) {
if (regcomp(&rgx, cmd,
@@ -330,31 +349,33 @@
}
if (matched == 0)
continue;
- matched = 0;
- for (j = 0; j < ac; j++) {
- if (mflag) {
- if (regcomp(&rgx, av[j],
- REG_EXTENDED|REG_NOSUB) != 0) {
- mflag = 0;
- warnx("%s: illegal regexp", av[j]);
+ if (ac > 0) {
+ matched = 0;
+ for (j = 0; j < ac; j++) {
+ if (mflag) {
+ if (regcomp(&rgx, av[j],
+ REG_EXTENDED|REG_NOSUB) != 0) {
+ mflag = 0;
+ warnx("%s: illegal regexp",
av[j]);
+ }
}
+ if (mflag) {
+ pmatch.rm_so = 0;
+ pmatch.rm_eo = strlen(thiscmd);
+ if (regexec(&rgx, thiscmd, 0, &pmatch,
+ REG_STARTEND) == 0)
+ matched = 1;
+ regfree(&rgx);
+ } else {
+ if (strcmp(thiscmd, av[j]) == 0)
+ matched = 1;
+ }
+ if (matched)
+ break;
}
- if (mflag) {
- pmatch.rm_so = 0;
- pmatch.rm_eo = strlen(thiscmd);
- if (regexec(&rgx, thiscmd, 0, &pmatch,
- REG_STARTEND) == 0)
- matched = 1;
- regfree(&rgx);
- } else {
- if (strcmp(thiscmd, av[j]) == 0)
- matched = 1;
- }
- if (matched)
- break;
+ if (matched == 0)
+ continue;
}
- if (matched == 0)
- continue;
if (dflag)
printf("sig:%d, cmd:%s, pid:%d, dev:0x%x uid:%d\n", sig,
thiscmd, thispid, thistdev, thisuid);
Index: bin/ps/keyword.c
===================================================================
RCS file: /cvs/src/bin/ps/keyword.c,v
retrieving revision 1.21
diff -u -r1.21 keyword.c
--- bin/ps/keyword.c 11 Oct 2005 22:10:22 -0000 1.21
+++ bin/ps/keyword.c 25 Mar 2006 19:31:07 -0000
@@ -92,7 +92,6 @@
{"command", "COMMAND", NULL, COMM|LJUST|USER, command, NULL, 16, 0, 0,
NULL,
NULL},
{"cpu", "CPU", NULL, 0, pest, NULL, 3, POFF(p_usdata.bsd4.estcpu),
UINT, "d", NULL},
- {"lastcpu", "C", NULL, 0, pvar, NULL, 3, EOFF(e_cpuid), UINT, "d",
NULL},
{"cputime", "", "time", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
{"f", "F", NULL, 0, pvar, NULL, 7, POFF(p_flag), INT, "x", NULL},
{"flags", "", "f", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
@@ -104,11 +103,13 @@
{"inblk", "INBLK", NULL, USER, rvar, NULL, 4, ROFF(ru_inblock), LONG,
"ld",
NULL},
{"inblock", "", "inblk", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
+ {"jail", "JAIL", NULL, 0, evar, NULL, 3, EOFF(e_jailid), INT, "d",
NULL},
{"jobc", "JOBC", NULL, 0, evar, NULL, 4, EOFF(e_jobc), SHORT, "d",
NULL},
{"ktrace", "KTRACE", NULL, 0, pvar, NULL, 8, POFF(p_traceflag), INT,
"x",
NULL},
{"ktracep", "KTRACEP", NULL, 0, pvar, NULL, 8, POFF(p_tracep), LONG,
"lx",
NULL},
+ {"lastcpu", "C", NULL, 0, evar, NULL, 3, EOFF(e_cpuid), UINT, "d",
NULL},
{"lim", "LIM", NULL, 0, maxrss, NULL, 5, 0, 0, NULL, NULL},
{"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1, 0, 0, NULL,
NULL},
Index: sys/kern/kern_proc.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.22
diff -u -r1.22 kern_proc.c
--- sys/kern/kern_proc.c 1 Dec 2005 18:30:08 -0000 1.22
+++ sys/kern/kern_proc.c 25 Mar 2006 19:31:07 -0000
@@ -453,6 +453,8 @@
} else {
ep->e_tdev = NOUDEV;
}
+ if (p->p_ucred->cr_prison)
+ ep->e_jailid = p->p_ucred->cr_prison->pr_id;
}
struct proc *
