diff --git a/sbin/sysctl/Makefile b/sbin/sysctl/Makefile --- a/sbin/sysctl/Makefile +++ b/sbin/sysctl/Makefile @@ -6,6 +6,11 @@ WARNS?= 3 MAN= sysctl.8 +.if ${MK_JAIL} != "no" && !defined(RESCUE) +CFLAGS+= -DJAIL +LIBADD+= jail +.endif + HAS_TESTS= SUBDIR.${MK_TESTS}+= tests diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 23, 2025 +.Dd January 31, 2025 .Dt SYSCTL 8 .Os .Sh NAME @@ -36,12 +36,14 @@ .Nd get or set kernel state .Sh SYNOPSIS .Nm +.Op Fl j Ar jail .Op Fl bdeFhiJlNnoqTtVWx .Op Fl B Ar bufsize .Op Fl f Ar filename .Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value .Ar ... .Nm +.Op Fl j Ar jail .Op Fl bdeFhJlNnoqTtVWx .Op Fl B Ar bufsize .Fl a @@ -103,6 +105,10 @@ .Nm reads and processes the specified file first and then processes the name and value pairs in the command line argument. +Note that when the +.Fl j Ar jail +option is specified, the file will be opened before attaching to the jail and +then be processed inside the jail. .It Fl h Format output for human, rather than machine, readability. .It Fl i @@ -113,6 +119,10 @@ are necessarily running exactly the same software) easier. .It Fl J Display only jail prision sysctl variables (CTLFLAG_PRISON). +.It Fl j Ar jail +Perform the actions inside the +.Ar jail +(by jail id or jail name). .It Fl l Show the length of variables along with their values. This option cannot be combined with the diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -33,6 +33,9 @@ #include #include #include +#ifdef JAIL +#include +#endif #include #include #include @@ -51,6 +54,9 @@ #include #include #include +#ifdef JAIL +#include +#endif #include #include #include @@ -59,12 +65,16 @@ #include #include +#ifdef JAIL +static const char *jailname; +#endif static const char *conffile; static int aflag, bflag, Bflag, dflag, eflag, hflag, iflag; static int Nflag, nflag, oflag, qflag, tflag, Tflag, Wflag, xflag; static bool Fflag, Jflag, lflag, Vflag; +static void attach_jail(void); static int oidfmt(int *, int, char *, u_int *); static int parsefile(FILE *); static int parse(const char *, int); @@ -121,8 +131,8 @@ { (void)fprintf(stderr, "%s\n%s\n", - "usage: sysctl [-bdeFhiJlNnoqTtVWx] [ -B ] [-f filename] name[=value] ...", - " sysctl [-bdeFhJlNnoqTtVWx] [ -B ] -a"); + "usage: sysctl [-j jail] [-bdeFhiJlNnoqTtVWx] [ -B ] [-f filename] name[=value] ...", + " sysctl [-j jail] [-bdeFhJlNnoqTtVWx] [ -B ] -a"); exit(1); } @@ -137,7 +147,7 @@ setbuf(stdout,0); setbuf(stderr,0); - while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJlNnoqTtVWwXx")) != -1) { + while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJj:lNnoqTtVWwXx")) != -1) { switch (ch) { case 'A': /* compatibility */ @@ -173,6 +183,14 @@ case 'J': Jflag = true; break; + case 'j': +#ifdef JAIL + if ((jailname = optarg) == NULL) + usage(); +#else + errx(1, "not built with jail support"); +#endif + break; case 'l': lflag = true; break; @@ -222,8 +240,10 @@ /* TODO: few other combinations do not make sense but come back later */ if (Nflag && (lflag || nflag)) usage(); - if (aflag && argc == 0) + if (aflag && argc == 0) { + attach_jail(); exit(sysctl_all(NULL, 0)); + } if (argc == 0 && conffile == NULL) usage(); @@ -231,6 +251,9 @@ file = fopen(conffile, "r"); if (file == NULL) err(EX_NOINPUT, "%s", conffile); + } + attach_jail(); + if (file != NULL) { warncount += parsefile(file); fclose(file); } @@ -241,6 +264,23 @@ return (warncount); } +static void +attach_jail(void) +{ +#ifdef JAIL + int jid; + + if (jailname == NULL) + return; + + jid = jail_getid(jailname); + if (jid == -1) + errx(1, "jail not found"); + if (jail_attach(jid) != 0) + errx(1, "cannot attach to jail"); +#endif +} + /* * Parse a single numeric value, append it to 'newbuf', and update * 'newsize'. Returns true if the value was parsed and false if the