jail(8) usuability patch

[joerg at britannica.bec.de]

Hi all,
the attached patch exports the jail id for processes and teaches ps(1)
and killall(1) about it. The former can display the jail id with -o
jail, the latter selectively kill processes in a jail (killall -j 5).
It also fixes a buglet in ps to make lastcpu working.

It would be nice if someone could take a moment and teach etc/rc.d/jail
selective starting and stopping of jails by taking parameters after the
command.

Matt, since this in non-intrusive and useful, I'd like to merge this to
1.4 later, what do you think? Newer ps/killall and old kernel would
threat all processes as belonging to jid 0.

Joerg
Index: sys/sys/user.h
===================================================================
RCS file: /cvs/src/sys/sys/user.h,v
retrieving revision 1.12
diff -u -r1.12 user.h
--- sys/sys/user.h	21 Nov 2003 22:46:13 -0000	1.12
+++ sys/sys/user.h	25 Mar 2006 19:31:07 -0000
@@ -106,7 +106,8 @@
 #define	EPROC_CTTY	0x01	/* controlling tty vnode active */
 #define	EPROC_SLEADER	0x02	/* session leader */
 		char	e_login[roundup(MAXLOGNAME, sizeof(long))];	/* setlogin() name */
-		long	e_spare[2];
+		int	e_jailid;
+		long	e_spare[1];
 	} kp_eproc;
 	struct thread kp_thread;		/* thread structure */
 };
Index: usr.bin/killall/killall.1
===================================================================
RCS file: /cvs/src/usr.bin/killall/killall.1,v
retrieving revision 1.3
diff -u -r1.3 killall.1
--- usr.bin/killall/killall.1	28 Aug 2003 02:35:54 -0000	1.3
+++ usr.bin/killall/killall.1	25 Mar 2006 19:31:07 -0000
@@ -43,6 +43,7 @@
 .Op Fl u Ar user
 .Op Fl t Ar tty
 .Op Fl c Ar procname
+.Op Fl j Ar jail
 .Op Fl SIGNAL
 .Op Ar procname ...
 .Sh DESCRIPTION
@@ -100,6 +101,9 @@
 Limit potentially matching processes to those running on
 the specified
 .Ar tty .
+.It Fl j Ar jailid
+Limit potentially matching processes to those running in the jail with id
+.Ar jailid .
 .It Fl c Ar procname
 When used with the
 .Fl u
Index: usr.bin/killall/killall.c
===================================================================
RCS file: /cvs/src/usr.bin/killall/killall.c,v
retrieving revision 1.7
diff -u -r1.7 killall.c
--- usr.bin/killall/killall.c	14 Sep 2004 00:33:53 -0000	1.7
+++ usr.bin/killall/killall.c	25 Mar 2006 19:31:07 -0000
@@ -52,7 +52,7 @@
 usage(void)
 {
 
-	fprintf(stderr, "usage: %s [-l] [-v] [-m] [-sig] [-u user] [-t tty] [-c cmd] [cmd]...\n", prog);
+	fprintf(stderr, "usage: %s [-l] [-v] [-m] [-sig] [-u user] [-j jail] [-t tty] [-c cmd] [cmd]...\n", prog);
 	fprintf(stderr, "At least one option or argument to specify processes must be given.\n");
 	exit(1);
 }
@@ -112,6 +112,7 @@
 	int		qflag = 0;
 	int		vflag = 0;
 	int		sflag = 0;
+	int		jflag = 0, jailid = 0;
 	int		dflag = 0;
 	int		mflag = 0;
 	uid_t		uid = 0;
@@ -167,6 +168,20 @@
 				--ac;
 				cmd = *av;
 				break;
+			case 'j':
+			{
+				const char *errstr;
+				++*av;
+				if (**av == '\0')
+					++av;
+				--ac;
+				jailid = strtonum(*av, 1, INT_MAX, &errstr);
+
+				if (errstr)
+					errx(1, "jail id is %s: %s", errstr, *av);
+				jflag++;
+				break;
+			}
 			case 'q':
 				qflag++;
 				break;
@@ -210,7 +225,7 @@
 		}
 	}
 
-	if (user == NULL && tty == NULL && cmd == NULL && ac == 0)
+	if (user == NULL && tty == NULL && cmd == NULL && jflag == 0 && ac == 0)
 		usage();
 
 	if (tty) {
@@ -308,6 +323,10 @@
 			if (thistdev != tdev)
 				matched = 0;
 		}
+		if (jflag) {
+			if (procs[i].kp_eproc.e_jailid != jailid)
+				matched = 0;
+		}
 		if (cmd) {
 			if (mflag) {
 				if (regcomp(&rgx, cmd,
@@ -330,31 +349,33 @@
 		}
 		if (matched == 0)
 			continue;
-		matched = 0;
-		for (j = 0; j < ac; j++) {
-			if (mflag) {
-				if (regcomp(&rgx, av[j],
-				    REG_EXTENDED|REG_NOSUB) != 0) {
-					mflag = 0;
-					warnx("%s: illegal regexp", av[j]);
+		if (ac > 0) {
+			matched = 0;
+			for (j = 0; j < ac; j++) {
+				if (mflag) {
+					if (regcomp(&rgx, av[j],
+					    REG_EXTENDED|REG_NOSUB) != 0) {
+						mflag = 0;
+						warnx("%s: illegal regexp", av[j]);
+					}
 				}
+				if (mflag) {
+					pmatch.rm_so = 0;
+					pmatch.rm_eo = strlen(thiscmd);
+					if (regexec(&rgx, thiscmd, 0, &pmatch,
+					    REG_STARTEND) == 0)
+						matched = 1;
+					regfree(&rgx);
+				} else {
+					if (strcmp(thiscmd, av[j]) == 0)
+						matched = 1;
+				}
+				if (matched)
+					break;
 			}
-			if (mflag) {
-				pmatch.rm_so = 0;
-				pmatch.rm_eo = strlen(thiscmd);
-				if (regexec(&rgx, thiscmd, 0, &pmatch,
-				    REG_STARTEND) == 0)
-					matched = 1;
-				regfree(&rgx);
-			} else {
-				if (strcmp(thiscmd, av[j]) == 0)
-					matched = 1;
-			}
-			if (matched)
-				break;
+			if (matched == 0)
+				continue;
 		}
-		if (matched == 0)
-			continue;
 		if (dflag)
 			printf("sig:%d, cmd:%s, pid:%d, dev:0x%x uid:%d\n", sig,
 			    thiscmd, thispid, thistdev, thisuid);
Index: bin/ps/keyword.c
===================================================================
RCS file: /cvs/src/bin/ps/keyword.c,v
retrieving revision 1.21
diff -u -r1.21 keyword.c
--- bin/ps/keyword.c	11 Oct 2005 22:10:22 -0000	1.21
+++ bin/ps/keyword.c	25 Mar 2006 19:31:07 -0000
@@ -92,7 +92,6 @@
 	{"command", "COMMAND", NULL, COMM|LJUST|USER, command, NULL, 16, 0, 0, NULL,
 		NULL},
 	{"cpu", "CPU", NULL, 0, pest, NULL, 3, POFF(p_usdata.bsd4.estcpu), UINT, "d", NULL},
-	{"lastcpu", "C", NULL, 0, pvar, NULL, 3, EOFF(e_cpuid), UINT, "d", NULL},
 	{"cputime", "", "time", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
 	{"f", "F", NULL, 0, pvar, NULL, 7, POFF(p_flag), INT, "x", NULL},
 	{"flags", "", "f", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
@@ -104,11 +103,13 @@
 	{"inblk", "INBLK", NULL, USER, rvar, NULL, 4, ROFF(ru_inblock), LONG, "ld",
 		NULL},
 	{"inblock", "", "inblk", 0, NULL, NULL, 0, 0, 0, NULL, NULL},
+	{"jail", "JAIL", NULL, 0, evar, NULL, 3, EOFF(e_jailid), INT, "d", NULL},
 	{"jobc", "JOBC", NULL, 0, evar, NULL, 4, EOFF(e_jobc), SHORT, "d", NULL},
 	{"ktrace", "KTRACE", NULL, 0, pvar, NULL, 8, POFF(p_traceflag), INT, "x",
 		NULL},
 	{"ktracep", "KTRACEP", NULL, 0, pvar, NULL, 8, POFF(p_tracep), LONG, "lx",
 		NULL},
+	{"lastcpu", "C", NULL, 0, evar, NULL, 3, EOFF(e_cpuid), UINT, "d", NULL},
 	{"lim", "LIM", NULL, 0, maxrss, NULL, 5, 0, 0, NULL, NULL},
 	{"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1, 0, 0, NULL,
 		NULL},
Index: sys/kern/kern_proc.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.22
diff -u -r1.22 kern_proc.c
--- sys/kern/kern_proc.c	1 Dec 2005 18:30:08 -0000	1.22
+++ sys/kern/kern_proc.c	25 Mar 2006 19:31:07 -0000
@@ -453,6 +453,8 @@
 	} else {
 		ep->e_tdev = NOUDEV;
 	}
+	if (p->p_ucred->cr_prison)
+		ep->e_jailid = p->p_ucred->cr_prison->pr_id;
 }
 
 struct proc *