jail: add JID, JNAME and JPATH to environment for exec.* commands

Although variable substitution is available in the jail configuration
file, the jail identifier is often not since it is dynamically
attributed at run time.

In order to facilitate scripting of exec.* commands executed on the
system, this change sets the JID, JNAME and JPATH environment variables.

These variables are not added when using exec.clean. Neither are they
for commands executed inside jails, to avoid disclosing information
about the host system.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1609
Closes: https://github.com/freebsd/freebsd-src/pull/1609

usr.sbin/jail/command.c

@@ -290,7 +290,7 @@ run_command(struct cfjail *j)
 	const struct cfstring *comstring, *s;
 	login_cap_t *lcap;
 	const char **argv;
-	char *acs, *cs, *comcs, *devpath;
+	char *acs, *ajidstr, *cs, *comcs, *devpath;
 	const char *jidstr, *conslog, *fmt, *path, *ruleset, *term, *username;
 	enum intparam comparam;
 	size_t comlen, ret;
@@ -795,6 +795,18 @@ run_command(struct cfjail *j)
 		}
 		endpwent();
 	}
+	if (!injail) {
+		if (asprintf(&ajidstr, "%d", j->jid) == -1) {
+			jail_warnx(j, "asprintf jid=%d: %s", j->jid,
+				strerror(errno));
+			exit(1);
+		}
+		setenv("JID", ajidstr, 1);
+		free(ajidstr);
+		setenv("JNAME", string_param(j->intparams[KP_NAME]), 1);
+		path = string_param(j->intparams[KP_PATH]);
+		setenv("JPATH", path ? path : "", 1);
+	}
 
 	if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) {
 		jail_warnx(j, "exec.consolelog: %s", strerror(errno));

usr.sbin/jail/jail.8

@@ -858,6 +858,22 @@ commands in sequence.
 All commands must succeed (return a zero exit status), or the jail will
 not be created or removed, as appropriate.
 .Pp
+The following variables are added to the environment:
+.Bl -tag -width indent -offset indent
+.It Ev JID
+The
+.Va jid ,
+or jail identifier.
+.It Ev JNAME
+The
+.Va name
+of the jail.
+.It Ev JPATH
+The
+.Va path
+of the jail.
+.El
+.Pp
 The pseudo-parameters are:
 .Bl -tag -width indent
 .It Va exec.prepare
@@ -922,6 +938,11 @@ is imported from the current environment.
 is set to "/bin:/usr/bin".
 The environment variables from the login class capability database for the
 target login are also set.
+.Ev JID ,
+.Ev JNAME ,
+and
+.Ev JPATH
+are not set.
 If a user is specified (as with
 .Va exec.jail_user ) ,
 commands are run from that (possibly jailed) user's directory.

usr.sbin/jail/tests/commands.jail.conf

@@ -1,6 +1,9 @@
 
 exec.prestop = "echo STOP";
 exec.prestart = "echo START";
+exec.poststart = "env";
 persist;
 
+path = "/tmp/test_${name}_root";
+
 basejail {}

usr.sbin/jail/tests/jail_basic_test.sh

@@ -129,13 +129,19 @@ commands_head()
 {
 	atf_set descr 'Commands jail test'
 	atf_set require.user root
+	mkdir /tmp/test_basejail_root
 }
 
 commands_body()
 {
-	# exec.prestart
-	atf_check -s exit:0 -o inline:"START\n" \
+	# exec.prestart (START) and exec.poststart (env)
+	atf_check -s exit:0 -o save:stdout -e empty \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
+	grep -E '^START$' stdout || atf_fail "exec.prestart output not found"
+	grep -E '^JID=[0-9]+' stdout || atf_fail "JID not found in exec.poststart env output"
+	grep -E '^JNAME=basejail$' stdout || atf_fail "JNAME not found in exec.poststart env output"
+	grep -E '^JPATH=/tmp/test_basejail_root$' stdout || atf_fail "JPATH not found in exec.poststart env output"
+
 	# exec.prestop by jailname
 	atf_check -s exit:0 -o inline:"STOP\n" \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail 
@@ -152,6 +158,7 @@ commands_cleanup()
 	then
 	    jail -r basejail
 	fi
+	rmdir /tmp/test_basejail_root
 }
 
 atf_init_test_cases()