2 * ----------------------------------------------------------------------------
3 * "THE BEER-WARE LICENSE" (Revision 42):
4 * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you think
6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
7 * ----------------------------------------------------------------------------
9 * $FreeBSD: src/usr.sbin/jail/jail.c,v 1.5.2.2 2003/05/08 13:04:24 maxim Exp $
10 * $DragonFly: src/usr.sbin/jail/jail.c,v 1.3 2004/09/19 17:25:42 joerg Exp $
14 #include <sys/param.h>
17 #include <netinet/in.h>
18 #include <arpa/inet.h>
22 #include <login_cap.h>
29 static void usage(void);
32 main(int argc, char **argv)
34 login_cap_t *lcap = NULL;
36 struct passwd *pwd = NULL;
38 gid_t groups[NGROUPS];
44 while ((ch = getopt(argc, argv, "u:")) != -1)
58 if (username != NULL) {
59 pwd = getpwnam(username);
61 err(1, "getpwnam: %s", username);
62 lcap = login_getpwclass(pwd);
64 err(1, "getpwclass: %s", username);
66 if (getgrouplist(username, pwd->pw_gid, groups, &ngroups) != 0)
67 err(1, "getgrouplist: %s", username);
69 if (chdir(argv[0]) != 0)
70 err(1, "chdir: %s", argv[0]);
71 memset(&j, 0, sizeof(j));
75 if (inet_aton(argv[2], &in) == 0)
76 errx(1, "Could not make sense of ip-number: %s", argv[2]);
77 j.ip_number = ntohl(in.s_addr);
80 if (username != NULL) {
81 if (setgroups(ngroups, groups) != 0)
83 if (setgid(pwd->pw_gid) != 0)
85 if (setusercontext(lcap, pwd, pwd->pw_uid,
86 LOGIN_SETALL & ~LOGIN_SETGROUP) != 0)
87 err(1, "setusercontext");
90 if (execv(argv[3], argv + 3) != 0)
91 err(1, "execv: %s", argv[3]);
99 (void)fprintf(stderr, "%s\n",
100 "Usage: jail [-u username] path hostname ip-number command ...");