route(8): teach route to attach to jails

Add -j <jail> flag to route(8) to allow route to perform actions in
a Jail.

Differential Revision: https://reviews.freebsd.org/D40377
MFC after:	2 weeks

(cherry picked from commit ab4d1b73cbf8980dbe05cde7d822010042db8344)

3 files changed, 43 insertions, 3 deletions

diff --git a/sbin/route/Makefile b/sbin/route/Makefile
index e65030f805bb..2cecadd24a72 100644
--- a/sbin/route/Makefile
+++ b/sbin/route/Makefile
@@ -19,6 +19,11 @@ CFLAGS+= -DINET6
 .endif
 CFLAGS+= -I.
 
+.if ${MK_JAIL} != "no" && !defined(RESCUE)
+CFLAGS+= -DJAIL
+LIBADD+= jail
+.endif
+
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests
 
diff --git a/sbin/route/route.8 b/sbin/route/route.8
index afcf55ab44c7..72c22bee23ed 100644
--- a/sbin/route/route.8
+++ b/sbin/route/route.8
@@ -28,7 +28,7 @@
 .\"     @(#)route.8	8.3 (Berkeley) 3/19/94
 .\" $FreeBSD$
 .\"
-.Dd March 14, 2023
+.Dd June 13, 2023
 .Dt ROUTE 8
 .Os
 .Sh NAME
@@ -36,6 +36,7 @@
 .Nd manually manipulate the routing tables
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ar jail
 .Op Fl dnqtv
 .Ar command
 .Oo
@@ -91,6 +92,8 @@ Suppress all output from the
 and
 .Cm flush
 commands.
+.It Fl j Ar jail
+Run inside a jail.
 .El
 .Pp
 The
diff --git a/sbin/route/route.c b/sbin/route/route.c
index 5f33cecb1b20..e10d0b18ee40 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@@ -48,6 +48,9 @@ __FBSDID("$FreeBSD$");
 #include <sys/file.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
 #include <sys/sysctl.h>
 #include <sys/types.h>
 #include <sys/queue.h>
@@ -63,6 +66,9 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#ifdef JAIL
+#include <jail.h>
+#endif
 #include <paths.h>
 #include <signal.h>
 #include <stdbool.h>
@@ -90,6 +96,9 @@ static struct keytab {
 	{0, 0}
 };
 
+#ifdef JAIL
+char * jail_name;
+#endif
 static struct sockaddr_storage so[RTAX_MAX];
 static int	pid, rtm_addrs;
 static int	s;
@@ -161,7 +170,7 @@ usage(const char *cp)
 {
 	if (cp != NULL)
 		warnx("bad keyword: %s", cp);
-	errx(EX_USAGE, "usage: route [-46dnqtv] command [[modifiers] args]");
+	errx(EX_USAGE, "usage: route [-j jail] [-46dnqtv] command [[modifiers] args]");
 	/* NOTREACHED */
 }
 
@@ -169,12 +178,15 @@ int
 main(int argc, char **argv)
 {
 	int ch;
+#ifdef JAIL
+	int jid;
+#endif
 	size_t len;
 
 	if (argc < 2)
 		usage(NULL);
 
-	while ((ch = getopt(argc, argv, "46nqdtv")) != -1)
+	while ((ch = getopt(argc, argv, "46nqdtvj:")) != -1)
 		switch(ch) {
 		case '4':
 #ifdef INET
@@ -207,6 +219,15 @@ main(int argc, char **argv)
 		case 'd':
 			debugonly = 1;
 			break;
+		case 'j':
+#ifdef JAIL
+			if (optarg == NULL)
+				usage(NULL);
+			jail_name = optarg;
+#else
+			errx(1, "Jail support is not compiled in");
+#endif
+			break;
 		case '?':
 		default:
 			usage(NULL);
@@ -216,6 +237,17 @@ main(int argc, char **argv)
 
 	pid = getpid();
 	uid = geteuid();
+
+#ifdef JAIL
+	if (jail_name != NULL) {
+		jid = jail_getid(jail_name);
+		if (jid == -1)
+			errx(1, "Jail not found");
+		if (jail_attach(jid) != 0)
+			errx(1, "Cannot attach to jail");
+	}
+#endif
+
 	if (tflag)
 		s = open(_PATH_DEVNULL, O_WRONLY, 0);
 	else