--- src/libs/zbxsysinfo/freebsd/proc.c.orig 2022-11-02 12:11:07.684900353 +0300 +++ src/libs/zbxsysinfo/freebsd/proc.c 2022-11-04 12:12:19.978160000 +0300 @@ -237,8 +237,8 @@ #define ZBX_DSIZE 6 #define ZBX_SSIZE 7 - char *procname, *proccomm, *param, *args, *mem_type = NULL; - int do_task, pagesize, count, i, proccount = 0, invalid_user = 0, mem_type_code, mib[4]; + char *procname, *proccomm, *param, *args, *mem_type = NULL, *procjail, *end_of_line; + int do_task, pagesize, count, i, proccount = 0, invalid_user = 0, mem_type_code, mib[4], jid = -1; unsigned int mibs; zbx_uint64_t mem_size = 0, byte_value = 0; double pct_size = 0.0, pct_value = 0.0; @@ -252,7 +252,7 @@ struct kinfo_proc *proc = NULL; struct passwd *usrinfo; - if (5 < request->nparam) + if (6 < request->nparam) { SET_MSG_RESULT(result, zbx_strdup(NULL, "Too many parameters.")); return SYSINFO_RET_FAIL; @@ -333,6 +333,36 @@ return SYSINFO_RET_FAIL; } + procjail = get_rparam(request, 5); + if (NULL != procjail && '\0' != *procjail) + { +#ifdef HAVE_LIBJAIL + jid = jail_getid(procjail); + if (-1 == jid) /* No jail with this name was found. We have not process, associated with jail name. */ + goto out; +#else + errno = 0; + jid = strtol(procjail, &end_of_line, 10); + if ('\0' != *end_of_line || 0 != errno) + { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Agent was compiled without support for \"libjail\"" + " library, jail name not allowed.")); + return SYSINFO_RET_FAIL; + } + if (0 > jid) { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Jail id must be greater than or equal to 0.")); + return SYSINFO_RET_FAIL; + } +#if (__FreeBSD_version) < 500000 + if (0 != jid) { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Agent was compiled on FreeBSD < 5.0, jails not" + " supported.")); + return SYSINFO_RET_FAIL; + } +#endif +#endif + } + if (1 == invalid_user) /* handle 0 for non-existent user after all parameters have been parsed and validated */ goto out; @@ -402,6 +432,11 @@ continue; } +#if (__FreeBSD_version) > 500000 + if (proc[i].ZBX_PROC_JID != jid && -1 != jid) + continue; +#endif + switch (mem_type_code) { case ZBX_SIZE: @@ -495,14 +530,14 @@ int PROC_NUM(AGENT_REQUEST *request, AGENT_RESULT *result) { - char *procname, *proccomm, *param, *args; + char *procname, *proccomm, *param, *args, *procjail, *end_of_line; int proccount = 0, invalid_user = 0, zbx_proc_stat; - int count, i, proc_ok, stat_ok, comm_ok, mib[4], mibs; + int count, i, proc_ok, stat_ok, comm_ok, jail_ok, mib[4], mibs, jid = -1; size_t sz; struct kinfo_proc *proc = NULL; struct passwd *usrinfo; - if (4 < request->nparam) + if (5 < request->nparam) { SET_MSG_RESULT(result, zbx_strdup(NULL, "Too many parameters.")); return SYSINFO_RET_FAIL; @@ -574,6 +609,36 @@ mibs = 3; } + procjail = get_rparam(request, 4); + if (NULL != procjail && '\0' != *procjail) + { +#ifdef HAVE_LIBJAIL + jid = jail_getid(procjail); + if (-1 == jid) /* No jail with this name was found. We have not process, associated with jail name. */ + goto out; +#else + errno = 0; + jid = strtol(procjail, &end_of_line, 10); + if ('\0' != *end_of_line || 0 != errno) + { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Agent was compiled without support for \"libjail\"" + " library, jail name not allowed.")); + return SYSINFO_RET_FAIL; + } + if (0 > jid) { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Jail id must be greater than or equal to 0.")); + return SYSINFO_RET_FAIL; + } +#if (__FreeBSD_version) < 500000 + if (0 != jid) { + SET_MSG_RESULT(result, zbx_strdup(NULL, "Agent was compiled on FreeBSD < 5.0, jails not" + " supported.")); + return SYSINFO_RET_FAIL; + } +#endif +#endif + } + sz = 0; if (0 != sysctl(mib, mibs, NULL, &sz, NULL, 0)) { @@ -598,6 +663,7 @@ proc_ok = 0; stat_ok = 0; comm_ok = 0; + jail_ok = 0; if (NULL == procname || '\0' == *procname || 0 == strcmp(procname, proc[i].ZBX_PROC_COMM)) proc_ok = 1; @@ -647,7 +713,12 @@ else comm_ok = 1; - if (proc_ok && stat_ok && comm_ok) +#if (__FreeBSD_version) > 500000 + if (proc[i].ZBX_PROC_JID == jid || -1 == jid) +#endif + jail_ok = 1; + + if (proc_ok && stat_ok && comm_ok && jail_ok) proccount++; } zbx_free(proc);