lib/libjail/jail.c

root/lib/libjail/jail.c
/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright (c) 2009 James Gritton.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/param.h>
#include <sys/jail.h>
#include <sys/linker.h>
#include <sys/mac.h>
#include <sys/socket.h>
#include <sys/sysctl.h>

#include <arpa/inet.h>
#include <netinet/in.h>

#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>

#include "jail.h"

#define SJPARAM         "security.jail.param"

#define JPSDEF_OF(jp)   \
        ((jp)->jp_structtype >= 0 ? &jp_structdefs[(jp)->jp_structtype] : NULL)

static int jps_get(struct jailparam *, struct iovec *);
static int jps_set(const struct jailparam *, struct iovec *);
static void jps_free(struct jailparam *);

typedef int (jps_import_t)(const struct jailparam *, int, const char *);
typedef char *(jps_export_t)(const struct jailparam *, int);
typedef int (jps_get_t)(struct jailparam *, struct iovec *);
typedef int (jps_set_t)(const struct jailparam *, struct iovec *);
typedef void (jps_free_t)(struct jailparam *);

static jps_import_t     jps_import_in_addr;
static jps_import_t     jps_import_in6_addr;
static jps_import_t     jps_import_mac_label;

static jps_export_t     jps_export_in_addr;
static jps_export_t     jps_export_in6_addr;
static jps_export_t     jps_export_mac_label;

static jps_get_t        jps_get_mac_label;

static jps_set_t        jps_set_mac_label;

static jps_free_t       jps_free_mac_label;

static const struct jp_structdef {
        const char      *jps_type;              /* sysctl type */
        size_t           jps_valuelen;          /* value size */
        jps_import_t    *jps_import;            /* jailparam_import() */
        jps_export_t    *jps_export;            /* jailparam_export() */
        jps_get_t       *jps_get;               /* jailparam_get() */
        jps_set_t       *jps_set;               /* jailparam_set() */
        jps_free_t      *jps_free;              /* jailparam_free() */
} jp_structdefs[] = {
        {
                .jps_type = "S,in_addr",
                .jps_valuelen = sizeof(struct in_addr),
                .jps_import = jps_import_in_addr,
                .jps_export = jps_export_in_addr,
        },
        {
                .jps_type = "S,in6_addr",
                .jps_valuelen = sizeof(struct in6_addr),
                .jps_import = jps_import_in6_addr,
                .jps_export = jps_export_in6_addr,
        },
        {
                .jps_type = "S,mac",
                .jps_valuelen = sizeof(mac_t *),
                .jps_import = jps_import_mac_label,
                .jps_export = jps_export_mac_label,
                .jps_get = jps_get_mac_label,
                .jps_set = jps_set_mac_label,
                .jps_free = jps_free_mac_label,
        },
};

_Static_assert(nitems(jp_structdefs) <= INT_MAX,
    "Too many struct definitions requires an ABI break in struct jailparam");

#define ARRAY_SANITY    5
#define ARRAY_SLOP      5

static const struct jp_structdef *jp_structinfo(const char *type, int *);

static int jailparam_import_enum(const char **values, int nvalues,
    const char *valstr, size_t valsize, int *value);
static int jailparam_type(struct jailparam *jp);
static int kldload_param(const char *name);
static char *noname(const char *name);
static char *nononame(const char *name);
static char *kvname(const char *name);

char jail_errmsg[JAIL_ERRMSGLEN];

static const char *bool_values[] = { "false", "true" };
static const char *jailsys_values[] = { "disable", "new", "inherit" };

static const struct jp_structdef *
jp_structinfo(const char *type, int *oidx)
{
        const struct jp_structdef *jpsdef;

        for (size_t idx = 0; idx < nitems(jp_structdefs); idx++) {
                jpsdef = &jp_structdefs[idx];

                if (strcmp(jpsdef->jps_type, type) == 0) {
                        *oidx = (int)idx;
                        return (jpsdef);
                }
        }

        *oidx = -1;
        return (NULL);
}

/*
 * Import a null-terminated parameter list and set a jail with the flags
 * and parameters.
 */
int
jail_setv(int flags, ...)
{
        va_list ap, tap;
        struct jailparam *jp, *jp_desc;
        const char *name;
        char *value, *desc_value;
        int njp, jid;

        /* Create the parameter list and import the parameters. */
        va_start(ap, flags);
        va_copy(tap, ap);
        for (njp = 0; va_arg(tap, char *) != NULL; njp++)
                (void)va_arg(tap, char *);
        va_end(tap);
        jp = alloca(njp * sizeof(struct jailparam));
        jp_desc = NULL;
        desc_value = NULL;
        for (njp = 0; (name = va_arg(ap, char *)) != NULL; njp++) {
                value = va_arg(ap, char *);
                if (jailparam_init(jp + njp, name) < 0)
                        goto error;
                if (jailparam_import(jp + njp, value) < 0)
                        goto error;
                if (!strcmp(name, "desc") &&
                    (flags & (JAIL_GET_DESC | JAIL_OWN_DESC))) {
                        jp_desc = jp + njp;
                        desc_value = value;
                }
        }
        va_end(ap);
        jid = jailparam_set(jp, njp, flags);
        if (jid > 0 && jp_desc != NULL)
                sprintf(desc_value, "%d", *(int *)jp_desc->jp_value);
        jailparam_free(jp, njp);
        return (jid);

 error:
        jailparam_free(jp, njp);
        va_end(ap);
        return (-1);
}

/*
 * Read a null-terminated parameter list, get the referenced jail, and export
 * the parameters to the list.
 */
int
jail_getv(int flags, ...)
{
        va_list ap, tap;
        struct jailparam *jp, *jp_desc, *jp_lastjid, *jp_jid, *jp_name, *jp_key;
        char *valarg, *value;
        const char *name, *key_value, *desc_value, *lastjid_value, *jid_value;
        const char *name_value;
        int njp, i, jid;

        /* Create the parameter list and find the key. */
        va_start(ap, flags);
        va_copy(tap, ap);
        for (njp = 0; va_arg(tap, char *) != NULL; njp++)
                (void)va_arg(tap, char *);
        va_end(tap);

        jp = alloca(njp * sizeof(struct jailparam));
        va_copy(tap, ap);
        jp_desc = jp_lastjid = jp_jid = jp_name = NULL;
        desc_value = lastjid_value = jid_value = name_value = NULL;
        for (njp = 0; (name = va_arg(tap, char *)) != NULL; njp++) {
                value = va_arg(tap, char *);
                if (jailparam_init(jp + njp, name) < 0) {
                        va_end(tap);
                        goto error;
                }
                if (!strcmp(jp[njp].jp_name, "desc") &&
                    (flags & (JAIL_USE_DESC | JAIL_AT_DESC))) {
                        jp_desc = jp + njp;
                        desc_value = value;
                } else if (!strcmp(jp[njp].jp_name, "lastjid")) {
                        jp_lastjid = jp + njp;
                        lastjid_value = value;
                } else if (!strcmp(jp[njp].jp_name, "jid")) {
                        jp_jid = jp + njp;
                        jid_value = value;
                } if (!strcmp(jp[njp].jp_name, "name")) {
                        jp_name = jp + njp;
                        name_value = value;
                }
        }
        va_end(tap);
        /* Import the key parameter. */
        if (jp_desc != NULL && (flags & JAIL_USE_DESC)) {
                jp_key = jp_desc;
                key_value = desc_value;
        } else if (jp_lastjid != NULL) {
                jp_key = jp_lastjid;
                key_value = lastjid_value;
        } else if (jp_jid != NULL && strtol(jid_value, NULL, 10) != 0) {
                jp_key = jp_jid;
                key_value = jid_value;
        } else if (jp_name != NULL) {
                jp_key = jp_name;
                key_value = name_value;
        } else {
                strlcpy(jail_errmsg, "no jail specified", JAIL_ERRMSGLEN);
                errno = ENOENT;
                goto error;
        }
        if (jailparam_import(jp_key, key_value) < 0)
                goto error;
        if (jp_desc != NULL && jp_desc != jp_key &&
            jailparam_import(jp_desc, desc_value) < 0)
                goto error;
        /* Get the jail and export the parameters. */
        jid = jailparam_get(jp, njp, flags);
        if (jid < 0)
                goto error;
        for (i = 0; i < njp; i++) {
                (void)va_arg(ap, char *);
                valarg = va_arg(ap, char *);
                if (jp + i != jp_key) {
                        /* It's up to the caller to ensure there's room. */
                        if ((jp[i].jp_ctltype & CTLTYPE) == CTLTYPE_STRING)
                                strcpy(valarg, jp[i].jp_value);
                        else {
                                value = jailparam_export(jp + i);
                                if (value == NULL)
                                        goto error;
                                strcpy(valarg, value);
                                free(value);
                        }
                }
        }
        jailparam_free(jp, njp);
        va_end(ap);
        return (jid);

 error:
        jailparam_free(jp, njp);
        va_end(ap);
        return (-1);
}

/*
 * Return a list of all known parameters.
 */
int
jailparam_all(struct jailparam **jpp)
{
        struct jailparam *jp, *tjp;
        size_t mlen1, mlen2, buflen;
        unsigned njp, nlist;
        int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2];
        char buf[MAXPATHLEN];

        njp = 0;
        nlist = 32;
        jp = malloc(nlist * sizeof(*jp));
        if (jp == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (-1);
        }
        mib1[0] = 0;
        mib1[1] = 2;
        mlen1 = CTL_MAXNAME - 2;
        if (sysctlnametomib(SJPARAM, mib1 + 2, &mlen1) < 0) {
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "sysctlnametomib(" SJPARAM "): %s", strerror(errno));
                goto error;
        }
        for (;; njp++) {
                /* Get the next parameter. */
                mlen2 = sizeof(mib2);
                if (sysctl(mib1, mlen1 + 2, mib2, &mlen2, NULL, 0) < 0) {
                        if (errno == ENOENT) {
                                /* No more entries. */
                                break;
                        }
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "sysctl(0.2): %s", strerror(errno));
                        goto error;
                }
                if (mib2[0] != mib1[2] ||
                    mib2[1] != mib1[3] ||
                    mib2[2] != mib1[4])
                        break;
                /* Convert it to an ascii name. */
                memcpy(mib1 + 2, mib2, mlen2);
                mlen1 = mlen2 / sizeof(int);
                mib1[1] = 1;
                buflen = sizeof(buf);
                if (sysctl(mib1, mlen1 + 2, buf, &buflen, NULL, 0) < 0) {
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "sysctl(0.1): %s", strerror(errno));
                        goto error;
                }
                if (buf[buflen - 2] == '.')
                        buf[buflen - 2] = '\0';
                /* Add the parameter to the list */
                if (njp >= nlist) {
                        nlist *= 2;
                        tjp = reallocarray(jp, nlist, sizeof(*jp));
                        if (tjp == NULL)
                                goto error;
                        jp = tjp;
                }
                if (jailparam_init(jp + njp, buf + sizeof(SJPARAM)) < 0)
                        goto error;
                mib1[1] = 2;
        }
        /* Just return the untrimmed buffer if reallocarray() somehow fails. */
        tjp = reallocarray(jp, njp, sizeof(*jp));
        if (tjp != NULL)
                jp = tjp;
        *jpp = jp;
        return (njp);

 error:
        jailparam_free(jp, njp);
        free(jp);
        return (-1);
}

/*
 * Clear a jail parameter and copy in its name.
 */
int
jailparam_init(struct jailparam *jp, const char *name)
{

        memset(jp, 0, sizeof(*jp));
        jp->jp_name = strdup(name);
        if (jp->jp_name == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (-1);
        }
        if (jailparam_type(jp) < 0) {
                jailparam_free(jp, 1);
                jp->jp_name = NULL;
                jp->jp_value = NULL;
                return (-1);
        }
        return (0);
}

/*
 * Put a name and value into a jail parameter element, converting the value
 * to internal form.
 */
int
jailparam_import(struct jailparam *jp, const char *value)
{
        char *p, *ep, *tvalue;
        const char *avalue;
        const struct jp_structdef *jpsdef;
        int i, nval, fw;

        if (value == NULL)
                return (0);
        if ((jp->jp_ctltype & CTLTYPE) == CTLTYPE_STRING) {
                jp->jp_value = strdup(value);
                if (jp->jp_value == NULL) {
                        strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                        return (-1);
                }
                return (0);
        }
        nval = 1;
        if (jp->jp_elemlen) {
                if (value[0] == '\0' || (value[0] == '-' && value[1] == '\0')) {
                        jp->jp_value = strdup("");
                        if (jp->jp_value == NULL) {
                                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                                return (-1);
                        }
                        jp->jp_valuelen = 0;
                        return (0);
                }
                for (p = strchr(value, ','); p; p = strchr(p + 1, ','))
                        nval++;
                jp->jp_valuelen = jp->jp_elemlen * nval;
        }
        jp->jp_value = malloc(jp->jp_valuelen);
        if (jp->jp_value == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (-1);
        }
        avalue = value;
        for (i = 0; i < nval; i++) {
                fw = nval == 1 ? strlen(avalue) : strcspn(avalue, ",");
                switch (jp->jp_ctltype & CTLTYPE) {
                case CTLTYPE_INT:
                        if (jp->jp_flags & (JP_BOOL | JP_NOBOOL)) {
                                if (!jailparam_import_enum(bool_values, 2,
                                    avalue, fw, &((int *)jp->jp_value)[i])) {
                                        snprintf(jail_errmsg,
                                            JAIL_ERRMSGLEN, "%s: "
                                            "unknown boolean value \"%.*s\"",
                                            jp->jp_name, fw, avalue);
                                        errno = EINVAL;
                                        goto error;
                                }
                                break;
                        }
                        if (jp->jp_flags & JP_JAILSYS) {
                                /*
                                 * Allow setting a jailsys parameter to "new"
                                 * in a booleanesque fashion.
                                 */
                                if (value[0] == '\0')
                                        ((int *)jp->jp_value)[i] = JAIL_SYS_NEW;
                                else if (!jailparam_import_enum(jailsys_values,
                                    sizeof(jailsys_values) /
                                    sizeof(jailsys_values[0]), avalue, fw,
                                    &((int *)jp->jp_value)[i])) {
                                        snprintf(jail_errmsg,
                                            JAIL_ERRMSGLEN, "%s: "
                                            "unknown jailsys value \"%.*s\"",
                                            jp->jp_name, fw, avalue);
                                        errno = EINVAL;
                                        goto error;
                                }
                                break;
                        }
                        ((int *)jp->jp_value)[i] = strtol(avalue, &ep, 10);
                integer_test:
                        if (ep != avalue + fw) {
                                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                                    "%s: non-integer value \"%.*s\"",
                                    jp->jp_name, fw, avalue);
                                errno = EINVAL;
                                goto error;
                        }
                        break;
                case CTLTYPE_UINT:
                        ((unsigned *)jp->jp_value)[i] =
                            strtoul(avalue, &ep, 10);
                        goto integer_test;
                case CTLTYPE_LONG:
                        ((long *)jp->jp_value)[i] = strtol(avalue, &ep, 10);
                        goto integer_test;
                case CTLTYPE_ULONG:
                        ((unsigned long *)jp->jp_value)[i] =
                            strtoul(avalue, &ep, 10);
                        goto integer_test;
                case CTLTYPE_S64:
                        ((int64_t *)jp->jp_value)[i] =
                            strtoimax(avalue, &ep, 10);
                        goto integer_test;
                case CTLTYPE_U64:
                        ((uint64_t *)jp->jp_value)[i] =
                            strtoumax(avalue, &ep, 10);
                        goto integer_test;
                case CTLTYPE_STRUCT:
                        tvalue = alloca(fw + 1);
                        strlcpy(tvalue, avalue, fw + 1);

                        if (jp->jp_structtype == -1)
                                goto unknown_type;

                        jpsdef = &jp_structdefs[jp->jp_structtype];
                        if ((*jpsdef->jps_import)(jp, i, tvalue) != 0)
                                goto error;
                        break;
                default:
                unknown_type:
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "unknown type for %s", jp->jp_name);
                        errno = ENOENT;
                        goto error;
                }
                avalue += fw + 1;
        }
        return (0);

 error:
        free(jp->jp_value);
        jp->jp_value = NULL;
        return (-1);
}

static int
jailparam_import_enum(const char **values, int nvalues, const char *valstr,
    size_t valsize, int *value)
{
        char *ep;
        int i;

        for (i = 0; i < nvalues; i++)
                if (valsize == strlen(values[i]) &&
                    !strncasecmp(valstr, values[i], valsize)) {
                        *value = i;
                        return 1;
                }
        *value = strtol(valstr, &ep, 10);
        return (ep == valstr + valsize);
}

/*
 * Put a name and value into a jail parameter element, copying the value
 * but not altering it.
 */
int
jailparam_import_raw(struct jailparam *jp, void *value, size_t valuelen)
{

        jp->jp_value = value;
        jp->jp_valuelen = valuelen;
        jp->jp_flags |= JP_RAWVALUE;
        return (0);
}

/*
 * Run the jail_set and jail_get system calls on a parameter list.
 */
int
jailparam_set(struct jailparam *jp, unsigned njp, int flags)
{
        struct iovec *jiov;
        char *nname;
        int i, jid, bool0;
        unsigned j;

        jiov = alloca(sizeof(struct iovec) * 2 * (njp + 1));
        bool0 = 0;
        for (i = j = 0; j < njp; j++) {
                jiov[i].iov_base = jp[j].jp_name;
                jiov[i].iov_len = strlen(jp[j].jp_name) + 1;
                i++;
                if (jp[j].jp_flags & (JP_BOOL | JP_NOBOOL)) {
                        /*
                         * Set booleans without values.  If one has a value of
                         * zero, change it to (or from) its "no" counterpart.
                         */
                        jiov[i].iov_base = NULL;
                        jiov[i].iov_len = 0;
                        if (jp[j].jp_value != NULL &&
                            jp[j].jp_valuelen == sizeof(int) &&
                            !*(int *)jp[j].jp_value) {
                                bool0 = 1;
                                nname = jp[j].jp_flags & JP_BOOL
                                    ? noname(jp[j].jp_name)
                                    : nononame(jp[j].jp_name);
                                if (nname == NULL) {
                                        njp = j;
                                        jid = -1;
                                        goto done;
                                }
                                jiov[i - 1].iov_base = nname;
                                jiov[i - 1].iov_len = strlen(nname) + 1;
                                
                        }
                } else if (jp[j].jp_flags & JP_KEYVALUE &&
                    jp[j].jp_value == NULL) {
                        /* No value means key removal. */
                        jiov[i].iov_base = NULL;
                        jiov[i].iov_len = 0;
                } else if (jps_set(&jp[j], &jiov[i]) != 0) {
                        /*
                         * Try to fill in missing values with an empty string.
                         */
                        if (jp[j].jp_value == NULL && jp[j].jp_valuelen > 0 &&
                            jailparam_import(jp + j, "") < 0) {
                                njp = j;
                                jid = -1;
                                goto done;
                        }
                        jiov[i].iov_base = jp[j].jp_value;
                        jiov[i].iov_len =
                            (jp[j].jp_ctltype & CTLTYPE) == CTLTYPE_STRING
                            ? strlen(jp[j].jp_value) + 1
                            : jp[j].jp_valuelen;
                }
                i++;
        }
        jiov[i].iov_base = __DECONST(char *, "errmsg");
        jiov[i].iov_len = sizeof("errmsg");
        i++;
        jiov[i].iov_base = jail_errmsg;
        jiov[i].iov_len = JAIL_ERRMSGLEN;
        i++;
        jail_errmsg[0] = 0;
        jid = jail_set(jiov, i, flags);
        if (jid < 0 && !jail_errmsg[0])
                snprintf(jail_errmsg, sizeof(jail_errmsg), "jail_set: %s",
                    strerror(errno));
 done:
        if (bool0)
                for (j = 0; j < njp; j++)
                        if ((jp[j].jp_flags & (JP_BOOL | JP_NOBOOL)) &&
                            jp[j].jp_value != NULL &&
                            jp[j].jp_valuelen == sizeof(int) &&
                            !*(int *)jp[j].jp_value)
                                free(jiov[j * 2].iov_base);
        return (jid);
}

int
jailparam_get(struct jailparam *jp, unsigned njp, int flags)
{
        struct iovec *jiov;
        struct jailparam *jp_desc, *jp_lastjid, *jp_jid, *jp_name, *jp_key;
        int i, ai, ki, jid, arrays, processed, sanity;
        unsigned j;

        /*
         * Get the types for all parameters.
         * Find the key and any array parameters.
         */
        jiov = alloca(sizeof(struct iovec) * 2 * (njp + 1));
        jp_desc = jp_lastjid = jp_jid = jp_name = NULL;
        arrays = 0;
        for (ai = j = 0; j < njp; j++) {
                if (!strcmp(jp[j].jp_name, "desc") &&
                    (flags & (JAIL_USE_DESC | JAIL_AT_DESC)))
                        jp_desc = jp + j;
                else if (!strcmp(jp[j].jp_name, "lastjid"))
                        jp_lastjid = jp + j;
                else if (!strcmp(jp[j].jp_name, "jid"))
                        jp_jid = jp + j;
                else if (!strcmp(jp[j].jp_name, "name"))
                        jp_name = jp + j;
                else if (jp[j].jp_elemlen && !(jp[j].jp_flags & JP_RAWVALUE)) {
                        arrays = 1;
                        jiov[ai].iov_base = jp[j].jp_name;
                        jiov[ai].iov_len = strlen(jp[j].jp_name) + 1;
                        ai++;
                        jiov[ai].iov_base = NULL;
                        jiov[ai].iov_len = 0;
                        ai++;
                }
        }
        jp_key = jp_desc && jp_desc->jp_valuelen == sizeof(int) &&
            jp_desc->jp_value && (flags & JAIL_USE_DESC) ? jp_desc :
            jp_lastjid ? jp_lastjid :
            jp_jid && jp_jid->jp_valuelen == sizeof(int) &&
            jp_jid->jp_value && *(int *)jp_jid->jp_value ? jp_jid : jp_name;
        if (jp_key == NULL || jp_key->jp_value == NULL) {
                strlcpy(jail_errmsg, "no jail specified", JAIL_ERRMSGLEN);
                errno = ENOENT;
                return (-1);
        }
        ki = ai;
        jiov[ki].iov_base = jp_key->jp_name;
        jiov[ki].iov_len = strlen(jp_key->jp_name) + 1;
        ki++;
        jiov[ki].iov_base = jp_key->jp_value;
        jiov[ki].iov_len = (jp_key->jp_ctltype & CTLTYPE) == CTLTYPE_STRING
            ? strlen(jp_key->jp_value) + 1 : jp_key->jp_valuelen;
        ki++;
        jiov[ki].iov_base = __DECONST(char *, "errmsg");
        jiov[ki].iov_len = sizeof("errmsg");
        ki++;
        jiov[ki].iov_base = jail_errmsg;
        jiov[ki].iov_len = JAIL_ERRMSGLEN;
        ki++;
        jail_errmsg[0] = 0;
        if (jp_desc != NULL && jp_desc != jp_key) {
                jiov[ki].iov_base = jp_desc->jp_name;
                jiov[ki].iov_len = strlen(jp_desc->jp_name) + 1;
                ki++;
                jiov[ki].iov_base = jp_desc->jp_value;
                jiov[ki].iov_len = jp_desc->jp_valuelen;
                ki++;
        }
        if (arrays && jail_get(jiov, ki, flags) < 0) {
                if (!jail_errmsg[0])
                        snprintf(jail_errmsg, sizeof(jail_errmsg),
                            "jail_get: %s", strerror(errno));
                return (-1);
        }
        /* Allocate storage for all parameters. */
        for (ai = j = 0, i = ki; j < njp; j++) {
                if (jp[j].jp_elemlen && !(jp[j].jp_flags & JP_RAWVALUE)) {
                        ai++;
                        jiov[ai].iov_len += jp[j].jp_elemlen * ARRAY_SLOP;
                        if (jp[j].jp_valuelen >= jiov[ai].iov_len)
                                jiov[ai].iov_len = jp[j].jp_valuelen;
                        else {
                                jp[j].jp_valuelen = jiov[ai].iov_len;
                                if (jp[j].jp_value != NULL)
                                        free(jp[j].jp_value);
                                jp[j].jp_value = malloc(jp[j].jp_valuelen);
                                if (jp[j].jp_value == NULL) {
                                        strerror_r(errno, jail_errmsg,
                                            JAIL_ERRMSGLEN);
                                        return (-1);
                                }
                        }
                        jiov[ai].iov_base = jp[j].jp_value;
                        memset(jiov[ai].iov_base, 0, jiov[ai].iov_len);
                        ai++;
                } else if (jp + j != jp_key && jp + j != jp_desc) {
                        jiov[i].iov_base = jp[j].jp_name;
                        jiov[i].iov_len = strlen(jp[j].jp_name) + 1;
                        i++;
                        if (jp[j].jp_value == NULL &&
                            !(jp[j].jp_flags & JP_RAWVALUE)) {
                                jp[j].jp_value = malloc(jp[j].jp_valuelen);
                                if (jp[j].jp_value == NULL) {
                                        strerror_r(errno, jail_errmsg,
                                            JAIL_ERRMSGLEN);
                                        return (-1);
                                }

                                /*
                                 * Returns -1 on error, or # index populated on
                                 * success.  0 is perfectly valid for a type
                                 * that may want to simply initialize the value
                                 * as needed.
                                 */
                                processed = jps_get(&jp[j], &jiov[i]);
                                if (processed == -1) {
                                        return (-1);
                                } else if (processed > 0) {
                                        /*
                                         * The above math for jiov sizing does
                                         * not really account for one param
                                         * expanding to multiple entries.
                                         */
                                        assert(processed == 1);
                                        i += processed;
                                        continue;
                                }
                        }
                        jiov[i].iov_base = jp[j].jp_value;
                        jiov[i].iov_len = jp[j].jp_valuelen;
                        memset(jiov[i].iov_base, 0, jiov[i].iov_len);
                        i++;
                }
        }
        /*
         * Get the prison.  If there are array elements, retry a few times
         * in case their sizes changed from under us.
         */
        for (sanity = 0;; sanity++) {
                jid = jail_get(jiov, i, flags);
                if (jid >= 0 || !arrays || sanity == ARRAY_SANITY ||
                    errno != EINVAL || jail_errmsg[0])
                        break;
                for (ai = j = 0; j < njp; j++) {
                        if (jp[j].jp_elemlen &&
                            !(jp[j].jp_flags & JP_RAWVALUE)) {
                                ai++;
                                jiov[ai].iov_base = NULL;
                                jiov[ai].iov_len = 0;
                                ai++;
                        }
                }
                if (jail_get(jiov, ki, flags) < 0)
                        break;
                for (ai = j = 0; j < njp; j++) {
                        if (jp[j].jp_elemlen &&
                            !(jp[j].jp_flags & JP_RAWVALUE)) {
                                ai++;
                                jiov[ai].iov_len +=
                                    jp[j].jp_elemlen * ARRAY_SLOP;
                                if (jp[j].jp_valuelen >= jiov[ai].iov_len)
                                        jiov[ai].iov_len = jp[j].jp_valuelen;
                                else {
                                        jp[j].jp_valuelen = jiov[ai].iov_len;
                                        if (jp[j].jp_value != NULL)
                                                free(jp[j].jp_value);
                                        jp[j].jp_value =
                                            malloc(jiov[ai].iov_len);
                                        if (jp[j].jp_value == NULL) {
                                                strerror_r(errno, jail_errmsg,
                                                    JAIL_ERRMSGLEN);
                                                return (-1);
                                        }
                                }
                                jiov[ai].iov_base = jp[j].jp_value;
                                memset(jiov[ai].iov_base, 0, jiov[ai].iov_len);
                                ai++;
                        }
                }
        }
        if (jid < 0 && !jail_errmsg[0])
                snprintf(jail_errmsg, sizeof(jail_errmsg),
                    "jail_get: %s", strerror(errno));
        for (ai = j = 0, i = ki; j < njp; j++) {
                if (jp[j].jp_elemlen && !(jp[j].jp_flags & JP_RAWVALUE)) {
                        ai++;
                        jp[j].jp_valuelen = jiov[ai].iov_len;
                        ai++;
                } else if (jp + j != jp_key) {
                        i++;
                        jp[j].jp_valuelen = jiov[i].iov_len;
                        i++;
                }
        }
        return (jid);
}

/*
 * Convert a jail parameter's value to external form.
 */
char *
jailparam_export(struct jailparam *jp)
{
        size_t *valuelens;
        char *value, *tvalue, **values;
        const struct jp_structdef *jpsdef;
        size_t valuelen;
        int i, nval, ival;
        char valbuf[INET6_ADDRSTRLEN];

        if (jp->jp_value == NULL) {
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "parameter %s was not imported", jp->jp_name);
                errno = EINVAL;
                return (NULL);
        }
        if ((jp->jp_ctltype & CTLTYPE) == CTLTYPE_STRING) {
                value = strdup(jp->jp_value);
                if (value == NULL)
                        strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (value);
        }
        nval = jp->jp_elemlen ? jp->jp_valuelen / jp->jp_elemlen : 1;
        if (nval == 0) {
                value = strdup("");
                if (value == NULL)
                        strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (value);
        }
        values = alloca(nval * sizeof(char *));
        valuelens = alloca(nval * sizeof(size_t));
        valuelen = 0;
        for (i = 0; i < nval; i++) {
                switch (jp->jp_ctltype & CTLTYPE) {
                case CTLTYPE_INT:
                        ival = ((int *)jp->jp_value)[i];
                        if ((jp->jp_flags & (JP_BOOL | JP_NOBOOL)) &&
                            (unsigned)ival < 2) {
                                strlcpy(valbuf, bool_values[ival],
                                    sizeof(valbuf));
                                break;
                        }
                        if ((jp->jp_flags & JP_JAILSYS) &&
                            (unsigned)ival < sizeof(jailsys_values) /
                            sizeof(jailsys_values[0])) {
                                strlcpy(valbuf, jailsys_values[ival],
                                    sizeof(valbuf));
                                break;
                        }
                        snprintf(valbuf, sizeof(valbuf), "%d", ival);
                        break;
                case CTLTYPE_UINT:
                        snprintf(valbuf, sizeof(valbuf), "%u",
                            ((unsigned *)jp->jp_value)[i]);
                        break;
                case CTLTYPE_LONG:
                        snprintf(valbuf, sizeof(valbuf), "%ld",
                            ((long *)jp->jp_value)[i]);
                        break;
                case CTLTYPE_ULONG:
                        snprintf(valbuf, sizeof(valbuf), "%lu",
                            ((unsigned long *)jp->jp_value)[i]);
                        break;
                case CTLTYPE_S64:
                        snprintf(valbuf, sizeof(valbuf), "%jd",
                            (intmax_t)((int64_t *)jp->jp_value)[i]);
                        break;
                case CTLTYPE_U64:
                        snprintf(valbuf, sizeof(valbuf), "%ju",
                            (uintmax_t)((uint64_t *)jp->jp_value)[i]);
                        break;
                case CTLTYPE_STRUCT:
                        if (jp->jp_structtype == -1)
                                goto unknown_type;

                        jpsdef = &jp_structdefs[jp->jp_structtype];
                        value = (*jpsdef->jps_export)(jp, i);
                        if (value == NULL) {
                                strerror_r(errno, jail_errmsg,
                                    JAIL_ERRMSGLEN);
                                return (NULL);
                        }

                        valuelens[i] = strlen(value) + 1;
                        valuelen += valuelens[i];
                        values[i] = alloca(valuelens[i]);
                        strcpy(values[i], value);

                        free(value);
                        value = NULL;
                        continue;       /* Value already added to values[] */
                default:
                unknown_type:
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "unknown type for %s", jp->jp_name);
                        errno = ENOENT;
                        return (NULL);
                }
                valuelens[i] = strlen(valbuf) + 1;
                valuelen += valuelens[i];
                values[i] = alloca(valuelens[i]);
                strcpy(values[i], valbuf);
        }
        value = malloc(valuelen);
        if (value == NULL)
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
        else {
                tvalue = value;
                for (i = 0; i < nval; i++) {
                        strcpy(tvalue, values[i]);
                        if (i < nval - 1) {
                                tvalue += valuelens[i];
                                tvalue[-1] = ',';
                        }
                }
        }
        return (value);
}

/*
 * Free the contents of a jail parameter list (but not the list itself).
 */
void
jailparam_free(struct jailparam *jp, unsigned njp)
{

        unsigned j;

        for (j = 0; j < njp; j++) {
                free(jp[j].jp_name);
                if (!(jp[j].jp_flags & JP_RAWVALUE)) {
                        jps_free(&jp[j]);
                        free(jp[j].jp_value);
                }
        }
}

/*
 * Find a parameter's type and size from its MIB.
 */
static int
jailparam_type(struct jailparam *jp)
{
        char *p, *name, *nname;
        size_t miblen, desclen;
        int i, isarray;
        struct {
            int i;
            char s[MAXPATHLEN];
        } desc;
        int mib[CTL_MAXNAME];

        /*
         * Some pseudo-parameters don't show up in the sysctl
         * parameter list.
         */
        name = jp->jp_name;
        if (!strcmp(name, "lastjid")) {
                jp->jp_valuelen = sizeof(int);
                jp->jp_ctltype = CTLTYPE_INT | CTLFLAG_WR;
                return (0);
        }
        if (!strcmp(name, "desc")) {
                jp->jp_valuelen = sizeof(int);
                jp->jp_ctltype = CTLTYPE_INT | CTLFLAG_RW;
                return (0);
        }

        /* Find the sysctl that describes the parameter. */
        mib[0] = 0;
        mib[1] = 3;
        snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", name);
        miblen = sizeof(mib) - 2 * sizeof(int);
        if (sysctl(mib, 2, mib + 2, &miblen, desc.s, strlen(desc.s)) < 0) {
                if (errno != ENOENT) {
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "sysctl(0.3.%s): %s", name, strerror(errno));
                        return (-1);
                }
                if (kldload_param(name) >= 0 && sysctl(mib, 2, mib + 2, &miblen,
                    desc.s, strlen(desc.s)) >= 0)
                        goto mib_desc;
                /*
                 * The parameter probably doesn't exist.  But it might be
                 * the "no" counterpart to a boolean.
                 */
                nname = nononame(name);
                if (nname != NULL) {
                        snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
                        miblen = sizeof(mib) - 2 * sizeof(int);
                        if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
                            strlen(desc.s)) >= 0) {
                                name = alloca(strlen(nname) + 1);
                                strcpy(name, nname);
                                free(nname);
                                jp->jp_flags |= JP_NOBOOL;
                                goto mib_desc;
                        }
                        free(nname);
                }
                /*
                 * It might be an assumed sub-node of a fmt='A,keyvalue' sysctl.
                 */
                nname = kvname(name);
                if (nname != NULL) {
                        snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
                        miblen = sizeof(mib) - 2 * sizeof(int);
                        if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
                            strlen(desc.s)) >= 0) {
                                name = alloca(strlen(nname) + 1);
                                strcpy(name, nname);
                                free(nname);
                                jp->jp_flags |= JP_KEYVALUE;
                                goto mib_desc;
                        }
                        free(nname);
                }
unknown_parameter:
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "unknown parameter: %s", jp->jp_name);
                errno = ENOENT;
                return (-1);
        }
 mib_desc:
        mib[1] = 4;
        desclen = sizeof(desc);
        if (sysctl(mib, (miblen / sizeof(int)) + 2, &desc, &desclen,
            NULL, 0) < 0) {
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "sysctl(0.4.%s): %s", name, strerror(errno));
                return (-1);
        }
        jp->jp_ctltype = desc.i;
        /* If this came from removing a "no", it better be a boolean. */
        if (jp->jp_flags & JP_NOBOOL) {
                if ((desc.i & CTLTYPE) == CTLTYPE_INT && desc.s[0] == 'B') {
                        jp->jp_valuelen = sizeof(int);
                        return (0);
                }
                else if ((desc.i & CTLTYPE) != CTLTYPE_NODE)
                        goto unknown_parameter;
        }
        /* Make sure it is a valid keyvalue param. */
        if (jp->jp_flags & JP_KEYVALUE) {
                if ((desc.i & CTLTYPE) != CTLTYPE_STRING ||
                    strcmp(desc.s, "A,keyvalue") != 0)
                        goto unknown_parameter;
        }
        /* See if this is an array type. */
        p = strchr(desc.s, '\0');
        isarray  = 0;
        if (p - 2 < desc.s || strcmp(p - 2, ",a"))
                isarray = 0;
        else {
                isarray = 1;
                p[-2] = 0;
        }
        /* Look for types we understand. */
        switch (desc.i & CTLTYPE) {
        case CTLTYPE_INT:
                if (desc.s[0] == 'B')
                        jp->jp_flags |= JP_BOOL;
                else if (!strcmp(desc.s, "E,jailsys"))
                        jp->jp_flags |= JP_JAILSYS;
        case CTLTYPE_UINT:
                jp->jp_valuelen = sizeof(int);
                break;
        case CTLTYPE_LONG:
        case CTLTYPE_ULONG:
                jp->jp_valuelen = sizeof(long);
                break;
        case CTLTYPE_S64:
        case CTLTYPE_U64:
                jp->jp_valuelen = sizeof(int64_t);
                break;
        case CTLTYPE_STRING:
                desc.s[0] = 0;
                desclen = sizeof(desc.s);
                if (sysctl(mib + 2, miblen / sizeof(int), desc.s, &desclen,
                    NULL, 0) < 0) {
                        snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                            "sysctl(" SJPARAM ".%s): %s", name,
                            strerror(errno));
                        return (-1);
                }
                jp->jp_valuelen = strtoul(desc.s, NULL, 10);
                break;
        case CTLTYPE_STRUCT: {
                const struct jp_structdef *jpsdef;

                jpsdef = jp_structinfo(desc.s, &jp->jp_structtype);
                if (jpsdef != NULL) {
                        assert(jp->jp_structtype >= 0);

                        jp->jp_valuelen = jpsdef->jps_valuelen;
                } else {
                        assert(jp->jp_structtype == -1);

                        desclen = 0;
                        if (sysctl(mib + 2, miblen / sizeof(int),
                            NULL, &jp->jp_valuelen, NULL, 0) < 0) {
                                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                                    "sysctl(" SJPARAM ".%s): %s", name,
                                    strerror(errno));
                                return (-1);
                        }
                }
                break;
        }
        case CTLTYPE_NODE:
                /*
                 * A node might be described by an empty-named child,
                 * which would be immediately before or after the node itself.
                 */
                mib[1] = 1;
                miblen += sizeof(int);
                for (i = -1; i <= 1; i += 2) {
                        mib[(miblen / sizeof(int)) + 1] =
                            mib[(miblen / sizeof(int))] + i;
                        desclen = sizeof(desc.s);
                        if (sysctl(mib, (miblen / sizeof(int)) + 2, desc.s,
                            &desclen, NULL, 0) < 0) {
                                if (errno == ENOENT)
                                        continue;
                                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                                    "sysctl(0.1): %s", strerror(errno));
                                return (-1);
                        }
                        if (desclen == sizeof(SJPARAM) + strlen(name) + 2 &&
                            memcmp(SJPARAM ".", desc.s, sizeof(SJPARAM)) == 0 &&
                            memcmp(name, desc.s + sizeof(SJPARAM),
                            desclen - sizeof(SJPARAM) - 2) == 0 &&
                            desc.s[desclen - 2] == '.')
                                goto mib_desc;
                }
                goto unknown_parameter;
        default:
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "unknown type for %s", jp->jp_name);
                errno = ENOENT;
                return (-1);
        }
        if (isarray) {
                jp->jp_elemlen = jp->jp_valuelen;
                jp->jp_valuelen = 0;
        }
        return (0);
}

/*
 * Attempt to load a kernel module matching an otherwise nonexistent parameter.
 */
static int
kldload_param(const char *name)
{
        int kl;

        if (strcmp(name, "linux") == 0 || strncmp(name, "linux.", 6) == 0)
                kl = kldload("linux");
        else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") == 0 ||
            strcmp(name, "sysvshm") == 0)
                kl = kldload(name);
        else if (strncmp(name, "allow.mount.", 12) == 0) {
                /* Load the matching filesystem */
                const char *modname = name + 12;

                kl = kldload(modname);
                if (kl < 0 && errno == ENOENT &&
                    strncmp(modname, "no", 2) == 0)
                        kl = kldload(modname + 2);
        } else {
                errno = ENOENT;
                return (-1);
        }
        if (kl < 0 && errno == EEXIST) {
                /*
                 * In the module is already loaded, then it must not contain
                 * the parameter.
                 */
                errno = ENOENT;
        }
        return kl;
}

/*
 * Change a boolean parameter name into its "no" counterpart or vice versa.
 */
static char *
noname(const char *name)
{
        char *nname, *p;

        nname = malloc(strlen(name) + 3);
        if (nname == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (NULL);
        }
        p = strrchr(name, '.');
        if (p != NULL)
                sprintf(nname, "%.*s.no%s", (int)(p - name), name, p + 1);
        else
                sprintf(nname, "no%s", name);
        return (nname);
}

static char *
nononame(const char *name)
{
        char *p, *nname;

        p = strrchr(name, '.');
        if (strncmp(p ? p + 1 : name, "no", 2)) {
                snprintf(jail_errmsg, sizeof(jail_errmsg),
                    "mismatched boolean: %s", name);
                errno = EINVAL;
                return (NULL);
        }
        nname = malloc(strlen(name) - 1);
        if (nname == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (NULL);
        }
        if (p != NULL)
                sprintf(nname, "%.*s.%s", (int)(p - name), name, p + 3);
        else
                strcpy(nname, name + 2);
        return (nname);
}

static char *
kvname(const char *name)
{
        const char *p;
        char *kvname;
        size_t len;

        p = strchr(name, '.');
        if (p == NULL)
                return (NULL);

        len = p - name;
        kvname = malloc(len + 1);
        if (kvname == NULL) {
                strerror_r(errno, jail_errmsg, JAIL_ERRMSGLEN);
                return (NULL);
        }
        strncpy(kvname, name, len);
        kvname[len] = '\0';

        return (kvname);
}

static int
jps_get(struct jailparam *jp, struct iovec *jiov)
{
        const struct jp_structdef *jpsdef;

        jpsdef = JPSDEF_OF(jp);
        if (jpsdef == NULL || jpsdef->jps_get == NULL)
                return (0);     /* Nop, but not an error. */

        return ((jpsdef->jps_get)(jp, jiov));
}

static int
jps_set(const struct jailparam *jp, struct iovec *jiov)
{
        const struct jp_structdef *jpsdef;

        jpsdef = JPSDEF_OF(jp);
        if (jpsdef == NULL || jpsdef->jps_set == NULL)
                return (EINVAL);        /* Unhandled */

        return ((jpsdef->jps_set)(jp, jiov));
}

static void
jps_free(struct jailparam *jp)
{
        const struct jp_structdef *jpsdef;

        jpsdef = JPSDEF_OF(jp);
        if (jpsdef == NULL)
                return;

        if (jpsdef->jps_free != NULL)
                jpsdef->jps_free(jp);
}

static int
jps_import_in_addr(const struct jailparam *jp, int i, const char *value)
{
        struct in_addr *addr;

        addr = &((struct in_addr *)jp->jp_value)[i];
        if (inet_pton(AF_INET, value, addr) != 1) {
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "%s: not an IPv4 address: %s", jp->jp_name, value);
                errno = EINVAL;
                return (-1);
        }

        return (0);
}

static int
jps_import_in6_addr(const struct jailparam *jp, int i, const char *value)
{
        struct in6_addr *addr6;

        addr6 = &((struct in6_addr *)jp->jp_value)[i];
        if (inet_pton(AF_INET6, value, addr6) != 1) {
                snprintf(jail_errmsg, JAIL_ERRMSGLEN,
                    "%s: not an IPv6 address: %s", jp->jp_name, value);
                errno = EINVAL;
                return (-1);
        }

        return (0);
}

static int
jps_import_mac_label(const struct jailparam *jp, int i, const char *value)
{
        mac_t *pmac;

        pmac = &((mac_t *)jp->jp_value)[i];
        if (mac_from_text(pmac, value) != 0) {
                int serrno = errno;

                snprintf(jail_errmsg, JAIL_ERRMSGLEN, "%s: mac_from_text: %s",
                    jp->jp_name, strerror(errno));
                errno = serrno;
                return (-1);
        }

        return (0);
}

static char *
jps_export_in_addr(const struct jailparam *jp, int i)
{
        struct in_addr *addr;
        char valbuf[INET_ADDRSTRLEN];

        addr = &((struct in_addr *)jp->jp_value)[i];
        if (inet_ntop(AF_INET, addr, valbuf, sizeof(valbuf)) == NULL)
                return (NULL);

        /* Error checked by caller. */
        return (strdup(valbuf));
}

static char *
jps_export_in6_addr(const struct jailparam *jp, int i)
{
        struct in6_addr *addr6;
        char valbuf[INET6_ADDRSTRLEN];

        addr6 = &((struct in6_addr *)jp->jp_value)[i];
        if (inet_ntop(AF_INET6, addr6, valbuf, sizeof(valbuf)) == NULL)
                return (NULL);

        /* Error checked by caller. */
        return (strdup(valbuf));
}

static char *
jps_export_mac_label(const struct jailparam *jp, int i)
{
        mac_t *macp;
        char *labelbuf;
        int error;

        macp = &((mac_t *)jp->jp_value)[i];
        error = mac_to_text(*macp, &labelbuf);
        if (error != 0)
                return (NULL);

        return (labelbuf);
}

static int
jps_get_mac_label(struct jailparam *jp, struct iovec *jiov)
{
        mac_t *pmac = jp->jp_value;
        int error;

        error = mac_prepare_type(pmac, "jail");
        if (error != 0 && errno == ENOENT) {
                /*
                 * We special-case the scenario where a system has a custom
                 * mac.conf(5) that doesn't include a jail entry -- just let
                 * an empty label slide.
                 */
                error = mac_prepare(pmac, "?");
        }
        if (error != 0) {
                int serrno = errno;

                free(jp->jp_value);
                jp->jp_value = NULL;

                strerror_r(serrno, jail_errmsg, JAIL_ERRMSGLEN);
                errno = serrno;
                return (-1);
        }

        /*
         * MAC label gets special handling because libjail internally maintains
         * it as a pointer to a mac_t, but we actually want to pass the mac_t
         * itself.  We don't want the jailparam_get() zeroing behavior, as it's
         * initialized by us.
         */
        jiov->iov_base = *pmac;
        jiov->iov_len = sizeof(**pmac);
        return (1);
}

static int
jps_set_mac_label(const struct jailparam *jp, struct iovec *jiov)
{
        mac_t *pmac;

        /*
         * MAC label gets special handling because libjail internally
         * maintains it as a pointer to a mac_t, but we actually want to
         * pass the mac_t itself.
         */
        pmac = jp->jp_value;
        if (pmac != NULL) {
                jiov->iov_base = *pmac;
                jiov->iov_len = sizeof(**pmac);
        } else {
                jiov->iov_base = NULL;
                jiov->iov_len = 0;
        }

        return (0);
}

static void
jps_free_mac_label(struct jailparam *jp)
{
        mac_t *pmac = jp->jp_value;

        if (pmac != NULL)
                mac_free(*pmac);
}
FreeBSD
