6 files changed, 111 insertions, 0 deletions

diff --git a/Userland/Libraries/LibCore/System.cpp b/Userland/Libraries/LibCore/System.cpp
index 3490f33818..2a0e345e6c 100644
--- a/Userland/Libraries/LibCore/System.cpp
+++ b/Userland/Libraries/LibCore/System.cpp
@@ -1000,6 +1000,20 @@ ErrorOr<void> exec_command(Vector<StringView>& command, bool preserve_env)
     TRY(Core::System::exec(command.at(0), command, Core::System::SearchInPath::Yes, exec_environment));
     return {};
 }
+
+ErrorOr<void> join_jail(u64 jail_index)
+{
+    Syscall::SC_jail_attach_params params { jail_index };
+    int rc = syscall(SC_jail_attach, &params);
+    HANDLE_SYSCALL_RETURN_VALUE("jail_attach", rc, {});
+}
+
+ErrorOr<u64> create_jail(StringView jail_name)
+{
+    Syscall::SC_jail_create_params params { 0, { jail_name.characters_without_null_termination(), jail_name.length() } };
+    int rc = syscall(SC_jail_create, &params);
+    HANDLE_SYSCALL_RETURN_VALUE("jail_create", rc, static_cast<u64>(params.index));
+}
 #endif
 
 ErrorOr<void> exec(StringView filename, Span<StringView> arguments, SearchInPath search_in_path, Optional<Span<StringView>> environment)
diff --git a/Userland/Libraries/LibCore/System.h b/Userland/Libraries/LibCore/System.h
index d506dd8df0..0a47c4ead7 100644
--- a/Userland/Libraries/LibCore/System.h
+++ b/Userland/Libraries/LibCore/System.h
@@ -172,6 +172,11 @@ ErrorOr<void> exec_command(Vector<StringView>& command, bool preserve_env);
 
 ErrorOr<void> exec(StringView filename, Span<StringView> arguments, SearchInPath, Optional<Span<StringView>> environment = {});
 
+#ifdef AK_OS_SERENITY
+ErrorOr<void> join_jail(u64 jail_index);
+ErrorOr<u64> create_jail(StringView jail_name);
+#endif
+
 ErrorOr<int> socket(int domain, int type, int protocol);
 ErrorOr<void> bind(int sockfd, struct sockaddr const*, socklen_t);
 ErrorOr<void> listen(int sockfd, int backlog);
diff --git a/Userland/Utilities/CMakeLists.txt b/Userland/Utilities/CMakeLists.txt
index 9d8870772e..cadc73746b 100644
--- a/Userland/Utilities/CMakeLists.txt
+++ b/Userland/Utilities/CMakeLists.txt
@@ -90,6 +90,8 @@ target_link_libraries(grep PRIVATE LibRegex)
 target_link_libraries(gunzip PRIVATE LibCompress)
 target_link_libraries(gzip PRIVATE LibCompress)
 target_link_libraries(headless-browser PRIVATE LibCrypto LibGemini LibGfx LibHTTP LibTLS LibWeb LibWebSocket)
+target_link_libraries(jail-attach PRIVATE LibCore LibMain)
+target_link_libraries(jail-create PRIVATE LibCore LibMain)
 target_link_libraries(js PRIVATE LibCrypto LibJS LibLine LibLocale LibTextCodec)
 link_with_locale_data(js)
 target_link_libraries(keymap PRIVATE LibKeyboard)
diff --git a/Userland/Utilities/jail-attach.cpp b/Userland/Utilities/jail-attach.cpp
new file mode 100644
index 0000000000..ba09dafc49
--- /dev/null
+++ b/Userland/Utilities/jail-attach.cpp
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2022, Liav A. <liavalb@hotmail.co.il>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibCore/ArgsParser.h>
+#include <LibCore/System.h>
+#include <LibMain/Main.h>
+#include <unistd.h>
+
+ErrorOr<int> serenity_main(Main::Arguments arguments)
+{
+    unsigned jail_index = 0;
+    Vector<StringView> command;
+    Core::ArgsParser args_parser;
+    bool preserve_env = false;
+    args_parser.set_stop_on_first_non_option(true);
+    args_parser.add_option(preserve_env, "Preserve user environment when running command", "preserve-env", 'E');
+    args_parser.add_positional_argument(jail_index, "Jail Index", "jail index");
+    args_parser.add_positional_argument(command, "Command to execute", "command");
+    args_parser.parse(arguments);
+
+    TRY(Core::System::pledge("stdio rpath exec id jail tty"));
+    TRY(Core::System::join_jail(jail_index));
+    TRY(Core::System::exec_command(command, preserve_env));
+    return 0;
+}
diff --git a/Userland/Utilities/jail-create.cpp b/Userland/Utilities/jail-create.cpp
new file mode 100644
index 0000000000..43d235c86e
--- /dev/null
+++ b/Userland/Utilities/jail-create.cpp
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2022, Liav A. <liavalb@hotmail.co.il>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibCore/ArgsParser.h>
+#include <LibCore/System.h>
+#include <LibMain/Main.h>
+#include <unistd.h>
+
+ErrorOr<int> serenity_main(Main::Arguments arguments)
+{
+    StringView new_jail_name;
+    Core::ArgsParser args_parser;
+    args_parser.add_positional_argument(new_jail_name, "New jail name", "jail name");
+    args_parser.parse(arguments);
+
+    TRY(Core::System::pledge("stdio jail"));
+
+    if (!new_jail_name.is_null() && !new_jail_name.is_empty()) {
+        TRY(Core::System::create_jail(new_jail_name));
+        return 0;
+    }
+
+    return Error::from_string_view("Can't create a jail with empty name."sv);
+}
diff --git a/Userland/Utilities/lsjails.cpp b/Userland/Utilities/lsjails.cpp
new file mode 100644
index 0000000000..e817164b6c
--- /dev/null
+++ b/Userland/Utilities/lsjails.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2022, Liav A. <liavalb@hotmail.co.il>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <AK/JsonArray.h>
+#include <AK/JsonObject.h>
+#include <LibCore/Stream.h>
+#include <LibCore/System.h>
+#include <LibMain/Main.h>
+
+ErrorOr<int> serenity_main(Main::Arguments)
+{
+    TRY(Core::System::pledge("stdio rpath"));
+    TRY(Core::System::unveil("/sys/kernel/jails", "r"));
+    TRY(Core::System::unveil(nullptr, nullptr));
+
+    auto jails_data = TRY(Core::Stream::File::open("/sys/kernel/jails"sv, Core::Stream::OpenMode::Read));
+
+    TRY(Core::System::pledge("stdio"));
+
+    outln("Index    Name");
+    auto file_contents = TRY(jails_data->read_all());
+    auto json = TRY(JsonValue::from_string(file_contents));
+    json.as_array().for_each([](auto& value) {
+        auto& jail = value.as_object();
+        auto index = jail.get("index"sv).to_string();
+        auto name = jail.get("name"sv).to_string();
+
+        outln("{:4}     {:10}", index, name);
+    });
+
+    return 0;
+}