summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2006-04-15 20:20:12 +0000
committererdgeist <erdgeist@erdgeist.org>2006-04-15 20:20:12 +0000
commitf54c7ed9db3bf333c810930866adab0d04903c2b (patch)
treef82f113d2cae358c24f20662d00b1e3faf293d07
parent2cbc60523afcf69accad29fcfb80ce40f645a8a1 (diff)
HEADS UP:
Major changes in how config is fetched from jail config. A major variable renaming took place. A new subcommand config has been introduced. Jails can be configured not to be run automatically. Crypto images do not work anymore if made with an older version. (Due to config file variable renaming) .norun has been set as standard "do not run" name. However, any . is enough to prevent booting the jail.
-rwxr-xr-xezjail-admin305
-rwxr-xr-xezjail.sh6
2 files changed, 177 insertions, 134 deletions
diff --git a/ezjail-admin b/ezjail-admin
index e15c157..d2a925c 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -32,16 +32,40 @@ exerr () { echo -e "$*"; exit 1; }
32# define detach strategy for image jails 32# define detach strategy for image jails
33detach_images () { 33detach_images () {
34 # unmount and detach memory disc 34 # unmount and detach memory disc
35 if [ "${newjail_img_device}" ]; then 35 if [ "${ezjail_imagedevice}" ]; then
36 umount ${newjail_root} > /dev/null 36 umount ${ezjail_rootdir} > /dev/null
37 [ "${newjail_image}" = "crypto" ] && gbde detach /dev/${newjail_img_device} > /dev/null 37 [ "${ezjail_imagetype}" = "crypto" ] && gbde detach /dev/${ezjail_imagedevice} > /dev/null
38 mdconfig -d -u ${newjail_img_device} > /dev/null 38 mdconfig -d -u ${ezjail_imagedevice} > /dev/null
39 [ "$1" = "success" ] || rm -f ${newjail_img} 39 [ "$1" = "success" ] || rm -f ${ezjail_image}
40 fi 40 fi
41} 41}
42 42
43# fetch everything we need to know about an ezjail from config
44fetchjailinfo () {
45 ezjail_name=$1
46
47 # Clean variables, prevent polution
48 unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_ip ezjail_id
49
50 ezjail_safename=`echo -n "${ezjail_name}" | tr -c [:alnum:] _`
51
52 [ -e ${ezjail_jailcfgs}/${ezjail_safename} ] && ezjail_config=${ezjail_jailcfgs}/${ezjail_safename}
53 [ -e ${ezjail_jailcfgs}/${ezjail_safename}.norun ] && ezjail_config=${ezjail_jailcfgs}/${ezjail_safename}.norun
54 [ "${ezjail_config}" ] || return 0
55
56 . ${ezjail_config}
57 eval ezjail_hostname=\"\$jail_$ezjail_safename}_hostname\"
58 eval ezjail_rootdir=\"\$jail_$ezjail_safename}_rootdir\"
59 eval ezjail_image=\"\$jail_${ezjail_safename}_image\"
60 eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
61 eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\"
62
63 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
64 ezjail_id=`jls | grep " ${ezjail_hostname} " | head -n 1 | awk {'print $1'}`
65}
66
43# check for command 67# check for command
44[ "$1" ] || exerr "Usage: `basename -- $0` [create|delete|list|update] {params}" 68[ "$1" ] || exerr "Usage: `basename -- $0` [config|create|delete|list|update] {params}"
45 69
46case "$1" in 70case "$1" in
47######################## ezjail-admin CREATE ######################## 71######################## ezjail-admin CREATE ########################
@@ -49,33 +73,29 @@ create)
49 shift 73 shift
50 args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" 74 args=`getopt f:r:s:xic $*` || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip"
51 75
52 newjail_root= 76 # Clean variables, prevent polution
53 newjail_flavour= 77 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_lock ezjail_imagetype ezjail_imagesize ezjail_device ezjail_config
54 newjail_softlink= 78 ezjail_fillme="YES"
55 newjail_image=
56 newjail_imagesize=
57 newjail_device=
58 newjail_fill="YES"
59 79
60 set -- ${args} 80 set -- ${args}
61 for arg do 81 for arg do
62 case ${arg} in 82 case ${arg} in
63 -x) newjail_fill="NO"; shift;; 83 -x) ezjail_fillme="NO"; shift;;
64 -r) newjail_root="$2"; shift 2;; 84 -r) ezjail_rootdir="$2"; shift 2;;
65 -f) newjail_flavour="$2"; shift 2;; 85 -f) ezjail_flavour="$2"; shift 2;;
66 -i) newjail_image=${newjail_image:-"simple"}; shift;; 86 -c) ezjail_imagetype="crypto"; shift;;
67 -s) newjail_imagesize="$2"; shift 2;; 87 -i) ezjail_imagetype=${ezjail_imagetype:-"simple"}; shift;;
68 -c) newjail_image="crypto"; shift;; 88 -s) ezjail_imagesize="$2"; shift 2;;
69 --) shift; break;; 89 --) shift; break;;
70 esac 90 esac
71 done 91 done
72 newjail_name=$1; newjail_ip=$2 92 ezjail_name=$1; ezjail_ip=$2
73 93
74 # we need at least a name and an ip for new jail 94 # we need at least a name and an ip for new jail
75 [ "${newjail_name}" -a "${newjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip" 95 [ "${ezjail_name}" -a "${ezjail_ip}" -a $# = 2 ] || exerr "Usage: `basename -- $0` create [-f flavour] [-r jailroot] [-s size] [-xic] jailname jailip"
76 96
77 # check for sanity of settings concerning the image feature 97 # check for sanity of settings concerning the image feature
78 [ "${newjail_image}" -a "$newjail_fill" = "YES" -a ! "${newjail_imagesize}" ] && exerr "Image jails need an image size." 98 [ "${ezjail_imagetype}" -a "$ezjail_fillme" = "YES" -a ! "${ezjail_imagesize}" ] && exerr "Image jails need an image size."
79 99
80 # check, whether ezjail-update has been called. existence of 100 # check, whether ezjail-update has been called. existence of
81 # ezjail_jailbase is our indicator 101 # ezjail_jailbase is our indicator
@@ -88,133 +108,132 @@ create)
88 # was done intentionally to permit foo.com style directory names, however, 108 # was done intentionally to permit foo.com style directory names, however,
89 # the jail name will be foo_com in most scripts 109 # the jail name will be foo_com in most scripts
90 110
91 newjail_name=`echo -n ${newjail_name} | tr /~ __` 111 ezjail_hostname=`echo -n ${ezjail_name} | tr /~ __`
92 newjail_nname=`echo -n "${newjail_name}" | tr -c [:alnum:] _` 112 ezjail_safename=`echo -n "${ezjail_name}" | tr -c [:alnum:] _`
93 newjail_root=${newjail_root:-"${ezjail_jaildir}/${newjail_name}"} 113 ezjail_rootdir=${ezjail_rootdir:-"${ezjail_jaildir}/${ezjail_hostname}"}
114 ezjail_config=${ezjail_jailcfgs}/${ezjail_safename}
94 115
95 # This scenario really will only lead to real troubles in the 'fulljail' 116 # This scenario really will only lead to real troubles in the 'fulljail'
96 # case, but I should still explain this to the user and not claim that 117 # case, but I should still explain this to the user and not claim that
97 # "an ezjail would already exist" 118 # "an ezjail would already exist"
98 [ "${newjail_nname}" = "basejail" -o "${newjail_nname}" = "newjail" -o "${newjail_nname}" = "fulljail" -o "${newjail_nname}" = "flavours" ] && \ 119 [ "${ezjail_hostname}" = "basejail" -o "${ezjail_hostname}" = "newjail" -o "${ezjail_hostname}" = "fulljail" -o "${ezjail_hostname}" = "flavours" ] && \
99 exerr "Error: ezjail needs the ${newjail_nname} directory for its own administrative purposes. Please rename the ezjail." 120 exerr "Error: ezjail needs the ${ezjail_hostname} directory for its own administrative purposes. Please rename the ezjail."
100 121
101 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com 122 # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
102 # so check, whether we might be running into problems 123 # so check, whether we might be running into problems
103 [ -e ${ezjail_jailcfgs}/${newjail_nname} ] && exerr "Error: an ezjail config already exists at ${ezjail_jailcfgs}/${newjail_nname}. Please rename the ezjail." 124 [ -e ${ezjail_config} ] && exerr "Error: an ezjail config already exists at ${ezjail_jailconfig}. Please rename the ezjail."
104 125
105 # if jail root specified on command line is not absolute, make it absolute 126 # if jail root specified on command line is not absolute, make it absolute
106 # inside our jail directory 127 # inside our jail directory
107 [ "${newjail_root%%[!/]*}" ] || newjail_root=${ezjail_jaildir}/${newjail_root} 128 [ "${ezjail_rootdir%%[!/]*}" ] || ezjail_rootdir=${ezjail_jaildir}/${ezjail_rootdir}
108 129
109 # if a directory at the specified jail root already exists, refuse to 130 # if a directory at the specified jail root already exists, refuse to
110 # install 131 # install
111 [ -e ${newjail_root} -a "${newjail_fill}" = "YES" ] && exerr "Error: the specified jail root ${newjail_root} alread exists." 132 [ -e ${ezjail_rootdir} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: the specified jail root ${ezjail_rootdir} alread exists."
112 133
113 # if jail root specified on command line does not lie within our jail 134 # if jail root specified on command line does not lie within our jail
114 # directory, we need to create a softlink 135 # directory, we need to create a softlink
115 if [ "${newjail_root##${ezjail_jaildir}}" = "${newjail_root}" ]; then 136 if [ "${ezjail_rootdir##${ezjail_jaildir}}" = "${ezjail_rootdir}" ]; then
116 newjail_softlink=${ezjail_jaildir}/`basename -- ${newjail_root}` 137 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
117 [ -e ${newjail_softlink} -a "${newjail_fill}" = "YES" ] && exerr "Error: an ezjail already exists at ${newjail_softlink}." 138 [ -e ${ezjail_softlink} -a "${ezjail_fillme}" = "YES" ] && exerr "Error: an ezjail already exists at ${ezjail_softlink}."
118 fi 139 fi
119 140
120 # do some sanity checks on the selected flavour (if any) 141 # do some sanity checks on the selected flavour (if any)
121 [ "${newjail_flavour}" -a ! -d ${ezjail_flavours}/${newjail_flavour} ] && exerr "Error: Flavour config directory ${ezjail_flavours}/${newjail_flavour} not found." 142 [ "${ezjail_flavour}" -a ! -d ${ezjail_flavours}/${ezjail_flavour} ] && exerr "Error: Flavour config directory ${ezjail_flavours}/${ezjail_flavour} not found."
122 143
123 # 144 #
124 # All sanity checks that may lead to errors are hopefully passed here 145 # All sanity checks that may lead to errors are hopefully passed here
125 # 146 #
126 147
127 if [ "${newjail_image}" ]; then 148 if [ "${ezjail_imagetype}" ]; then
128 # Strip trailing slashes from jail root, those would confuse image path 149 # Strip trailing slashes from jail root, those would confuse image path
129 newjail_img=${newjail_root%/}; while [ "${newjail_img}" -a -z "${newjail_img%%*/}" ]; do newjail_img=${newjail_img%/}; done 150 ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done
130 [ -z "${newjail_img}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}." 151 [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}."
131 152
132 # Location of our image and crypto image lock file 153 # Location of our image and crypto image lock file
133 newjail_lock=${newjail_img}.lock 154 ezjail_lock=${ezjail_image}.lock
134 newjail_img=${newjail_img}.img 155 ezjail_image=${ezjail_image}.img
135 156
136 # If NOT exist, create image 157 # If NOT exist, create image
137 if [ "$newjail_fill" = "YES" ]; then 158 if [ "$ezjail_fillme" = "YES" ]; then
138 [ -e "${newjail_img}" ] && exerr "Error: a file exists at the location ${newjail_img}, preventing our own image file to be created." 159 [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created."
139 [ "${newjail_image}" = "crypto" -a -e "${newjail_lock}" ] && exerr "Error: a file exists at the location ${newjail_lock}, preventing our own crypto image lock file to be created." 160 [ "${ezjail_imagetype}" = "crypto" -a -e "${ezjail_lock}" ] && exerr "Error: a file exists at the location ${ezjail_lock}, preventing our own crypto image lock file to be created."
140 161
141 # Now create jail disc image 162 # Now create jail disc image
142 touch "${newjail_img}" 163 touch "${ezjail_image}"
143 dd if=/dev/random of="${newjail_img}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_img}. The image size provided was ${newjail_imagesize}." 164 dd if=/dev/random of="${ezjail_image}" bs="${ezjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}."
144 165
145 # And attach device 166 # And attach device
146 newjail_img_device=`mdconfig -a -t vnode -f ${newjail_img}` 167 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
147 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${newjail_img}')" 168 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
148 169
149 if [ "${newjail_image}" = "crypto" ]; then 170 if [ "${ezjail_imagetype}" = "crypto" ]; then
150 # Initialise crypto image 171 # Initialise crypto image
151 echo "Initialising crypto device. Enter a new passphrase twice..." 172 echo "Initialising crypto device. Enter a new passphrase twice..."
152 gbde init /dev/${newjail_img_device} -L ${newjail_lock} || detach_images || exerr "Error: Could not initialise crypto image." 173 gbde init /dev/${ezjail_imagedevice} -L ${ezjail_lock} || detach_images || exerr "Error: Could not initialise crypto image."
153 174
154 echo "Attaching crypto device. Enter the passphrase..." 175 echo "Attaching crypto device. Enter the passphrase..."
155 gbde attach /dev/${newjail_img_device} -l ${newjail_lock} || detach_images || exerr "Error: Could not attach crypto image." 176 gbde attach /dev/${ezjail_imagedevice} -l ${ezjail_lock} || detach_images || exerr "Error: Could not attach crypto image."
156 newjail_device=${newjail_img_device}.bde 177 ezjail_device=${ezjail_imagedevice}.bde
157 else 178 else
158 newjail_device=${newjail_img_device} 179 ezjail_device=${ezjail_imagedevice}
159 fi 180 fi
160 181
161 # Format memory image 182 # Format memory image
162 newfs /dev/${newjail_device} || detach_images || exerr "Error: Could not newfs ${newjail_img_device}." 183 newfs /dev/${ezjail_device} || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}."
163 # Create mount point and mount 184 # Create mount point and mount
164 mkdir -p ${newjail_root} || detach_images || exerr "Error: Could not create jail root mount point ${newjail_root}." 185 mkdir -p ${ezjail_rootdir} || detach_images || exerr "Error: Could not create jail root mount point ${ezjail_rootdir}."
165 mount /dev/${newjail_device} ${newjail_root} || detach_images || exerr "Error: Could not mount ${newjail_device} to ${newjail_root}." 186 mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
166 else 187 else
167 [ -e ${newjail_root} -a ! -d ${newjail_root} ] && exerr "Error: Could not create mount point for your jail image. A file exists at its location. (For existing image jails, call this tool without the .img suffix when specifying jail root.)" 188 [ -e ${ezjail_rootdir} -a ! -d ${ezjail_rootdir} ] && exerr "Error: Could not create mount point for your jail image. A file exists at its location. (For existing image jails, call this tool without the .img suffix when specifying jail root.)"
168 [ -d ${newjail_root} ] || mkdir -p ${newjail_root} 189 [ -d ${ezjail_rootdir} ] || mkdir -p ${ezjail_rootdir}
169 fi 190 fi
170 fi 191 fi
171 192
172 # now take a copy of our template jail 193 # now take a copy of our template jail
173 if [ "${newjail_fill}" = "YES" ]; then 194 if [ "${ezjail_fillme}" = "YES" ]; then
174 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${newjail_root} > /dev/null 195 mkdir -p ${ezjail_rootdir} && cd ${ezjail_jailtemplate} && find * | cpio -p -v ${ezjail_rootdir} > /dev/null
175 [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail." 196 [ $? = 0 ] || detach_images || exerr "Error: Could not copy template jail."
176 fi 197 fi
177 198
178 # if a soft link is necessary, create it now 199 # if a soft link is necessary, create it now
179 [ "${newjail_softlink}" ] && ln -s ${newjail_root} ${newjail_softlink} 200 [ "${ezjail_softlink}" ] && ln -s ${ezjail_rootdir} ${ezjail_softlink}
180 201
181 # if the automount feature is not disabled, this fstab entry for new jail 202 # if the automount feature is not disabled, this fstab entry for new jail
182 # will be obeyed 203 # will be obeyed
183 echo -n > /etc/fstab.${newjail_nname} 204 echo -n > /etc/fstab.${ezjail_safename}
184 [ "${newjail_image}" ] && \ 205 [ "${ezjail_imagetype}" ] && \
185 echo ${newjail_root}.device ${newjail_root} ufs rw 0 0 >> /etc/fstab.${newjail_nname} 206 echo ${ezjail_rootdir}.device ${ezjail_rootdir} ufs rw 0 0 >> /etc/fstab.${ezjail_safename}
186 echo ${ezjail_jailbase} ${newjail_root}/basejail nullfs ro 0 0 >> /etc/fstab.${newjail_nname} 207 echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> /etc/fstab.${ezjail_nname}
187 208
188 # now, where everything seems to have gone right, create control file in 209 # now, where everything seems to have gone right, create control file in
189 # ezjails config dir 210 # ezjails config dir
190 mkdir -p ${ezjail_jailcfgs} 211 mkdir -p ${ezjail_jailcfgs}
191 echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_jailcfgs}/${newjail_nname} 212 echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_jailconfig}
192 echo "# create a Jail dependency tree. See rcorder(8) for more details." >> ${ezjail_jailcfgs}/${newjail_nname} 213 echo "# create a Jail dependency tree. See rcorder(8) for more details." >> ${ezjail_jailconfig}
193 echo -e "#\n# PROVIDE: \n# REQUIRE: \n# BEFORE: \n#\n" >> ${ezjail_jailcfgs}/${newjail_nname} 214 echo -e "#\n# PROVIDE: \n# REQUIRE: \n# BEFORE: \n#\n" >> ${ezjail_jailconfig}
194 echo export jail_${newjail_nname}_hostname=\"${newjail_name}\" >> ${ezjail_jailcfgs}/${newjail_nname} 215 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" >> ${ezjail_jailconfig}
195 echo export jail_${newjail_nname}_ip=\"${newjail_ip}\" >> ${ezjail_jailcfgs}/${newjail_nname} 216 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" >> ${ezjail_jailconfig}
196 echo export jail_${newjail_nname}_rootdir=\"${newjail_root}\" >> ${ezjail_jailcfgs}/${newjail_nname} 217 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" >> ${ezjail_jailconfig}
197 echo export jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailcfgs}/${newjail_nname} 218 echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailconfig}
198 echo export jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 219 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailconfig}
199 echo export jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 220 echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailconfig}
200 echo export jail_${newjail_nname}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailcfgs}/${newjail_nname} 221 echo export jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailconfig}
201 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 222 echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailconfig}
202 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 223 echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailconfig}
203 [ "${newjail_image}" ] && \ 224 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_jailconfig}
204 echo export jail_${newjail_nname}_image=\"${newjail_img}\" >> ${ezjail_jailcfgs}/${newjail_nname} 225 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_jailconfig}
205 [ "${newjail_image}" = "crypto" ] && \ 226
206 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} 227 # Final steps for flavour installation
207 228 if [ "${ezjail_fillme}" = "YES" -a "${ezjail_flavour}" ]; then
208 # Final steps for flavour installation
209 if [ "${newjail_fill}" = "YES" -a "${newjail_flavour}" ]; then
210 # install files and config to new jail 229 # install files and config to new jail
211 cd ${ezjail_flavours}/${newjail_flavour} && find * | cpio -p -u -v ${newjail_root} > /dev/null 230 cd ${ezjail_flavours}/${ezjail_flavour} && find * | cpio -p -u -v ${ezjail_rootdir} > /dev/null
212 [ $? = 0 ] || echo "Warning: Could not fully install flavour." 231 [ $? = 0 ] || echo "Warning: Could not fully install flavour."
213 232
214 # If a config is found, make it auto run on jails startup 233 # If a config is found, make it auto run on jails startup
215 if [ -f ${newjail_root}/ezjail.flavour ]; then 234 if [ -f ${ezjail_rootdir}/ezjail.flavour ]; then
216 ln -s /ezjail.flavour ${newjail_root}/etc/rc.d/ezjail-config.sh 235 ln -s /ezjail.flavour ${ezjail_rootdir}/etc/rc.d/ezjail-config.sh
217 chmod 0700 ${newjail_root}/ezjail.flavour 236 chmod 0700 ${ezjail_rootdir}/ezjail.flavour
218 echo "Note: Shell scripts installed, flavourizing on jails first startup." 237 echo "Note: Shell scripts installed, flavourizing on jails first startup."
219 fi 238 fi
220 fi 239 fi
@@ -227,16 +246,16 @@ create)
227 # 246 #
228 247
229 # check, whether IP is configured on a local interface, warn if it isnt 248 # check, whether IP is configured on a local interface, warn if it isnt
230 ping -c 1 -m 1 -t 1 -q ${newjail_ip} > /dev/null 249 ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null
231 [ $? = 0 ] || echo "Warning: IP ${newjail_ip} not configured on a local interface." 250 [ $? = 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface."
232 251
233 # check, whether some host system services do listen on the Jails IP 252 # check, whether some host system services do listen on the Jails IP
234 TIFS=${IFS}; IFS=_ 253 TIFS=${IFS}; IFS=_
235 newjail_listener=`sockstat -4 -l | grep ${newjail_ip}:[[:digit:]]` 254 ezjail_listener=`sockstat -4 -l | grep ${ezjail_ip}:[[:digit:]]`
236 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${newjail_ip}\n This may cause some confusion, here they are:\n${newjail_listener}" 255 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${ezjail_ip}\n This may cause some confusion, here they are:\n${ezjail_listener}"
237 256
238 newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]` 257 ezjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
239 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${newjail_ip})\n This may cause some confusion, here they are:\n${newjail_listener}" 258 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}"
240 IFS=${TIFS} 259 IFS=${TIFS}
241 260
242 ;; 261 ;;
@@ -245,47 +264,41 @@ delete)
245 shift 264 shift
246 args=`getopt w $*` || exerr "Usage: `basename -- $0` delete [-w] jailname" 265 args=`getopt w $*` || exerr "Usage: `basename -- $0` delete [-w] jailname"
247 266
248 oldjail_wipe= 267 # Clean variables, prevent polution
268 unset ezjail_wipeme
249 269
250 set -- ${args} 270 set -- ${args}
251 for arg do 271 for arg do
252 case ${arg} in 272 case ${arg} in
253 -w) oldjail_wipe="YES"; shift;; 273 -w) ezjail_wipeme="YES"; shift;;
254 --) shift; break;; 274 --) shift; break;;
255 esac 275 esac
256 done 276 done
257 oldjail_name=$1
258 277
259 # we only need name of jail to vanish 278 # Get all info we have on that jail
260 [ "${oldjail_name}" -a $# = 1 ] || exerr "Usage: `basename -- $0` delete [-w] jailname" 279 fetchjailinfo $1
261 280
262 # tidy up jail name the ezjail way 281 # we only need name of jail to vanish
263 oldjail_nname=`echo -n ${oldjail_name} | tr -c [:alnum:] _` 282 [ "${ezjail_safename}" -a $# = 1 ] || exerr "Usage: `basename -- $0` delete [-w] jailname"
264 283
265 # check for existence of jail in our records 284 # check for existence of jail in our records
266 [ -f ${ezjail_jailcfgs}/${oldjail_nname} ] || exerr "Error: Nothing known about jail ${oldjail_name}." 285 [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
267
268 # fetch information about the jail to be gone by parsing our records
269 . ${ezjail_jailcfgs}/${oldjail_nname}
270 eval oldjail_rootdir=\"\$jail_${oldjail_nname}_rootdir\"
271 eval oldjail_image=\"\$jail_${oldjail_nname}_image\"
272 286
273 # if jail is still running, refuse to go any further 287 # if jail is still running, refuse to go any further
274 [ -f /var/run/jail_${oldjail_nname}.id ] && exerr "Error: Jail appears to be still running, stop it first.\n(/var/run/jail_${oldjail_nname}.id exists)." 288 [ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first.\n"
275 289
276 # now we know everything we need to let the jail be gone remove entry 290 # now we know everything we need to let the jail be gone remove entry
277 # from ezjail resource structure, delete fstab.JAILNAME 291 # from ezjail resource structure, delete fstab.JAILNAME
278 rm -f ${ezjail_jailcfgs}/${oldjail_nname} 292 rm -f ${ezjail_jailconfig}
279 rm -f /etc/fstab.${oldjail_nname} 293 rm -f /etc/fstab.${ezjail_safename}
280 294
281 # if there is a soft link pointing to the jail root, remove it 295 # if there is a soft link pointing to the jail root, remove it
282 oldjail_softlink=${ezjail_jaildir}/`basename ${oldjail_rootdir}` 296 [ -L ${ezjail_softlink} ] && rm ${ezjail_softlink}
283 [ -L ${oldjail_softlink} ] && rm ${oldjail_softlink}
284 297
285 # if wiping the jail was requested, remove it 298 # if wiping the jail was requested, remove it
286 if [ "${oldjail_wipe}" ]; then 299 if [ "${ezjail_wipeme}" ]; then
287 [ "${oldjail_image}" ] && rm -f ${oldjail_image} ${oldjail_image%.img}.lock ${oldjail_image%.img}.device 300 [ "${ezjail_image}" ] && rm -f ${ezjail_image} ${ezjail_image%.img}.lock ${ezjail_image%.img}.device
288 rm -rf ${oldjail_rootdir} 301 rm -rf ${ezjail_rootdir}
289 fi 302 fi
290 303
291 ;; 304 ;;
@@ -296,23 +309,16 @@ list)
296 309
297 printf "%-3s %-5s %-15s %-28s %s\\n" STA JID IP Hostname "Root Directory" 310 printf "%-3s %-5s %-15s %-28s %s\\n" STA JID IP Hostname "Root Directory"
298 echo "--- ----- --------------- ---------------------------- -----------------------------" 311 echo "--- ----- --------------- ---------------------------- -----------------------------"
299 for jail in ${ezjail_list}; do 312 for ezjail in ${ezjail_list}; do
300 . ${ezjail_jailcfgs}/${jail} 313 fetchjailinfo ${ezjail%.norun}
301 eval jail_ip=\"\$jail_${jail}_ip\" 314 ezjail_id=`jls | grep " ${ezjail_hostname} " | head -n 1 | awk {'print $1'}`
302 eval jail_hostname=\"\$jail_${jail}_hostname\" 315 ezjail_state="D"
303 eval jail_rootdir=\"\$jail_${jail}_rootdir\" 316 [ "${ezjail_imagetype}" = "simple" ] && ezjail_state="I"
304 eval jail_image=\"\$jail_${jail}_image\" 317 [ "${ezjail_imagetype}" = "crypto" ] && ezjail_state="C"
305 eval jail_crypt=\"\$jail_${jail}_cryptimage\" 318 [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S
306 319 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N
307 jail_id=`jls | grep "${jail_hostname}" | head -n 1 | awk {'print $1'}` 320
308 321 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
309 jail_state="D"
310 [ "${jail_image}" ] && jail_state="I"
311 [ "${jail_crypt}" ] && jail_state="C"
312 [ "${jail_id}" ] && jail_state=${jail_state}R || jail_state=${jail_state}S
313 [ "${jail%.*}" != "${jail}" ] && jail_state=${jail_state}N
314
315 printf "%-3s %-5s %-15s %-28s %s\\n" "${jail_state}" "${jail_id:-N/A}" "${jail_ip}" "${jail_hostname}" "${jail_rootdir}"
316 done 322 done
317 323
318 ;; 324 ;;
@@ -409,7 +415,44 @@ setup|update)
409 [ "${ezjail_uglyperlhack}" = "YES" -a ! -L ${ezjail_jailbase}/usr/bin/perl ] && ln -s /usr/local/bin/perl ${ezjail_jailbase}/usr/bin/perl 415 [ "${ezjail_uglyperlhack}" = "YES" -a ! -L ${ezjail_jailbase}/usr/bin/perl ] && ln -s /usr/local/bin/perl ${ezjail_jailbase}/usr/bin/perl
410 416
411 ;; 417 ;;
418######################## ezjail-admin CONFIG ########################
419config)
420 shift
421
422 args=`getopt -r: $*` || exerr "Usage: `basename -- $0` config [-r run|norun] jailname"
423
424 ezjail_setrunnable=
425
426 set -- ${args}
427 for arg do
428 case ${arg} in
429 -r) ezjail_setrunnable=$1; shift 2;;
430 --) shift; break;;
431 esac
432 done
433
434 [ $# = 1 ] || exerr "Usage: `basename -- $0` config [-r run|norun] jailname"
435
436 # Jail name mandatory
437 fetchjailinfo $1
438
439 # check for existence of jail in our records
440 [ "${ezjail_jailconfig}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
441
442 # Nothing to be configured?
443 [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified."
444
445 case ${ezjail_setrunnable} in
446 run)
447 [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv {ezjail_config} ${ezjail_config%.norun}
448 ;;
449 norun)
450 [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv {ezjail_config} ${ezjail_config}.norun
451 ;;
452 esac
453
454 ;;
412*) 455*)
413 exerr "Usage: `basename -- $0` [create|delete|list|update] {params}" 456 exerr "Usage: `basename -- $0` [config|create|delete|list|update] {params}"
414 ;; 457 ;;
415esac 458esac
diff --git a/ezjail.sh b/ezjail.sh
index ff072f4..0b1d68f 100755
--- a/ezjail.sh
+++ b/ezjail.sh
@@ -62,13 +62,13 @@ do_cmd()
62 62
63 eval ezjail_root=\"\$jail_${ezjail}_rootdir\" 63 eval ezjail_root=\"\$jail_${ezjail}_rootdir\"
64 eval ezjail_image=\"\$jail_${ezjail}_image\" 64 eval ezjail_image=\"\$jail_${ezjail}_image\"
65 eval ezjail_crypt=\"\$jail_${ezjail}_cryptimage\" 65 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\"
66 66
67 # Cannot auto mount crypto jails without interrupting boot process 67 # Cannot auto mount crypto jails without interrupting boot process
68 [ "${ezjail_fromrc}" = "YES" -a "${ezjail_crypt}" = "YES" -a "${action}" = "start" ] && continue 68 [ "${ezjail_fromrc}" = "YES" -a "${ezjail_imagetype}" = "crypto" -a "${action}" = "start" ] && continue
69 69
70 # Explicitely do only run crypto jails when *crypto is requested 70 # Explicitely do only run crypto jails when *crypto is requested
71 [ "${action%crypto}" != "${action}" -a "${ezjail_crypt}" != "YES" ] && continue 71 [ "${action%crypto}" != "${action}" -a "${ezjail_imagetype}" != "crypto" ] && continue
72 72
73 # Try to attach (crypto) devices 73 # Try to attach (crypto) devices
74 [ "${ezjail_image}" ] && attach_detach_pre 74 [ "${ezjail_image}" ] && attach_detach_pre