summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xezjail-admin54
-rwxr-xr-xezjail.sh34
2 files changed, 48 insertions, 40 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 5dfb143..ce29ca5 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -49,7 +49,7 @@ exerr () { echo -e "$*" >&2 ; exit 1; }
49# define detach strategy for image jails 49# define detach strategy for image jails
50detach_images () { 50detach_images () {
51 # unmount and detach memory disc 51 # unmount and detach memory disc
52 if [ "${ezjail_imagedevice}" ]; then 52 if [ -n "${ezjail_imagedevice}" ]; then
53 umount ${ezjail_rootdir} > /dev/null 53 umount ${ezjail_rootdir} > /dev/null
54 case ${ezjail_imagetype} in 54 case ${ezjail_imagetype} in
55 bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;; 55 bde) gbde detach /dev/${ezjail_imagedevice} > /dev/null;;
@@ -67,7 +67,7 @@ fetchjailinfo () {
67 ezjail_name=$1 67 ezjail_name=$1
68 68
69 # Clean variables, prevent polution 69 # Clean variables, prevent polution
70 unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_ip ezjail_id 70 unset ezjail_config ezjail_running ezjail_hostname ezjail_rootdir ezjail_image ezjail_imagetype ezjail_ip ezjail_id ezjail_attached ezjail_device
71 71
72 ezjail_safename=`echo -n "${ezjail_name}" | tr -c [:alnum:] _` 72 ezjail_safename=`echo -n "${ezjail_name}" | tr -c [:alnum:] _`
73 73
@@ -87,6 +87,13 @@ fetchjailinfo () {
87 eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\" 87 eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\"
88 88
89 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` 89 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
90
91 if [ -n "${ezjail_image}" -a -L "${ezjail_rootdir}.device" ]; then
92 # Fetch destination of soft link
93 ezjail_device=`stat -f "%Y" ${ezjail_rootdir}.device`
94 [ -e "${ezjail_device}" ] && ezjail_attached="YES"
95 fi
96
90 [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return 97 [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
91 jls | grep -q -E "^ +${ezjail_id} " || unset ezjail_id 98 jls | grep -q -E "^ +${ezjail_id} " || unset ezjail_id
92} 99}
@@ -390,10 +397,13 @@ delete)
390 fetchjailinfo $1 397 fetchjailinfo $1
391 398
392 # check for existence of jail in our records 399 # check for existence of jail in our records
393 [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." 400 [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
394 401
395 # if jail is still running, refuse to go any further 402 # if jail is still running, refuse to go any further
396 [ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first." 403 [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first."
404
405 # if jail is attached, refuse to go any further
406 [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '`basename -- $0` config -i detach' it first."
397 407
398 # now we know everything we need to let the jail be gone remove entry 408 # now we know everything we need to let the jail be gone remove entry
399 # from ezjail resource structure, delete fstab.JAILNAME 409 # from ezjail resource structure, delete fstab.JAILNAME
@@ -420,7 +430,11 @@ list)
420 for ezjail in ${ezjail_list}; do 430 for ezjail in ${ezjail_list}; do
421 fetchjailinfo ${ezjail%.norun} 431 fetchjailinfo ${ezjail%.norun}
422 case ${ezjail_imagetype} in simple) ezjail_state="I";; bde) ezjail_state="B";; eli) ezjail_state="E";; *) ezjail_state="D";; esac 432 case ${ezjail_imagetype} in simple) ezjail_state="I";; bde) ezjail_state="B";; eli) ezjail_state="E";; *) ezjail_state="D";; esac
423 [ "${ezjail_id}" ] && ezjail_state=${ezjail_state}R || ezjail_state=${ezjail_state}S 433 if [ "${ezjail_id}" ]; then
434 ezjail_state=${ezjail_state}R
435 else
436 [ -n "${ezjail_attached}" ] && ezjail_state=${ezjail_state}A || ezjail_state=${ezjail_state}S
437 fi
424 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N 438 [ "${ezjail_safename}" != "${ezjail}" ] && ezjail_state=${ezjail_state}N
425 439
426 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}" 440 printf "%-3s %-5s %-15s %-28s %s\\n" "${ezjail_state}" "${ezjail_id:-N/A}" "${ezjail_ip}" "${ezjail_hostname}" "${ezjail_rootdir}"
@@ -550,7 +564,7 @@ config)
550 # Clean variables, prevent polution 564 # Clean variables, prevent polution
551 unset ezjail_setrunnable ezjail_imageaction 565 unset ezjail_setrunnable ezjail_imageaction
552 566
553 shift; while getopts :r: arg; do case ${arg} in 567 shift; while getopts :r:i: arg; do case ${arg} in
554 i) ezjail_imageaction=${OPTARG};; 568 i) ezjail_imageaction=${OPTARG};;
555 r) ezjail_setrunnable=${OPTARG};; 569 r) ezjail_setrunnable=${OPTARG};;
556 ?) exerr ${ezjail_usage_config};; 570 ?) exerr ${ezjail_usage_config};;
@@ -570,20 +584,15 @@ config)
570 case ${ezjail_setrunnable} in 584 case ${ezjail_setrunnable} in
571 run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};; 585 run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};;
572 norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;; 586 norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;;
573 *) echo "Warning: Unknow runnable option specified.";;
574 esac 587 esac
575 588
576 [ -n "${ezjail_imageaction}" -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail." 589 [ -n "${ezjail_imageaction}" -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail."
577 590
578 case ${ezjail_imageaction} in 591 case "${ezjail_imageaction}" in
579 attach) 592 attach)
580 # Check, if image already attached 593 # Check, if image already attached
581 if [ -L "${ezjail_root}.device" ]; then 594 [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} already attached as ${ezjail_device}."
582 # Fetch destination of soft link 595 rm -f ${ezjail_rootdir}.device
583 ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
584 [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}."
585 rm -f ${ezjail_root}.device
586 fi
587 596
588 # Create a memory disc from jail image 597 # Create a memory disc from jail image
589 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc." 598 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc."
@@ -600,7 +609,7 @@ config)
600 ;; 609 ;;
601 eli) 610 eli)
602 echo "Attaching eli device for image jail ${ezjail}..." 611 echo "Attaching eli device for image jail ${ezjail}..."
603 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh 612 echo geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice} | /bin/sh
604 [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed." 613 [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed."
605 # Device to mount is not md anymore 614 # Device to mount is not md anymore
606 ezjail_device=${ezjail_imagedevice}.eli 615 ezjail_device=${ezjail_imagedevice}.eli
@@ -609,18 +618,14 @@ config)
609 618
610 mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." 619 mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
611 # relink image device 620 # relink image device
612 ln -s /dev/${ezjail_device} ${ezjail_root}.device 621 ln -s /dev/${ezjail_device} ${ezjail_rootdir}.device
613 622
614 ;; 623 ;;
615 detach) 624 detach)
625 # Check, if image really attached or running
616 [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can not detach." 626 [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can not detach."
617 627 [ -n "${ezjail_attached}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached."
618 # Check, if image really attached 628 ezjail_device=${ezjail_device#/dev/}
619 if [ -L "${ezjail_root}.device" ]; then
620 # Fetch destination of soft link
621 ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
622 [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached."
623 fi
624 629
625 # Add this device to the list of devices to be unmounted 630 # Add this device to the list of devices to be unmounted
626 case ${ezjail_imagetype} in 631 case ${ezjail_imagetype} in
@@ -633,9 +638,8 @@ config)
633 detach_images keep 638 detach_images keep
634 639
635 # Remove soft link (which acts as a lock) 640 # Remove soft link (which acts as a lock)
636 rm -f ${ezjail_root}.device 641 rm -f ${ezjail_rootdir}.device
637 ;; 642 ;;
638 *) echo "Warning: Unknow image action specified.";;
639 esac 643 esac
640 ;; 644 ;;
641 645
diff --git a/ezjail.sh b/ezjail.sh
index a97129a..f9656c7 100755
--- a/ezjail.sh
+++ b/ezjail.sh
@@ -58,14 +58,14 @@ do_cmd()
58 # Read config file 58 # Read config file
59 . ${ezjail_prefix}/etc/ezjail/${ezjail} 59 . ${ezjail_prefix}/etc/ezjail/${ezjail}
60 60
61 eval ezjail_root=\"\$jail_${ezjail}_rootdir\" 61 eval ezjail_rootdir=\"\$jail_${ezjail}_rootdir\"
62 eval ezjail_image=\"\$jail_${ezjail}_image\" 62 eval ezjail_image=\"\$jail_${ezjail}_image\"
63 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" 63 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\"
64 eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" 64 eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\"
65 eval ezjail_attachblocking=\"\$jail_${ezjail}_attachblocking\" 65 eval ezjail_attachblocking=\"\$jail_${ezjail}_attachblocking\"
66 eval ezjail_forceblocking=\"\$jail_${ezjail}_forceblocking\" 66 eval ezjail_forceblocking=\"\$jail_${ezjail}_forceblocking\"
67 67
68 [ ${ezjail_attachblocking} = "YES" -o ${ezjail_forceblocking} = "YES" ] && ezjail_blocking="YES" || unset ezjail_blocking 68 [ "${ezjail_attachblocking}" = "YES" -o "${ezjail_forceblocking}" = "YES" ] && ezjail_blocking="YES" || unset ezjail_blocking
69 69
70 # Cannot auto mount blocking jails without interrupting boot process 70 # Cannot auto mount blocking jails without interrupting boot process
71 [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" -a "${ezjail_blocking}" = "YES" ] && continue 71 [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" -a "${ezjail_blocking}" = "YES" ] && continue
@@ -95,10 +95,10 @@ attach_detach_pre ()
95 # /etc/rc.d/jail does 95 # /etc/rc.d/jail does
96 [ -e /var/run/jail_${ezjail}.id ] && return 1 96 [ -e /var/run/jail_${ezjail}.id ] && return 1
97 97
98 if [ -L "${ezjail_root}.device" ]; then 98 if [ -L "${ezjail_rootdir}.device" ]; then
99 # Fetch destination of soft link 99 # Fetch destination of soft link
100 ezjail_device=`stat -f "%Y" ${ezjail_root}.device` 100 ezjail_device=`stat -f "%Y" ${ezjail_rootdir}.device`
101 [ -b "${ezjail_device}" ] && echo "Warning: Jail image file ${ezjail_name} already attached as ${ezjail_device}." && return 1 101 [ -e "${ezjail_device}" ] && echo "Jail image file ${ezjail} already attached as ${ezjail_device}. 'ezjail-admin config -i detach' it first." && return 1
102 fi 102 fi
103 103
104 # Create a memory disc from jail image 104 # Create a memory disc from jail image
@@ -110,8 +110,8 @@ attach_detach_pre ()
110 crypto|bde) 110 crypto|bde)
111 echo "Attaching bde device for image jail ${ezjail}..." 111 echo "Attaching bde device for image jail ${ezjail}..."
112 echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh 112 echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh
113 if [ $? -eq 0 ]; then 113 if [ $? -ne 0 ]; then
114 mdconfig -d -u ${ezjail_imagedevice} > /dev/null 114 mdconfig -d -u ${ezjail_device} > /dev/null
115 echo "Error: Attaching bde device failed."; return 1 115 echo "Error: Attaching bde device failed."; return 1
116 fi 116 fi
117 # Device to mount is not md anymore 117 # Device to mount is not md anymore
@@ -120,8 +120,8 @@ attach_detach_pre ()
120 eli) 120 eli)
121 echo "Attaching eli device for image jail ${ezjail}..." 121 echo "Attaching eli device for image jail ${ezjail}..."
122 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh 122 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
123 if [ $? -eq 0 ]; then 123 if [ $? -ne 0 ]; then
124 mdconfig -d -u ${ezjail_imagedevice} > /dev/null 124 mdconfig -d -u ${ezjail_device} > /dev/null
125 echo "Error: Attaching eli device failed."; return 1 125 echo "Error: Attaching eli device failed."; return 1
126 fi 126 fi
127 # Device to mount is not md anymore 127 # Device to mount is not md anymore
@@ -130,17 +130,21 @@ attach_detach_pre ()
130 esac 130 esac
131 131
132 # Clean image 132 # Clean image
133 fsck_ufs -F -p ${ezjail_device} 133 fsck_ufs -F -p /dev/${ezjail_device}
134 134
135 # relink image device 135 # relink image device
136 rm -f ${ezjail_root}.device 136 rm -f ${ezjail_rootdir}.device
137 ln -s /dev/${ezjail_device} ${ezjail_root}.device 137 ln -s /dev/${ezjail_device} ${ezjail_rootdir}.device
138 else 138 else
139 # If jail is not running, do not unmount devices, this is the same check
140 # as /etc/rc.d/jail does
141 [ -e /var/run/jail_${ezjail}.id ] || return 1
142
139 # If soft link to device is not set, we cannot unmount 143 # If soft link to device is not set, we cannot unmount
140 [ -e ${ezjail_root}.device ] || return 144 [ -e ${ezjail_rootdir}.device ] || return
141 145
142 # Fetch destination of soft link 146 # Fetch destination of soft link
143 ezjail_device=`stat -f "%Y" ${ezjail_root}.device` 147 ezjail_device=`stat -f "%Y" ${ezjail_rootdir}.device`
144 148
145 # Add this device to the list of devices to be unmounted 149 # Add this device to the list of devices to be unmounted
146 case ${ezjail_imagetype} in 150 case ${ezjail_imagetype} in
@@ -149,7 +153,7 @@ attach_detach_pre ()
149 esac 153 esac
150 154
151 # Remove soft link (which acts as a lock) 155 # Remove soft link (which acts as a lock)
152 rm -f ${ezjail_root}.device 156 rm -f ${ezjail_rootdir}.device
153 fi 157 fi
154} 158}
155 159