diff options
-rwxr-xr-x | ezjail-admin | 132 |
1 files changed, 60 insertions, 72 deletions
diff --git a/ezjail-admin b/ezjail-admin index b6cf6dd..6cd11a8 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -2,10 +2,11 @@ | |||
2 | 2 | ||
3 | # ugly: this variable is set during port install time | 3 | # ugly: this variable is set during port install time |
4 | ezjail_prefix=EZJAIL_PREFIX | 4 | ezjail_prefix=EZJAIL_PREFIX |
5 | ezjail_jailcfgs=${ezjail_prefix}/etc/ezjail | 5 | ezjail_etc=${ezjail_prefix}/etc |
6 | ezjail_jailcfgs=${ezjail_etc}/ezjail | ||
6 | 7 | ||
7 | if [ -f ${ezjail_prefix}/etc/ezjail.conf ]; then | 8 | if [ -f ${ezjail_etc}/ezjail.conf ]; then |
8 | . ${ezjail_prefix}/etc/ezjail.conf; | 9 | . ${ezjail_etc}/ezjail.conf; |
9 | fi | 10 | fi |
10 | 11 | ||
11 | # set defaults | 12 | # set defaults |
@@ -21,22 +22,21 @@ ezjail_devfs_ruleset=${ezjail_devfs_ruleset:-"devfsrules_jail"} | |||
21 | ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"} | 22 | ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"} |
22 | ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} | 23 | ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} |
23 | 24 | ||
25 | function exerr () { echo $*; exit 1; } | ||
26 | |||
24 | # check for command | 27 | # check for command |
25 | if [ -z "$1" ]; then | 28 | [ "$1" ] || exerr "Usage: `basename $0` [create|delete|list|update] {params}" |
26 | echo "Usage: `basename $0` [create|delete|list|update] {params}"; | ||
27 | exit 1; | ||
28 | fi | ||
29 | 29 | ||
30 | case "$1" in | 30 | case "$1" in |
31 | ######################## ezjail-admin CREATE ######################## | ||
31 | create) | 32 | create) |
32 | shift | 33 | shift |
33 | args=`getopt xr: $*` | 34 | args=`getopt xf:r: $*` |
34 | if [ $? != 0 ]; then | 35 | [ $? = 0 ] || exerr 'Usage: ezjail create [-f flavour] [-r jailroot] [-x] jailname jailip'; |
35 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; | ||
36 | exit 1; | ||
37 | fi | ||
38 | 36 | ||
39 | newjail_root= | 37 | newjail_root= |
38 | newjail_flavour= | ||
39 | newjail_flav= | ||
40 | newjail_softlink= | 40 | newjail_softlink= |
41 | newjail_fill="YES" | 41 | newjail_fill="YES" |
42 | 42 | ||
@@ -45,34 +45,25 @@ create) | |||
45 | case $arg in | 45 | case $arg in |
46 | -x) newjail_fill="NO"; shift;; | 46 | -x) newjail_fill="NO"; shift;; |
47 | -r) newjail_root="$2"; shift 2;; | 47 | -r) newjail_root="$2"; shift 2;; |
48 | -f) newjail_flavour="$2"; shift 2;; | ||
48 | --) shift; break;; | 49 | --) shift; break;; |
49 | esac | 50 | esac |
50 | done; | 51 | done; |
51 | newjail_name=$1; newjail_ip=$2; | 52 | newjail_name=$1; newjail_ip=$2; |
52 | 53 | ||
53 | # we need at least a name and an ip for new jail | 54 | # we need at least a name and an ip for new jail |
54 | if [ -z "$newjail_name" -o -z "$newjail_ip" -o $# != 2 ]; then | 55 | [ "$newjail_name" -a "$newjail_ip" -a $# = 2 ] || exerr 'Usage: ezjail create [-f flavour] [-r jailroot] [-x] jailname jailip' |
55 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; exit 1; | ||
56 | fi | ||
57 | 56 | ||
58 | # check, whether IP is configured on a local interface, warn if it isnt | 57 | # check, whether IP is configured on a local interface, warn if it isnt |
59 | ping -c 1 -m 1 -t 1 -q $newjail_ip > /dev/null | 58 | ping -c 1 -m 1 -t 1 -q $newjail_ip > /dev/null |
60 | if [ $? != 0 ]; then | 59 | [ $? = 0 ] || echo "Warning: IP $newjail_ip not configured on a local interface" |
61 | echo "Warning: IP $newjail_ip not configured on a local interface" | ||
62 | fi | ||
63 | 60 | ||
64 | # check, whether ezjail-update has been called. existence of | 61 | # check, whether ezjail-update has been called. existence of |
65 | # ezjail_jailbase is our indicator | 62 | # ezjail_jailbase is our indicator |
66 | if [ ! -d $ezjail_jailbase ]; then | 63 | [ -d $ezjail_jailbase ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first" |
67 | echo "Error: base jail does not exist. Please run 'ezjail-admin update' first" | ||
68 | exit 1; | ||
69 | fi | ||
70 | 64 | ||
71 | # relative paths don't make sense in rc.scripts | 65 | # relative paths don't make sense in rc.scripts |
72 | if [ ${ezjail_jaildir#/} = ${ezjail_jaildir} ]; then | 66 | [ ${ezjail_jaildir#/} = ${ezjail_jaildir} ] && exerr "Error: Need an absolute path in ezjail_jaildir, it is currently set to: $ezjail_jaildir" |
73 | echo "Error: Need an absolute path in ezjail_jaildir, it is currently set to: $ezjail_jaildir" | ||
74 | exit 1; | ||
75 | fi | ||
76 | 67 | ||
77 | # jail names must not have names that irritate file systems, | 68 | # jail names must not have names that irritate file systems, |
78 | # excluding dots from this list was done intentionally to | 69 | # excluding dots from this list was done intentionally to |
@@ -84,30 +75,39 @@ create) | |||
84 | 75 | ||
85 | # if jail root specified on command line is not absolute, | 76 | # if jail root specified on command line is not absolute, |
86 | # make it absolute inside our jail directory | 77 | # make it absolute inside our jail directory |
87 | if [ ${newjail_root#/} = ${newjail_root} ]; then | 78 | [ ${newjail_root#/} = ${newjail_root} ] || newjail_root=$ezjail_jaildir/$newjail_root |
88 | newjail_root=$ezjail_jaildir/$newjail_root | ||
89 | fi | ||
90 | 79 | ||
91 | # if jail root specified on command line does not lie | 80 | # if jail root specified on command line does not lie |
92 | # within our jail directory, we need to create a softlink | 81 | # within our jail directory, we need to create a softlink |
93 | if [ ${newjail_root##${ezjail_jaildir}} = $newjail_root ]; then | 82 | if [ ${newjail_root##${ezjail_jaildir}} = $newjail_root ]; then |
94 | newjail_softlink=$ezjail_jaildir/`basename $newjail_root` | 83 | newjail_softlink=$ezjail_jaildir/`basename $newjail_root` |
95 | if [ -e $newjail_softlink -a $newjail_fill = "YES" ]; then | 84 | [ -e $newjail_softlink -a $newjail_fill = "YES" ] && exerr "Error: an ezjail already exists at $newjail_softlink" |
96 | echo Error: an ezjail already exists at $newjail_softlink | 85 | fi |
97 | exit 1; | 86 | |
87 | # do some sanity checks on the selected flavour (if any) | ||
88 | if [ "$newjail_flavour" ]; then | ||
89 | # simple case wins, most often you won't have a ezjail.flavour.FLAV | ||
90 | # AND a ./FLAV lying around. If you do, you won't need "./httpd" | ||
91 | # but /ezjail_etc/ezjail.flavour.httpd, whatever ./httpd would be | ||
92 | # For now exit with error, maybe just warn later. | ||
93 | [ -f "$newjail_flavour" ] && newjail_flav=${newjail_flavour} | ||
94 | |||
95 | # if flavour contains a '/', it aint a short name | ||
96 | if [ ${newjail_flavour} = ${newjail_flavour%/*} -a \ | ||
97 | -f ${ezjail_etc}/ezjail.flavour.${newjail_flavour} ]; then | ||
98 | [ $newjail_flav ] && exerr "Note: flavour ${newjail_flavour} conflicts with file ./${newjail_flavour}" | ||
99 | $newjail_flav=${ezjail_etc}/ezjail.flavour.${newjail_flavour} | ||
98 | fi | 100 | fi |
99 | fi | 101 | fi |
100 | 102 | ||
101 | # now take a copy of our template jail | 103 | # now take a copy of our template jail |
102 | if [ $newjail_fill = "YES" ]; then | 104 | if [ "$newjail_fill" = "YES" ]; then |
103 | mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} \ | 105 | mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && \ |
104 | && find * | cpio -p -v ${newjail_root} | 106 | find * | cpio -p -v ${newjail_root} |
105 | fi | 107 | fi |
106 | 108 | ||
107 | # if a soft link is necessary, create it now | 109 | # if a soft link is necessary, create it now |
108 | if [ $newjail_softlink ]; then | 110 | [ "$newjail_softlink" ] && ln -s $newjail_root $newjail_softlink |
109 | ln -s $newjail_root $newjail_softlink | ||
110 | fi | ||
111 | 111 | ||
112 | # if the automount feature is not disabled, create an | 112 | # if the automount feature is not disabled, create an |
113 | # fstab entry for new jail | 113 | # fstab entry for new jail |
@@ -128,12 +128,10 @@ create) | |||
128 | 128 | ||
129 | ;; | 129 | ;; |
130 | delete) | 130 | delete) |
131 | ######################## ezjail-admin DELETE ######################## | ||
131 | shift | 132 | shift |
132 | args=`getopt w $*` | 133 | args=`getopt w $*` |
133 | if [ $? != 0 ]; then | 134 | [ $? = 0 ] || exerr 'Usage: ezjail delete [-w] jailname'; exit 1; |
134 | echo 'Usage: ezjail delete [-w] jailname'; | ||
135 | exit 1; | ||
136 | fi | ||
137 | 135 | ||
138 | oldjail_wipe="NO" | 136 | oldjail_wipe="NO" |
139 | 137 | ||
@@ -147,17 +145,13 @@ delete) | |||
147 | oldjail_name=$1; | 145 | oldjail_name=$1; |
148 | 146 | ||
149 | # we only need name of jail to vanish | 147 | # we only need name of jail to vanish |
150 | if [ -z "$oldjail_name" -o $# != 1 ]; then | 148 | [ "$oldjail_name" -a $# = 1 ] || exerr 'Usage: ezjail delete [-w] jailname' |
151 | echo 'Usage: ezjail delete [-w] jailname'; exit 1; | ||
152 | fi | ||
153 | 149 | ||
154 | # tidy up jail name the ezjail way | 150 | # tidy up jail name the ezjail way |
155 | oldjail_nname=`echo $oldjail_name | tr /~. ___`; | 151 | oldjail_nname=`echo $oldjail_name | tr /~. ___`; |
156 | 152 | ||
157 | # check for existence of jail in our records | 153 | # check for existence of jail in our records |
158 | if [ ! -f ${ezjail_jailcfgs}/${oldjail_nname} ]; then | 154 | [ -f ${ezjail_jailcfgs}/${oldjail_nname} ] || exerr "Error: Nothing known about jail $oldjail_name" |
159 | echo "Error: Nothing known about jail $oldjail_name"; exit 1 | ||
160 | fi | ||
161 | 155 | ||
162 | # fetch information about the jail to be gone | 156 | # fetch information about the jail to be gone |
163 | # by parsing our records | 157 | # by parsing our records |
@@ -180,17 +174,14 @@ delete) | |||
180 | 174 | ||
181 | # if there is a soft link pointing to the jail root, remove it | 175 | # if there is a soft link pointing to the jail root, remove it |
182 | oldjail_softlink=$ezjail_jaildir/`basename $oldjail_rootdir` | 176 | oldjail_softlink=$ezjail_jaildir/`basename $oldjail_rootdir` |
183 | if [ -L $oldjail_softlink ]; then | 177 | [ -L $oldjail_softlink ] && rm $oldjail_softlink |
184 | rm $oldjail_softlink | ||
185 | fi | ||
186 | 178 | ||
187 | # if wiping the jail was requested, remove it | 179 | # if wiping the jail was requested, remove it |
188 | if [ $oldjail_wipe = "YES" ]; then | 180 | [ $oldjail_wipe = "YES" ] && rm -rf $oldjail_rootdir |
189 | rm -rf $oldjail_rootdir | ||
190 | fi | ||
191 | 181 | ||
192 | ;; | 182 | ;; |
193 | list) | 183 | list) |
184 | ######################## ezjail-admin LIST ######################## | ||
194 | jail_list=`ls $ezjail_jailcfgs` | 185 | jail_list=`ls $ezjail_jailcfgs` |
195 | for jail in $jail_list; do | 186 | for jail in $jail_list; do |
196 | . ${ezjail_jailcfgs}/$jail | 187 | . ${ezjail_jailcfgs}/$jail |
@@ -201,12 +192,10 @@ list) | |||
201 | done | 192 | done |
202 | ;; | 193 | ;; |
203 | setup|update) | 194 | setup|update) |
195 | ######################## ezjail-admin UPDATE ######################## | ||
204 | shift | 196 | shift |
205 | args=`getopt is: $*` | 197 | args=`getopt is: $*` |
206 | if [ $? != 0 ]; then | 198 | [ $? = 0 ] || exerr 'Usage: ezjail update [-s sourcetree] [-i]' |
207 | echo 'Usage: ezjail update [-s sourcetree] [-i]'; | ||
208 | exit 1; | ||
209 | fi | ||
210 | 199 | ||
211 | updatejail_installaction="world" | 200 | updatejail_installaction="world" |
212 | 201 | ||
@@ -219,26 +208,25 @@ setup|update) | |||
219 | esac | 208 | esac |
220 | done; | 209 | done; |
221 | 210 | ||
222 | if [ ! -d ${ezjail_sourcetree} ]; then | 211 | # Bump the user for some of the most common errors |
223 | echo "Cannot find your copy of the FreeBSD source tree in $ezjail_sourcetree."; exit 1; | 212 | [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in $ezjail_sourcetree." |
224 | fi | 213 | [ -f ${ezjail_sourcetree}/Makefile ] || exerr "Your source tree in $ezjail_sourcetree seems to be incomplete (Makefile missing)." |
225 | |||
226 | if [ ! -f ${ezjail_sourcetree}/Makefile ]; then | ||
227 | echo "Your source tree in $ezjail_sourcetree seems to be incomplete (Makefile missing)."; exit 1; | ||
228 | fi | ||
229 | 214 | ||
230 | cd ${ezjail_sourcetree} | 215 | cd ${ezjail_sourcetree} |
216 | # Normally fulljail should be renamed by past ezjail-admin commands | ||
217 | # However those may have failed | ||
231 | rm -rf ${ezjail_jailfull}; mkdir -p ${ezjail_jailfull} | 218 | rm -rf ${ezjail_jailfull}; mkdir -p ${ezjail_jailfull} |
219 | |||
220 | # make our world | ||
232 | make ${updatejail_installaction} DESTDIR=${ezjail_jailfull} | 221 | make ${updatejail_installaction} DESTDIR=${ezjail_jailfull} |
233 | if [ $? != 0 ]; then | 222 | [ $? = 0 ] || exerr "make ${updatejail_installaction} failed" |
234 | echo "make ${updatejail_installaction} failed"; exit 1; | 223 | |
235 | fi | 224 | # setup world |
236 | make distribution DESTDIR=${ezjail_jailfull} | 225 | make distribution DESTDIR=${ezjail_jailfull} |
237 | if [ $? != 0 ]; then | 226 | [ $? = 0 ] || exerr "make distribution failed" |
238 | echo "make distribution failed"; exit 1; | ||
239 | fi | ||
240 | 227 | ||
241 | cd ${ezjail_jailfull} | 228 | cd ${ezjail_jailfull} |
229 | # Fill basejail from installed world | ||
242 | mkdir -p ${ezjail_jailbase}/usr ${ezjail_jailbase}/config/pkg | 230 | mkdir -p ${ezjail_jailbase}/usr ${ezjail_jailbase}/config/pkg |
243 | for a in bin sbin usr/bin usr/include usr/lib usr/libexec usr/sbin usr/src usr/share; do | 231 | for a in bin sbin usr/bin usr/include usr/lib usr/libexec usr/sbin usr/src usr/share; do |
244 | find ${a} | cpio -d -p -v ${ezjail_jailbase}; | 232 | find ${a} | cpio -d -p -v ${ezjail_jailbase}; |