summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xezjail-admin132
1 files changed, 60 insertions, 72 deletions
diff --git a/ezjail-admin b/ezjail-admin
index b6cf6dd..6cd11a8 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -2,10 +2,11 @@
2 2
3# ugly: this variable is set during port install time 3# ugly: this variable is set during port install time
4ezjail_prefix=EZJAIL_PREFIX 4ezjail_prefix=EZJAIL_PREFIX
5ezjail_jailcfgs=${ezjail_prefix}/etc/ezjail 5ezjail_etc=${ezjail_prefix}/etc
6ezjail_jailcfgs=${ezjail_etc}/ezjail
6 7
7if [ -f ${ezjail_prefix}/etc/ezjail.conf ]; then 8if [ -f ${ezjail_etc}/ezjail.conf ]; then
8 . ${ezjail_prefix}/etc/ezjail.conf; 9 . ${ezjail_etc}/ezjail.conf;
9fi 10fi
10 11
11# set defaults 12# set defaults
@@ -21,22 +22,21 @@ ezjail_devfs_ruleset=${ezjail_devfs_ruleset:-"devfsrules_jail"}
21ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"} 22ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"}
22ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} 23ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"}
23 24
25function exerr () { echo $*; exit 1; }
26
24# check for command 27# check for command
25if [ -z "$1" ]; then 28[ "$1" ] || exerr "Usage: `basename $0` [create|delete|list|update] {params}"
26 echo "Usage: `basename $0` [create|delete|list|update] {params}";
27 exit 1;
28fi
29 29
30case "$1" in 30case "$1" in
31######################## ezjail-admin CREATE ########################
31create) 32create)
32 shift 33 shift
33 args=`getopt xr: $*` 34 args=`getopt xf:r: $*`
34 if [ $? != 0 ]; then 35 [ $? = 0 ] || exerr 'Usage: ezjail create [-f flavour] [-r jailroot] [-x] jailname jailip';
35 echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip';
36 exit 1;
37 fi
38 36
39 newjail_root= 37 newjail_root=
38 newjail_flavour=
39 newjail_flav=
40 newjail_softlink= 40 newjail_softlink=
41 newjail_fill="YES" 41 newjail_fill="YES"
42 42
@@ -45,34 +45,25 @@ create)
45 case $arg in 45 case $arg in
46 -x) newjail_fill="NO"; shift;; 46 -x) newjail_fill="NO"; shift;;
47 -r) newjail_root="$2"; shift 2;; 47 -r) newjail_root="$2"; shift 2;;
48 -f) newjail_flavour="$2"; shift 2;;
48 --) shift; break;; 49 --) shift; break;;
49 esac 50 esac
50 done; 51 done;
51 newjail_name=$1; newjail_ip=$2; 52 newjail_name=$1; newjail_ip=$2;
52 53
53 # we need at least a name and an ip for new jail 54 # we need at least a name and an ip for new jail
54 if [ -z "$newjail_name" -o -z "$newjail_ip" -o $# != 2 ]; then 55 [ "$newjail_name" -a "$newjail_ip" -a $# = 2 ] || exerr 'Usage: ezjail create [-f flavour] [-r jailroot] [-x] jailname jailip'
55 echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; exit 1;
56 fi
57 56
58 # check, whether IP is configured on a local interface, warn if it isnt 57 # check, whether IP is configured on a local interface, warn if it isnt
59 ping -c 1 -m 1 -t 1 -q $newjail_ip > /dev/null 58 ping -c 1 -m 1 -t 1 -q $newjail_ip > /dev/null
60 if [ $? != 0 ]; then 59 [ $? = 0 ] || echo "Warning: IP $newjail_ip not configured on a local interface"
61 echo "Warning: IP $newjail_ip not configured on a local interface"
62 fi
63 60
64 # check, whether ezjail-update has been called. existence of 61 # check, whether ezjail-update has been called. existence of
65 # ezjail_jailbase is our indicator 62 # ezjail_jailbase is our indicator
66 if [ ! -d $ezjail_jailbase ]; then 63 [ -d $ezjail_jailbase ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first"
67 echo "Error: base jail does not exist. Please run 'ezjail-admin update' first"
68 exit 1;
69 fi
70 64
71 # relative paths don't make sense in rc.scripts 65 # relative paths don't make sense in rc.scripts
72 if [ ${ezjail_jaildir#/} = ${ezjail_jaildir} ]; then 66 [ ${ezjail_jaildir#/} = ${ezjail_jaildir} ] && exerr "Error: Need an absolute path in ezjail_jaildir, it is currently set to: $ezjail_jaildir"
73 echo "Error: Need an absolute path in ezjail_jaildir, it is currently set to: $ezjail_jaildir"
74 exit 1;
75 fi
76 67
77 # jail names must not have names that irritate file systems, 68 # jail names must not have names that irritate file systems,
78 # excluding dots from this list was done intentionally to 69 # excluding dots from this list was done intentionally to
@@ -84,30 +75,39 @@ create)
84 75
85 # if jail root specified on command line is not absolute, 76 # if jail root specified on command line is not absolute,
86 # make it absolute inside our jail directory 77 # make it absolute inside our jail directory
87 if [ ${newjail_root#/} = ${newjail_root} ]; then 78 [ ${newjail_root#/} = ${newjail_root} ] || newjail_root=$ezjail_jaildir/$newjail_root
88 newjail_root=$ezjail_jaildir/$newjail_root
89 fi
90 79
91 # if jail root specified on command line does not lie 80 # if jail root specified on command line does not lie
92 # within our jail directory, we need to create a softlink 81 # within our jail directory, we need to create a softlink
93 if [ ${newjail_root##${ezjail_jaildir}} = $newjail_root ]; then 82 if [ ${newjail_root##${ezjail_jaildir}} = $newjail_root ]; then
94 newjail_softlink=$ezjail_jaildir/`basename $newjail_root` 83 newjail_softlink=$ezjail_jaildir/`basename $newjail_root`
95 if [ -e $newjail_softlink -a $newjail_fill = "YES" ]; then 84 [ -e $newjail_softlink -a $newjail_fill = "YES" ] && exerr "Error: an ezjail already exists at $newjail_softlink"
96 echo Error: an ezjail already exists at $newjail_softlink 85 fi
97 exit 1; 86
87 # do some sanity checks on the selected flavour (if any)
88 if [ "$newjail_flavour" ]; then
89 # simple case wins, most often you won't have a ezjail.flavour.FLAV
90 # AND a ./FLAV lying around. If you do, you won't need "./httpd"
91 # but /ezjail_etc/ezjail.flavour.httpd, whatever ./httpd would be
92 # For now exit with error, maybe just warn later.
93 [ -f "$newjail_flavour" ] && newjail_flav=${newjail_flavour}
94
95 # if flavour contains a '/', it aint a short name
96 if [ ${newjail_flavour} = ${newjail_flavour%/*} -a \
97 -f ${ezjail_etc}/ezjail.flavour.${newjail_flavour} ]; then
98 [ $newjail_flav ] && exerr "Note: flavour ${newjail_flavour} conflicts with file ./${newjail_flavour}"
99 $newjail_flav=${ezjail_etc}/ezjail.flavour.${newjail_flavour}
98 fi 100 fi
99 fi 101 fi
100 102
101 # now take a copy of our template jail 103 # now take a copy of our template jail
102 if [ $newjail_fill = "YES" ]; then 104 if [ "$newjail_fill" = "YES" ]; then
103 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} \ 105 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && \
104 && find * | cpio -p -v ${newjail_root} 106 find * | cpio -p -v ${newjail_root}
105 fi 107 fi
106 108
107 # if a soft link is necessary, create it now 109 # if a soft link is necessary, create it now
108 if [ $newjail_softlink ]; then 110 [ "$newjail_softlink" ] && ln -s $newjail_root $newjail_softlink
109 ln -s $newjail_root $newjail_softlink
110 fi
111 111
112 # if the automount feature is not disabled, create an 112 # if the automount feature is not disabled, create an
113 # fstab entry for new jail 113 # fstab entry for new jail
@@ -128,12 +128,10 @@ create)
128 128
129 ;; 129 ;;
130delete) 130delete)
131######################## ezjail-admin DELETE ########################
131 shift 132 shift
132 args=`getopt w $*` 133 args=`getopt w $*`
133 if [ $? != 0 ]; then 134 [ $? = 0 ] || exerr 'Usage: ezjail delete [-w] jailname'; exit 1;
134 echo 'Usage: ezjail delete [-w] jailname';
135 exit 1;
136 fi
137 135
138 oldjail_wipe="NO" 136 oldjail_wipe="NO"
139 137
@@ -147,17 +145,13 @@ delete)
147 oldjail_name=$1; 145 oldjail_name=$1;
148 146
149 # we only need name of jail to vanish 147 # we only need name of jail to vanish
150 if [ -z "$oldjail_name" -o $# != 1 ]; then 148 [ "$oldjail_name" -a $# = 1 ] || exerr 'Usage: ezjail delete [-w] jailname'
151 echo 'Usage: ezjail delete [-w] jailname'; exit 1;
152 fi
153 149
154 # tidy up jail name the ezjail way 150 # tidy up jail name the ezjail way
155 oldjail_nname=`echo $oldjail_name | tr /~. ___`; 151 oldjail_nname=`echo $oldjail_name | tr /~. ___`;
156 152
157 # check for existence of jail in our records 153 # check for existence of jail in our records
158 if [ ! -f ${ezjail_jailcfgs}/${oldjail_nname} ]; then 154 [ -f ${ezjail_jailcfgs}/${oldjail_nname} ] || exerr "Error: Nothing known about jail $oldjail_name"
159 echo "Error: Nothing known about jail $oldjail_name"; exit 1
160 fi
161 155
162 # fetch information about the jail to be gone 156 # fetch information about the jail to be gone
163 # by parsing our records 157 # by parsing our records
@@ -180,17 +174,14 @@ delete)
180 174
181 # if there is a soft link pointing to the jail root, remove it 175 # if there is a soft link pointing to the jail root, remove it
182 oldjail_softlink=$ezjail_jaildir/`basename $oldjail_rootdir` 176 oldjail_softlink=$ezjail_jaildir/`basename $oldjail_rootdir`
183 if [ -L $oldjail_softlink ]; then 177 [ -L $oldjail_softlink ] && rm $oldjail_softlink
184 rm $oldjail_softlink
185 fi
186 178
187 # if wiping the jail was requested, remove it 179 # if wiping the jail was requested, remove it
188 if [ $oldjail_wipe = "YES" ]; then 180 [ $oldjail_wipe = "YES" ] && rm -rf $oldjail_rootdir
189 rm -rf $oldjail_rootdir
190 fi
191 181
192 ;; 182 ;;
193list) 183list)
184######################## ezjail-admin LIST ########################
194 jail_list=`ls $ezjail_jailcfgs` 185 jail_list=`ls $ezjail_jailcfgs`
195 for jail in $jail_list; do 186 for jail in $jail_list; do
196 . ${ezjail_jailcfgs}/$jail 187 . ${ezjail_jailcfgs}/$jail
@@ -201,12 +192,10 @@ list)
201 done 192 done
202 ;; 193 ;;
203setup|update) 194setup|update)
195######################## ezjail-admin UPDATE ########################
204 shift 196 shift
205 args=`getopt is: $*` 197 args=`getopt is: $*`
206 if [ $? != 0 ]; then 198 [ $? = 0 ] || exerr 'Usage: ezjail update [-s sourcetree] [-i]'
207 echo 'Usage: ezjail update [-s sourcetree] [-i]';
208 exit 1;
209 fi
210 199
211 updatejail_installaction="world" 200 updatejail_installaction="world"
212 201
@@ -219,26 +208,25 @@ setup|update)
219 esac 208 esac
220 done; 209 done;
221 210
222 if [ ! -d ${ezjail_sourcetree} ]; then 211 # Bump the user for some of the most common errors
223 echo "Cannot find your copy of the FreeBSD source tree in $ezjail_sourcetree."; exit 1; 212 [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in $ezjail_sourcetree."
224 fi 213 [ -f ${ezjail_sourcetree}/Makefile ] || exerr "Your source tree in $ezjail_sourcetree seems to be incomplete (Makefile missing)."
225
226 if [ ! -f ${ezjail_sourcetree}/Makefile ]; then
227 echo "Your source tree in $ezjail_sourcetree seems to be incomplete (Makefile missing)."; exit 1;
228 fi
229 214
230 cd ${ezjail_sourcetree} 215 cd ${ezjail_sourcetree}
216 # Normally fulljail should be renamed by past ezjail-admin commands
217 # However those may have failed
231 rm -rf ${ezjail_jailfull}; mkdir -p ${ezjail_jailfull} 218 rm -rf ${ezjail_jailfull}; mkdir -p ${ezjail_jailfull}
219
220 # make our world
232 make ${updatejail_installaction} DESTDIR=${ezjail_jailfull} 221 make ${updatejail_installaction} DESTDIR=${ezjail_jailfull}
233 if [ $? != 0 ]; then 222 [ $? = 0 ] || exerr "make ${updatejail_installaction} failed"
234 echo "make ${updatejail_installaction} failed"; exit 1; 223
235 fi 224 # setup world
236 make distribution DESTDIR=${ezjail_jailfull} 225 make distribution DESTDIR=${ezjail_jailfull}
237 if [ $? != 0 ]; then 226 [ $? = 0 ] || exerr "make distribution failed"
238 echo "make distribution failed"; exit 1;
239 fi
240 227
241 cd ${ezjail_jailfull} 228 cd ${ezjail_jailfull}
229 # Fill basejail from installed world
242 mkdir -p ${ezjail_jailbase}/usr ${ezjail_jailbase}/config/pkg 230 mkdir -p ${ezjail_jailbase}/usr ${ezjail_jailbase}/config/pkg
243 for a in bin sbin usr/bin usr/include usr/lib usr/libexec usr/sbin usr/src usr/share; do 231 for a in bin sbin usr/bin usr/include usr/lib usr/libexec usr/sbin usr/src usr/share; do
244 find ${a} | cpio -d -p -v ${ezjail_jailbase}; 232 find ${a} | cpio -d -p -v ${ezjail_jailbase};