summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xezjail-admin37
-rwxr-xr-xezjail.sh19
2 files changed, 30 insertions, 26 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 1846138..49ddee3 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -148,8 +148,7 @@ case "$1" in
148######################## ezjail-admin CREATE ######################## 148######################## ezjail-admin CREATE ########################
149create) 149create)
150 # Clean variables, prevent polution 150 # Clean variables, prevent polution
151 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists 151 unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists ezjail_attachblocking
152
153 shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in 152 shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in
154 x) ezjail_exists="YES";; 153 x) ezjail_exists="YES";;
155 r) ezjail_rootdir="${OPTARG}";; 154 r) ezjail_rootdir="${OPTARG}";;
@@ -253,13 +252,14 @@ create)
253 # And attach device 252 # And attach device
254 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` 253 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
255 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" 254 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
256
257 case "${ezjail_imagetype}" in 255 case "${ezjail_imagetype}" in
258 bde|eli) 256 bde|eli)
259 # parse imageparams, generate attachparams 257 # parse imageparams, generate attachparams
258 ezjail_attachblocking="YES"
260 if [ -n "${ezjail_imageparams}" ]; then 259 if [ -n "${ezjail_imageparams}" ]; then
261 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` 260 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh `
262 [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" 261 [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed"
262 [ 3 -eq $? ] && unset ezjail_attachblocking
263 fi 263 fi
264 case "${ezjail_imagetype}" in 264 case "${ezjail_imagetype}" in
265 bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}" 265 bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}"
@@ -267,13 +267,14 @@ create)
267 eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}" 267 eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}"
268 attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";; 268 attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";;
269 esac 269 esac
270 echo "Initialising crypto device. Enter a new passphrase twice... (if necessary)" 270 [ -n "${ezjail_attachblocking}" ] && echo "Initialising crypto device. Enter a new passphrase twice... "
271
271 ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image." 272 ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image."
272 273
273 echo "Attaching crypto device. Enter the passphrase... (if necessary)" 274 [ -n "${ezjail_attachblocking}" ] && echo "Attaching crypto device. Enter the passphrase... "
274 ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." 275 ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image."
275 ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} 276 ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype}
276 ;; 277 ;;
277 simple) 278 simple)
278 ezjail_device=${ezjail_imagedevice} 279 ezjail_device=${ezjail_imagedevice}
279 ;; 280 ;;
@@ -324,6 +325,7 @@ create)
324 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} 325 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config}
325 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} 326 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config}
326 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} 327 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config}
328 echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" >> ${ezjail_config}
327 echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config} 329 echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config}
328 330
329 # Final steps for flavour installation 331 # Final steps for flavour installation
@@ -570,18 +572,20 @@ config)
570############################################################################## 572##############################################################################
571# ezjail_imageparams HACK starts here 573# ezjail_imageparams HACK starts here
572# 574#
573# 575#
574_parse_geli_attach_args_) 576_parse_geli_attach_args_)
575 # create geli(8) attach arguments from geli(8) init arguments: 577 # create geli(8) attach arguments from geli(8) init arguments:
576 # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, 578 # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present,
577 # everything else is dicarded 579 # everything else is dicarded
580 # exit values: 2->NO_ERROR, 3->NO_ERROR,PASSWORD_SET, 5->PARSER_ERROR
581 _exit=2
578 shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in 582 shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in
579 b|v|a|i|l|s);; # ignore these 583 b|v|a|i|l|s);; # ignore these
580 P) echo -n "-p ";; 584 P) echo -n "-p "; _exit=3 ;;
581 K) echo -n "-k '$OPTARG' ";; 585 K) echo -n "-k '$OPTARG' ";;
582 ?) exit 11;; 586 ?) exit 5;;
583 esac; done 587 esac; done
584 exit 0 588 exit ${_exit}
585 ;; 589 ;;
586_parse_gbde_attach_args_) 590_parse_gbde_attach_args_)
587 # create gbde(8) attach arguments from gbde(8) init arguments: 591 # create gbde(8) attach arguments from gbde(8) init arguments:
@@ -589,18 +593,21 @@ _parse_gbde_attach_args_)
589 # -K keyfile becomes -k keyfile if present 593 # -K keyfile becomes -k keyfile if present
590 # -P passphrase becomes -p passphrase if present 594 # -P passphrase becomes -p passphrase if present
591 # everything else is discarded 595 # everything else is discarded
596 # exit values: 2->NO_ERROR, 3->NO_ERROR+PASSWORD_SET, 5->PARSER_ERROR
597 _exit=2
592 shift; while getopts :iK:f:L:P: arg; do case ${arg} in 598 shift; while getopts :iK:f:L:P: arg; do case ${arg} in
593 i|f);; # ignore these 599 i|f);; # ignore these
594 P) echo -n "-p '$OPTARG' ";; 600 P) echo -n "-p '$OPTARG' "; _exit=3;;
595 K) echo -n "-k '$OPTARG' ";; 601 K) echo -n "-k '$OPTARG' ";;
596 L) echo -n "-l '$OPTARG' ";; 602 L) echo -n "-l '$OPTARG' ";;
597 ?) exit 11;; 603 ?) exit 5;;
598 esac; done 604 esac; done
599 exit 0 605 exit ${_exit}
600 ;; 606 ;;
601# 607#
602# ezjail_imageparams HACK ends here (thank god) 608# ezjail_imageparams HACK ends here (thank god)
603############################################################################## 609##############################################################################
610
604*) 611*)
605 exerr ${ezjail_usage_ezjail} 612 exerr ${ezjail_usage_ezjail}
606 ;; 613 ;;
diff --git a/ezjail.sh b/ezjail.sh
index dbf78ca..5db8acc 100755
--- a/ezjail.sh
+++ b/ezjail.sh
@@ -62,19 +62,16 @@ do_cmd()
62 eval ezjail_image=\"\$jail_${ezjail}_image\" 62 eval ezjail_image=\"\$jail_${ezjail}_image\"
63 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" 63 eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\"
64 eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" 64 eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\"
65 eval ezjail_attachblocking=\"\$jail_${ezjail}_attachblocking\"
65 66
66 # Cannot auto mount crypto jails without interrupting boot process 67 # Cannot auto mount blocking crypto jails without interrupting boot process
67 if [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" ]; then 68 [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" && "${ezjail_attachblocking}" = "YES" ] && continue
68 case "${ezjail_imagetype}" in crypto|eli|bde) continue;; esac
69 fi
70 69
71 # Explicitely do only run crypto jails when *crypto is requested 70 # Explicitely do only run blocking crypto jails when *crypto is requested
72 if [ "${action%crypto}" != "${action}" ]; then 71 [ "${action%crypto}" != "${action}" -a -z "${ezjail_attachblocking}" ] && continue
73 case "${ezjail_imagetype}" in crypto|eli|bde) ;; *) continue;; esac
74 fi
75 72
76 # Try to attach (crypto) devices 73 # Try to attach (crypto) devices
77 [ "${ezjail_image}" ] && attach_detach_pre 74 [ -n "${ezjail_image}" ] && attach_detach_pre
78 75
79 ezjail_pass="${ezjail_pass} ${ezjail}" 76 ezjail_pass="${ezjail_pass} ${ezjail}"
80 done 77 done
@@ -100,13 +97,13 @@ attach_detach_pre ()
100 # this is. In this case, the device to mount is 97 # this is. In this case, the device to mount is
101 case ${ezjail_imagetype} in 98 case ${ezjail_imagetype} in
102 crypto|bde) 99 crypto|bde)
103 echo "Attaching gbde device for image jail ${ezjail}..." 100 echo "Attaching bde device for image jail ${ezjail}..."
104 echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh 101 echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh
105 # Device to mount is not md anymore 102 # Device to mount is not md anymore
106 ezjail_device=${ezjail_device}.bde 103 ezjail_device=${ezjail_device}.bde
107 ;; 104 ;;
108 eli) 105 eli)
109 echo "Attaching gbde device for image jail ${ezjail}..." 106 echo "Attaching eli device for image jail ${ezjail}..."
110 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh 107 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
111 # Device to mount is not md anymore 108 # Device to mount is not md anymore
112 ezjail_device=${ezjail_device}.eli 109 ezjail_device=${ezjail_device}.eli