summaryrefslogtreecommitdiff
path: root/ezjail-admin
diff options
context:
space:
mode:
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-xezjail-admin93
1 files changed, 80 insertions, 13 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 857dcae..72f7b3c 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname"
37ezjail_usage_list="Usage: `basename -- $0` list" 37ezjail_usage_list="Usage: `basename -- $0` list"
38ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" 38ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]"
39ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" 39ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]"
40ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" 40ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname"
41 41
42################################ 42################################
43# End of variable initialization 43# End of variable initialization
@@ -56,8 +56,10 @@ detach_images () {
56 eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; 56 eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;;
57 esac 57 esac
58 mdconfig -d -u ${ezjail_imagedevice} > /dev/null 58 mdconfig -d -u ${ezjail_imagedevice} > /dev/null
59 [ "$1" = "success" ] || rm -f ${ezjail_image} 59 [ "$1" = "keep" ] || rm -f ${ezjail_image}
60 fi 60 fi
61 # This function is being called in case of error. Keep $? bad
62 return 1
61} 63}
62 64
63# fetch everything we need to know about an ezjail from config 65# fetch everything we need to know about an ezjail from config
@@ -76,9 +78,13 @@ fetchjailinfo () {
76 . ${ezjail_config} 78 . ${ezjail_config}
77 eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" 79 eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\"
78 eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" 80 eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\"
81 eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\"
79 eval ezjail_image=\"\$jail_${ezjail_safename}_image\" 82 eval ezjail_image=\"\$jail_${ezjail_safename}_image\"
80 eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" 83 eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
81 eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" 84 eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"
85 eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
86 eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
87 eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\"
82 88
83 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` 89 ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
84 [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return 90 [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
@@ -345,7 +351,7 @@ create)
345 fi 351 fi
346 352
347 # Detach (crypto and) memory discs 353 # Detach (crypto and) memory discs
348 detach_images success 354 detach_images keep
349 355
350 # 356 #
351 # For user convenience some scenarios commonly causing headaches are checked 357 # For user convenience some scenarios commonly causing headaches are checked
@@ -542,9 +548,10 @@ install)
542######################## ezjail-admin CONFIG ######################## 548######################## ezjail-admin CONFIG ########################
543config) 549config)
544 # Clean variables, prevent polution 550 # Clean variables, prevent polution
545 unset ezjail_setrunnable 551 unset ezjail_setrunnable ezjail_imageaction
546 552
547 shift; while getopts :r: arg; do case ${arg} in 553 shift; while getopts :r: arg; do case ${arg} in
554 i) ezjail_imageaction=${OPTARG};;
548 r) ezjail_setrunnable=${OPTARG};; 555 r) ezjail_setrunnable=${OPTARG};;
549 ?) exerr ${ezjail_usage_config};; 556 ?) exerr ${ezjail_usage_config};;
550 esac; done; shift $(( ${OPTIND} - 1 )) 557 esac; done; shift $(( ${OPTIND} - 1 ))
@@ -555,20 +562,80 @@ config)
555 fetchjailinfo $1 562 fetchjailinfo $1
556 563
557 # check for existence of jail in our records 564 # check for existence of jail in our records
558 [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." 565 [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
559 566
560 # Nothing to be configured? 567 # Nothing to be configured?
561 [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified." 568 [ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified."
562 569
563 case ${ezjail_setrunnable} in 570 case ${ezjail_setrunnable} in
564 run) 571 run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};;
565 [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun} 572 norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;;
566 ;; 573 *) echo "Warning: Unknow runnable option specified.";;
567 norun)
568 [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun
569 ;;
570 esac 574 esac
571 575
576 [ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail."
577
578 case ${ezjail_imageaction} in
579 attach)
580 # Check, if image already attached
581 if [ -L "${ezjail_root}.device" ]; then
582 # Fetch destination of soft link
583 ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
584 [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}."
585 rm -f ${ezjail_root}.device
586 fi
587
588 # Create a memory disc from jail image
589 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc."
590
591 # If this is a crypto jail, try to mount it, remind user, which jail
592 # this is. In this case, the device to mount is
593 case ${ezjail_imagetype} in
594 crypto|bde)
595 echo "Attaching bde device for image jail ${ezjail}..."
596 echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh
597 [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed."
598 # Device to mount is not md anymore
599 ezjail_device=${ezjail_imagedevice}.bde
600 ;;
601 eli)
602 echo "Attaching eli device for image jail ${ezjail}..."
603 echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
604 [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed."
605 # Device to mount is not md anymore
606 ezjail_device=${ezjail_imagedevice}.eli
607 ;;
608 esac
609
610 mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
611 # relink image device
612 ln -s /dev/${ezjail_device} ${ezjail_root}.device
613
614 ;;
615 detach)
616 [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach."
617
618 # Check, if image really attached
619 if [ -L "${ezjail_root}.device" ]; then
620 # Fetch destination of soft link
621 ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
622 [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached."
623 fi
624
625 # Add this device to the list of devices to be unmounted
626 case ${ezjail_imagetype} in
627 crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;;
628 eli) ezjail_imagedevice="${ezjail_device%.eli}" ;;
629 *) ezjail_imagedevice="${ezjail_device} ;;
630 esac
631
632 # Unmount/detach everything
633 detach_images keep
634
635 # Remove soft link (which acts as a lock)
636 rm -f ${ezjail_root}.device
637 ;;
638 *) echo "Warning: Unknow image action specified.";;
572 ;; 639 ;;
573 640
574############################################################################## 641##############################################################################