diff options
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-x | ezjail-admin | 93 |
1 files changed, 80 insertions, 13 deletions
diff --git a/ezjail-admin b/ezjail-admin index 857dcae..72f7b3c 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" | |||
37 | ezjail_usage_list="Usage: `basename -- $0` list" | 37 | ezjail_usage_list="Usage: `basename -- $0` list" |
38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" |
39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" |
40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" | 40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" |
41 | 41 | ||
42 | ################################ | 42 | ################################ |
43 | # End of variable initialization | 43 | # End of variable initialization |
@@ -56,8 +56,10 @@ detach_images () { | |||
56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; | 56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; |
57 | esac | 57 | esac |
58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null |
59 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 59 | [ "$1" = "keep" ] || rm -f ${ezjail_image} |
60 | fi | 60 | fi |
61 | # This function is being called in case of error. Keep $? bad | ||
62 | return 1 | ||
61 | } | 63 | } |
62 | 64 | ||
63 | # fetch everything we need to know about an ezjail from config | 65 | # fetch everything we need to know about an ezjail from config |
@@ -76,9 +78,13 @@ fetchjailinfo () { | |||
76 | . ${ezjail_config} | 78 | . ${ezjail_config} |
77 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" | 79 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" |
78 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" | 80 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" |
81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | ||
79 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" | 82 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" |
80 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" | 83 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" |
81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | 84 | eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" |
85 | eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\" | ||
86 | eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\" | ||
87 | eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\" | ||
82 | 88 | ||
83 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` | 89 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` |
84 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return | 90 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return |
@@ -345,7 +351,7 @@ create) | |||
345 | fi | 351 | fi |
346 | 352 | ||
347 | # Detach (crypto and) memory discs | 353 | # Detach (crypto and) memory discs |
348 | detach_images success | 354 | detach_images keep |
349 | 355 | ||
350 | # | 356 | # |
351 | # For user convenience some scenarios commonly causing headaches are checked | 357 | # For user convenience some scenarios commonly causing headaches are checked |
@@ -542,9 +548,10 @@ install) | |||
542 | ######################## ezjail-admin CONFIG ######################## | 548 | ######################## ezjail-admin CONFIG ######################## |
543 | config) | 549 | config) |
544 | # Clean variables, prevent polution | 550 | # Clean variables, prevent polution |
545 | unset ezjail_setrunnable | 551 | unset ezjail_setrunnable ezjail_imageaction |
546 | 552 | ||
547 | shift; while getopts :r: arg; do case ${arg} in | 553 | shift; while getopts :r: arg; do case ${arg} in |
554 | i) ezjail_imageaction=${OPTARG};; | ||
548 | r) ezjail_setrunnable=${OPTARG};; | 555 | r) ezjail_setrunnable=${OPTARG};; |
549 | ?) exerr ${ezjail_usage_config};; | 556 | ?) exerr ${ezjail_usage_config};; |
550 | esac; done; shift $(( ${OPTIND} - 1 )) | 557 | esac; done; shift $(( ${OPTIND} - 1 )) |
@@ -555,20 +562,80 @@ config) | |||
555 | fetchjailinfo $1 | 562 | fetchjailinfo $1 |
556 | 563 | ||
557 | # check for existence of jail in our records | 564 | # check for existence of jail in our records |
558 | [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." | 565 | [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." |
559 | 566 | ||
560 | # Nothing to be configured? | 567 | # Nothing to be configured? |
561 | [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified." | 568 | [ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified." |
562 | 569 | ||
563 | case ${ezjail_setrunnable} in | 570 | case ${ezjail_setrunnable} in |
564 | run) | 571 | run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};; |
565 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun} | 572 | norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;; |
566 | ;; | 573 | *) echo "Warning: Unknow runnable option specified.";; |
567 | norun) | ||
568 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun | ||
569 | ;; | ||
570 | esac | 574 | esac |
571 | 575 | ||
576 | [ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail." | ||
577 | |||
578 | case ${ezjail_imageaction} in | ||
579 | attach) | ||
580 | # Check, if image already attached | ||
581 | if [ -L "${ezjail_root}.device" ]; then | ||
582 | # Fetch destination of soft link | ||
583 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
584 | [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}." | ||
585 | rm -f ${ezjail_root}.device | ||
586 | fi | ||
587 | |||
588 | # Create a memory disc from jail image | ||
589 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc." | ||
590 | |||
591 | # If this is a crypto jail, try to mount it, remind user, which jail | ||
592 | # this is. In this case, the device to mount is | ||
593 | case ${ezjail_imagetype} in | ||
594 | crypto|bde) | ||
595 | echo "Attaching bde device for image jail ${ezjail}..." | ||
596 | echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh | ||
597 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed." | ||
598 | # Device to mount is not md anymore | ||
599 | ezjail_device=${ezjail_imagedevice}.bde | ||
600 | ;; | ||
601 | eli) | ||
602 | echo "Attaching eli device for image jail ${ezjail}..." | ||
603 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | ||
604 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed." | ||
605 | # Device to mount is not md anymore | ||
606 | ezjail_device=${ezjail_imagedevice}.eli | ||
607 | ;; | ||
608 | esac | ||
609 | |||
610 | mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." | ||
611 | # relink image device | ||
612 | ln -s /dev/${ezjail_device} ${ezjail_root}.device | ||
613 | |||
614 | ;; | ||
615 | detach) | ||
616 | [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach." | ||
617 | |||
618 | # Check, if image really attached | ||
619 | if [ -L "${ezjail_root}.device" ]; then | ||
620 | # Fetch destination of soft link | ||
621 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
622 | [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached." | ||
623 | fi | ||
624 | |||
625 | # Add this device to the list of devices to be unmounted | ||
626 | case ${ezjail_imagetype} in | ||
627 | crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;; | ||
628 | eli) ezjail_imagedevice="${ezjail_device%.eli}" ;; | ||
629 | *) ezjail_imagedevice="${ezjail_device} ;; | ||
630 | esac | ||
631 | |||
632 | # Unmount/detach everything | ||
633 | detach_images keep | ||
634 | |||
635 | # Remove soft link (which acts as a lock) | ||
636 | rm -f ${ezjail_root}.device | ||
637 | ;; | ||
638 | *) echo "Warning: Unknow image action specified.";; | ||
572 | ;; | 639 | ;; |
573 | 640 | ||
574 | ############################################################################## | 641 | ############################################################################## |