diff options
Diffstat (limited to 'ezjail-admin')
| -rwxr-xr-x | ezjail-admin | 93 | 
1 files changed, 80 insertions, 13 deletions
| diff --git a/ezjail-admin b/ezjail-admin index 857dcae..72f7b3c 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
| @@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" | |||
| 37 | ezjail_usage_list="Usage: `basename -- $0` list" | 37 | ezjail_usage_list="Usage: `basename -- $0` list" | 
| 38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 
| 39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 
| 40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" | 40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" | 
| 41 | 41 | ||
| 42 | ################################ | 42 | ################################ | 
| 43 | # End of variable initialization | 43 | # End of variable initialization | 
| @@ -56,8 +56,10 @@ detach_images () { | |||
| 56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; | 56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; | 
| 57 | esac | 57 | esac | 
| 58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 
| 59 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 59 | [ "$1" = "keep" ] || rm -f ${ezjail_image} | 
| 60 | fi | 60 | fi | 
| 61 | # This function is being called in case of error. Keep $? bad | ||
| 62 | return 1 | ||
| 61 | } | 63 | } | 
| 62 | 64 | ||
| 63 | # fetch everything we need to know about an ezjail from config | 65 | # fetch everything we need to know about an ezjail from config | 
| @@ -76,9 +78,13 @@ fetchjailinfo () { | |||
| 76 | . ${ezjail_config} | 78 | . ${ezjail_config} | 
| 77 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" | 79 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" | 
| 78 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" | 80 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" | 
| 81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | ||
| 79 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" | 82 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" | 
| 80 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" | 83 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" | 
| 81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | 84 | eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" | 
| 85 | eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\" | ||
| 86 | eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\" | ||
| 87 | eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\" | ||
| 82 | 88 | ||
| 83 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` | 89 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` | 
| 84 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return | 90 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return | 
| @@ -345,7 +351,7 @@ create) | |||
| 345 | fi | 351 | fi | 
| 346 | 352 | ||
| 347 | # Detach (crypto and) memory discs | 353 | # Detach (crypto and) memory discs | 
| 348 | detach_images success | 354 | detach_images keep | 
| 349 | 355 | ||
| 350 | # | 356 | # | 
| 351 | # For user convenience some scenarios commonly causing headaches are checked | 357 | # For user convenience some scenarios commonly causing headaches are checked | 
| @@ -542,9 +548,10 @@ install) | |||
| 542 | ######################## ezjail-admin CONFIG ######################## | 548 | ######################## ezjail-admin CONFIG ######################## | 
| 543 | config) | 549 | config) | 
| 544 | # Clean variables, prevent polution | 550 | # Clean variables, prevent polution | 
| 545 | unset ezjail_setrunnable | 551 | unset ezjail_setrunnable ezjail_imageaction | 
| 546 | 552 | ||
| 547 | shift; while getopts :r: arg; do case ${arg} in | 553 | shift; while getopts :r: arg; do case ${arg} in | 
| 554 | i) ezjail_imageaction=${OPTARG};; | ||
| 548 | r) ezjail_setrunnable=${OPTARG};; | 555 | r) ezjail_setrunnable=${OPTARG};; | 
| 549 | ?) exerr ${ezjail_usage_config};; | 556 | ?) exerr ${ezjail_usage_config};; | 
| 550 | esac; done; shift $(( ${OPTIND} - 1 )) | 557 | esac; done; shift $(( ${OPTIND} - 1 )) | 
| @@ -555,20 +562,80 @@ config) | |||
| 555 | fetchjailinfo $1 | 562 | fetchjailinfo $1 | 
| 556 | 563 | ||
| 557 | # check for existence of jail in our records | 564 | # check for existence of jail in our records | 
| 558 | [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." | 565 | [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." | 
| 559 | 566 | ||
| 560 | # Nothing to be configured? | 567 | # Nothing to be configured? | 
| 561 | [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified." | 568 | [ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified." | 
| 562 | 569 | ||
| 563 | case ${ezjail_setrunnable} in | 570 | case ${ezjail_setrunnable} in | 
| 564 | run) | 571 | run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};; | 
| 565 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun} | 572 | norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;; | 
| 566 | ;; | 573 | *) echo "Warning: Unknow runnable option specified.";; | 
| 567 | norun) | ||
| 568 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun | ||
| 569 | ;; | ||
| 570 | esac | 574 | esac | 
| 571 | 575 | ||
| 576 | [ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail." | ||
| 577 | |||
| 578 | case ${ezjail_imageaction} in | ||
| 579 | attach) | ||
| 580 | # Check, if image already attached | ||
| 581 | if [ -L "${ezjail_root}.device" ]; then | ||
| 582 | # Fetch destination of soft link | ||
| 583 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
| 584 | [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}." | ||
| 585 | rm -f ${ezjail_root}.device | ||
| 586 | fi | ||
| 587 | |||
| 588 | # Create a memory disc from jail image | ||
| 589 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc." | ||
| 590 | |||
| 591 | # If this is a crypto jail, try to mount it, remind user, which jail | ||
| 592 | # this is. In this case, the device to mount is | ||
| 593 | case ${ezjail_imagetype} in | ||
| 594 | crypto|bde) | ||
| 595 | echo "Attaching bde device for image jail ${ezjail}..." | ||
| 596 | echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh | ||
| 597 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed." | ||
| 598 | # Device to mount is not md anymore | ||
| 599 | ezjail_device=${ezjail_imagedevice}.bde | ||
| 600 | ;; | ||
| 601 | eli) | ||
| 602 | echo "Attaching eli device for image jail ${ezjail}..." | ||
| 603 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | ||
| 604 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed." | ||
| 605 | # Device to mount is not md anymore | ||
| 606 | ezjail_device=${ezjail_imagedevice}.eli | ||
| 607 | ;; | ||
| 608 | esac | ||
| 609 | |||
| 610 | mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." | ||
| 611 | # relink image device | ||
| 612 | ln -s /dev/${ezjail_device} ${ezjail_root}.device | ||
| 613 | |||
| 614 | ;; | ||
| 615 | detach) | ||
| 616 | [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach." | ||
| 617 | |||
| 618 | # Check, if image really attached | ||
| 619 | if [ -L "${ezjail_root}.device" ]; then | ||
| 620 | # Fetch destination of soft link | ||
| 621 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
| 622 | [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached." | ||
| 623 | fi | ||
| 624 | |||
| 625 | # Add this device to the list of devices to be unmounted | ||
| 626 | case ${ezjail_imagetype} in | ||
| 627 | crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;; | ||
| 628 | eli) ezjail_imagedevice="${ezjail_device%.eli}" ;; | ||
| 629 | *) ezjail_imagedevice="${ezjail_device} ;; | ||
| 630 | esac | ||
| 631 | |||
| 632 | # Unmount/detach everything | ||
| 633 | detach_images keep | ||
| 634 | |||
| 635 | # Remove soft link (which acts as a lock) | ||
| 636 | rm -f ${ezjail_root}.device | ||
| 637 | ;; | ||
| 638 | *) echo "Warning: Unknow image action specified.";; | ||
| 572 | ;; | 639 | ;; | 
| 573 | 640 | ||
| 574 | ############################################################################## | 641 | ############################################################################## | 
