summaryrefslogtreecommitdiff
path: root/ezjail-admin
diff options
context:
space:
mode:
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-xezjail-admin74
1 files changed, 38 insertions, 36 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 01369bb..f43c9f6 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -3,6 +3,7 @@
3 3
4# ugly: this variable is set during port install time 4# ugly: this variable is set during port install time
5ezjail_prefix=EZJAIL_PREFIX 5ezjail_prefix=EZJAIL_PREFIX
6ezjail_admin=`basename -- $0`
6ezjail_etc=${ezjail_prefix}/etc 7ezjail_etc=${ezjail_prefix}/etc
7ezjail_share=${ezjail_prefix}/share/ezjail 8ezjail_share=${ezjail_prefix}/share/ezjail
8ezjail_examples=${ezjail_prefix}/share/examples/ezjail 9ezjail_examples=${ezjail_prefix}/share/examples/ezjail
@@ -32,13 +33,13 @@ ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include u
32case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac 33case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac
33 34
34# Synopsis messages 35# Synopsis messages
35ezjail_usage_ezjailadmin="Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" 36ezjail_usage_ezjailadmin="Usage: ${ezjail_admin} [config|create|delete|install|list|update] {params}"
36ezjail_usage_create="Usage: `basename -- $0` create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" 37ezjail_usage_install="Usage: ${ezjail_admin} install [-mps] [-h host] [-r release]"
37ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" 38ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
38ezjail_usage_list="Usage: `basename -- $0` list" 39ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname"
39ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" 40ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-i] [-pP]"
40ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" 41ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-i attach|detach] jailname"
41ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" 42ezjail_usage_list="Usage: ${ezjail_admin} list"
42 43
43################################ 44################################
44# End of variable initialization 45# End of variable initialization
@@ -216,9 +217,9 @@ create)
216 ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc` 217 ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc`
217 fi 218 fi
218 219
219 # check, whether ezjail-update has been called. existence of 220 # check, whether ezjail has been set up correctly. existence of
220 # ezjail_jailbase is our indicator 221 # ezjail_jailbase is our indicator
221 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." 222 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run '${ezjail_admin} install' or '${ezjail_admin} update' first."
222 223
223 # relative paths don't make sense in rc.scripts 224 # relative paths don't make sense in rc.scripts
224 [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}." 225 [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}."
@@ -263,17 +264,17 @@ create)
263 # All sanity checks that may lead to errors are hopefully passed here 264 # All sanity checks that may lead to errors are hopefully passed here
264 # 265 #
265 266
266 if [ "${ezjail_imagetype}" ]; then 267 if [ -n "${ezjail_imagetype}" ]; then
267 # Strip trailing slashes from jail root, those would confuse image path 268 # Strip trailing slashes from jail root, those would confuse image path
268 ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done 269 ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done
269 [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}." 270 [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}."
270 271
271 # Location of our image file 272 # Location of our image file
272 ezjail_image=${ezjail_image}.img 273 ezjail_image="${ezjail_image}.img"
273 274
274 # Prepare crypto jail so that an attacker cannot guess which blocks 275 # Prepare crypto jail so that an attacker cannot guess which blocks
275 # have been written 276 # have been written
276 case ${ezjail_imagetype} in crypto|bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac 277 case ${ezjail_imagetype} in bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac
277 278
278 # If NOT exist, create image 279 # If NOT exist, create image
279 if [ -z "${ezjail_exists}" ]; then 280 if [ -z "${ezjail_exists}" ]; then
@@ -288,7 +289,7 @@ create)
288 ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." 289 ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}."
289 fi 290 fi
290 291
291 # And attach device 292 # Attach device
292 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` 293 ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
293 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" 294 [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
294 case "${ezjail_imagetype}" in 295 case "${ezjail_imagetype}" in
@@ -296,7 +297,7 @@ create)
296 # parse imageparams, generate attachparams 297 # parse imageparams, generate attachparams
297 ezjail_attachblocking="YES" 298 ezjail_attachblocking="YES"
298 if [ -n "${ezjail_imageparams}" ]; then 299 if [ -n "${ezjail_imageparams}" ]; then
299 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` 300 ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh`
300 [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed" 301 [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed"
301 [ 3 -eq $? ] && unset ezjail_attachblocking 302 [ 3 -eq $? ] && unset ezjail_attachblocking
302 fi 303 fi
@@ -347,24 +348,24 @@ create)
347 348
348 # now, where everything seems to have gone right, create control file in 349 # now, where everything seems to have gone right, create control file in
349 # ezjails config dir 350 # ezjails config dir
350 mkdir -p ${ezjail_jailcfgs} 351 mkdir -p ${ezjail_jailcfgs} || exerr "Error: can't create ezjails control directory (${ezjail_jailcfgs})."
351 echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} 352 ( echo -e "# To specify the start up order of your ezjails, use these lines to\n# create a Jail dependency tree. See rcorder(8) for more details."
352 echo "# create a Jail dependency tree. See rcorder(8) for more details." >> ${ezjail_config} 353 echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n"
353 echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" >> ${ezjail_config} 354 echo jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
354 echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" >> ${ezjail_config} 355 echo jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
355 echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" >> ${ezjail_config} 356 echo jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
356 echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" >> ${ezjail_config} 357 echo jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\"
357 echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_config} 358 echo jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
358 echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_config} 359 echo jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
359 echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_config} 360 echo jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\"
360 echo export jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_config} 361 echo jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
361 echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_config} 362 echo jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
362 echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} 363 echo jail_${ezjail_safename}_image=\"${ezjail_image}\"
363 echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} 364 echo jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
364 echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} 365 echo jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
365 echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} 366 echo jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
366 echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" >> ${ezjail_config} 367 echo jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
367 echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\" >> ${ezjail_config} 368 ) > ${ezjail_config}
368 369
369 # Final steps for flavour installation 370 # Final steps for flavour installation
370 if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then 371 if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then
@@ -400,6 +401,7 @@ create)
400 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" 401 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}"
401 IFS=${TIFS} 402 IFS=${TIFS}
402 403
404 [ -n "${ezjail_imagetype}" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command."
403 ;; 405 ;;
404######################## ezjail-admin DELETE ######################## 406######################## ezjail-admin DELETE ########################
405delete) 407delete)
@@ -424,9 +426,9 @@ delete)
424 [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first." 426 [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first."
425 427
426 # if jail is attached, refuse to go any further 428 # if jail is attached, refuse to go any further
427 [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '`basename -- $0` config -i detach' it first." 429 [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '${ezjail_admin} config -i detach' it first."
428 430
429 # now we know everything we need to let the jail be gone remove entry 431 # now we know everything we need to let the jail be gone. remove entry
430 # from ezjail resource structure, delete fstab.JAILNAME 432 # from ezjail resource structure, delete fstab.JAILNAME
431 rm -f ${ezjail_config} /etc/fstab.${ezjail_safename} 433 rm -f ${ezjail_config} /etc/fstab.${ezjail_safename}
432 434
@@ -479,9 +481,9 @@ setup|update)
479 [ $# -eq 0 ] || exerr ${ezjail_usage_update} 481 [ $# -eq 0 ] || exerr ${ezjail_usage_update}
480 482
481 if [ "${ezjail_installaction}" = "none" ]; then 483 if [ "${ezjail_installaction}" = "none" ]; then
482 # check, whether ezjail-update has been called. existence of 484 # check, whether ezjail has been setup correctly. existence of
483 # ezjail_jailbase is our indicator 485 # ezjail_jailbase is our indicator
484 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run 'ezjail-admin update' first." 486 [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
485 else 487 else
486 # Bump the user for some of the most common errors 488 # Bump the user for some of the most common errors
487 [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}." 489 [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}."