diff options
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-x | ezjail-admin | 74 |
1 files changed, 38 insertions, 36 deletions
diff --git a/ezjail-admin b/ezjail-admin index 01369bb..f43c9f6 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -3,6 +3,7 @@ | |||
3 | 3 | ||
4 | # ugly: this variable is set during port install time | 4 | # ugly: this variable is set during port install time |
5 | ezjail_prefix=EZJAIL_PREFIX | 5 | ezjail_prefix=EZJAIL_PREFIX |
6 | ezjail_admin=`basename -- $0` | ||
6 | ezjail_etc=${ezjail_prefix}/etc | 7 | ezjail_etc=${ezjail_prefix}/etc |
7 | ezjail_share=${ezjail_prefix}/share/ezjail | 8 | ezjail_share=${ezjail_prefix}/share/ezjail |
8 | ezjail_examples=${ezjail_prefix}/share/examples/ezjail | 9 | ezjail_examples=${ezjail_prefix}/share/examples/ezjail |
@@ -32,13 +33,13 @@ ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include u | |||
32 | case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac | 33 | case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac |
33 | 34 | ||
34 | # Synopsis messages | 35 | # Synopsis messages |
35 | ezjail_usage_ezjailadmin="Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" | 36 | ezjail_usage_ezjailadmin="Usage: ${ezjail_admin} [config|create|delete|install|list|update] {params}" |
36 | ezjail_usage_create="Usage: `basename -- $0` create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" | 37 | ezjail_usage_install="Usage: ${ezjail_admin} install [-mps] [-h host] [-r release]" |
37 | ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" | 38 | ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" |
38 | ezjail_usage_list="Usage: `basename -- $0` list" | 39 | ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname" |
39 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 40 | ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-i] [-pP]" |
40 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 41 | ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-i attach|detach] jailname" |
41 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" | 42 | ezjail_usage_list="Usage: ${ezjail_admin} list" |
42 | 43 | ||
43 | ################################ | 44 | ################################ |
44 | # End of variable initialization | 45 | # End of variable initialization |
@@ -216,9 +217,9 @@ create) | |||
216 | ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc` | 217 | ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc` |
217 | fi | 218 | fi |
218 | 219 | ||
219 | # check, whether ezjail-update has been called. existence of | 220 | # check, whether ezjail has been set up correctly. existence of |
220 | # ezjail_jailbase is our indicator | 221 | # ezjail_jailbase is our indicator |
221 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." | 222 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run '${ezjail_admin} install' or '${ezjail_admin} update' first." |
222 | 223 | ||
223 | # relative paths don't make sense in rc.scripts | 224 | # relative paths don't make sense in rc.scripts |
224 | [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}." | 225 | [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}." |
@@ -263,17 +264,17 @@ create) | |||
263 | # All sanity checks that may lead to errors are hopefully passed here | 264 | # All sanity checks that may lead to errors are hopefully passed here |
264 | # | 265 | # |
265 | 266 | ||
266 | if [ "${ezjail_imagetype}" ]; then | 267 | if [ -n "${ezjail_imagetype}" ]; then |
267 | # Strip trailing slashes from jail root, those would confuse image path | 268 | # Strip trailing slashes from jail root, those would confuse image path |
268 | ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done | 269 | ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done |
269 | [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}." | 270 | [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}." |
270 | 271 | ||
271 | # Location of our image file | 272 | # Location of our image file |
272 | ezjail_image=${ezjail_image}.img | 273 | ezjail_image="${ezjail_image}.img" |
273 | 274 | ||
274 | # Prepare crypto jail so that an attacker cannot guess which blocks | 275 | # Prepare crypto jail so that an attacker cannot guess which blocks |
275 | # have been written | 276 | # have been written |
276 | case ${ezjail_imagetype} in crypto|bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac | 277 | case ${ezjail_imagetype} in bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac |
277 | 278 | ||
278 | # If NOT exist, create image | 279 | # If NOT exist, create image |
279 | if [ -z "${ezjail_exists}" ]; then | 280 | if [ -z "${ezjail_exists}" ]; then |
@@ -288,7 +289,7 @@ create) | |||
288 | ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." | 289 | ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." |
289 | fi | 290 | fi |
290 | 291 | ||
291 | # And attach device | 292 | # Attach device |
292 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` | 293 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` |
293 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" | 294 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" |
294 | case "${ezjail_imagetype}" in | 295 | case "${ezjail_imagetype}" in |
@@ -296,7 +297,7 @@ create) | |||
296 | # parse imageparams, generate attachparams | 297 | # parse imageparams, generate attachparams |
297 | ezjail_attachblocking="YES" | 298 | ezjail_attachblocking="YES" |
298 | if [ -n "${ezjail_imageparams}" ]; then | 299 | if [ -n "${ezjail_imageparams}" ]; then |
299 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` | 300 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh` |
300 | [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed" | 301 | [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed" |
301 | [ 3 -eq $? ] && unset ezjail_attachblocking | 302 | [ 3 -eq $? ] && unset ezjail_attachblocking |
302 | fi | 303 | fi |
@@ -347,24 +348,24 @@ create) | |||
347 | 348 | ||
348 | # now, where everything seems to have gone right, create control file in | 349 | # now, where everything seems to have gone right, create control file in |
349 | # ezjails config dir | 350 | # ezjails config dir |
350 | mkdir -p ${ezjail_jailcfgs} | 351 | mkdir -p ${ezjail_jailcfgs} || exerr "Error: can't create ezjails control directory (${ezjail_jailcfgs})." |
351 | echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} | 352 | ( echo -e "# To specify the start up order of your ezjails, use these lines to\n# create a Jail dependency tree. See rcorder(8) for more details." |
352 | echo "# create a Jail dependency tree. See rcorder(8) for more details." >> ${ezjail_config} | 353 | echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" |
353 | echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" >> ${ezjail_config} | 354 | echo jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" |
354 | echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" >> ${ezjail_config} | 355 | echo jail_${ezjail_safename}_ip=\"${ezjail_ip}\" |
355 | echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" >> ${ezjail_config} | 356 | echo jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" |
356 | echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" >> ${ezjail_config} | 357 | echo jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" |
357 | echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_config} | 358 | echo jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" |
358 | echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_config} | 359 | echo jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\" |
359 | echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_config} | 360 | echo jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\" |
360 | echo export jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_config} | 361 | echo jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\" |
361 | echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_config} | 362 | echo jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" |
362 | echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} | 363 | echo jail_${ezjail_safename}_image=\"${ezjail_image}\" |
363 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} | 364 | echo jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" |
364 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} | 365 | echo jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" |
365 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} | 366 | echo jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" |
366 | echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" >> ${ezjail_config} | 367 | echo jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\" |
367 | echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\" >> ${ezjail_config} | 368 | ) > ${ezjail_config} |
368 | 369 | ||
369 | # Final steps for flavour installation | 370 | # Final steps for flavour installation |
370 | if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then | 371 | if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then |
@@ -400,6 +401,7 @@ create) | |||
400 | [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" | 401 | [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" |
401 | IFS=${TIFS} | 402 | IFS=${TIFS} |
402 | 403 | ||
404 | [ -n "${ezjail_imagetype}" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command." | ||
403 | ;; | 405 | ;; |
404 | ######################## ezjail-admin DELETE ######################## | 406 | ######################## ezjail-admin DELETE ######################## |
405 | delete) | 407 | delete) |
@@ -424,9 +426,9 @@ delete) | |||
424 | [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first." | 426 | [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first." |
425 | 427 | ||
426 | # if jail is attached, refuse to go any further | 428 | # if jail is attached, refuse to go any further |
427 | [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '`basename -- $0` config -i detach' it first." | 429 | [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '${ezjail_admin} config -i detach' it first." |
428 | 430 | ||
429 | # now we know everything we need to let the jail be gone remove entry | 431 | # now we know everything we need to let the jail be gone. remove entry |
430 | # from ezjail resource structure, delete fstab.JAILNAME | 432 | # from ezjail resource structure, delete fstab.JAILNAME |
431 | rm -f ${ezjail_config} /etc/fstab.${ezjail_safename} | 433 | rm -f ${ezjail_config} /etc/fstab.${ezjail_safename} |
432 | 434 | ||
@@ -479,9 +481,9 @@ setup|update) | |||
479 | [ $# -eq 0 ] || exerr ${ezjail_usage_update} | 481 | [ $# -eq 0 ] || exerr ${ezjail_usage_update} |
480 | 482 | ||
481 | if [ "${ezjail_installaction}" = "none" ]; then | 483 | if [ "${ezjail_installaction}" = "none" ]; then |
482 | # check, whether ezjail-update has been called. existence of | 484 | # check, whether ezjail has been setup correctly. existence of |
483 | # ezjail_jailbase is our indicator | 485 | # ezjail_jailbase is our indicator |
484 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run 'ezjail-admin update' first." | 486 | [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run '${ezjail_admin} update' or '${ezjail_admin} install' first." |
485 | else | 487 | else |
486 | # Bump the user for some of the most common errors | 488 | # Bump the user for some of the most common errors |
487 | [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}." | 489 | [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}." |