summaryrefslogtreecommitdiff
path: root/ezjail-img.sh
diff options
context:
space:
mode:
Diffstat (limited to 'ezjail-img.sh')
-rw-r--r--ezjail-img.sh34
1 files changed, 24 insertions, 10 deletions
diff --git a/ezjail-img.sh b/ezjail-img.sh
index b577682..2514499 100644
--- a/ezjail-img.sh
+++ b/ezjail-img.sh
@@ -28,6 +28,16 @@ ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"}
28# define our bail out shortcut 28# define our bail out shortcut
29exerr () { echo -e "$*"; exit 1; } 29exerr () { echo -e "$*"; exit 1; }
30 30
31# define detach strategy for image jails
32detach () {
33 # unmount and detach memory disc
34 if [ "${newjail_device}" ]; then
35 umount ${newjail_root}
36 mdconfig -d -u ${newjail_device}
37 fi
38 return 0
39}
40
31# check for command 41# check for command
32[ "$1" ] || exerr "Usage: `basename -- $0` [create] {params}" 42[ "$1" ] || exerr "Usage: `basename -- $0` [create] {params}"
33 43
@@ -42,6 +52,7 @@ create)
42 newjail_softlink= 52 newjail_softlink=
43 newjail_imagesize= 53 newjail_imagesize=
44 newjail_cryptimage= 54 newjail_cryptimage=
55 newjail_device=
45 newjail_fill="YES" 56 newjail_fill="YES"
46 57
47 set -- ${args} 58 set -- ${args}
@@ -112,23 +123,24 @@ create)
112 123
113 # if image is wanted, check, whether the img-file already is present 124 # if image is wanted, check, whether the img-file already is present
114 if [ "${newjail_imagesize}" ]; then 125 if [ "${newjail_imagesize}" ]; then
115 newjail_image=${newjail_root%/}; while [ "${newjail_image}" -a -z "${newjail_image%%*/" ]; do newjail_image=${newjail_image%/}; done 126 newjail_image=${newjail_root%/}; while [ "${newjail_image}" -a -z "${newjail_image%%*/}" ]; do newjail_image=${newjail_image%/}; done
116 [ -z "${newjail_image}" ] && exerr Could not determine image file name, something is wrong with the jail root: ${newjail_root}. 127 [ -z "${newjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${newjail_root}."
117 newjail_image=${newjail_image}.img 128 newjail_image=${newjail_image}.img
118 [ -e "${newjail_image}" ] && exerr "Error: a file exists at the location ${newjail_image}, preventing our own image file to be created. 129 [ -e "${newjail_image}" ] && exerr "Error: a file exists at the location ${newjail_image}, preventing our own image file to be created."
119 130
120 touch "${newjail_image}" 131 touch "${newjail_image}"
121 dd if=/dev/random of="${newjail_image}" bs=${newjail_imagesize} count=1 || exerr Could not (or not fully) create the image file. You might want to check (and possibly remove) the file "${newjail_image}". The image size provided was ${newjail_imagesize}. 132 dd if=/dev/random of="${newjail_image}" bs="${newjail_imagesize}" count=1 || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${newjail_image}. The image size provided was ${newjail_imagesize}."
122 newjail_device=/dev/`mdconfig -a -t vnode -f ${newjail_image}` 133 newjail_device=`mdconfig -a -t vnode -f ${newjail_image}`
123 newfs ${newjail_device} 134 newfs /dev/${newjail_device}
124 mount ${newjail_device} ${newjail_root} 135 mkdir -p ${newjail_root}
136 mount /dev/${newjail_device} ${newjail_root}
125 fi 137 fi
126 138
127 # now take a copy of our template jail 139 # now take a copy of our template jail
128 if [ "${newjail_fill}" = "YES" ]; then 140 if [ "${newjail_fill}" = "YES" ]; then
129 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && \ 141 mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} && \
130 find * | cpio -p -v ${newjail_root} > /dev/null 142 find * | cpio -p -v ${newjail_root} > /dev/null
131 [ $? = 0 ] || exerr "Error: Could not copy template jail." 143 [ $? != 0 ] || detach() || exerr "Error: Could not copy template jail."
132 fi 144 fi
133 145
134 # if a soft link is necessary, create it now 146 # if a soft link is necessary, create it now
@@ -151,7 +163,7 @@ create)
151 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 163 echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
152 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname} 164 echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
153 [ "${newjail_imagesize}" ] && \ 165 [ "${newjail_imagesize}" ] && \
154 echo export jail_${newjail_nname}_image=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} 166 echo export jail_${newjail_nname}_image=\"${newjail_image}\" >> ${ezjail_jailcfgs}/${newjail_nname}
155 [ "${newjail_cryptimage}" ] && \ 167 [ "${newjail_cryptimage}" ] && \
156 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname} 168 echo export jail_${newjail_nname}_cryptimage=\"YES\" >> ${ezjail_jailcfgs}/${newjail_nname}
157 169
@@ -168,6 +180,8 @@ create)
168 echo "Note: Shell scripts installed, flavourizing on jails first startup." 180 echo "Note: Shell scripts installed, flavourizing on jails first startup."
169 fi 181 fi
170 fi 182 fi
183
184 detach()
171 185
172 # 186 #
173 # For user convenience some scenarios commonly causing headaches are checked 187 # For user convenience some scenarios commonly causing headaches are checked
@@ -183,7 +197,7 @@ create)
183 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${newjail_ip}\n This may cause some confusion, here they are:\n${newjail_listener}" 197 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on IP ${newjail_ip}\n This may cause some confusion, here they are:\n${newjail_listener}"
184 198
185 newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]` 199 newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
186 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${newjail_ip})\n This may cause some confusion, here they are:\n${$ 200 [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${newjail_ip})\n This may cause some confusion, here they are:\n${newjail_listener}"
187 IFS=${TIFS} 201 IFS=${TIFS}
188 202
189 ;; 203 ;;