From 653bd9e9387ca4e207e3a955af042461c88d7d84 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Tue, 9 May 2006 00:26:04 +0000 Subject: Added attach/detach subsubcommands to config Added more error checking when attaching image jails Woke up this morning when the streets where full of cars --- ezjail-admin | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++--------- ezjail.sh | 25 ++++++++++++++-- 2 files changed, 102 insertions(+), 16 deletions(-) diff --git a/ezjail-admin b/ezjail-admin index 857dcae..72f7b3c 100755 --- a/ezjail-admin +++ b/ezjail-admin @@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" ezjail_usage_list="Usage: `basename -- $0` list" ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" -ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" +ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" ################################ # End of variable initialization @@ -56,8 +56,10 @@ detach_images () { eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; esac mdconfig -d -u ${ezjail_imagedevice} > /dev/null - [ "$1" = "success" ] || rm -f ${ezjail_image} + [ "$1" = "keep" ] || rm -f ${ezjail_image} fi + # This function is being called in case of error. Keep $? bad + return 1 } # fetch everything we need to know about an ezjail from config @@ -76,9 +78,13 @@ fetchjailinfo () { . ${ezjail_config} eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" + eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" eval ezjail_image=\"\$jail_${ezjail_safename}_image\" eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" - eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" + eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" + eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\" + eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\" + eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\" ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return @@ -345,7 +351,7 @@ create) fi # Detach (crypto and) memory discs - detach_images success + detach_images keep # # For user convenience some scenarios commonly causing headaches are checked @@ -542,9 +548,10 @@ install) ######################## ezjail-admin CONFIG ######################## config) # Clean variables, prevent polution - unset ezjail_setrunnable + unset ezjail_setrunnable ezjail_imageaction shift; while getopts :r: arg; do case ${arg} in + i) ezjail_imageaction=${OPTARG};; r) ezjail_setrunnable=${OPTARG};; ?) exerr ${ezjail_usage_config};; esac; done; shift $(( ${OPTIND} - 1 )) @@ -555,20 +562,80 @@ config) fetchjailinfo $1 # check for existence of jail in our records - [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." + [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." # Nothing to be configured? - [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified." + [ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified." case ${ezjail_setrunnable} in - run) - [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun} - ;; - norun) - [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun - ;; + run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};; + norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;; + *) echo "Warning: Unknow runnable option specified.";; esac + [ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail." + + case ${ezjail_imageaction} in + attach) + # Check, if image already attached + if [ -L "${ezjail_root}.device" ]; then + # Fetch destination of soft link + ezjail_device=`stat -f "%Y" ${ezjail_root}.device` + [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}." + rm -f ${ezjail_root}.device + fi + + # Create a memory disc from jail image + ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc." + + # If this is a crypto jail, try to mount it, remind user, which jail + # this is. In this case, the device to mount is + case ${ezjail_imagetype} in + crypto|bde) + echo "Attaching bde device for image jail ${ezjail}..." + echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh + [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed." + # Device to mount is not md anymore + ezjail_device=${ezjail_imagedevice}.bde + ;; + eli) + echo "Attaching eli device for image jail ${ezjail}..." + echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh + [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed." + # Device to mount is not md anymore + ezjail_device=${ezjail_imagedevice}.eli + ;; + esac + + mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." + # relink image device + ln -s /dev/${ezjail_device} ${ezjail_root}.device + + ;; + detach) + [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach." + + # Check, if image really attached + if [ -L "${ezjail_root}.device" ]; then + # Fetch destination of soft link + ezjail_device=`stat -f "%Y" ${ezjail_root}.device` + [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached." + fi + + # Add this device to the list of devices to be unmounted + case ${ezjail_imagetype} in + crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;; + eli) ezjail_imagedevice="${ezjail_device%.eli}" ;; + *) ezjail_imagedevice="${ezjail_device} ;; + esac + + # Unmount/detach everything + detach_images keep + + # Remove soft link (which acts as a lock) + rm -f ${ezjail_root}.device + ;; + *) echo "Warning: Unknow image action specified.";; ;; ############################################################################## diff --git a/ezjail.sh b/ezjail.sh index 313831a..a97129a 100755 --- a/ezjail.sh +++ b/ezjail.sh @@ -74,7 +74,9 @@ do_cmd() [ "${action%crypto}" != "${action}" -a -z "${ezjail_blocking}" ] && continue # Try to attach (crypto) devices - [ -n "${ezjail_image}" ] && attach_detach_pre + if [ -n "${ezjail_image}" ]; then + attach_detach_pre || continue + fi ezjail_pass="${ezjail_pass} ${ezjail}" done @@ -91,10 +93,16 @@ attach_detach_pre () if [ "${action%crypto}" = "start" ]; then # If jail is running, do not mount devices, this is the same check as # /etc/rc.d/jail does - [ -e /var/run/jail_${ezjail}.id ] && return + [ -e /var/run/jail_${ezjail}.id ] && return 1 + + if [ -L "${ezjail_root}.device" ]; then + # Fetch destination of soft link + ezjail_device=`stat -f "%Y" ${ezjail_root}.device` + [ -b "${ezjail_device}" ] && echo "Warning: Jail image file ${ezjail_name} already attached as ${ezjail_device}." && return 1 + fi # Create a memory disc from jail image - ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}` + ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}` || return 1 # If this is a crypto jail, try to mount it, remind user, which jail # this is. In this case, the device to mount is @@ -102,17 +110,28 @@ attach_detach_pre () crypto|bde) echo "Attaching bde device for image jail ${ezjail}..." echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh + if [ $? -eq 0 ]; then + mdconfig -d -u ${ezjail_imagedevice} > /dev/null + echo "Error: Attaching bde device failed."; return 1 + fi # Device to mount is not md anymore ezjail_device=${ezjail_device}.bde ;; eli) echo "Attaching eli device for image jail ${ezjail}..." echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh + if [ $? -eq 0 ]; then + mdconfig -d -u ${ezjail_imagedevice} > /dev/null + echo "Error: Attaching eli device failed."; return 1 + fi # Device to mount is not md anymore ezjail_device=${ezjail_device}.eli ;; esac + # Clean image + fsck_ufs -F -p ${ezjail_device} + # relink image device rm -f ${ezjail_root}.device ln -s /dev/${ezjail_device} ${ezjail_root}.device -- cgit v1.2.3