diff options
| author | hrs <hrs@FreeBSD.org> | 2013-10-17 06:48:43 +0000 |
|---|---|---|
| committer | hrs <hrs@FreeBSD.org> | 2013-10-17 06:48:43 +0000 |
| commit | c5f96af1659ab5e188903820054be4d59e45fae4 (patch) | |
| tree | 94c89a1f4977857f715372860a21e9b151b5b4d9 /etc | |
| parent | 3e1e4bc86daab567ca2a356b36e695c00e270dfe (diff) | |
| download | FreeBSD-src-c5f96af1659ab5e188903820054be4d59e45fae4.zip FreeBSD-src-c5f96af1659ab5e188903820054be4d59e45fae4.tar.gz | |
MFC 256440, 256498:
- Normalize jailname. "example.com" is converted to "example_com".
- Fix a bug that some $jail_{jname}_foo variables did not work.
- Fix a bug which prevented $jail_devfs_ruleset from working[1].
- Move $jail_parameters to the last of the configuraiton lines[1].
- Fix "ifname|addr" syntax support in jail_{jname}_ip.
- Create /var/run/jail_{jname}.id because ezjail-admin depends on it.
Reported by: jase [1]
Approved by: re (gjb)
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.d/jail | 103 |
1 files changed, 72 insertions, 31 deletions
diff --git a/etc/rc.d/jail b/etc/rc.d/jail index c935fac..46bf9ad 100755 --- a/etc/rc.d/jail +++ b/etc/rc.d/jail @@ -22,7 +22,7 @@ status_cmd="jail_status" extra_commands="config console status" : ${jail_conf:=/etc/jail.conf} : ${jail_program:=/usr/sbin/jail} -: ${jail_consolecmd:=/bin/sh} +: ${jail_consolecmd:=/usr/bin/login -f root} : ${jail_jexec:=/usr/sbin/jexec} : ${jail_jls:=/usr/sbin/jls} @@ -94,7 +94,7 @@ extract_var() # parse_options() { - local _j + local _j _p _j=$1 _confwarn=0 @@ -166,7 +166,7 @@ parse_options() jail_handle_ips_option $_ip $_interface alias=0 while : ; do - eval _x=\"\$jail_${_jail}_ip_multi${alias}\" + eval _x=\"\$jail_${_j}_ip_multi${alias}\" [ -z "$_x" ] && break jail_handle_ips_option $_x $_interface @@ -208,6 +208,7 @@ parse_options() eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}} if checkyesno jail_${_j}_devfs_enable; then echo " mount.devfs;" + eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}} case $_ruleset in "") ;; [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; @@ -217,7 +218,7 @@ parse_options() # mount(8) only accepts an integer. # This should accept a ruleset name. ;; - *) warn "devfs_ruleset must be integer." ;; + *) warn "devfs_ruleset must be an integer." ;; esac if [ -r $_fstab ]; then echo " mount.fstab = \"$_fstab\";" @@ -234,8 +235,6 @@ parse_options() "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";" fi - echo " ${_parameters};" - eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} if checkyesno jail_${_j}_mount_enable; then echo " allow.mount;" >> $_conf @@ -243,6 +242,9 @@ parse_options() extract_var $_j set_hostname_allow allow.set_hostname YN NO extract_var $_j sysvipc_allow allow.sysvipc YN NO + for _p in $_parameters; do + echo " ${_p%\;};" + done echo "}" ) >> $_conf @@ -327,9 +329,9 @@ jail_extract_address() # jail_handle_ips_option() { - local _x _type _i _iface + local _x _type _i _defif _x=$1 - _iface=$2 + _defif=$2 if [ -z "${_x}" ]; then # No IP given. This can happen for the primary address @@ -353,7 +355,8 @@ jail_handle_ips_option() _type="" _addr="" _mask="" - jail_extract_address $_i $_iface + _iface="" + jail_extract_address $_i $_defif # make sure we got an address. case $_addr in @@ -364,10 +367,10 @@ jail_handle_ips_option() # Append address to list of addresses for the jail command. case $_type in inet) - echo " ip4.addr += \"${_addr}${_mask}\";" + echo " ip4.addr += \"${_iface}|${_addr}${_mask}\";" ;; inet6) - echo " ip6.addr += \"${_addr}${_mask}\";" + echo " ip6.addr += \"${_iface}|${_addr}${_mask}\";" need_dad_wait=1 ;; esac @@ -376,26 +379,35 @@ jail_handle_ips_option() jail_config() { + local _j + case $1 in _ALL) return ;; esac - for _jail in $@; do - if parse_options $_jail; then - echo "$_jail: parameters are in $_conf." + for _j in $@; do + _j=$(echo $_j | tr /. _) + if parse_options $_j; then + echo "$_j: parameters are in $_conf." fi done } jail_console() { + local _j _cmd + # One argument that is not _ALL. case $#:$1 in - 1:_ALL) err 3 "Specify a jail name." ;; - 1:*) ;; - *) err 3 "Specify a jail name." ;; + 0:*|1:_ALL) err 3 "Specify a jail name." ;; + 1:*) ;; + esac + _j=$(echo $1 | tr /. _) + shift + case $# in + 0) eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;; + *) _cmd=$@ ;; esac - eval _cmd=\${jail_$1_consolecmd:-$jail_consolecmd} - $jail_jexec $1 $_cmd + $jail_jexec $_j $_cmd } jail_status() @@ -406,6 +418,8 @@ jail_status() jail_start() { + local _j _jid _jn + if [ $# = 0 ]; then return fi @@ -416,27 +430,39 @@ jail_start() command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -c" - $command $rc_flags $command_args "*" + $jail_jls -nq | while read IN; do + _jn=$(echo $IN | tr " " "\n" | grep name=) + _jid=$(echo $IN | tr " " "\n" | grep jid=) + if $command $rc_flags $command_args ${_jn#name=}; then + echo -n " ${_jn#name=}" + echo "${_jid#jid=}" \ + > /var/run/jail_${_jn#name=}.id + fi + done echo '.' return ;; esac _tmp=`mktemp -t jail` || exit 3 - for _jail in $@; do - parse_options $_jail || continue + for _j in $@; do + _j=$(echo $_j | tr /. _) + parse_options $_j || continue eval rc_flags=\${jail_${_j}_flags:-$jail_flags} eval command=\${jail_${_j}_program:-$jail_program} if checkyesno jail_parallel_start; then - command_args="-i -f $_conf -c $_jail &" + command_args="-i -f $_conf -c $_j &" else - command_args="-i -f $_conf -c $_jail" + command_args="-i -f $_conf -c $_j" fi if $command $rc_flags $command_args \ >> $_tmp 2>&1 </dev/null; then - echo -n " ${_hostname:-${_jail}}" + echo -n " ${_hostname:-${_j}}" + _jid=$($jail_jls -n -j $_j | tr " " "\n" | grep jid=) + echo "${_jid#jid=}" > /var/run/jail_${_j}.id else - echo " cannot start jail \"${_hostname:-${jail}}\": " + rm -f /var/run/jail_${_j}.id + echo " cannot start jail \"${_hostname:-${_j}}\": " cat $_tmp fi rm -f $_tmp @@ -446,6 +472,8 @@ jail_start() jail_stop() { + local _j _jn + if [ $# = 0 ]; then return fi @@ -456,16 +484,29 @@ jail_stop() command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -r" - $command $rc_flags $command_args "*" + $jail_jls -nq | while read IN; do + _jn=$(echo $IN | tr " " "\n" | grep name=) + echo -n " ${_jn#name=}" + $command $rc_flags $command_args ${_jn#name=} + if ! $jail_jls -j ${_jn#name=} > /dev/null 2>&1; then + rm -f /var/run/jail_${_jn#name=}.id + fi + done echo '.' return ;; esac - for _jail in $@; do - parse_options $_jail || continue + for _j in $@; do + _j=$(echo $_j | tr /. _) + parse_options $_j || continue + if ! $jail_jls -j $_j > /dev/null 2>&1; then + continue + fi eval command=\${jail_${_j}_program:-$jail_program} - if $command -q -f $_conf -r $_jail; then - echo -n " ${_hostname:-${_jail}}" + echo -n " ${_hostname:-${_j}}" + $command -q -f $_conf -r $_j + if ! $jail_jls -j $_j > /dev/null 2>&1; then + rm -f /var/run/jail_${_j}.id fi done echo '.' |
