From 83aa2d3a0b86119a65cff58bd55817dbee03b9d7 Mon Sep 17 00:00:00 2001
From: mtm <mtm@FreeBSD.org>
Date: Sun, 24 Aug 2003 06:29:32 +0000
Subject: Enhance the jail start/stop script. o The following additional
 configuration attributes of a jail can be   controlled from rc.conf: 	-
 mounting devfs(5) 	- mounting fdescfs(5) 	- mounting procfs(5) 	-
 custom devfs(8) ruleset 	  If no ruleset is specified, the default jail
 ruleset is used.

o The output of executing /etc/rc in the jail is now redirected
  to /dev/null. Instead, the hostname of the jail is echoed if
  the jail(8) command exited successfully. If the output is wanted
  it can probably be redirected to a file (/var/run/$jail maybe)
  instead of /dev/null.

Submitted by:	Scot W. Hetzel <hetzels@westbend.net>
		with modifications by Jens Rehsack <rehsack@liwing.de>
		and me.
---
 etc/rc.d/jail | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 100 insertions(+), 10 deletions(-)

(limited to 'etc/rc.d')

diff --git a/etc/rc.d/jail b/etc/rc.d/jail
index 364ca9c..25e59a4 100644
--- a/etc/rc.d/jail
+++ b/etc/rc.d/jail
@@ -6,7 +6,7 @@
 # PROVIDE: jail
 # REQUIRE: LOGIN
 # BEFORE: securelevel
-# KEYWORD: FreeBSD
+# KEYWORD: FreeBSD shutdown
 
 . /etc/rc.subr
 
@@ -15,6 +15,50 @@ rcvar=`set_rcvar`
 start_cmd="jail_start"
 stop_cmd="jail_stop"
 
+# init_variables _j
+#	Initialize the various jail variables for jail _j.
+#
+init_variables()
+{
+	_j="$1"
+
+	if [ -z "$_j" ]; then
+		warn "init_variables: you must specify a jail"
+		return
+	fi
+
+	eval jail_rootdir=\"\$jail_${_j}_rootdir\"
+	jail_devdir="${jail_rootdir}/dev"
+	jail_fdescdir="${jail_devdir}/fd"
+	jail_procdir="${jail_rootdir}/proc"
+	eval jail_hostname=\"\$jail_${_j}_hostname\"
+	eval jail_ip=\"\$jail_${_j}_ip\"
+	eval jail_exec=\"\$jail_${_j}_exec\"
+	[ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc"
+
+	# The default jail ruleset will be used by rc.subr if none is specified.
+	eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\"
+	eval jail_devfs=\"\$jail_${_j}_devfs_enable\"
+	[ -z "${jail_devfs}" ] && jail_devfs="NO"
+	eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\"
+	[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
+	eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
+	[ -z "${jail_procfs}" ] && jail_procfs="NO"
+
+	# Debuggin aid
+	#
+	debug "$_j devfs enable: $jail_devfs"
+	debug "$_j fdescfs enable: $jail_fdescfs"
+	debug "$_j procfs enable: $jail_procfs"
+	debug "$_j hostname: $jail_hostname"
+	debug "$_j ip: $jail_ip"
+	debug "$_j root: $jail_rootdir"
+	debug "$_j devdir: $jail_devdir"
+	debug "$_j fdescdir: $jail_fdescdir"
+	debug "$_j procdir: $jail_procdir"
+	debug "$_j ruleset: $jail_ruleset"
+}
+
 jail_start()
 {
 	echo -n 'Configuring jails:'
@@ -46,22 +90,68 @@ jail_start()
 	fi
 	echo '.'
 
-	echo 'Starting Jails.'
+	echo -n 'Starting Jails:'
 	for _jail in ${jail_list} 
 	do
-		eval jail_rootdir=\"\$jail_${_jail}_rootdir\"
-		eval jail_hostname=\"\$jail_${_jail}_hostname\"
-		eval jail_ip=\"\$jail_${_jail}_ip\"
-		eval jail_exec=\"\$jail_${_jail}_exec\"
-		[ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc"
-		
-		jail ${jail_rootdir} ${jail_hostname} ${jail_ip} ${jail_exec}
+		init_variables $_jail
+		if checkyesno jail_devfs; then
+			info "Mounting devfs on ${jail_devdir}"
+			devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+
+			# Transitional symlink for old binaries
+			if [ ! -L ${jail_devdir}/log ]; then
+				devfs_link ${jail_devdir} ../var/run/log log
+			fi
+
+			# Jail console output
+			devfs_link ${jail_devdir} ../var/log/console console
+		fi
+		if checkyesno jail_fdescfs; then
+			info "Mounting fdescfs on ${jail_fdescdir}"
+			mount -t fdescfs fdesc "${jail_fdescdir}"
+		fi
+		if checkyesno jail_procfs; then
+			info "Mounting procfs onto ${jail_procdir}"
+			if [ -d ${jail_procdir} ] ; then
+				mount -t procfs proc "${jail_procdir}"
+			fi
+		fi
+		jail 1>/dev/null 2>&1 \
+		    ${jail_rootdir} ${jail_hostname} ${jail_ip} ${jail_exec}
+		[ "$?" -eq 0 ] && echo -n " $jail_hostname"
 	done
+	echo '.'
 }
 
 jail_stop()
 {
-	kill -TERM $(ps aux | awk '$8 ~ /.*J/ {print  $2};')
+	echo 'Stopping all jails.'
+	if checkyesno jail_stop_jailer; then
+		rc_pid=$(ps aux | grep "jailer" | awk '$8 ~ /.*J/ {print  $2};')
+	else
+		rc_pid=$(ps aux | awk '$8 ~ /.*J/ {print  $2};')
+	fi
+	if [ -n "${rc_pid}" ]; then
+		kill -TERM $rc_pid
+		wait_for_pids $rc_pid
+	fi
+	for _jail in ${jail_list}
+	do
+		init_variables $_jail
+		if checkyesno jail_devfs; then
+			if [ -d ${jail_devdir} ] ; then
+				umount -f ${jail_devdir} >/dev/null 2>&1
+			fi
+		fi
+		if checkyesno jail_fdescfs; then
+			umount -f ${jail_fdescdir} >/dev/null 2>&1
+		fi
+		if checkyesno jail_procfs; then
+			if [ -d ${jail_procdir} ] ; then
+				umount -f ${jail_procdir} >/dev/null 2>&1
+			fi
+		fi
+	done
 }
 
 
-- 
cgit v1.1