diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2006-05-09 00:26:04 +0000 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2006-05-09 00:26:04 +0000 |
| commit | 653bd9e9387ca4e207e3a955af042461c88d7d84 (patch) | |
| tree | e63a9dc8156e10cb5a1477a0b070ac4316333463 | |
| parent | 56f79ffcec367af0269b5ac646136f76d1405252 (diff) | |
Added attach/detach subsubcommands to config
Added more error checking when attaching image jails
Woke up this morning when the streets where full of cars
| -rwxr-xr-x | ezjail-admin | 93 | ||||
| -rwxr-xr-x | ezjail.sh | 25 |
2 files changed, 102 insertions, 16 deletions
diff --git a/ezjail-admin b/ezjail-admin index 857dcae..72f7b3c 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
| @@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" | |||
| 37 | ezjail_usage_list="Usage: `basename -- $0` list" | 37 | ezjail_usage_list="Usage: `basename -- $0` list" |
| 38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" | 38 | ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" |
| 39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" | 39 | ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" |
| 40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname" | 40 | ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" |
| 41 | 41 | ||
| 42 | ################################ | 42 | ################################ |
| 43 | # End of variable initialization | 43 | # End of variable initialization |
| @@ -56,8 +56,10 @@ detach_images () { | |||
| 56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; | 56 | eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;; |
| 57 | esac | 57 | esac |
| 58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | 58 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null |
| 59 | [ "$1" = "success" ] || rm -f ${ezjail_image} | 59 | [ "$1" = "keep" ] || rm -f ${ezjail_image} |
| 60 | fi | 60 | fi |
| 61 | # This function is being called in case of error. Keep $? bad | ||
| 62 | return 1 | ||
| 61 | } | 63 | } |
| 62 | 64 | ||
| 63 | # fetch everything we need to know about an ezjail from config | 65 | # fetch everything we need to know about an ezjail from config |
| @@ -76,9 +78,13 @@ fetchjailinfo () { | |||
| 76 | . ${ezjail_config} | 78 | . ${ezjail_config} |
| 77 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" | 79 | eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\" |
| 78 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" | 80 | eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\" |
| 81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | ||
| 79 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" | 82 | eval ezjail_image=\"\$jail_${ezjail_safename}_image\" |
| 80 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" | 83 | eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\" |
| 81 | eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\" | 84 | eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\" |
| 85 | eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\" | ||
| 86 | eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\" | ||
| 87 | eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\" | ||
| 82 | 88 | ||
| 83 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` | 89 | ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}` |
| 84 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return | 90 | [ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return |
| @@ -345,7 +351,7 @@ create) | |||
| 345 | fi | 351 | fi |
| 346 | 352 | ||
| 347 | # Detach (crypto and) memory discs | 353 | # Detach (crypto and) memory discs |
| 348 | detach_images success | 354 | detach_images keep |
| 349 | 355 | ||
| 350 | # | 356 | # |
| 351 | # For user convenience some scenarios commonly causing headaches are checked | 357 | # For user convenience some scenarios commonly causing headaches are checked |
| @@ -542,9 +548,10 @@ install) | |||
| 542 | ######################## ezjail-admin CONFIG ######################## | 548 | ######################## ezjail-admin CONFIG ######################## |
| 543 | config) | 549 | config) |
| 544 | # Clean variables, prevent polution | 550 | # Clean variables, prevent polution |
| 545 | unset ezjail_setrunnable | 551 | unset ezjail_setrunnable ezjail_imageaction |
| 546 | 552 | ||
| 547 | shift; while getopts :r: arg; do case ${arg} in | 553 | shift; while getopts :r: arg; do case ${arg} in |
| 554 | i) ezjail_imageaction=${OPTARG};; | ||
| 548 | r) ezjail_setrunnable=${OPTARG};; | 555 | r) ezjail_setrunnable=${OPTARG};; |
| 549 | ?) exerr ${ezjail_usage_config};; | 556 | ?) exerr ${ezjail_usage_config};; |
| 550 | esac; done; shift $(( ${OPTIND} - 1 )) | 557 | esac; done; shift $(( ${OPTIND} - 1 )) |
| @@ -555,20 +562,80 @@ config) | |||
| 555 | fetchjailinfo $1 | 562 | fetchjailinfo $1 |
| 556 | 563 | ||
| 557 | # check for existence of jail in our records | 564 | # check for existence of jail in our records |
| 558 | [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." | 565 | [ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}." |
| 559 | 566 | ||
| 560 | # Nothing to be configured? | 567 | # Nothing to be configured? |
| 561 | [ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified." | 568 | [ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified." |
| 562 | 569 | ||
| 563 | case ${ezjail_setrunnable} in | 570 | case ${ezjail_setrunnable} in |
| 564 | run) | 571 | run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};; |
| 565 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun} | 572 | norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;; |
| 566 | ;; | 573 | *) echo "Warning: Unknow runnable option specified.";; |
| 567 | norun) | ||
| 568 | [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun | ||
| 569 | ;; | ||
| 570 | esac | 574 | esac |
| 571 | 575 | ||
| 576 | [ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail." | ||
| 577 | |||
| 578 | case ${ezjail_imageaction} in | ||
| 579 | attach) | ||
| 580 | # Check, if image already attached | ||
| 581 | if [ -L "${ezjail_root}.device" ]; then | ||
| 582 | # Fetch destination of soft link | ||
| 583 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
| 584 | [ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}." | ||
| 585 | rm -f ${ezjail_root}.device | ||
| 586 | fi | ||
| 587 | |||
| 588 | # Create a memory disc from jail image | ||
| 589 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc." | ||
| 590 | |||
| 591 | # If this is a crypto jail, try to mount it, remind user, which jail | ||
| 592 | # this is. In this case, the device to mount is | ||
| 593 | case ${ezjail_imagetype} in | ||
| 594 | crypto|bde) | ||
| 595 | echo "Attaching bde device for image jail ${ezjail}..." | ||
| 596 | echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh | ||
| 597 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed." | ||
| 598 | # Device to mount is not md anymore | ||
| 599 | ezjail_device=${ezjail_imagedevice}.bde | ||
| 600 | ;; | ||
| 601 | eli) | ||
| 602 | echo "Attaching eli device for image jail ${ezjail}..." | ||
| 603 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | ||
| 604 | [ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed." | ||
| 605 | # Device to mount is not md anymore | ||
| 606 | ezjail_device=${ezjail_imagedevice}.eli | ||
| 607 | ;; | ||
| 608 | esac | ||
| 609 | |||
| 610 | mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." | ||
| 611 | # relink image device | ||
| 612 | ln -s /dev/${ezjail_device} ${ezjail_root}.device | ||
| 613 | |||
| 614 | ;; | ||
| 615 | detach) | ||
| 616 | [ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach." | ||
| 617 | |||
| 618 | # Check, if image really attached | ||
| 619 | if [ -L "${ezjail_root}.device" ]; then | ||
| 620 | # Fetch destination of soft link | ||
| 621 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
| 622 | [ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached." | ||
| 623 | fi | ||
| 624 | |||
| 625 | # Add this device to the list of devices to be unmounted | ||
| 626 | case ${ezjail_imagetype} in | ||
| 627 | crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;; | ||
| 628 | eli) ezjail_imagedevice="${ezjail_device%.eli}" ;; | ||
| 629 | *) ezjail_imagedevice="${ezjail_device} ;; | ||
| 630 | esac | ||
| 631 | |||
| 632 | # Unmount/detach everything | ||
| 633 | detach_images keep | ||
| 634 | |||
| 635 | # Remove soft link (which acts as a lock) | ||
| 636 | rm -f ${ezjail_root}.device | ||
| 637 | ;; | ||
| 638 | *) echo "Warning: Unknow image action specified.";; | ||
| 572 | ;; | 639 | ;; |
| 573 | 640 | ||
| 574 | ############################################################################## | 641 | ############################################################################## |
| @@ -74,7 +74,9 @@ do_cmd() | |||
| 74 | [ "${action%crypto}" != "${action}" -a -z "${ezjail_blocking}" ] && continue | 74 | [ "${action%crypto}" != "${action}" -a -z "${ezjail_blocking}" ] && continue |
| 75 | 75 | ||
| 76 | # Try to attach (crypto) devices | 76 | # Try to attach (crypto) devices |
| 77 | [ -n "${ezjail_image}" ] && attach_detach_pre | 77 | if [ -n "${ezjail_image}" ]; then |
| 78 | attach_detach_pre || continue | ||
| 79 | fi | ||
| 78 | 80 | ||
| 79 | ezjail_pass="${ezjail_pass} ${ezjail}" | 81 | ezjail_pass="${ezjail_pass} ${ezjail}" |
| 80 | done | 82 | done |
| @@ -91,10 +93,16 @@ attach_detach_pre () | |||
| 91 | if [ "${action%crypto}" = "start" ]; then | 93 | if [ "${action%crypto}" = "start" ]; then |
| 92 | # If jail is running, do not mount devices, this is the same check as | 94 | # If jail is running, do not mount devices, this is the same check as |
| 93 | # /etc/rc.d/jail does | 95 | # /etc/rc.d/jail does |
| 94 | [ -e /var/run/jail_${ezjail}.id ] && return | 96 | [ -e /var/run/jail_${ezjail}.id ] && return 1 |
| 97 | |||
| 98 | if [ -L "${ezjail_root}.device" ]; then | ||
| 99 | # Fetch destination of soft link | ||
| 100 | ezjail_device=`stat -f "%Y" ${ezjail_root}.device` | ||
| 101 | [ -b "${ezjail_device}" ] && echo "Warning: Jail image file ${ezjail_name} already attached as ${ezjail_device}." && return 1 | ||
| 102 | fi | ||
| 95 | 103 | ||
| 96 | # Create a memory disc from jail image | 104 | # Create a memory disc from jail image |
| 97 | ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}` | 105 | ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}` || return 1 |
| 98 | 106 | ||
| 99 | # If this is a crypto jail, try to mount it, remind user, which jail | 107 | # If this is a crypto jail, try to mount it, remind user, which jail |
| 100 | # this is. In this case, the device to mount is | 108 | # this is. In this case, the device to mount is |
| @@ -102,17 +110,28 @@ attach_detach_pre () | |||
| 102 | crypto|bde) | 110 | crypto|bde) |
| 103 | echo "Attaching bde device for image jail ${ezjail}..." | 111 | echo "Attaching bde device for image jail ${ezjail}..." |
| 104 | echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh | 112 | echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh |
| 113 | if [ $? -eq 0 ]; then | ||
| 114 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | ||
| 115 | echo "Error: Attaching bde device failed."; return 1 | ||
| 116 | fi | ||
| 105 | # Device to mount is not md anymore | 117 | # Device to mount is not md anymore |
| 106 | ezjail_device=${ezjail_device}.bde | 118 | ezjail_device=${ezjail_device}.bde |
| 107 | ;; | 119 | ;; |
| 108 | eli) | 120 | eli) |
| 109 | echo "Attaching eli device for image jail ${ezjail}..." | 121 | echo "Attaching eli device for image jail ${ezjail}..." |
| 110 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | 122 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh |
| 123 | if [ $? -eq 0 ]; then | ||
| 124 | mdconfig -d -u ${ezjail_imagedevice} > /dev/null | ||
| 125 | echo "Error: Attaching eli device failed."; return 1 | ||
| 126 | fi | ||
| 111 | # Device to mount is not md anymore | 127 | # Device to mount is not md anymore |
| 112 | ezjail_device=${ezjail_device}.eli | 128 | ezjail_device=${ezjail_device}.eli |
| 113 | ;; | 129 | ;; |
| 114 | esac | 130 | esac |
| 115 | 131 | ||
| 132 | # Clean image | ||
| 133 | fsck_ufs -F -p ${ezjail_device} | ||
| 134 | |||
| 116 | # relink image device | 135 | # relink image device |
| 117 | rm -f ${ezjail_root}.device | 136 | rm -f ${ezjail_root}.device |
| 118 | ln -s /dev/${ezjail_device} ${ezjail_root}.device | 137 | ln -s /dev/${ezjail_device} ${ezjail_root}.device |