diff options
author | erdgeist <erdgeist@erdgeist.org> | 2006-05-15 20:15:18 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2006-05-15 20:15:18 +0000 |
commit | 26564f875883e981b9b7a3b74fa0a54acfe1b68d (patch) | |
tree | a0f1c154493a144a08d4ea55ced46df7f77e593d | |
parent | 43f3679ff52db9ee475ae25d3366a6ef3360ebda (diff) |
simple jails are now initialised from /dev/zero
-rwxr-xr-x | ezjail-admin | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ezjail-admin b/ezjail-admin index dbf44e6..04c3780 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -162,7 +162,7 @@ case "$1" in | |||
162 | ######################## ezjail-admin CREATE ######################## | 162 | ######################## ezjail-admin CREATE ######################## |
163 | create) | 163 | create) |
164 | # Clean variables, prevent polution | 164 | # Clean variables, prevent polution |
165 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_exists ezjail_attachblocking ezjail_forceblocking | 165 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_exists ezjail_attachblocking ezjail_forceblocking ezjail_sourcedevice |
166 | shift; while getopts :f:r:s:xbic:C: arg; do case ${arg} in | 166 | shift; while getopts :f:r:s:xbic:C: arg; do case ${arg} in |
167 | x) ezjail_exists="YES";; | 167 | x) ezjail_exists="YES";; |
168 | r) ezjail_rootdir="${OPTARG}";; | 168 | r) ezjail_rootdir="${OPTARG}";; |
@@ -250,6 +250,10 @@ create) | |||
250 | # Location of our image file | 250 | # Location of our image file |
251 | ezjail_image=${ezjail_image}.img | 251 | ezjail_image=${ezjail_image}.img |
252 | 252 | ||
253 | # Prepare crypto jail so that an attacker cannot guess which blocks | ||
254 | # have been written | ||
255 | case ${ezjail_imagetype} in crypto|bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac | ||
256 | |||
253 | # If NOT exist, create image | 257 | # If NOT exist, create image |
254 | if [ -z "${ezjail_exists}" ]; then | 258 | if [ -z "${ezjail_exists}" ]; then |
255 | [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created." | 259 | [ -e "${ezjail_image}" ] && exerr "Error: a file exists at the location ${ezjail_image}, preventing our own image file to be created." |
@@ -257,10 +261,10 @@ create) | |||
257 | # Now create jail disc image | 261 | # Now create jail disc image |
258 | touch "${ezjail_image}" | 262 | touch "${ezjail_image}" |
259 | if [ "${ezjail_imageblockcount}" -gt 0 ]; then | 263 | if [ "${ezjail_imageblockcount}" -gt 0 ]; then |
260 | dd if=/dev/random of="${ezjail_image}" bs=1m count=${ezjail_imageblockcount} || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." | 264 | dd if=${ezjail_sourcedevice} of="${ezjail_image}" bs=1m count=${ezjail_imageblockcount} || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." |
261 | fi | 265 | fi |
262 | if [ "${ezjail_imagerestbytes}" -gt 0 ]; then | 266 | if [ "${ezjail_imagerestbytes}" -gt 0 ]; then |
263 | ( dd if=/dev/random bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." | 267 | ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." |
264 | fi | 268 | fi |
265 | 269 | ||
266 | # And attach device | 270 | # And attach device |