Support for setting and using jail-bound ZFS datasets, cpuset(1) and setfib(1).

Jail-bound ZFS datasets still need the usual zfs+jail stuff like security.jail.mount_allowed=1 and security.jail.enforce_statfs=0 as well as "add path zfs unhide" in the devfs.rules for the jail. The setfib utility requires FIBs to be enabled via kernel-config. All features need at least FreeBSD 7.1-RELEASE.
author: cryx <cryx@h3q.com> 2009-12-28 22:09:17 +0000
committer: cryx <cryx@h3q.com> 2009-12-28 22:09:17 +0000
commit: 7fd24086946f90347adc59a61beec621b555bdd7 (patch)
tree: e1d0d6d2c973410fcb8dc06ba100eb4c4397aae4 /ezjail-admin
parent: 12cf0c4f2130411e6408433d411eae8ee21e6da2 (diff)
1 files changed, 111 insertions, 5 deletions
diff --git a/ezjail-admin b/ezjail-admin
index 1ba7fc9..b0fb6f8 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -46,7 +46,7 @@ ezjail_usage_install="Usage: ${ezjail_admin} install [-mMpPsS] [-h host] [-r rel
 ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli|zfs] [-C args] [-a archive] jailname jailip"
 ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname"
 ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-p] (-b|-i|-u|-P)"
-ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-n newname] [-i attach|detach|fsck] jailname"
+ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-n newname] [-c cpuset] [-z zfs-datasets] [-f fib] [-i attach|detach|fsck] jailname"
 ezjail_usage_console="Usage: ${ezjail_admin} console [-f] [-e command] jailname"
 ezjail_usage_archive="Usage: ${ezjail_admin} archive [-Af] [-a archive] [-d archivedir] jailname [jailname...]"
 ezjail_usage_restore="Usage: ${ezjail_admin} restore [-f] [-d archivedir] (archive|jailname)..."
@@ -170,6 +170,9 @@ fetchjailinfo () {
  eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"
  eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
  eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
+  eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
+  eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
+  eval ezjail_fib=\"\$jail_${ezjail_safename}_fib\"
  ezjail_softlink=${ezjail_jaildir}/`basename -- "${ezjail_rootdir}"`
  ezjail_devicelink="${ezjail_rootdir}.device"
@@ -615,6 +618,9 @@ create)
  echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
  echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
  echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
+  echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
+  echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
+  echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
  ) > "${ezjail_config}"
  # Final steps for flavour installation
@@ -1142,12 +1148,15 @@ restore)
 ######################## ezjail-admin CONFIG ########################
 config)
  # Clean variables, prevent polution
-  unset ezjail_setrunnable ezjail_imageaction ezjail_new_name
+  unset ezjail_setrunnable ezjail_imageaction ezjail_new_name ezjail_new_zfs_datasets ezjail_new_cpuset ezjail_new_fib
-  shift; while getopts :r:i:n: arg; do case ${arg} in
+  shift; while getopts :r:i:n:z:c:f: arg; do case ${arg} in
    i) ezjail_imageaction=${OPTARG};;
    r) ezjail_setrunnable=${OPTARG};;
    n) ezjail_new_name=${OPTARG};;
+    z) ezjail_new_zfs_datasets=${OPTARG};;
+    c) ezjail_new_cpuset=${OPTARG};;
+    f) ezjail_new_fib=${OPTARG};;
    ?) exerr ${ezjail_usage_config};;
  esac; done; shift $(( ${OPTIND} - 1 ))
@@ -1160,7 +1169,7 @@ config)
  [ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
  # Nothing to be configured?
-  [ "${ezjail_setrunnable}" -o "${ezjail_new_name}" -o "${ezjail_imageaction}" ] || echo "Warning: No config option specified."
+  [ "${ezjail_setrunnable}" -o "${ezjail_new_name}" -o "${ezjail_imageaction}" -o "${ezjail_new_zfs_datasets}" -o "${ezjail_new_cpuset}" -o "${ezjail_new_fib}" ] || echo "Warning: No config option specified."
  # Do we want a new name for our jail?
  if [ "${ezjail_new_name}" ]; then
@@ -1190,12 +1199,15 @@ config)
    eval ezjail_new_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
    eval ezjail_new_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
    eval ezjail_new_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
+    eval ezjail_new_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
+    eval ezjail_new_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
+    eval ezjail_new_fib=\"\$jail_${ezjail_safename}_fib\"
    # This scenario really will only lead to real troubles in the 'fulljail'
    # case, but I should still explain this to the user and not claim that
    # "an ezjail would already exist"
    case ${ezjail_new_hostname} in basejail|newjail|fulljail|flavours|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_new_hostname} directory for its own administrative purposes.\n  Please chose another name.";; esac
-  
    # jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
    # so check, whether we might be running into problems
    [ -e "${ezjail_new_config}" -o -e "${ezjail_new_config}.norun" ] && exerr "Error: An ezjail config already exists at ${ezjail_new_config}.\n  Please chose another name."
@@ -1264,6 +1276,9 @@ config)
    echo export jail_${ezjail_new_safename}_attachparams=\"${ezjail_new_attachparams}\"
    echo export jail_${ezjail_new_safename}_attachblocking=\"${ezjail_new_attachblocking}\"
    echo export jail_${ezjail_new_safename}_forceblocking=\"${ezjail_new_forceblocking}\"
+    echo export jail_${ezjail_new_safename}_zfs_datasets=\"${ezjail_new_zfs_datasets}\"
+    echo export jail_${ezjail_new_safename}_cpuset=\"${ezjail_new_cpuset}\"
+    echo export jail_${ezjail_new_safename}_fib=\"${ezjail_new_fib}\"
    ) > "${ezjail_new_config}"
    # remove old config
@@ -1278,6 +1293,97 @@ config)
    fetchjailinfo ${ezjail_new_safename}
  fi
+  if [ "${ezjail_new_zfs_datasets}" ]; then
+    # if jail is still running, refuse to go any further
+    [ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running.\n  '${ezjail_admin} stop ${ezjail_name}' it first ."
+    # write new config file, preserve comments
+    (
+    grep -e ^\# "${ezjail_config}"
+    echo
+    echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
+    echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
+    echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
+    echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
+    echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
+    echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
+    echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
+    echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
+    echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
+    echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
+    echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
+    echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
+    echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
+    echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
+    echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_new_zfs_datasets}\"
+    echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
+    echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
+    ) > "${ezjail_config}_" 
+    mv "${ezjail_config}_" "${ezjail_config}"
+  fi
+  if [ "${ezjail_new_cpuset}" ]; then
+    # configure the new cpuset if the jail is currently running
+    [ "${ezjail_id}" ] && /usr/bin/cpuset -l ${ezjail_new_cpuset} -j ${ezjail_id} || exerr "Error: The defined cpuset is malformed"
+    # write new config file, preserve comments
+    (
+    grep -e ^\# "${ezjail_config}"
+    echo
+    echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
+    echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
+    echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
+    echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
+    echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
+    echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
+    echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
+    echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
+    echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
+    echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
+    echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
+    echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
+    echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
+    echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
+    echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
+    echo export jail_${ezjail_safename}_cpuset=\"${ezjail_new_cpuset}\"
+    echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
+    ) > "${ezjail_config}_"
+    mv "${ezjail_config}_" "${ezjail_config}"
+  fi
+  if [ "${ezjail_new_fib}" ]; then
+    # if jail is still running, refuse to go any further
+    [ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running.\n  '${ezjail_admin} stop ${ezjail_name}' it first ."
+    [ "${ezjail_new_fib}" -ge "0" ] && exerr "Error: fib number has to be an integer."
+    # write new config file, preserve comments
+    (
+    grep -e ^\# "${ezjail_config}"
+    echo
+    echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
+    echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
+    echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
+    echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
+    echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
+    echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
+    echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
+    echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
+    echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
+    echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
+    echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
+    echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
+    echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
+    echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
+    echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
+    echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
+    echo export jail_${ezjail_safename}_fib=\"${ezjail_new_fib}\"
+    ) > "${ezjail_config}_"
+    mv "${ezjail_config}_" "${ezjail_config}"
+  fi
  case "${ezjail_setrunnable}" in
    run)   [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv "${ezjail_config}" "${ezjail_config%.norun}";;
    norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv "${ezjail_config}" "${ezjail_config}.norun" ;;
author	cryx <cryx@h3q.com>	2009-12-28 22:09:17 +0000
committer	cryx <cryx@h3q.com>	2009-12-28 22:09:17 +0000
commit	7fd24086946f90347adc59a61beec621b555bdd7 (patch)
tree	e1d0d6d2c973410fcb8dc06ba100eb4c4397aae4 /ezjail-admin
parent	12cf0c4f2130411e6408433d411eae8ee21e6da2 (diff)

diff --git a/ezjail-admin b/ezjail-admin index 1ba7fc9..b0fb6f8 100755 --- a/ezjail-admin +++ b/ezjail-admin
@@ -46,7 +46,7 @@ ezjail_usage_install="Usage: ${ezjail_admin} install [-mMpPsS] [-h host] [-r rel
46	ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde\|eli\|zfs] [-C args] [-a archive] jailname jailip"	46	ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde\|eli\|zfs] [-C args] [-a archive] jailname jailip"
47	ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname"	47	ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname"
48	ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-p] (-b\|-i\|-u\|-P)"	48	ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-p] (-b\|-i\|-u\|-P)"
49	ezjail_usage_config="Usage: ${ezjail_admin} config [-r run\|norun] [-n newname] [-i attach\|detach\|fsck] jailname"	49	ezjail_usage_config="Usage: ${ezjail_admin} config [-r run\|norun] [-n newname] [-c cpuset] [-z zfs-datasets] [-f fib] [-i attach\|detach\|fsck] jailname"
50	ezjail_usage_console="Usage: ${ezjail_admin} console [-f] [-e command] jailname"	50	ezjail_usage_console="Usage: ${ezjail_admin} console [-f] [-e command] jailname"
51	ezjail_usage_archive="Usage: ${ezjail_admin} archive [-Af] [-a archive] [-d archivedir] jailname [jailname...]"	51	ezjail_usage_archive="Usage: ${ezjail_admin} archive [-Af] [-a archive] [-d archivedir] jailname [jailname...]"
52	ezjail_usage_restore="Usage: ${ezjail_admin} restore [-f] [-d archivedir] (archive\|jailname)..."	52	ezjail_usage_restore="Usage: ${ezjail_admin} restore [-f] [-d archivedir] (archive\|jailname)..."
@@ -170,6 +170,9 @@ fetchjailinfo () {
170	eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"	170	eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"
171	eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"	171	eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
172	eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"	172	eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
		173	eval ezjail_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
		174	eval ezjail_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
		175	eval ezjail_fib=\"\$jail_${ezjail_safename}_fib\"
173		176
174	ezjail_softlink=${ezjail_jaildir}/`basename -- "${ezjail_rootdir}"`	177	ezjail_softlink=${ezjail_jaildir}/`basename -- "${ezjail_rootdir}"`
175	ezjail_devicelink="${ezjail_rootdir}.device"	178	ezjail_devicelink="${ezjail_rootdir}.device"
@@ -615,6 +618,9 @@ create)
615	echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"	618	echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
616	echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"	619	echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
617	echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"	620	echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
		621	echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
		622	echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
		623	echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
618	) > "${ezjail_config}"	624	) > "${ezjail_config}"
619		625
620	# Final steps for flavour installation	626	# Final steps for flavour installation
@@ -1142,12 +1148,15 @@ restore)
1142	######################## ezjail-admin CONFIG ########################	1148	######################## ezjail-admin CONFIG ########################
1143	config)	1149	config)
1144	# Clean variables, prevent polution	1150	# Clean variables, prevent polution
1145	unset ezjail_setrunnable ezjail_imageaction ezjail_new_name	1151	unset ezjail_setrunnable ezjail_imageaction ezjail_new_name ezjail_new_zfs_datasets ezjail_new_cpuset ezjail_new_fib
1146		1152
1147	shift; while getopts :r:i:n: arg; do case ${arg} in	1153	shift; while getopts :r:i:n:z:c:f: arg; do case ${arg} in
1148	i) ezjail_imageaction=${OPTARG};;	1154	i) ezjail_imageaction=${OPTARG};;
1149	r) ezjail_setrunnable=${OPTARG};;	1155	r) ezjail_setrunnable=${OPTARG};;
1150	n) ezjail_new_name=${OPTARG};;	1156	n) ezjail_new_name=${OPTARG};;
		1157	z) ezjail_new_zfs_datasets=${OPTARG};;
		1158	c) ezjail_new_cpuset=${OPTARG};;
		1159	f) ezjail_new_fib=${OPTARG};;
1151	?) exerr ${ezjail_usage_config};;	1160	?) exerr ${ezjail_usage_config};;
1152	esac; done; shift $(( ${OPTIND} - 1 ))	1161	esac; done; shift $(( ${OPTIND} - 1 ))
1153		1162
@@ -1160,7 +1169,7 @@ config)
1160	[ "${ezjail_config}" ] \|\| exerr "Error: Nothing known about jail ${ezjail_name}."	1169	[ "${ezjail_config}" ] \|\| exerr "Error: Nothing known about jail ${ezjail_name}."
1161		1170
1162	# Nothing to be configured?	1171	# Nothing to be configured?
1163	[ "${ezjail_setrunnable}" -o "${ezjail_new_name}" -o "${ezjail_imageaction}" ] \|\| echo "Warning: No config option specified."	1172	[ "${ezjail_setrunnable}" -o "${ezjail_new_name}" -o "${ezjail_imageaction}" -o "${ezjail_new_zfs_datasets}" -o "${ezjail_new_cpuset}" -o "${ezjail_new_fib}" ] \|\| echo "Warning: No config option specified."
1164		1173
1165	# Do we want a new name for our jail?	1174	# Do we want a new name for our jail?
1166	if [ "${ezjail_new_name}" ]; then	1175	if [ "${ezjail_new_name}" ]; then
@@ -1190,12 +1199,15 @@ config)
1190	eval ezjail_new_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"	1199	eval ezjail_new_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
1191	eval ezjail_new_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"	1200	eval ezjail_new_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
1192	eval ezjail_new_imagetype=\"\$jail_${ezjail_safename}_imagetype\"	1201	eval ezjail_new_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
		1202	eval ezjail_new_zfs_datasets=\"\$jail_${ezjail_safename}_zfs_datasets\"
		1203	eval ezjail_new_cpuset=\"\$jail_${ezjail_safename}_cpuset\"
		1204	eval ezjail_new_fib=\"\$jail_${ezjail_safename}_fib\"
1193		1205
1194	# This scenario really will only lead to real troubles in the 'fulljail'	1206	# This scenario really will only lead to real troubles in the 'fulljail'
1195	# case, but I should still explain this to the user and not claim that	1207	# case, but I should still explain this to the user and not claim that
1196	# "an ezjail would already exist"	1208	# "an ezjail would already exist"
1197	case ${ezjail_new_hostname} in basejail\|newjail\|fulljail\|flavours\|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_new_hostname} directory for its own administrative purposes.\n Please chose another name.";; esac	1209	case ${ezjail_new_hostname} in basejail\|newjail\|fulljail\|flavours\|ezjailtemp) exerr "Error: ezjail needs the ${ezjail_new_hostname} directory for its own administrative purposes.\n Please chose another name.";; esac
1198		1210
1199	# jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com	1211	# jail names may lead to identical configs, eg. foo.bar.com == foo-bar.com
1200	# so check, whether we might be running into problems	1212	# so check, whether we might be running into problems
1201	[ -e "${ezjail_new_config}" -o -e "${ezjail_new_config}.norun" ] && exerr "Error: An ezjail config already exists at ${ezjail_new_config}.\n Please chose another name."	1213	[ -e "${ezjail_new_config}" -o -e "${ezjail_new_config}.norun" ] && exerr "Error: An ezjail config already exists at ${ezjail_new_config}.\n Please chose another name."
@@ -1264,6 +1276,9 @@ config)
1264	echo export jail_${ezjail_new_safename}_attachparams=\"${ezjail_new_attachparams}\"	1276	echo export jail_${ezjail_new_safename}_attachparams=\"${ezjail_new_attachparams}\"
1265	echo export jail_${ezjail_new_safename}_attachblocking=\"${ezjail_new_attachblocking}\"	1277	echo export jail_${ezjail_new_safename}_attachblocking=\"${ezjail_new_attachblocking}\"
1266	echo export jail_${ezjail_new_safename}_forceblocking=\"${ezjail_new_forceblocking}\"	1278	echo export jail_${ezjail_new_safename}_forceblocking=\"${ezjail_new_forceblocking}\"
		1279	echo export jail_${ezjail_new_safename}_zfs_datasets=\"${ezjail_new_zfs_datasets}\"
		1280	echo export jail_${ezjail_new_safename}_cpuset=\"${ezjail_new_cpuset}\"
		1281	echo export jail_${ezjail_new_safename}_fib=\"${ezjail_new_fib}\"
1267	) > "${ezjail_new_config}"	1282	) > "${ezjail_new_config}"
1268		1283
1269	# remove old config	1284	# remove old config
@@ -1278,6 +1293,97 @@ config)
1278	fetchjailinfo ${ezjail_new_safename}	1293	fetchjailinfo ${ezjail_new_safename}
1279	fi	1294	fi
1280		1295
		1296	if [ "${ezjail_new_zfs_datasets}" ]; then
		1297	# if jail is still running, refuse to go any further
		1298	[ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running.\n '${ezjail_admin} stop ${ezjail_name}' it first ."
		1299
		1300	# write new config file, preserve comments
		1301	(
		1302	grep -e ^\# "${ezjail_config}"
		1303	echo
		1304	echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
		1305	echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
		1306	echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
		1307	echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
		1308	echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
		1309	echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
		1310	echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
		1311	echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
		1312	echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
		1313	echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
		1314	echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
		1315	echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
		1316	echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
		1317	echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
		1318	echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_new_zfs_datasets}\"
		1319	echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
		1320	echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
		1321	) > "${ezjail_config}_"
		1322	mv "${ezjail_config}_" "${ezjail_config}"
		1323	fi
		1324
		1325	if [ "${ezjail_new_cpuset}" ]; then
		1326	# configure the new cpuset if the jail is currently running
		1327	[ "${ezjail_id}" ] && /usr/bin/cpuset -l ${ezjail_new_cpuset} -j ${ezjail_id} \|\| exerr "Error: The defined cpuset is malformed"
		1328
		1329	# write new config file, preserve comments
		1330	(
		1331	grep -e ^\# "${ezjail_config}"
		1332	echo
		1333	echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
		1334	echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
		1335	echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
		1336	echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
		1337	echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
		1338	echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
		1339	echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
		1340	echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
		1341	echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
		1342	echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
		1343	echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
		1344	echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
		1345	echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
		1346	echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
		1347	echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
		1348	echo export jail_${ezjail_safename}_cpuset=\"${ezjail_new_cpuset}\"
		1349	echo export jail_${ezjail_safename}_fib=\"${ezjail_fib}\"
		1350	) > "${ezjail_config}_"
		1351	mv "${ezjail_config}_" "${ezjail_config}"
		1352
		1353	fi
		1354
		1355	if [ "${ezjail_new_fib}" ]; then
		1356	# if jail is still running, refuse to go any further
		1357	[ "${ezjail_id}" ] && exerr "Error: Jail appears to be still running.\n '${ezjail_admin} stop ${ezjail_name}' it first ."
		1358	[ "${ezjail_new_fib}" -ge "0" ] && exerr "Error: fib number has to be an integer."
		1359
		1360	# write new config file, preserve comments
		1361	(
		1362	grep -e ^\# "${ezjail_config}"
		1363	echo
		1364	echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
		1365	echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
		1366	echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
		1367	echo export jail_${ezjail_safename}_exec=\"${ezjail_exec}\"
		1368	echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
		1369	echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
		1370	echo export jail_${ezjail_safename}_devfs_ruleset=\"${ezjail_devfs_ruleset}\"
		1371	echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
		1372	echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
		1373	echo export jail_${ezjail_safename}_image=\"${ezjail_image}\"
		1374	echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
		1375	echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
		1376	echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
		1377	echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
		1378	echo export jail_${ezjail_safename}_zfs_datasets=\"${ezjail_zfs_datasets}\"
		1379	echo export jail_${ezjail_safename}_cpuset=\"${ezjail_cpuset}\"
		1380	echo export jail_${ezjail_safename}_fib=\"${ezjail_new_fib}\"
		1381	) > "${ezjail_config}_"
		1382	mv "${ezjail_config}_" "${ezjail_config}"
		1383
		1384	fi
		1385
		1386
1281	case "${ezjail_setrunnable}" in	1387	case "${ezjail_setrunnable}" in
1282	run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] \|\| mv "${ezjail_config}" "${ezjail_config%.norun}";;	1388	run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] \|\| mv "${ezjail_config}" "${ezjail_config%.norun}";;
1283	norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv "${ezjail_config}" "${ezjail_config}.norun" ;;	1389	norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv "${ezjail_config}" "${ezjail_config}.norun" ;;