diff options
author | erdgeist <erdgeist@erdgeist.org> | 2005-09-14 15:22:57 +0000 |
---|---|---|
committer | erdgeist <erdgeist@erdgeist.org> | 2005-09-14 15:22:57 +0000 |
commit | 0d8f4d20fb65761cbe61ebf3cff06c4d21cf94b5 (patch) | |
tree | e2324f13378aa9fdd9b28029fe0c684f142363c3 /ezjail-admin | |
parent | 79fc7aa69a56933d7c622309b1e7b6bafc8df504 (diff) |
lots of actual create jail logic implemented
Diffstat (limited to 'ezjail-admin')
-rwxr-xr-x | ezjail-admin | 74 |
1 files changed, 67 insertions, 7 deletions
diff --git a/ezjail-admin b/ezjail-admin index 19725d2..324168f 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
@@ -2,6 +2,7 @@ | |||
2 | 2 | ||
3 | # ugly: this variable is set during port install time | 3 | # ugly: this variable is set during port install time |
4 | ezjail_prefix=EZJAIL_PREFIX | 4 | ezjail_prefix=EZJAIL_PREFIX |
5 | ezjail_jailcfgs=${ezjail_prefix}/etc/ezjail | ||
5 | 6 | ||
6 | if [ "0" != "`id -u`" ]; then | 7 | if [ "0" != "`id -u`" ]; then |
7 | echo "Retry as root"; exit 1; | 8 | echo "Retry as root"; exit 1; |
@@ -24,8 +25,9 @@ ezjail_procfs_enable=${ezjail_procfs_enable:-"YES"} | |||
24 | ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} | 25 | ezjail_fdescfs_enable=${ezjail_fdescfs_enable:-"YES"} |
25 | 26 | ||
26 | # check for command | 27 | # check for command |
27 | if [ -z "$1" ]; | 28 | if [ -z "$1" ]; then |
28 | then echo "Usage: `basename $0` [create|delete|list|update] {params}"; exit; | 29 | echo "Usage: `basename $0` [create|delete|list|update] {params}"; |
30 | exit 1; | ||
29 | fi | 31 | fi |
30 | 32 | ||
31 | case "$1" in | 33 | case "$1" in |
@@ -33,10 +35,12 @@ create) | |||
33 | shift | 35 | shift |
34 | args=`getopt xr: $*` | 36 | args=`getopt xr: $*` |
35 | if [ $? != 0 ]; then | 37 | if [ $? != 0 ]; then |
36 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; exit 1; | 38 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; |
39 | exit 1; | ||
37 | fi | 40 | fi |
38 | 41 | ||
39 | newjail_root= | 42 | newjail_root= |
43 | newjail_softlink= | ||
40 | newjail_fill="YES" | 44 | newjail_fill="YES" |
41 | 45 | ||
42 | for arg in args; do | 46 | for arg in args; do |
@@ -48,16 +52,72 @@ create) | |||
48 | done; | 52 | done; |
49 | newjail_name=$1; newjail_ip=$2; shift 2; | 53 | newjail_name=$1; newjail_ip=$2; shift 2; |
50 | 54 | ||
55 | # wee need at least a name and an ip for new jail | ||
51 | if [ -z "$newjail_name" -o -z "$newjail_ip" -o $# != 0 ]; then | 56 | if [ -z "$newjail_name" -o -z "$newjail_ip" -o $# != 0 ]; then |
52 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; exit 1; | 57 | echo 'Usage: ezjail create [-r jailroot] [-x] jailname jailip'; exit 1; |
53 | fi | 58 | fi |
54 | 59 | ||
55 | echo running CREATE $newjail_name $newjail_ip $newjail_fill | 60 | # relative paths don't make sense in rc.scripts |
61 | if [ ${ezjail_jaildir:1:1} != / ]; then | ||
62 | echo Error: Need an absolute path in ezjail_jaildir, it is currently set to: $ezjail_jaildir | ||
63 | exit 1; | ||
64 | fi | ||
65 | |||
66 | # jail names must not have names that irritate file systems, | ||
67 | # excluding dots from this list was done intentionally to | ||
68 | # allow foo.com style directory names, however, the jail | ||
69 | # name will be foo_com in most scripts | ||
70 | newjail_name=`echo $newjail_name | tr /~ __`; | ||
71 | newjail_root=${newjail_root:-"$ezjail_jaildir/$newjail_name"} | ||
72 | newjail_nname=`echo $newjail_name | tr . _`; | ||
73 | |||
74 | # if jail root specified on command line is not absolute, | ||
75 | # make it absolute inside our jail directory | ||
76 | if [ ${newjail_root:1:1} != / ]; then | ||
77 | newjail_root=$ezjail_jaildir/$newjail_root | ||
78 | fi | ||
79 | |||
80 | # if jail root specified on command line does not lie | ||
81 | # within our jail directory, we need to create a softlink | ||
82 | if [ ${newjail_root##${ezjail_jaildir}} = $newjail_root ]; then | ||
83 | newjail_softlink=$ezjail_jaildir/`basename $newjail_root` | ||
84 | if [ -e $newjail_softlink -a $newjail_fill = "YES" ]; then | ||
85 | echo Error: an ezjail already exists at $newjail_softlink | ||
86 | exit 1; | ||
87 | fi | ||
88 | fi | ||
89 | fi | ||
90 | |||
91 | # now take a copy of our template jail | ||
92 | if [ $newjail_fill = "YES" ]; then | ||
93 | mkdir -p ${newjail_root} && cd ${ezjail_jailtemplate} \ | ||
94 | && find * | cpio -p -v ${newjail_root} | ||
95 | fi | ||
96 | |||
97 | # if a soft link is necessary, create it now | ||
98 | if [ $newjail_softlink ]; then | ||
99 | ln -s $newjail_root $newjail_softlink | ||
100 | fi | ||
56 | 101 | ||
57 | exit | 102 | # if the automount feature is not disabled, create an |
103 | # fstab entry for new jail | ||
104 | echo $ezjail_jailbase $newjail_root/basejail nullfs ro 0 0 > /etc/fstab.$newjail_name | ||
105 | |||
106 | # now, where everything seems to have gone right, | ||
107 | # create control file in ezjails config dir | ||
108 | mkdir -p $ezjail_jailcfgs | ||
109 | echo \ | ||
110 | jail_${newjail_nname}_hostname=\"${newjail_name}\" \n \ | ||
111 | jail_${newjail_nname}_ip=\"${newjail_ip}\" \n \ | ||
112 | jail_${newjail_nname}_rootdir=\"${newjail_root}\" \n \ | ||
113 | jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" | ||
114 | jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" \n \ | ||
115 | jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" \n \ | ||
116 | jail_${newjail_nname}_devfs_ruleset="devfsrules_jail" | ||
117 | jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" \n \ | ||
118 | jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" \n \ | ||
119 | > ${ezail_jailcfgs}/newjail_nname | ||
58 | 120 | ||
59 | mkdir ${newjail_root} && cd ${ezjail_jailtemplate} \ | ||
60 | && find * | cpio -p -v ${newjail_root} | ||
61 | ;; | 121 | ;; |
62 | delete) | 122 | delete) |
63 | 123 | ||