From 485fad901585be80d9f4c7a3fddb8a7d407b5a35 Mon Sep 17 00:00:00 2001
From: erdgeist <erdgeist@erdgeist.org>
Date: Sun, 18 Dec 2005 16:47:21 +0000
Subject: Rethought flavours
---
Makefile | 2 +-
examples/example/ezjail.flavour | 31 ++++++++++++++++++++++
ezjail-admin | 57 ++++++++++++++++++-----------------------
ezjail-config.sh | 15 +++++------
4 files changed, 63 insertions(+), 42 deletions(-)
create mode 100755 examples/example/ezjail.flavour
diff --git a/Makefile b/Makefile
index 3da973b..4ddd804 100755
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ install:
mkdir -p ${PREFIX}/etc/ezjail/ ${PREFIX}/man/man1/ ${PREFIX}/man/man5/ ${PREFIX}/etc/rc.d/ ${PREFIX}/bin/ ${PREFIX}/share/ezjail ${PREFIX}/share/examples/ezjail
cp -p ezjail.conf.sample ${PREFIX}/etc/
cp -p ezjail-config.sh ${PREFIX}/share/ezjail/
- cp -p examples/ezjail.flavour.default ${PREFIX}/share/examples/ezjail/
+ cp -r -p examples/default ${PREFIX}/share/examples/ezjail/
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail.sh > ${PREFIX}/etc/rc.d/ezjail.sh
sed s:EZJAIL_PREFIX:${PREFIX}: ezjail-admin > ${PREFIX}/bin/ezjail-admin
sed s:EZJAIL_PREFIX:${PREFIX}: man1/ezjail-admin.1 > ${PREFIX}/man/man1/ezjail-admin.1
diff --git a/examples/example/ezjail.flavour b/examples/example/ezjail.flavour
new file mode 100755
index 0000000..eee2a67
--- /dev/null
+++ b/examples/example/ezjail.flavour
@@ -0,0 +1,31 @@
+# ezjail flavour example
+# refer to ezjail(5) for more information
+#
+# ezjails jail init script tries to create the following users. Format is
+# as follows:
+#
+# username:uid:group[,group,..]:gid[,gid,..]:comment:cryptpw:[-]homedir:shell
+#
+# Note: Since ' ' (space) does not survive shell expansion, still often is
+# useful in the comment field, '=' will be converted to ' '.
+#
+# Note: Always use ''' (single ticks) to provide variables containing '$'s
+#
+# Example:
+#
+# ezjail_flavour_users='::heroes:1003:::: \
+# admin::wheel::Admin=User:$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91:/home/admin:/bin/sh \
+# pgsql:1002:pgsql:1002:Post=Gres::-/usr/local/psql:/bin/nologin'
+
+# ezjails init script tries to install all files listed here from the path
+# /config to the corresponding location inside the jail. Directories are being
+# copied recursively.
+# Format is as follows:
+#
+# user:group:file(s)
+#
+# Example:
+#
+# ezjail_flavour_files='root:wheel:/etc/*.conf \
+# root:wheel:/etc/localtime \
+# admin:wheel:/home/admin/'
diff --git a/ezjail-admin b/ezjail-admin
index 17adb60..d7c8791 100755
--- a/ezjail-admin
+++ b/ezjail-admin
@@ -4,6 +4,7 @@
ezjail_prefix=EZJAIL_PREFIX
ezjail_etc=${ezjail_prefix}/etc
ezjail_share=${ezjail_prefix}/share/ezjail
+ezjail_examples=${ezjail_prefix}/share/examples/ezjail
ezjail_jailcfgs=${ezjail_etc}/ezjail
if [ -f ${ezjail_etc}/ezjail.conf ]; then
@@ -15,6 +16,7 @@ ezjail_jaildir=${ezjail_jaildir:-"/usr/jails"}
ezjail_jailtemplate=${ezjail_jailtemplate:-"$ezjail_jaildir/newjail"}
ezjail_jailbase=${ezjail_jailbase:-"$ezjail_jaildir/basejail"}
ezjail_jailfull=${ezjail_jailfull:-"$ezjail_jaildir/fulljail"}
+ezjail_flavours=${ezjail_flavours:-"$ezjail_jaildir/flavours"}
ezjail_sourcetree=${ezjail_sourcetree:-"/usr/src"}
ezjail_mount_enable=${ezjail_mount_enable:-"YES"}
@@ -37,7 +39,6 @@ create)
newjail_root=
newjail_flavour=
- newjail_flav=
newjail_softlink=
newjail_fill="YES"
@@ -82,20 +83,9 @@ create)
fi
# do some sanity checks on the selected flavour (if any)
- if [ "$newjail_flavour" ]; then
- # simple case wins, most often you won't have a ezjail.flavour.FLAV
- # AND a ./FLAV lying around. If you do, you won't need "./httpd"
- # but /ezjail_etc/ezjail.flavour.httpd, whatever ./httpd would be
- # For now exit with error, maybe just warn later.
- [ -f "$newjail_flavour" ] && newjail_flav=${newjail_flavour}
- # if flavour contains a '/', it aint a short name
- if [ ${newjail_flavour} = ${newjail_flavour%/*} -a \
- -f ${ezjail_etc}/ezjail.flavour.${newjail_flavour} ]; then
- [ "$newjail_flav" ] && exerr "Error: flavour ${newjail_flavour} conflicts with file ./${newjail_flavour}"
- newjail_flav=${ezjail_etc}/ezjail.flavour.${newjail_flavour}
- fi
- # Flavour not found
- [ "$newjail_flav" ] || exerr "Error: Flavour config file ${newjail_flavour} not found"
+ if [ "${newjail_flavour}" ]; then
+ [ -d ${ezjail_flavours}/${newjail_flavour}/ ] || exerr "Error: Flavour config directory ${ezjail_flavours}/${newjail_flavour} not found"
+ [ -d ${ezjail_flavours}/${newjail_flavour}/ezjail.flavour ] || exerr "Error: Flavour config ${ezjail_flavours}/${newjail_flavour}/ezjail.flavour not found"
fi
# now take a copy of our template jail
@@ -109,19 +99,19 @@ create)
# if the automount feature is not disabled, create an
# fstab entry for new jail
- echo $ezjail_jailbase $newjail_root/basejail nullfs ro 0 0 > /etc/fstab.$newjail_nname
+ echo $ezjail_jailbase $newjail_root/basejail nullfs ro 0 0 > /etc/fstab.$newjail_nname
# now, where everything seems to have gone right,
# create control file in ezjails config dir
mkdir -p $ezjail_jailcfgs
- echo export jail_${newjail_nname}_hostname=\"${newjail_name}\" > ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_ip=\"${newjail_ip}\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_rootdir=\"${newjail_root}\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailcfgs}/${newjail_nname}
- echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_hostname=\"${newjail_name}\" > ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_ip=\"${newjail_ip}\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_rootdir=\"${newjail_root}\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_jailcfgs}/${newjail_nname}
+ echo export jail_${newjail_nname}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
echo export jail_${newjail_nname}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_jailcfgs}/${newjail_nname}
# check, whether IP is configured on a local interface, warn if it isnt
@@ -133,29 +123,29 @@ create)
newjail_listener=`sockstat -4 -l | grep $newjail_ip:[[:digit:]]`
if [ $? = 0 ]; then
echo "Warning: Some services already seem to be listening on IP $newjail_ip"
- echo " This may cause some confusion, here they are:"
+ echo " This may cause some confusion, here they are:"
echo $newjail_listener
fi
newjail_listener=`sockstat -4 -l | grep \*:[[:digit:]]`
if [ $? = 0 ]; then
echo "Warning: Some services already seem to be listening on all IPs"
- echo " (including $newjail_ip)"
- echo " This may cause some confusion, here they are:"
+ echo " (including $newjail_ip)"
+ echo " This may cause some confusion, here they are:"
echo $newjail_listener
fi
IFS=$TIFS
# Final steps for flavour installation
- if [ "${newjail_flav}" ]; then
- install -o root -g wheel -m 0755 ${newjail_flav} ${newjail_root}/etc/ezjail.flavour
+ if [ "${newjail_flavour}" ]; then
+ cp -r -p ${ezjail_jaildir}/${newjail_flavour} ${newjail_root}/config
install -o root -g wheel -m 0755 ${ezjail_share}/ezjail-config.sh ${newjail_root}/etc/rc.d/ezjail-config.sh
echo "Note: Shell scripts installed, flavourizing on jails first startup"
fi
;;
-delete)
######################## ezjail-admin DELETE ########################
+delete)
shift
args=`getopt w $*`
[ $? = 0 ] || exerr 'Usage: ezjail delete [-w] jailname';
@@ -207,8 +197,8 @@ delete)
[ $oldjail_wipe = "YES" ] && rm -rf $oldjail_rootdir
;;
-list)
######################## ezjail-admin LIST ########################
+ list)
jail_list=`ls $ezjail_jailcfgs`
for jail in $jail_list; do
. ${ezjail_jailcfgs}/$jail
@@ -219,8 +209,8 @@ list)
done
;;
-setup|update)
######################## ezjail-admin UPDATE ########################
+setup|update)
shift
args=`getopt is: $*`
[ $? = 0 ] || exerr 'Usage: ezjail update [-s sourcetree] [-i]'
@@ -269,6 +259,9 @@ setup|update)
fi
mv ${ezjail_jailfull} ${ezjail_jailtemplate}
+ # If the default flavour example has not yet been copied, do it now
+ [ -d ${ezjail_flavours}/default ] || cp -p -r ${ezjail_examples}/default ${ezjail_flavours}
+
;;
*)
exerr "Usage: `basename $0` [create|delete|list|update] {params}"
diff --git a/ezjail-config.sh b/ezjail-config.sh
index 69a93f4..19aa801 100644
--- a/ezjail-config.sh
+++ b/ezjail-config.sh
@@ -3,18 +3,16 @@
# BEFORE: rcconf
set -o noglob
-if [ -f /etc/ezjail.flavour ]; then
- . /etc/ezjail.flavour
+if [ -f /config/ezjail.flavour ]; then
+ . /config/ezjail.flavour
# we do need to install only once
- rm -f /etc/ezjail.flavour
+ rm -f /config/ezjail.flavour
fi
# set defaults
-ezjail_flavour_root=${ezjail_flavour_root:-"/basejail/config/default"}
ezjail_flavour_files=${ezjail_flavour_files:-""}
ezjail_flavour_users=${ezjail_flavour_users:-""}
-ezjail_flavour_packages=${ezjail_flavour_packages:-""}
# try to create users
for user in $ezjail_flavour_users; do
@@ -45,7 +43,7 @@ for user in $ezjail_flavour_users; do
done
# try to install files
-cd $ezjail_flavour_root
+cd /config
for file in $ezjail_flavour_files; do
TIFS=$IFS; IFS=:; set -- $file; IFS=$TIFS
set +o noglob
@@ -60,9 +58,8 @@ for file in $ezjail_flavour_files; do
done
# finally install packages
-[ -d /basejail/config/pkg ] && cd /basejail/config/pkg
-set +o noglob
-[ "${ezjail_flavour_packages}" ] && pkg_add ${ezjail_flavour_packages}
+set -o noglob
+[ -d /config/pkg ] && cd /config/pkg && pkg_add *
# Get rid off ourself
rm -f /etc/rc.d/ezjail-config.sh
--
cgit v1.2.3