blob: 7d16c34bf9eea146a54d7f4154c5e9bd0ddf620a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# This file can be included in the RC script by adding following line:
# . %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail
# The behavior of routines defined in this file are affected by the following
# global variables, which can be used in the same manner as Makefile knobs:
# jail_copy_resolv_conf
# set this to "yes" to copy /etc/resolv.conf file into the jail being created
# jail_copy_services
# set this to "yes" to copy /etc/services file into the jail being created
# jail_copy_programs
# set this to a list of binaries, which should be copied into /bin directory
# of the jail. Dynamic libraries required by each program will be placed into
# the /lib directory of the jail
# jail_mount_devfs
# set this to "yes" to mount a devfs filesystem under the /dev directory of the
# jail
# jail_ip_inherit
# set this to "yes" to make "ip4=inherit" and "ip6=inherit" arguments to be
# passed to the jail
# jail_prepare_inside_cmds
# set this to the shell command that will be run before starting the jail
# commands are run after changing directory into the jail's root
# jail_nullfs_mounts
# set this to a list of triplets of "src_dir dst_dir opts" that will be passed
# to mount_nullfs
# make sure to pass either "ro" or "rw" as "opts" value
# prepare_jail jroot
# sets $jail_prepared_args that can be used in jail(4) invocation
# intended to be run during "start" command
prepare_jail()
{
local jroot jargs
jroot="$1"
jargs="-c path=${jroot} "
destroy_jail "$jroot" 2> /dev/null
mkdir -p "$jroot"
if [ "$jail_copy_resolv_conf" = "yes" ]; then
mkdir -p "$jroot/etc"
cp /etc/resolv.conf "$jroot/etc"
fi
if [ "$jail_copy_services" = "yes" ]; then
mkdir -p "$jroot/etc"
cp /etc/services "$jroot/etc"
fi
local _prog _interp
for _prog in $jail_copy_programs; do
mkdir -p "$jroot/bin"
mkdir -p "$jroot/lib"
cp "$_prog" "$jroot/bin"
ldd "$_prog" 2> /dev/null | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jroot}/lib/"
_interp=$(file "$_prog" | grep -o '/libexec/ld-elf.so[0-9\.]*')
if [ "$_interp" ]; then
mkdir -p "$jroot/libexec"
cp "$_interp" "$jroot/libexec/"
fi
done
if [ "$jail_mount_devfs" = "yes" ]; then
mkdir -p "$jroot/dev"
jargs="$jargs mount.devfs "
fi
if [ "$jail_ip_inherit" = "yes" ]; then
if check_kern_features inet; then
jargs="$jargs ip4=inherit "
fi
if check_kern_features inet6; then
jargs="$jargs ip6=inherit "
fi
fi
if [ "$jail_nullfs_mounts" ]; then
local _mnt_line
echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
local _src _dst _opts
_src=$(echo "$_mnt_line" | awk '{print $1}')
_dst=$(echo "$_mnt_line" | awk '{print $2}')
_opts=$(echo "$_mnt_line" | awk '{print $3}')
mkdir -p "$_dst"
mount_nullfs -o "$_opts" "$_src" "$_dst"
done
fi
if [ "$jail_prepare_inside_cmds" ]; then
/bin/sh -c "cd \"$jroot\" && $jail_prepare_inside_cmds"
fi
jail_prepared_args=$jargs
}
# destroy_jail jail_root
# cleans up the jail, unmounts all filesystems and finally removes jail_root
# intended to be run during both "stop" and "start" commands
destroy_jail()
{
local jroot
jroot="$1"
if [ "$jail_mount_devfs" = "yes" ]; then
rmdir "$jroot/dev"
fi
if [ "$jail_nullfs_mounts" ]; then
local _mnt_line
echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
local _dst
_dst=$(echo "$_mnt_line" | awk '{print $2}')
umount "$_dst"
rmdir "$_dst"
done
fi
rm -rf "$jroot"
}
|
