ruben/ezjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Preparing for release of ezjail-2.0beta

Browse Source
This commit is contained in:
erdgeist 2006-05-22 00:20:47 +00:00
parent 24e91c5d8b
commit 5c2ac7cf28
6 changed files with 75 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
ezjail-admin
View File

@ -3,6 +3,7 @@
# ugly: this variable is set during port install time # ugly: this variable is set during port install time
ezjail_prefix=EZJAIL_PREFIX ezjail_prefix=EZJAIL_PREFIX
ezjail_admin=`basename -- $0`
ezjail_etc=${ezjail_prefix}/etc ezjail_etc=${ezjail_prefix}/etc
ezjail_share=${ezjail_prefix}/share/ezjail ezjail_share=${ezjail_prefix}/share/ezjail
ezjail_examples=${ezjail_prefix}/share/examples/ezjail ezjail_examples=${ezjail_prefix}/share/examples/ezjail
@ -32,13 +33,13 @@ ezjail_dirlist="bin boot lib libexec rescue sbin usr/bin usr/games usr/include u
case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac case `uname -p` in amd64) ezjail_dirlist="${ezjail_dirlist} usr/lib32";; esac
# Synopsis messages # Synopsis messages
ezjail_usage_ezjailadmin="Usage: `basename -- $0` [config|create|delete|install|list|update] {params}" ezjail_usage_ezjailadmin="Usage: ${ezjail_admin} [config|create|delete|install|list|update] {params}"
ezjail_usage_create="Usage: `basename -- $0` create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip" ezjail_usage_install="Usage: ${ezjail_admin} install [-mps] [-h host] [-r release]"
ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname" ezjail_usage_create="Usage: ${ezjail_admin} create [-xbi] [-f flavour] [-r jailroot] [-s size] [-c bde|eli] [-C args] jailname jailip"
ezjail_usage_list="Usage: `basename -- $0` list" ezjail_usage_delete="Usage: ${ezjail_admin} delete [-w] jailname"
ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]" ezjail_usage_update="Usage: ${ezjail_admin} update [-s sourcetree] [-i] [-pP]"
ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]" ezjail_usage_config="Usage: ${ezjail_admin} config [-r run|norun] [-i attach|detach] jailname"
ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname" ezjail_usage_list="Usage: ${ezjail_admin} list"
################################ ################################
# End of variable initialization # End of variable initialization
@ -216,9 +217,9 @@ create)
ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc` ezjail_imagerestbytes=`echo ${_val} % 1048576 | bc`
fi fi
# check, whether ezjail-update has been called. existence of # check, whether ezjail has been set up correctly. existence of
# ezjail_jailbase is our indicator # ezjail_jailbase is our indicator
[ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run 'ezjail-admin update' first." [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. Please run '${ezjail_admin} install' or '${ezjail_admin} update' first."
# relative paths don't make sense in rc.scripts # relative paths don't make sense in rc.scripts
[ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}." [ "${ezjail_jaildir%%[!/]*}" ] || exerr "Error: Need an absolute path in ezjail_jaildir, it currently is set to: ${ezjail_jaildir}."
@ -263,17 +264,17 @@ create)
# All sanity checks that may lead to errors are hopefully passed here # All sanity checks that may lead to errors are hopefully passed here
# #
if [ "${ezjail_imagetype}" ]; then if [ -n "${ezjail_imagetype}" ]; then
# Strip trailing slashes from jail root, those would confuse image path # Strip trailing slashes from jail root, those would confuse image path
ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done ezjail_image=${ezjail_rootdir%/}; while [ "${ezjail_image}" -a -z "${ezjail_image%%*/}" ]; do ezjail_image=${ezjail_image%/}; done
[ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}." [ -z "${ezjail_image}" ] && exerr "Error: Could not determine image file name, something is wrong with the jail root: ${ezjail_rootdir}."
# Location of our image file # Location of our image file
ezjail_image=${ezjail_image}.img ezjail_image="${ezjail_image}.img"
# Prepare crypto jail so that an attacker cannot guess which blocks # Prepare crypto jail so that an attacker cannot guess which blocks
# have been written # have been written
case ${ezjail_imagetype} in crypto|bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac case ${ezjail_imagetype} in bde|eli) ezjail_sourcedevice=/dev/random;; simple) ezjail_sourcedevice=/dev/zero;; esac
# If NOT exist, create image # If NOT exist, create image
if [ -z "${ezjail_exists}" ]; then if [ -z "${ezjail_exists}" ]; then
@ -288,7 +289,7 @@ create)
( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}." ( dd if=${ezjail_sourcedevice} bs=${ezjail_imagerestbytes} count=1 >> "${ezjail_image}" ) || exerr "Error: Could not (or not fully) create the image file. You might want to check (and possibly remove) the file ${ezjail_image}. The image size provided was ${ezjail_imagesize}."
fi fi
# And attach device # Attach device
ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}`
[ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')"
case "${ezjail_imagetype}" in case "${ezjail_imagetype}" in
@ -296,7 +297,7 @@ create)
# parse imageparams, generate attachparams # parse imageparams, generate attachparams
ezjail_attachblocking="YES" ezjail_attachblocking="YES"
if [ -n "${ezjail_imageparams}" ]; then if [ -n "${ezjail_imageparams}" ]; then
ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh`
[ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed" [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed"
[ 3 -eq $? ] && unset ezjail_attachblocking [ 3 -eq $? ] && unset ezjail_attachblocking
fi fi
@ -347,24 +348,24 @@ create)
# now, where everything seems to have gone right, create control file in # now, where everything seems to have gone right, create control file in
# ezjails config dir # ezjails config dir
mkdir -p ${ezjail_jailcfgs} mkdir -p ${ezjail_jailcfgs} || exerr "Error: can't create ezjails control directory (${ezjail_jailcfgs})."
echo "# To specify the start up order of your ezjails, use these lines to" > ${ezjail_config} ( echo -e "# To specify the start up order of your ezjails, use these lines to\n# create a Jail dependency tree. See rcorder(8) for more details."
echo "# create a Jail dependency tree. See rcorder(8) for more details." >> ${ezjail_config} echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n"
echo -e "#\n# PROVIDE: standard_ezjail\n# REQUIRE: \n# BEFORE: \n#\n" >> ${ezjail_config} echo jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\"
echo export jail_${ezjail_safename}_hostname=\"${ezjail_hostname}\" >> ${ezjail_config} echo jail_${ezjail_safename}_ip=\"${ezjail_ip}\"
echo export jail_${ezjail_safename}_ip=\"${ezjail_ip}\" >> ${ezjail_config} echo jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\"
echo export jail_${ezjail_safename}_rootdir=\"${ezjail_rootdir}\" >> ${ezjail_config} echo jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\"
echo export jail_${ezjail_safename}_exec=\"/bin/sh /etc/rc\" >> ${ezjail_config} echo jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\"
echo export jail_${ezjail_safename}_mount_enable=\"${ezjail_mount_enable}\" >> ${ezjail_config} echo jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\"
echo export jail_${ezjail_safename}_devfs_enable=\"${ezjail_devfs_enable}\" >> ${ezjail_config} echo jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\"
echo export jail_${ezjail_safename}_devfs_ruleset=\"devfsrules_jail\" >> ${ezjail_config} echo jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\"
echo export jail_${ezjail_safename}_procfs_enable=\"${ezjail_procfs_enable}\" >> ${ezjail_config} echo jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\"
echo export jail_${ezjail_safename}_fdescfs_enable=\"${ezjail_fdescfs_enable}\" >> ${ezjail_config} echo jail_${ezjail_safename}_image=\"${ezjail_image}\"
echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} echo jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\"
echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} echo jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\"
echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} echo jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\"
echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" >> ${ezjail_config} echo jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\"
echo export jail_${ezjail_safename}_forceblocking=\"${ezjail_forceblocking}\" >> ${ezjail_config} ) > ${ezjail_config}
# Final steps for flavour installation # Final steps for flavour installation
if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then if [ -z "${ezjail_exists}" -a -n "${ezjail_flavour}" ]; then
@ -400,6 +401,7 @@ create)
[ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}" [ $? = 0 ] && echo -e "Warning: Some services already seem to be listening on all IP, (including ${ezjail_ip})\n This may cause some confusion, here they are:\n${ezjail_listener}"
IFS=${TIFS} IFS=${TIFS}
[ -n "${ezjail_imagetype}" ] && echo "Note: To administrate your image jail, attach it using the '${ezjail_admin} config -i attach ${ezjail_hostname}' command."
;; ;;
######################## ezjail-admin DELETE ######################## ######################## ezjail-admin DELETE ########################
delete) delete)
@ -424,9 +426,9 @@ delete)
[ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first." [ -n "${ezjail_id}" ] && exerr "Error: Jail appears to be still running, stop it first."
# if jail is attached, refuse to go any further # if jail is attached, refuse to go any further
[ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '`basename -- $0` config -i detach' it first." [ -n "${ezjail_attached}" ] && exerr "Error: Jail image file ${ezjail_image} is attached as ${ezjail_device}. '${ezjail_admin} config -i detach' it first."
# now we know everything we need to let the jail be gone remove entry # now we know everything we need to let the jail be gone. remove entry
# from ezjail resource structure, delete fstab.JAILNAME # from ezjail resource structure, delete fstab.JAILNAME
rm -f ${ezjail_config} /etc/fstab.${ezjail_safename} rm -f ${ezjail_config} /etc/fstab.${ezjail_safename}
@ -479,9 +481,9 @@ setup|update)
[ $# -eq 0 ] || exerr ${ezjail_usage_update} [ $# -eq 0 ] || exerr ${ezjail_usage_update}
if [ "${ezjail_installaction}" = "none" ]; then if [ "${ezjail_installaction}" = "none" ]; then
# check, whether ezjail-update has been called. existence of # check, whether ezjail has been setup correctly. existence of
# ezjail_jailbase is our indicator # ezjail_jailbase is our indicator
[ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run 'ezjail-admin update' first." [ -d ${ezjail_jailbase} ] || exerr "Error: base jail does not exist. You cannot fill base jails ports tree before creating it. Please run '${ezjail_admin} update' or '${ezjail_admin} install' first."
else else
# Bump the user for some of the most common errors # Bump the user for some of the most common errors
[ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}." [ -d ${ezjail_sourcetree} ] || exerr "Cannot find your copy of the FreeBSD source tree in ${ezjail_sourcetree}."

3
ezjail.conf.sample
View File

@ -23,6 +23,9 @@
# a cvsroot near you # a cvsroot near you
# ezjail_portscvsroot=:pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs # ezjail_portscvsroot=:pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs
# This is where the install sub command defaults to fetch its packages from
# ezjail_ftphost=ftp.freebsd.org
# base jail will provide a soft link from /usr/bin/perl to /usr/local/bin/perl # base jail will provide a soft link from /usr/bin/perl to /usr/local/bin/perl
# to accomodate all scripts using '#!/usr/bin/perl'... # to accomodate all scripts using '#!/usr/bin/perl'...
# ezjail_uglyperlhack="YES" # ezjail_uglyperlhack="YES"

29
man1/ezjail-admin.1
View File

@ -16,7 +16,13 @@ ezjail-admin \- Administrate ezjail
.B ezjail-admin list .B ezjail-admin list
.T .T
.B ezjail-admin install [-mps] [-h host] [-r release] .B ezjail-admin config
[-r run|norun] [-i attach|detach]
.I jailname
.T
.B ezjail-admin install
[-mps] [-h host] [-r release]
.T .T
.B ezjail-admin update .B ezjail-admin update
@ -105,6 +111,15 @@ stands for disabled jails (see
Rest of the row is follow by jails jid (if available), its IP, hostname Rest of the row is follow by jails jid (if available), its IP, hostname
and root directory. and root directory.
.SH ezjail-admin config
manages existing specific ezjails.
You can prevent an ezjail from being run at system start by the -r norun
option and reenable it by -r run.
You can attach image jails for administrative purposes by the -i attach
option and detach them with -i detach. It is not possible to run or delete
an attached jail.
.SH ezjail-admin install .SH ezjail-admin install
fetches everything needed to setup a base jail from an FTP server and fetches everything needed to setup a base jail from an FTP server and
installs it. installs it.
@ -121,14 +136,16 @@ portsnap utility to fetch and extract a FreeBSD ports tree (ca. 475MB).
Default OS version is, whatever uname -r returns. If this does not match Default OS version is, whatever uname -r returns. If this does not match
"*-RELEASE", you will be prompted for a better guess. (Normally "*-RELEASE", you will be prompted for a better guess. (Normally
ftp-servers do not provide release candidates or CURRENT builds). You can ftp-servers do not provide release candidates or CURRENT builds). You can
use the -r option to specify a releas from command line. use the -r option to specify a release from command line.
Default host to fetch packages from is ftp.freebsd.org, you may want to Default host to fetch packages from is ftp.freebsd.org, you may want to
change this via the -h option. If the specified location begins with change this via the -h option or in ezjail.conf(5).
file://, your local copy of the release is used. That way you can do some
modifications to install.sh scripts before executing them.
You can later update your world from CVS by If the specified location begins with file://, your local copy of the
release is used. That way you can do some modifications to install.sh
scripts before executing them.
You can later update your world from CVS or update ports by
.U ezjail-admin update .U ezjail-admin update
or rerun this subcommand with another OS version. or rerun this subcommand with another OS version.
.SH ezjail-admin update .SH ezjail-admin update

9
man5/ezjail.5
View File

@ -27,13 +27,14 @@ and
It may be passed an additional list of jails. If no jail name is It may be passed an additional list of jails. If no jail name is
specified (usually when the script is being called by rc.local at boot specified (usually when the script is being called by rc.local at boot
and shutdown time), all jails in ezjails scope, except crypto image and shutdown time), all jails in ezjails scope, except crypto image
jails, are being started/stopped. To start all crytpo image jails, use jails (or jails marked as blocking), are being started/stopped. To
the start all crytpo image jails (or those depending on them), use the
.I startcrypto .I startcrypto
parameter. parameter.
The script examines its config, sets variables for each jail in the The script examines its config, attaches and mounts images, sets
jail_list before passing its command on to the variables for each jail in the jail_list before passing its command on
to the
.B /etc/rc.d/jail .B /etc/rc.d/jail
script. script.
.SH NOTES .SH NOTES

5
man5/ezjail.conf.5
View File

@ -37,6 +37,11 @@ Cvs root to use when checking out or updating the ports tree in base jail
.br .br
.I default: :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs .I default: :pserver:anoncvs@anoncvs.at.FreeBSD.org:/home/ncvs
.TP .TP
.B ezjail_ftphost (str)
This is where the install sub command defaults to fetch its packages from
.br
.I default: ftp.freebsd.org
.TP
.B ezjail_uglyperlhack (bool) .B ezjail_uglyperlhack (bool)
Set to YES, if ezjail should provide a soft link from /usr/bin/perl to /usr/local/bin/perl in base jail. Set to YES, if ezjail should provide a soft link from /usr/bin/perl to /usr/local/bin/perl in base jail.
.br .br