Added attach/detach subsubcommands to config
Added more error checking when attaching image jails Woke up this morning when the streets where full of cars
This commit is contained in:
erdgeist
parent
56f79ffcec
commit
653bd9e938
93
ezjail-admin
93
ezjail-admin
@ -37,7 +37,7 @@ ezjail_usage_delete="Usage: `basename -- $0` delete [-w] jailname"
|
||||
ezjail_usage_list="Usage: `basename -- $0` list"
|
||||
ezjail_usage_update="Usage: `basename -- $0` update [-s sourcetree] [-i] [-pP]"
|
||||
ezjail_usage_install="Usage: `basename -- $0` install [-mps] [-h host] [-r release]"
|
||||
ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] jailname"
|
||||
ezjail_usage_config="Usage: `basename -- $0` config [-r run|norun] [-i attach|detach] jailname"
|
||||
|
||||
################################
|
||||
# End of variable initialization
|
||||
@ -56,8 +56,10 @@ detach_images () {
|
||||
eli) geli detach /dev/${ezjail_imagedevice} > /dev/null;;
|
||||
esac
|
||||
mdconfig -d -u ${ezjail_imagedevice} > /dev/null
|
||||
[ "$1" = "success" ] || rm -f ${ezjail_image}
|
||||
[ "$1" = "keep" ] || rm -f ${ezjail_image}
|
||||
fi
|
||||
# This function is being called in case of error. Keep $? bad
|
||||
return 1
|
||||
}
|
||||
|
||||
# fetch everything we need to know about an ezjail from config
|
||||
@ -76,9 +78,13 @@ fetchjailinfo () {
|
||||
. ${ezjail_config}
|
||||
eval ezjail_hostname=\"\$jail_${ezjail_safename}_hostname\"
|
||||
eval ezjail_rootdir=\"\$jail_${ezjail_safename}_rootdir\"
|
||||
eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\"
|
||||
eval ezjail_image=\"\$jail_${ezjail_safename}_image\"
|
||||
eval ezjail_imagetype=\"\$jail_${ezjail_safename}_imagetype\"
|
||||
eval ezjail_ip=\"\$jail_${ezjail_safename}_ip\"
|
||||
eval ezjail_attachparams=\"\$jail_${ezjail_safename}_attachparams\"
|
||||
eval ezjail_attachblocking=\"\$jail_${ezjail_safename}_attachblocking\"
|
||||
eval ezjail_forceblocking=\"\$jail_${ezjail_safename}_forceblocking\"
|
||||
eval ezjail_passphraseurl=\"\$jail_${ezjail_safename}_passphraseurl\"
|
||||
|
||||
ezjail_softlink=${ezjail_jaildir}/`basename -- ${ezjail_rootdir}`
|
||||
[ -f /var/run/jail_${ezjail_safename}.id ] && ezjail_id=`cat /var/run/jail_${ezjail_safename}.id` || return
|
||||
@ -345,7 +351,7 @@ create)
|
||||
fi
|
||||
|
||||
# Detach (crypto and) memory discs
|
||||
detach_images success
|
||||
detach_images keep
|
||||
|
||||
#
|
||||
# For user convenience some scenarios commonly causing headaches are checked
|
||||
@ -542,9 +548,10 @@ install)
|
||||
######################## ezjail-admin CONFIG ########################
|
||||
config)
|
||||
# Clean variables, prevent polution
|
||||
unset ezjail_setrunnable
|
||||
unset ezjail_setrunnable ezjail_imageaction
|
||||
|
||||
shift; while getopts :r: arg; do case ${arg} in
|
||||
i) ezjail_imageaction=${OPTARG};;
|
||||
r) ezjail_setrunnable=${OPTARG};;
|
||||
?) exerr ${ezjail_usage_config};;
|
||||
esac; done; shift $(( ${OPTIND} - 1 ))
|
||||
@ -555,20 +562,80 @@ config)
|
||||
fetchjailinfo $1
|
||||
|
||||
# check for existence of jail in our records
|
||||
[ "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
|
||||
[ -n "${ezjail_config}" ] || exerr "Error: Nothing known about jail ${ezjail_name}."
|
||||
|
||||
# Nothing to be configured?
|
||||
[ "${ezjail_setrunnable}" ] || echo "Warning: No config option specified."
|
||||
[ -z "${ezjail_setrunnable}" -a -z "${ezjail_imageaction}" ] && echo "Warning: No config option specified."
|
||||
|
||||
case ${ezjail_setrunnable} in
|
||||
run)
|
||||
[ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun}
|
||||
;;
|
||||
norun)
|
||||
[ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun
|
||||
;;
|
||||
run) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] || mv ${ezjail_config} ${ezjail_config%.norun};;
|
||||
norun) [ "${ezjail_config}" = "${ezjail_config%.norun}" ] && mv ${ezjail_config} ${ezjail_config}.norun ;;
|
||||
*) echo "Warning: Unknow runnable option specified.";;
|
||||
esac
|
||||
|
||||
[ -n "${ezjail_imageaction} -a -z "${ezjail_image}" ] && exerr "Error: Jail ${ezjail_name} not an image jail."
|
||||
|
||||
case ${ezjail_imageaction} in
|
||||
attach)
|
||||
# Check, if image already attached
|
||||
if [ -L "${ezjail_root}.device" ]; then
|
||||
# Fetch destination of soft link
|
||||
ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
|
||||
[ -b "${ezjail_device}" ] && exerr "Error: Jail image file ${ezjail_name} already attached as ${ezjail_device}."
|
||||
rm -f ${ezjail_root}.device
|
||||
fi
|
||||
|
||||
# Create a memory disc from jail image
|
||||
ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` || exerr "Error: Could not attach memory disc."
|
||||
|
||||
# If this is a crypto jail, try to mount it, remind user, which jail
|
||||
# this is. In this case, the device to mount is
|
||||
case ${ezjail_imagetype} in
|
||||
crypto|bde)
|
||||
echo "Attaching bde device for image jail ${ezjail}..."
|
||||
echo gbde attach /dev/${ezjail_imagedevice} ${ezjail_attachparams} | /bin/sh
|
||||
[ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching bde device failed."
|
||||
# Device to mount is not md anymore
|
||||
ezjail_device=${ezjail_imagedevice}.bde
|
||||
;;
|
||||
eli)
|
||||
echo "Attaching eli device for image jail ${ezjail}..."
|
||||
echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
|
||||
[ $? -eq 0 ] || detach_images keep || exerr "Error: Attaching eli device failed."
|
||||
# Device to mount is not md anymore
|
||||
ezjail_device=${ezjail_imagedevice}.eli
|
||||
;;
|
||||
esac
|
||||
|
||||
mount /dev/${ezjail_device} ${ezjail_rootdir} || detach_images keep || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
|
||||
# relink image device
|
||||
ln -s /dev/${ezjail_device} ${ezjail_root}.device
|
||||
|
||||
;;
|
||||
detach)
|
||||
[ -n "${ezjail_id}" ] && exerr "Error: Jail ${ezjail_name} still running. Can't detach."
|
||||
|
||||
# Check, if image really attached
|
||||
if [ -L "${ezjail_root}.device" ]; then
|
||||
# Fetch destination of soft link
|
||||
ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
|
||||
[ -b "${ezjail_device}" ] || exerr "Error: Jail image file ${ezjail_name} is not attached."
|
||||
fi
|
||||
|
||||
# Add this device to the list of devices to be unmounted
|
||||
case ${ezjail_imagetype} in
|
||||
crypto|bde) ezjail_imagedevice="${ezjail_device%.bde}" ;;
|
||||
eli) ezjail_imagedevice="${ezjail_device%.eli}" ;;
|
||||
*) ezjail_imagedevice="${ezjail_device} ;;
|
||||
esac
|
||||
|
||||
# Unmount/detach everything
|
||||
detach_images keep
|
||||
|
||||
# Remove soft link (which acts as a lock)
|
||||
rm -f ${ezjail_root}.device
|
||||
;;
|
||||
*) echo "Warning: Unknow image action specified.";;
|
||||
;;
|
||||
|
||||
##############################################################################
|
||||
|
||||
25
ezjail.sh
25
ezjail.sh
@ -74,7 +74,9 @@ do_cmd()
|
||||
[ "${action%crypto}" != "${action}" -a -z "${ezjail_blocking}" ] && continue
|
||||
|
||||
# Try to attach (crypto) devices
|
||||
[ -n "${ezjail_image}" ] && attach_detach_pre
|
||||
if [ -n "${ezjail_image}" ]; then
|
||||
attach_detach_pre || continue
|
||||
fi
|
||||
|
||||
ezjail_pass="${ezjail_pass} ${ezjail}"
|
||||
done
|
||||
@ -91,10 +93,16 @@ attach_detach_pre ()
|
||||
if [ "${action%crypto}" = "start" ]; then
|
||||
# If jail is running, do not mount devices, this is the same check as
|
||||
# /etc/rc.d/jail does
|
||||
[ -e /var/run/jail_${ezjail}.id ] && return
|
||||
[ -e /var/run/jail_${ezjail}.id ] && return 1
|
||||
|
||||
if [ -L "${ezjail_root}.device" ]; then
|
||||
# Fetch destination of soft link
|
||||
ezjail_device=`stat -f "%Y" ${ezjail_root}.device`
|
||||
[ -b "${ezjail_device}" ] && echo "Warning: Jail image file ${ezjail_name} already attached as ${ezjail_device}." && return 1
|
||||
fi
|
||||
|
||||
# Create a memory disc from jail image
|
||||
ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}`
|
||||
ezjail_device=`mdconfig -a -t vnode -f ${ezjail_image}` || return 1
|
||||
|
||||
# If this is a crypto jail, try to mount it, remind user, which jail
|
||||
# this is. In this case, the device to mount is
|
||||
@ -102,17 +110,28 @@ attach_detach_pre ()
|
||||
crypto|bde)
|
||||
echo "Attaching bde device for image jail ${ezjail}..."
|
||||
echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh
|
||||
if [ $? -eq 0 ]; then
|
||||
mdconfig -d -u ${ezjail_imagedevice} > /dev/null
|
||||
echo "Error: Attaching bde device failed."; return 1
|
||||
fi
|
||||
# Device to mount is not md anymore
|
||||
ezjail_device=${ezjail_device}.bde
|
||||
;;
|
||||
eli)
|
||||
echo "Attaching eli device for image jail ${ezjail}..."
|
||||
echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh
|
||||
if [ $? -eq 0 ]; then
|
||||
mdconfig -d -u ${ezjail_imagedevice} > /dev/null
|
||||
echo "Error: Attaching eli device failed."; return 1
|
||||
fi
|
||||
# Device to mount is not md anymore
|
||||
ezjail_device=${ezjail_device}.eli
|
||||
;;
|
||||
esac
|
||||
|
||||
# Clean image
|
||||
fsck_ufs -F -p ${ezjail_device}
|
||||
|
||||
# relink image device
|
||||
rm -f ${ezjail_root}.device
|
||||
ln -s /dev/${ezjail_device} ${ezjail_root}.device
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user