[PC-BSD Commits] r4781 - pcbsd/trunk/system-overlay/usr/PCBSD/portjail

svn at pcbsd.org svn at pcbsd.org
Mon Oct 26 11:26:59 PST 2009


Author: kris
Date: 2009-10-26 12:26:59 -0700 (Mon, 26 Oct 2009)
New Revision: 4781

Modified:
   pcbsd/trunk/system-overlay/usr/PCBSD/portjail/portjail.sh
Log:


Updated the portjail to used more secure sed replacements, and added a new "run" command which lets you create 
icons / commands in your regular system to execute something in the ports jail



Modified: pcbsd/trunk/system-overlay/usr/PCBSD/portjail/portjail.sh
===================================================================
--- pcbsd/trunk/system-overlay/usr/PCBSD/portjail/portjail.sh	2009-10-26 18:57:53 UTC (rev 4780)
+++ pcbsd/trunk/system-overlay/usr/PCBSD/portjail/portjail.sh	2009-10-26 19:26:59 UTC (rev 4781)
@@ -10,9 +10,35 @@
 MANPATH=/usr/local/man
 export MANPATH
 
+display_help()
+{
+  echo "PC-BSD Port Jail Management"
+  echo "--------------------------------"
+  echo "Usage:"
+  echo "  portjail start 	- Starts the jail, root only"
+  echo "  portjail stop  	- Stops the jail, root only"
+  echo "  portjail console  	- Starts a shell session within the jail"
+  echo "  portjail run <cmd>  	- Runs the specified command within the jail"
+
+};
+
+
+# if we are called without a flag, warn the user and exit
+if [ -z "$1" ]
+then
+  display_help
+  exit 1
+fi
+
 if [ "$1" = "start" ]
 then
 
+  if [ "`id -u`" != "0" ]
+  then
+    echo "Error: You must be root to start the ports jail"
+    exit 1
+  fi
+
   # Create some hard-links for the portjail
   rm ${PJDIR}/etc/resolv.conf >/dev/null 2>/dev/null
   ln /etc/resolv.conf ${PJDIR}/etc/resolv.conf
@@ -33,12 +59,8 @@
   
 
   # Configure NAT with PF
-  TMPFILE=`mktemp /tmp/.pf-tmp.XXXXXX`
-  cat /etc/pf.conf | grep -v "from lo1:network to any" > ${TMPFILE}
-  mv ${TMPFILE} /etc/pf.conf
-  chmod 644 /etc/pf.conf
+  sed -i -e '/from lo1:network to any/d' /etc/pf.conf
 
-  echo "scrub in all" >/etc/.pflo1tmp
   TMPIF=`ifconfig -l`
   for i in ${TMPIF}
   do
@@ -50,7 +72,6 @@
   done
 
   rm /etc/.pftmp.conf >/dev/null 2>/dev/null
-  rm /etc/.pflo1tmp >/dev/null 2>/dev/null
   /etc/rc.d/pf restart >/dev/null 2>/dev/null
 
   # Make sure we remove our cleartmp rc.d script, causes issues
@@ -60,18 +81,12 @@
   fi
 
   # Add the hostname to the portjails /etc/hosts file, to prevent sendmail warnings
-  TMPFILE=`mktemp /tmp/.hosts-tmp.XXXXXX`
-  cat ${PJDIR}/etc/hosts | grep -v "127.0.0.1" > ${TMPFILE}
-  echo "127.0.0.1               localhost localhost.my.domain ${PJHOST}" >> ${TMPFILE}
-  mv ${TMPFILE} ${PJDIR}/etc/hosts
-  chmod 644 ${PJDIR}/etc/hosts
+  sed -i -e '/127.0.0.1/d' ${PJDIR}/etc/hosts
+  echo "127.0.0.1               localhost localhost.my.domain ${PJHOST}" >>${PJDIR}/etc/hosts
 
   # Make sure the /etc/rc.conf HOSTNAME values match
-  TMPFILE=`mktemp /tmp/.rc-tmp.XXXXXX`
-  cat ${PJDIR}/etc/rc.conf | grep -v "hostname=" > ${TMPFILE}
-  echo "hostname=\"$PJHOST\"" >> ${TMPFILE}
-  mv ${TMPFILE} ${PJDIR}/etc/rc.conf
-  chmod 644 ${PJDIR}/etc/rc.conf
+  sed -i -e '/hostname=/d' ${PJDIR}/etc/rc.conf
+  echo "hostname=\"$PJHOST\"" >> ${PJDIR}/etc/rc.conf
 
   mount_nullfs /tmp ${PJDIR}/tmp
   mount_nullfs /usr/home ${PJDIR}/usr/home
@@ -82,6 +97,12 @@
 elif [ "$1" = "stop" ]
 then
 
+  if [ "`id -u`" != "0" ]
+  then
+    echo "Error: You must be root to stop the ports jail"
+    exit 1
+  fi
+
   # Stop the Jail
   jexec portjail /bin/sh /etc/rc.shutdown
   jail -r portjail
@@ -92,15 +113,26 @@
   ifconfig lo1 destroy
 
   # Cleanup /etc/pf.conf
-  TMPFILE=`mktemp /tmp/.pf-tmp.XXXXXX`
-  cat /etc/pf.conf | grep -v "from lo1:network to any" > $TMPFILE
-  mv $TMPFILE /etc/pf.conf
-  chmod 644 /etc/pf.conf
+  sed -i -e '/from lo1:network to any/d' /etc/pf.conf
 
 elif [ "$1" = "console" ]
 then
   DBUS_SESSION_BUS_ADDRESS="" ; export DBUS_SESSION_BUS_ADDRESS
   PJID=`jls | grep "${PJDIR}" | tr -s " " | awk '{ print $1 }'`
   /usr/local/sbin/jailme $PJID /bin/csh
+
+elif [ "$1" = "run" ]
+then
+
+  if [ -z "$2" ]
+  then
+    echo "Error: No command specified!"
+    exit 1
+  fi
+
+  DBUS_SESSION_BUS_ADDRESS="" ; export DBUS_SESSION_BUS_ADDRESS
+  PJID=`jls | grep "${PJDIR}" | tr -s " " | awk '{ print $1 }'`
+  /usr/local/sbin/jailme $PJID $2
+
 fi
 



More information about the Commits mailing list