[PC-BSD Commits] r15653 - in pcbsd/current/src-qt4/warden: bin scripts/backend

svn at pcbsd.org svn at pcbsd.org
Wed Feb 29 09:48:30 PST 2012


Author: kris
Date: 2012-02-29 17:48:29 +0000 (Wed, 29 Feb 2012)
New Revision: 15653

Modified:
   pcbsd/current/src-qt4/warden/bin/warden
   pcbsd/current/src-qt4/warden/scripts/backend/functions.sh
   pcbsd/current/src-qt4/warden/scripts/backend/listjails.sh
   pcbsd/current/src-qt4/warden/scripts/backend/startjail.sh
   pcbsd/current/src-qt4/warden/scripts/backend/stopjail.sh
Log:

Add portjail functionality to warden, now we can have as many portjail
sandboxes on a system as we want, not just a single one



Modified: pcbsd/current/src-qt4/warden/bin/warden
===================================================================
--- pcbsd/current/src-qt4/warden/bin/warden	2012-02-29 17:05:29 UTC (rev 15652)
+++ pcbsd/current/src-qt4/warden/bin/warden	2012-02-29 17:48:29 UTC (rev 15653)
@@ -48,6 +48,7 @@
     list - Lists the installed jails
 mkinmate - Creates a inmate file from the specified directory
     pkgs - Lists the installed packages / inmates in a jail
+    type - Set the jail type (portjail/normal)
    start - Start a jail
     stop - Stops a jail
 "
@@ -110,6 +111,29 @@
 "
 };
 
+help_type()
+{
+ title
+ echo "Help type
+
+Lets you set the type of jail to these options:
+
+portjail: Jail with access to your home directories and Xorg
+standard: Normal FreeBSD secure jail environment
+
+The flag status can be checked with 'warden list'. 
+
+Usage:
+
+  warden type <IP> <type>
+
+Example:
+
+  warden type 192.168.0.5 portjail
+"
+};
+
+
 help_auto()
 {
  title
@@ -344,6 +368,32 @@
 
          ;;
 
+   type) IP="${2}"
+         TYPE="${3}"
+
+         if [ -z "${IP}" ] ; then
+          echo "ERROR: No IP specified!"
+          exit 1
+         fi
+
+         if [ ! -e "${JDIR}/${IP}" ] ; then
+           echo "ERROR: No such jail!"
+           exit 1
+         fi
+
+	 case $TYPE in
+	   portjail) ETCFILES="resolv.conf passwd master.passwd spwd.db pwd.db group localtime"
+		     for file in ${ETCFILES}; do
+    		       rm ${JDIR}/${IP}/etc/${file} >/dev/null 2>&1
+                       cp /etc/${file} ${JDIR}/${IP}/etc/${file}
+                     done
+		     touch ${JDIR}/${IP}/etc/.wardenxjail
+                     ;;
+	   standard) rm ${JDIR}/${IP}/etc/.wardenxjail >/dev/null 2>/dev/null ;;
+	   *) echo "Invalid TYPE" ; exit 1 ;;
+         esac
+         ;;
+
    auto) IP="${2}"
 
          if [ -z "${IP}" ]

Modified: pcbsd/current/src-qt4/warden/scripts/backend/functions.sh
===================================================================
--- pcbsd/current/src-qt4/warden/scripts/backend/functions.sh	2012-02-29 17:05:29 UTC (rev 15652)
+++ pcbsd/current/src-qt4/warden/scripts/backend/functions.sh	2012-02-29 17:48:29 UTC (rev 15653)
@@ -33,6 +33,9 @@
 WARDENVER="1.2"
 export WARDENVER
 
+# Dirs to nullfs mount in X jail
+NULLFS_MOUNTS="/tmp /media /usr/home"
+
 # Function to ask the user to press Return to continue
 rtn()
 {
@@ -132,3 +135,35 @@
   rm ${FBSD_TARBALL_CKSUM}
 };
 
+
+### Mount all needed filesystems for the jail
+mountjailxfs() {
+  for nullfs_mount in ${NULLFS_MOUNTS}; do
+    if [ ! -d "${JDIR}/${1}${nullfs_mount}" ] ; then
+      mkdir -p "${JDIR}/${1}${nullfs_mount}"
+    fi
+    mount_nullfs ${nullfs_mount} ${JDIR}/${1}${nullfs_mount}
+  done
+
+  # Add support for linprocfs for ports that need linprocfs to build/run
+  if [ -d "${JDIR}/${1}/compat/linux/proc" ]; then
+    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
+  else
+    echo "/compat/linux/proc does not exist. Adding linprocfs support."
+    mkdir -p ${JDIR}/${1}/compat/linux/proc
+    mount -t linprocfs linprocfs ${JDIR}/${1}/compat/linux/proc
+  fi
+}
+
+### Umount all the jail's filesystems
+umountjailxfs() {
+  status="0"
+  # Umount all filesystems that are mounted into the portsjail
+  for mountpoint in $(mount | grep ${JDIR}/${1} | cut -d" " -f3); do
+    if [ "$mountpoint" = "${JDIR}/${1}/dev" ] ; then continue ; fi
+    #echo "Unmounting $mountpoint"
+    umount -f ${mountpoint}
+    if [ $? -ne 0 ] ; then status="1" ; fi
+  done
+  return $status
+}

Modified: pcbsd/current/src-qt4/warden/scripts/backend/listjails.sh
===================================================================
--- pcbsd/current/src-qt4/warden/scripts/backend/listjails.sh	2012-02-29 17:05:29 UTC (rev 15652)
+++ pcbsd/current/src-qt4/warden/scripts/backend/listjails.sh	2012-02-29 17:48:29 UTC (rev 15653)
@@ -17,8 +17,8 @@
 
 
 # Prints a listing of the available jails
-echo "IP		HOST		AUTOSTART	STATUS
---------------------------------------------------------------"
+echo "IP		HOST		AUTOSTART	STATUS     TYPE
+-----------------------------------------------------------------------"
 
 cd ${JDIR}
 
@@ -35,10 +35,16 @@
   fi
 
   # Check if we are autostarting this jail
-  if [ -e "${i}/etc/.wardenautostart" ]
-  then
+  if [ -e "${i}/etc/.wardenautostart" ] ; then
     AUTO="Enabled"
   fi
+ 
+  # Figure out the type of jail
+  if [ -e "${i}/etc/.wardenxjail" ] ; then
+    TYPE="portjail"
+  else
+    TYPE="standard"
+  fi
 
   ${PROGDIR}/scripts/backend/checkstatus.sh ${i} 2>/dev/null
   if [ "$?" = "0" ]
@@ -52,8 +58,9 @@
   AUTO=`echo "${AUTO}          " | cut -c 1-15`
   STATUS=`echo "${STATUS}          " | cut -c 1-10`
   HOST=`echo "${HOST}          " | cut -c 1-15`
+  TYPE=`echo "${TYPE}          " | cut -c 1-10`
   
 
-  echo -e "${i}	${HOST}	${AUTO}	${STATUS}"
+  echo -e "${i}	${HOST}	${AUTO}	${STATUS} ${TYPE}"
 done
 

Modified: pcbsd/current/src-qt4/warden/scripts/backend/startjail.sh
===================================================================
--- pcbsd/current/src-qt4/warden/scripts/backend/startjail.sh	2012-02-29 17:05:29 UTC (rev 15652)
+++ pcbsd/current/src-qt4/warden/scripts/backend/startjail.sh	2012-02-29 17:48:29 UTC (rev 15653)
@@ -43,12 +43,10 @@
 ifconfig $NIC inet alias ${IP}/32
 mount -t devfs devfs "${JDIR}/${IP}/dev"
 mount -t procfs proc "${JDIR}/${IP}/proc"
+if [ -e "${JDIR}/${IP}/etc/.wardenxjail" ] ; then mountjailxfs ${IP} ; fi
 jail ${JDIR}/${IP} ${HOST} ${IP} /bin/sh /etc/rc 2>&1
 
 # Get the JailID for this new jail
 JID="`jls | grep ${IP} | tr -s " " ":" | cut -d ":" -f 2`"
 echo "$JID" >"${JDIR}/${IP}/var/run/warden.jid"
 
-
-
-

Modified: pcbsd/current/src-qt4/warden/scripts/backend/stopjail.sh
===================================================================
--- pcbsd/current/src-qt4/warden/scripts/backend/stopjail.sh	2012-02-29 17:05:29 UTC (rev 15652)
+++ pcbsd/current/src-qt4/warden/scripts/backend/stopjail.sh	2012-02-29 17:48:29 UTC (rev 15653)
@@ -54,6 +54,8 @@
 
 echo -e ".\c"
 
+# Check if we need umount x mnts
+if [ -e "${JDIR}/${IP}/etc/.wardenxjail" ] ; then umountjailxfs ${IP} ; fi
 
 # Check if we need to remove the IP alias from this jail
 ifconfig $NIC | grep ${IP} >/dev/null 2>/dev/null



More information about the Commits mailing list