Let old-style (shell-based) jail configuration handle jail names that
contain characters not allowed in a shell variable (such as "-"). These will be replaced by an underscore in jail config variables, e.g. for jail "foo-bar" you would set "jail_foo_bar_hostname". This is separate from the current code that changes the jail names if they contain "." or "/". It also doesn't apply to jails defined in a jail.conf file. PR: 191181 MFC after: 5 days
This commit is contained in:
jamie
parent
a11e57aacc
commit
f7aeb324ee
130
etc/rc.d/jail
130
etc/rc.d/jail
@ -28,16 +28,16 @@ extra_commands="config console status"
|
||||
|
||||
need_dad_wait=
|
||||
|
||||
# extract_var jail name param num defval
|
||||
# Extract value from ${jail_$jail_$name} or ${jail_$name} and
|
||||
# extract_var jv name param num defval
|
||||
# Extract value from ${jail_$jv_$name} or ${jail_$name} and
|
||||
# set it to $param. If not defined, $defval is used.
|
||||
# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and
|
||||
# When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and
|
||||
# $param is set by using +=.
|
||||
# When $num is YN or NY, the value is interpret as boolean.
|
||||
extract_var()
|
||||
{
|
||||
local i _j _name _param _num _def _name1 _name2
|
||||
_j=$1
|
||||
local i _jv _name _param _num _def _name1 _name2
|
||||
_jv=$1
|
||||
_name=$2
|
||||
_param=$3
|
||||
_num=$4
|
||||
@ -45,7 +45,7 @@ extract_var()
|
||||
|
||||
case $_num in
|
||||
YN)
|
||||
_name1=jail_${_j}_${_name}
|
||||
_name1=jail_${_jv}_${_name}
|
||||
_name2=jail_${_name}
|
||||
eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\"
|
||||
if checkyesno $_name1; then
|
||||
@ -55,7 +55,7 @@ extract_var()
|
||||
fi
|
||||
;;
|
||||
NY)
|
||||
_name1=jail_${_j}_${_name}
|
||||
_name1=jail_${_jv}_${_name}
|
||||
_name2=jail_${_name}
|
||||
eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\"
|
||||
if checkyesno $_name1; then
|
||||
@ -67,7 +67,7 @@ extract_var()
|
||||
[0-9]*)
|
||||
i=$_num
|
||||
while : ; do
|
||||
_name1=jail_${_j}_${_name}${i}
|
||||
_name1=jail_${_jv}_${_name}${i}
|
||||
_name2=jail_${_name}${i}
|
||||
eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\"
|
||||
if [ -n "$_tmpargs" ]; then
|
||||
@ -79,7 +79,7 @@ extract_var()
|
||||
done
|
||||
;;
|
||||
*)
|
||||
_name1=jail_${_j}_${_name}
|
||||
_name1=jail_${_jv}_${_name}
|
||||
_name2=jail_${_name}
|
||||
eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\"
|
||||
if [ -n "$_tmpargs" ]; then
|
||||
@ -89,22 +89,23 @@ extract_var()
|
||||
esac
|
||||
}
|
||||
|
||||
# parse_options _j
|
||||
# parse_options _j _jv
|
||||
# Parse options and create a temporary configuration file if necessary.
|
||||
#
|
||||
parse_options()
|
||||
{
|
||||
local _j _p
|
||||
local _j _jv _p
|
||||
_j=$1
|
||||
_jv=$2
|
||||
|
||||
_confwarn=0
|
||||
if [ -z "$_j" ]; then
|
||||
warn "parse_options: you must specify a jail"
|
||||
return
|
||||
fi
|
||||
eval _jconf=\"\${jail_${_j}_conf:-/etc/jail.${_j}.conf}\"
|
||||
eval _rootdir=\"\$jail_${_j}_rootdir\"
|
||||
eval _hostname=\"\$jail_${_j}_hostname\"
|
||||
eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\"
|
||||
eval _rootdir=\"\$jail_${_jv}_rootdir\"
|
||||
eval _hostname=\"\$jail_${_jv}_hostname\"
|
||||
if [ -z "$_rootdir" -o \
|
||||
-z "$_hostname" ]; then
|
||||
if [ -r "$_jconf" ]; then
|
||||
@ -120,7 +121,7 @@ parse_options()
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
eval _ip=\"\$jail_${_j}_ip\"
|
||||
eval _ip=\"\$jail_${_jv}_ip\"
|
||||
if [ -z "$_ip" ] && ! check_kern_features vimage; then
|
||||
warn "no ipaddress specified and no vimage support. " \
|
||||
"Jail $_j was ignored."
|
||||
@ -138,10 +139,10 @@ parse_options()
|
||||
fi
|
||||
/usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1
|
||||
|
||||
eval : \${jail_${_j}_flags:=${jail_flags}}
|
||||
eval _exec=\"\$jail_${_j}_exec\"
|
||||
eval _exec_start=\"\$jail_${_j}_exec_start\"
|
||||
eval _exec_stop=\"\$jail_${_j}_exec_stop\"
|
||||
eval : \${jail_${_jv}_flags:=${jail_flags}}
|
||||
eval _exec=\"\$jail_${_jv}_exec\"
|
||||
eval _exec_start=\"\$jail_${_jv}_exec_start\"
|
||||
eval _exec_stop=\"\$jail_${_jv}_exec_stop\"
|
||||
if [ -n "${_exec}" ]; then
|
||||
# simple/backward-compatible execution
|
||||
_exec_start="${_exec}"
|
||||
@ -155,20 +156,20 @@ parse_options()
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
|
||||
eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\"
|
||||
eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\"
|
||||
eval _interface=\"\${jail_${_jv}_interface:-${jail_interface}}\"
|
||||
eval _parameters=\"\${jail_${_jv}_parameters:-${jail_parameters}}\"
|
||||
eval _fstab=\"\${jail_${_jv}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\"
|
||||
(
|
||||
date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S"
|
||||
echo "$_j {"
|
||||
extract_var $_j hostname host.hostname - ""
|
||||
extract_var $_j rootdir path - ""
|
||||
extract_var $_jv hostname host.hostname - ""
|
||||
extract_var $_jv rootdir path - ""
|
||||
if [ -n "$_ip" ]; then
|
||||
extract_var $_j interface interface - ""
|
||||
extract_var $_jv interface interface - ""
|
||||
jail_handle_ips_option $_ip $_interface
|
||||
alias=0
|
||||
while : ; do
|
||||
eval _x=\"\$jail_${_j}_ip_multi${alias}\"
|
||||
eval _x=\"\$jail_${_jv}_ip_multi${alias}\"
|
||||
[ -z "$_x" ] && break
|
||||
|
||||
jail_handle_ips_option $_x $_interface
|
||||
@ -184,37 +185,37 @@ parse_options()
|
||||
;;
|
||||
esac
|
||||
# These are applicable only to non-vimage jails.
|
||||
extract_var $_j fib exec.fib - ""
|
||||
extract_var $_j socket_unixiproute_only \
|
||||
extract_var $_jv fib exec.fib - ""
|
||||
extract_var $_jv socket_unixiproute_only \
|
||||
allow.raw_sockets NY YES
|
||||
else
|
||||
echo " vnet;"
|
||||
extract_var $_j vnet_interface vnet.interface - ""
|
||||
extract_var $_jv vnet_interface vnet.interface - ""
|
||||
fi
|
||||
|
||||
echo " exec.clean;"
|
||||
echo " exec.system_user = \"root\";"
|
||||
echo " exec.jail_user = \"root\";"
|
||||
extract_var $_j exec_prestart exec.prestart 0 ""
|
||||
extract_var $_j exec_poststart exec.poststart 0 ""
|
||||
extract_var $_j exec_prestop exec.prestop 0 ""
|
||||
extract_var $_j exec_poststop exec.poststop 0 ""
|
||||
extract_var $_jv exec_prestart exec.prestart 0 ""
|
||||
extract_var $_jv exec_poststart exec.poststart 0 ""
|
||||
extract_var $_jv exec_prestop exec.prestop 0 ""
|
||||
extract_var $_jv exec_poststop exec.poststop 0 ""
|
||||
|
||||
echo " exec.start += \"$_exec_start\";"
|
||||
extract_var $_j exec_afterstart exec.start 1 ""
|
||||
extract_var $_jv exec_afterstart exec.start 1 ""
|
||||
echo " exec.stop = \"$_exec_stop\";"
|
||||
|
||||
extract_var $_j consolelog exec.consolelog - \
|
||||
extract_var $_jv consolelog exec.consolelog - \
|
||||
/var/log/jail_${_j}_console.log
|
||||
|
||||
if [ -r $_fstab ]; then
|
||||
echo " mount.fstab = \"$_fstab\";"
|
||||
fi
|
||||
|
||||
eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}}
|
||||
if checkyesno jail_${_j}_devfs_enable; then
|
||||
eval : \${jail_${_jv}_devfs_enable:=${jail_devfs_enable:-NO}}
|
||||
if checkyesno jail_${_jv}_devfs_enable; then
|
||||
echo " mount.devfs;"
|
||||
eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}
|
||||
eval _ruleset=\${jail_${_jv}_devfs_ruleset:-${jail_devfs_ruleset}}
|
||||
case $_ruleset in
|
||||
"") ;;
|
||||
[0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;;
|
||||
@ -227,24 +228,24 @@ parse_options()
|
||||
*) warn "devfs_ruleset must be an integer." ;;
|
||||
esac
|
||||
fi
|
||||
eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}}
|
||||
if checkyesno jail_${_j}_fdescfs_enable; then
|
||||
eval : \${jail_${_jv}_fdescfs_enable:=${jail_fdescfs_enable:-NO}}
|
||||
if checkyesno jail_${_jv}_fdescfs_enable; then
|
||||
echo " mount.fdescfs;"
|
||||
fi
|
||||
eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
|
||||
if checkyesno jail_${_j}_procfs_enable; then
|
||||
eval : \${jail_${_jv}_procfs_enable:=${jail_procfs_enable:-NO}}
|
||||
if checkyesno jail_${_jv}_procfs_enable; then
|
||||
echo " mount.procfs;"
|
||||
fi
|
||||
|
||||
eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}}
|
||||
if checkyesno jail_${_j}_mount_enable; then
|
||||
eval : \${jail_${_jv}_mount_enable:=${jail_mount_enable:-NO}}
|
||||
if checkyesno jail_${_jv}_mount_enable; then
|
||||
echo " allow.mount;"
|
||||
fi
|
||||
|
||||
extract_var $_j set_hostname_allow allow.set_hostname YN NO
|
||||
extract_var $_j sysvipc_allow allow.sysvipc YN NO
|
||||
extract_var $_j osreldate osreldate
|
||||
extract_var $_j osrelease osrelease
|
||||
extract_var $_jv set_hostname_allow allow.set_hostname YN NO
|
||||
extract_var $_jv sysvipc_allow allow.sysvipc YN NO
|
||||
extract_var $_jv osreldate osreldate
|
||||
extract_var $_jv osrelease osrelease
|
||||
for _p in $_parameters; do
|
||||
echo " ${_p%\;};"
|
||||
done
|
||||
@ -382,14 +383,15 @@ jail_handle_ips_option()
|
||||
|
||||
jail_config()
|
||||
{
|
||||
local _j
|
||||
local _j _jv
|
||||
|
||||
case $1 in
|
||||
_ALL) return ;;
|
||||
esac
|
||||
for _j in $@; do
|
||||
_j=$(echo $_j | tr /. _)
|
||||
if parse_options $_j; then
|
||||
_jv=$(echo -n $_j | tr -c '[:alnum:]' _)
|
||||
if parse_options $_j $_jv; then
|
||||
echo "$_j: parameters are in $_conf."
|
||||
fi
|
||||
done
|
||||
@ -397,7 +399,7 @@ jail_config()
|
||||
|
||||
jail_console()
|
||||
{
|
||||
local _j _cmd
|
||||
local _j _jv _cmd
|
||||
|
||||
# One argument that is not _ALL.
|
||||
case $#:$1 in
|
||||
@ -405,9 +407,10 @@ jail_console()
|
||||
1:*) ;;
|
||||
esac
|
||||
_j=$(echo $1 | tr /. _)
|
||||
_jv=$(echo -n $1 | tr -c '[:alnum:]' _)
|
||||
shift
|
||||
case $# in
|
||||
0) eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;;
|
||||
0) eval _cmd=\${jail_${_jv}_consolecmd:-$jail_consolecmd} ;;
|
||||
*) _cmd=$@ ;;
|
||||
esac
|
||||
$jail_jexec $_j $_cmd
|
||||
@ -421,7 +424,7 @@ jail_status()
|
||||
|
||||
jail_start()
|
||||
{
|
||||
local _j _jid _jl _id _name
|
||||
local _j _jv _jid _jl _id _name
|
||||
|
||||
if [ $# = 0 ]; then
|
||||
return
|
||||
@ -454,11 +457,12 @@ jail_start()
|
||||
_jl=
|
||||
for _j in $@; do
|
||||
_j=$(echo $_j | tr /. _)
|
||||
parse_options $_j || continue
|
||||
_jv=$(echo -n $_j | tr -c '[:alnum:]' _)
|
||||
parse_options $_j $_jv || continue
|
||||
|
||||
_jl="$_jl $_j"
|
||||
eval rc_flags=\${jail_${_j}_flags:-$jail_flags}
|
||||
eval command=\${jail_${_j}_program:-$jail_program}
|
||||
eval rc_flags=\${jail_${_jv}_flags:-$jail_flags}
|
||||
eval command=\${jail_${_jv}_program:-$jail_program}
|
||||
command_args="-i -f $_conf -c $_j"
|
||||
$command $rc_flags $command_args \
|
||||
>/dev/null 2>&1 </dev/null &
|
||||
@ -480,10 +484,11 @@ jail_start()
|
||||
#
|
||||
for _j in $@; do
|
||||
_j=$(echo $_j | tr /. _)
|
||||
parse_options $_j || continue
|
||||
_jv=$(echo -n $_j | tr -c '[:alnum:]' _)
|
||||
parse_options $_j $_jv || continue
|
||||
|
||||
eval rc_flags=\${jail_${_j}_flags:-$jail_flags}
|
||||
eval command=\${jail_${_j}_program:-$jail_program}
|
||||
eval rc_flags=\${jail_${_jv}_flags:-$jail_flags}
|
||||
eval command=\${jail_${_jv}_program:-$jail_program}
|
||||
command_args="-i -f $_conf -c $_j"
|
||||
_tmp=`mktemp -t jail` || exit 3
|
||||
if $command $rc_flags $command_args \
|
||||
@ -505,7 +510,7 @@ jail_start()
|
||||
|
||||
jail_stop()
|
||||
{
|
||||
local _j
|
||||
local _j _jv
|
||||
|
||||
if [ $# = 0 ]; then
|
||||
return
|
||||
@ -533,11 +538,12 @@ jail_stop()
|
||||
esac
|
||||
for _j in $@; do
|
||||
_j=$(echo $_j | tr /. _)
|
||||
parse_options $_j || continue
|
||||
_jv=$(echo -n $_j | tr -c '[:alnum:]' _)
|
||||
parse_options $_j $_jv || continue
|
||||
if ! $jail_jls -j $_j > /dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
eval command=\${jail_${_j}_program:-$jail_program}
|
||||
eval command=\${jail_${_jv}_program:-$jail_program}
|
||||
echo -n " ${_hostname:-${_j}}"
|
||||
_tmp=`mktemp -t jail` || exit 3
|
||||
$command -q -f $_conf -r $_j >> $_tmp 2>&1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user