Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
annotate bin/fjail @ 75:2e3ac70bdfc8
A fairly usable usage message
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Thu, 15 Aug 2019 16:07:53 +0200 |
| parents | 247d35f910ca |
| children | fea2ef3ff89a |
| rev | line source |
|---|---|
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
1 #!/bin/sh |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
2 # -*- indent-tabs-mode: nil; -*- |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
3 # @(#)$HGid$ |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
4 |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
5 set -eu |
| 73 | 6 |
| 7 VERSION="@@VERSION@@" | |
| 8 | |
| 75 | 9 USAGE=" |
| 10 USAGE: fjail [ OPTIONS ] COMMAND [ COMMAND OPTIONS ] [ ARG ... ] | |
| 11 | |
| 12 OPTIONS: | |
| 13 | |
| 14 -h Print this help message to stdout and exit | |
| 15 | |
| 16 COMMANDS: | |
| 17 | |
| 18 datasets [-u] PARENT CHILD | |
| 19 | |
| 20 Create ZFS datasets to be used within a jail | |
| 21 | |
| 22 PARENT must exist already and CHILD must not exist. | |
| 23 | |
| 24 -u Do not automatically mount newly created datasets | |
| 25 | |
| 26 privs MOUNTPOINT | |
| 27 | |
| 28 Adjust some Unix privileges to mounted jail datasets | |
| 29 " | |
| 30 | |
| 31 | |
| 73 | 32 # Reset to standard umask |
| 33 umask 0022 | |
| 34 | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
35 |
| 73 | 36 # |
| 37 # "datasets" -- create the ZFS dataset tree | |
| 38 # | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
39 # command_datasets [ -u ] parent-dataset child-dataset |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
40 # |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
41 # -u do not automatically mount newly created datasets |
| 73 | 42 # |
| 43 command_datasets() { | |
| 44 # parent ZFS dataset -- child ZFS dataset name | |
| 45 local _pds _cds | |
| 46 # and its mount point | |
| 47 local _pmp _get _dummy | |
| 48 # full name of the dataset | |
| 49 local _ds | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
50 # dynamic ZFS options |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
51 local _zfsopts |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
52 |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
53 _zfsopts="" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
54 while getopts "u" _opt ; do |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
55 case ${_opt} in |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
56 u) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
57 # do not mount newly created datasets |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
58 _zfsopts="${_zfsopts} -u" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
59 ;; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
60 \?|:) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
61 return 2; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
62 ;; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
63 esac |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
64 done |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
65 shift $((OPTIND-1)) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
66 OPTIND=1 |
| 73 | 67 |
| 68 _pds="$1" | |
| 69 if [ -z "${_pds}" ]; then | |
| 70 echo "ERROR: no parent dataset given" >&2 | |
| 71 return 2 | |
| 72 fi | |
| 73 _get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; } | |
| 74 IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF | |
| 75 ${_get} | |
| 76 EOF | |
| 77 case "${_pmp}" in | |
| 78 none) | |
| 79 echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2 | |
| 80 return 1 | |
| 81 ;; | |
| 82 legacy) | |
| 83 echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2 | |
| 84 return 1 | |
| 85 ;; | |
| 86 *) | |
| 87 # VOID | |
| 88 ;; | |
| 89 esac | |
| 90 _cds="$2" | |
| 91 if [ -z "${_cds}" ]; then | |
| 92 echo "ERROR: no child dataset given" >&2 | |
| 93 return 2 | |
| 94 fi | |
| 95 _ds="${_pds}/${_cds}" | |
| 96 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" | |
| 97 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then | |
| 98 echo "ERROR: dataset \`${_ds}' does already exist" >&2 | |
| 99 return 1 | |
| 100 fi | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
101 zfs create ${_zfsopts} -o atime=off "${_ds}" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
102 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
103 zfs create ${_zfsopts} "${_ds}/usr" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
104 zfs create ${_zfsopts} "${_ds}/var" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
105 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
106 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
107 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
108 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
109 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
110 zfs create ${_zfsopts} -o exec=on -o setuid=off "${_ds}/var/db/pkg" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
111 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
112 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
113 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
114 zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
115 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" |
| 73 | 116 } |
| 117 | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
118 |
| 73 | 119 # |
| 120 # "privs" -- adjust privileges | |
| 121 # | |
| 122 # To be used when all ZFS datasets are mounted. | |
| 123 # | |
| 124 command_privs() { | |
| 125 # mountpoint | |
| 126 local _mp _d | |
| 127 | |
| 128 _mp="$1" | |
| 129 if [ -z "${_mp}" ]; then | |
| 130 echo "ERROR: no mountpoint given" >&2 | |
| 131 return 2 | |
| 132 fi | |
| 133 if [ ! -d "${_mp}" ]; then | |
| 134 echo "ERROR: directory \`${_mp}' does not exist" >&2 | |
| 135 return 1 | |
| 136 fi | |
| 137 for _d in tmp var/tmp ; do | |
| 138 chmod 01777 "${_mp}/${_d}" | |
| 139 done | |
| 140 chown root:mail "${_mp}/var/mail" | |
| 141 chmod 0775 "${_mp}/var/mail" | |
| 142 } | |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
143 |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
144 |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
145 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
146 # Global option handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
147 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
148 while getopts "h" _opt ; do |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
149 case ${_opt} in |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
150 h) |
| 75 | 151 echo "${USAGE}" |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
152 exit 0 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
153 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
154 \?|:) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
155 exit 2; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
156 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
157 esac |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
158 done |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
159 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
160 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
161 # Reset the Shell's option handling system to prepare for handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
162 # command-local options. |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
163 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
164 shift $((OPTIND-1)) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
165 OPTIND=1 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
166 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
167 command="$1" |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
168 shift |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
169 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
170 case "${command}" in |
| 73 | 171 datasets) |
| 172 command_datasets "$@" | |
| 173 ;; | |
| 174 privs) | |
| 175 command_privs "$@" | |
| 176 ;; | |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
177 *) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
178 echo "ERROR" >&2 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
179 exit 2 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
180 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
181 esac |