Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
annotate bin/fjail @ 73:2e991a00035b
Creation of Jail datasets done
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Thu, 15 Aug 2019 15:31:28 +0200 |
| parents | 929051be7845 |
| children | 247d35f910ca |
| rev | line source |
|---|---|
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
1 #!/bin/sh |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
2 # -*- indent-tabs-mode: nil; -*- |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
3 # @(#)$HGid$ |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
4 |
| 73 | 5 set -e |
| 6 | |
| 7 VERSION="@@VERSION@@" | |
| 8 | |
| 9 # Reset to standard umask | |
| 10 umask 0022 | |
| 11 | |
| 12 # | |
| 13 # "datasets" -- create the ZFS dataset tree | |
| 14 # | |
| 15 # command_datasets parent-dataset child-dataset | |
| 16 # | |
| 17 command_datasets() { | |
| 18 # parent ZFS dataset -- child ZFS dataset name | |
| 19 local _pds _cds | |
| 20 # and its mount point | |
| 21 local _pmp _get _dummy | |
| 22 # full name of the dataset | |
| 23 local _ds | |
| 24 | |
| 25 _pds="$1" | |
| 26 if [ -z "${_pds}" ]; then | |
| 27 echo "ERROR: no parent dataset given" >&2 | |
| 28 return 2 | |
| 29 fi | |
| 30 _get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; } | |
| 31 IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF | |
| 32 ${_get} | |
| 33 EOF | |
| 34 case "${_pmp}" in | |
| 35 none) | |
| 36 echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2 | |
| 37 return 1 | |
| 38 ;; | |
| 39 legacy) | |
| 40 echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2 | |
| 41 return 1 | |
| 42 ;; | |
| 43 *) | |
| 44 # VOID | |
| 45 ;; | |
| 46 esac | |
| 47 _cds="$2" | |
| 48 if [ -z "${_cds}" ]; then | |
| 49 echo "ERROR: no child dataset given" >&2 | |
| 50 return 2 | |
| 51 fi | |
| 52 _ds="${_pds}/${_cds}" | |
| 53 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" | |
| 54 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then | |
| 55 echo "ERROR: dataset \`${_ds}' does already exist" >&2 | |
| 56 return 1 | |
| 57 fi | |
| 58 zfs create -o atime=off "${_ds}" | |
| 59 zfs create -o sync=disabled -o setuid=off "${_ds}/tmp" | |
| 60 zfs create "${_ds}/usr" | |
| 61 zfs create "${_ds}/var" | |
| 62 zfs create -o exec=off -o setuid=off "${_ds}/var/audit" | |
| 63 zfs create -o exec=off -o setuid=off "${_ds}/var/cache" | |
| 64 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" | |
| 65 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" | |
| 66 zfs create -o exec=off -o setuid=off "${_ds}/var/db" | |
| 67 zfs create -o exec=on -o setuid=off "${_ds}/var/db/pkg" | |
| 68 zfs create -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" | |
| 69 zfs create -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" | |
| 70 zfs create -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" | |
| 71 zfs create -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" | |
| 72 zfs create -o sync=disabled -o setuid=off "${_ds}/var/tmp" | |
| 73 } | |
| 74 | |
| 75 # | |
| 76 # "privs" -- adjust privileges | |
| 77 # | |
| 78 # To be used when all ZFS datasets are mounted. | |
| 79 # | |
| 80 command_privs() { | |
| 81 # mountpoint | |
| 82 local _mp _d | |
| 83 | |
| 84 _mp="$1" | |
| 85 if [ -z "${_mp}" ]; then | |
| 86 echo "ERROR: no mountpoint given" >&2 | |
| 87 return 2 | |
| 88 fi | |
| 89 if [ ! -d "${_mp}" ]; then | |
| 90 echo "ERROR: directory \`${_mp}' does not exist" >&2 | |
| 91 return 1 | |
| 92 fi | |
| 93 for _d in tmp var/tmp ; do | |
| 94 chmod 01777 "${_mp}/${_d}" | |
| 95 done | |
| 96 chown root:mail "${_mp}/var/mail" | |
| 97 chmod 0775 "${_mp}/var/mail" | |
| 98 } | |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
99 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
100 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
101 # Global option handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
102 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
103 while getopts "h" _opt ; do |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
104 case ${_opt} in |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
105 h) |
| 73 | 106 echo "Usage: XXX TBD" |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
107 exit 0 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
108 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
109 \?|:) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
110 exit 2; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
111 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
112 esac |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
113 done |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
114 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
115 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
116 # Reset the Shell's option handling system to prepare for handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
117 # command-local options. |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
118 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
119 shift $((OPTIND-1)) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
120 OPTIND=1 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
121 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
122 command="$1" |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
123 shift |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
124 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
125 case "${command}" in |
| 73 | 126 datasets) |
| 127 command_datasets "$@" | |
| 128 ;; | |
| 129 privs) | |
| 130 command_privs "$@" | |
| 131 ;; | |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
132 test) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
133 echo "TEST" |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
134 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
135 *) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
136 echo "ERROR" >&2 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
137 exit 2 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
138 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
139 esac |