Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
annotate sbin/fjail @ 162:9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Wed, 20 Nov 2019 12:55:52 +0100 |
| parents | 57b9b899bf77 |
| children | 9aef3f0e4d1c |
| rev | line source |
|---|---|
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
1 #!/bin/sh |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
2 # -*- indent-tabs-mode: nil; -*- |
|
86
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
3 : 'A very minimal BSD Jail management tool. |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
4 |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
5 :Author: Franz Glasner |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
6 :Copyright: (c) 2019 Franz Glasner. |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
7 All rights reserved. |
|
104
6f6058939e48
Use the "Full name" in the license section for "fjail" also
Franz Glasner <fzglas.hg@dom66.de>
parents:
93
diff
changeset
|
8 :License: BSD 3-Clause "New" or "Revised" License. |
|
86
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
9 See LICENSE for details. |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
10 If you cannot find LICENSE see |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
11 <https://opensource.org/licenses/BSD-3-Clause> |
| 93 | 12 :ID: @(#)@@PKGORIGIN@@ $HGid$ |
|
86
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
13 |
|
a3b9d4fe560e
Provide "module" doc-strings
Franz Glasner <fzglas.hg@dom66.de>
parents:
85
diff
changeset
|
14 ' |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
15 |
|
77
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
16 set -eu |
| 73 | 17 |
| 18 VERSION="@@VERSION@@" | |
| 19 | |
|
105
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
20 USAGE=' |
| 75 | 21 USAGE: fjail [ OPTIONS ] COMMAND [ COMMAND OPTIONS ] [ ARG ... ] |
| 22 | |
| 23 OPTIONS: | |
| 24 | |
|
81
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
25 -V Print the program name and version number to stdout and exit |
|
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
26 |
| 75 | 27 -h Print this help message to stdout and exit |
| 28 | |
| 29 COMMANDS: | |
| 30 | |
| 31 datasets [-u] PARENT CHILD | |
| 32 | |
| 33 Create ZFS datasets to be used within a jail | |
| 34 | |
| 35 PARENT must exist already and CHILD must not exist. | |
| 36 | |
| 37 -u Do not automatically mount newly created datasets | |
| 38 | |
| 39 privs MOUNTPOINT | |
| 40 | |
| 41 Adjust some Unix privileges to mounted jail datasets | |
|
76
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
42 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
43 populate MOUNTPOINT BASETXZ |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
44 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
45 Populate the jail directory in MOUNTPOINT with the base system in BASETXZ |
|
77
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
46 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
47 copy SOURCE-DATASET DEST-DATASET |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
48 |
|
105
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
49 Copy a tree of ZFS datasets with "zfs send -R" and "zfs receive". |
|
77
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
50 Note that the destination dataset must not exist already. |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
51 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
52 -u Do not automatically mount received datasets |
|
105
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
53 |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
54 ENVIRONMENT: |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
55 |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
56 All environment variables that affect "zfs" are effective also. |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
57 |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
58 DESCRIPTION: |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
59 |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
60 All commands with the exception of "populate" require ZFS as |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
61 filesystem. |
|
52523a19797e
Docu: Enhance the docu of fjail
Franz Glasner <fzglas.hg@dom66.de>
parents:
104
diff
changeset
|
62 ' |
| 75 | 63 |
| 64 | |
| 73 | 65 # Reset to standard umask |
| 66 umask 0022 | |
| 67 | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
68 |
|
161
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
69 _get_dataset_for_mountpoint() { |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
70 : 'Use `zfs mount` to determine the ZFS dataset for a given mountpoint. |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
71 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
72 ' |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
73 local _mountpoint |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
74 local _ds _mount |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
75 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
76 _mountpoint="$1" |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
77 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
78 while read -r _ds _mount; do |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
79 if [ "$_mount" = "$_mountpoint" ]; then |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
80 echo $_ds |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
81 return 0 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
82 fi |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
83 done <<EOF__GDSFM |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
84 $(zfs mount) |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
85 EOF__GDSFM |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
86 return 1 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
87 } |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
88 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
89 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
90 _get_dataset_for_varempty() { |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
91 : 'Allow special handling for <mountpoint>/var/empty which may be |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
92 mounted read-only. |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
93 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
94 ' |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
95 local _mountpoint |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
96 local _ve_mount |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
97 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
98 _mountpoint="$1" |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
99 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
100 if [ "$_mountpoint" = '/' ]; then |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
101 _ve_mount='/var/empty' |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
102 else |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
103 _ve_mount="${_mountpoint}/var/empty" |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
104 fi |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
105 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
106 _get_dataset_for_mountpoint "${_ve_mount}" |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
107 } |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
108 |
|
57b9b899bf77
Provide functions that will be the base for "/var/empty" handling (manipulate the "readonly" property when doing some special operations)
Franz Glasner <fzglas.hg@dom66.de>
parents:
157
diff
changeset
|
109 |
| 73 | 110 # |
| 111 # "datasets" -- create the ZFS dataset tree | |
| 112 # | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
113 # command_datasets [ -u ] parent-dataset child-dataset |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
114 # |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
115 # -u do not automatically mount newly created datasets |
| 73 | 116 # |
| 117 command_datasets() { | |
| 118 # parent ZFS dataset -- child ZFS dataset name | |
| 119 local _pds _cds | |
| 120 # and its mount point | |
| 121 local _pmp _get _dummy | |
| 122 # full name of the dataset | |
| 123 local _ds | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
124 # dynamic ZFS options |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
125 local _zfsopts |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
126 |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
127 _zfsopts="" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
128 while getopts "u" _opt ; do |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
129 case ${_opt} in |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
130 u) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
131 # do not mount newly created datasets |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
132 _zfsopts="${_zfsopts} -u" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
133 ;; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
134 \?|:) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
135 return 2; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
136 ;; |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
137 esac |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
138 done |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
139 shift $((OPTIND-1)) |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
140 OPTIND=1 |
| 73 | 141 |
| 142 _pds="$1" | |
| 143 if [ -z "${_pds}" ]; then | |
| 144 echo "ERROR: no parent dataset given" >&2 | |
| 145 return 2 | |
| 146 fi | |
| 147 _get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; } | |
| 148 IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF | |
| 149 ${_get} | |
| 150 EOF | |
| 151 case "${_pmp}" in | |
| 152 none) | |
| 153 echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2 | |
| 154 return 1 | |
| 155 ;; | |
| 156 legacy) | |
| 157 echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2 | |
| 158 return 1 | |
| 159 ;; | |
| 160 *) | |
| 161 # VOID | |
| 162 ;; | |
| 163 esac | |
| 164 _cds="$2" | |
| 165 if [ -z "${_cds}" ]; then | |
| 166 echo "ERROR: no child dataset given" >&2 | |
| 167 return 2 | |
| 168 fi | |
| 169 _ds="${_pds}/${_cds}" | |
| 170 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" | |
| 171 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then | |
| 172 echo "ERROR: dataset \`${_ds}' does already exist" >&2 | |
| 173 return 1 | |
| 174 fi | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
175 zfs create ${_zfsopts} -o atime=off "${_ds}" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
176 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
177 zfs create ${_zfsopts} "${_ds}/usr" |
|
157
3f9cae8f5862
Also create a DS/usr/local dataset perdefault in jails
Franz Glasner <fzglas.hg@dom66.de>
parents:
144
diff
changeset
|
178 zfs create ${_zfsopts} "${_ds}/usr/local" |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
179 zfs create ${_zfsopts} "${_ds}/var" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
180 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
181 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
182 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
183 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
184 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
185 zfs create ${_zfsopts} -o exec=on -o setuid=off "${_ds}/var/db/pkg" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
186 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
187 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
188 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
189 zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" |
|
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
190 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" |
| 73 | 191 } |
| 192 | |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
193 |
| 73 | 194 # |
|
76
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
195 # "populate" -- populate the datasets with content from a FreeBSD base.txz |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
196 # |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
197 # command_populate mountpoint basetxz |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
198 # |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
199 command_populate() { |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
200 # MOUNTPOINT -- base.txz |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
201 local _mp _basetxz |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
202 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
203 _mp="$1" |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
204 _basetxz="$2" |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
205 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
206 if [ -z "${_mp}" ]; then |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
207 echo "ERROR: no mountpoint given" >&2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
208 return 2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
209 fi |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
210 if [ -z "${_basetxz}" ]; then |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
211 echo "ERROR: no base.txz given" >&2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
212 return 2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
213 fi |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
214 if [ ! -d "${_mp}" ]; then |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
215 echo "ERROR: mountpoint \`${_mp}' does not exist" >&2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
216 return 1 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
217 fi |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
218 if [ ! -r "${_basetxz}" ]; then |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
219 echo "ERROR: file \`${_basetxz}' is not readable" >&2 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
220 return 1 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
221 fi |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
222 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
223 tar -C "${_mp}" --exclude=./var/empty -xJp -f "${_basetxz}" || { echo "ERROR: tar encountered errors" >&2; return 1; } |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
224 } |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
225 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
226 |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
227 # |
|
77
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
228 # "copy" -- ZFS copy of datasets |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
229 # |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
230 # command_copy source-dataset destination-dataset |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
231 # |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
232 command_copy() { |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
233 # source dataset -- destination dataset |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
234 local _source _dest |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
235 # dynamic ZFS options |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
236 local _zfsopts |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
237 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
238 _zfsopts="" |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
239 while getopts "u" _opt ; do |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
240 case ${_opt} in |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
241 u) |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
242 # do not mount newly created datasets |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
243 _zfsopts="${_zfsopts} -u" |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
244 ;; |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
245 \?|:) |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
246 return 2; |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
247 ;; |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
248 esac |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
249 done |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
250 shift $((OPTIND-1)) |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
251 OPTIND=1 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
252 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
253 _source="$1" |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
254 if [ -z "${_source}" ]; then |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
255 echo "ERROR: no source dataset given" >&2 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
256 return 2 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
257 fi |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
258 _dest="$2" |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
259 if [ -z "${_dest}" ]; then |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
260 echo "ERROR: no source dataset given" >&2 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
261 return 2 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
262 fi |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
263 zfs send -R -n -v ${_source} || { echo "ERROR: ZFS operation failed in no-op mode" >&2; return 1; } |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
264 zfs send -R "${_source}" | zfs receive ${_zfsopts} "${_dest}" || { echo "ERROR: ZFS operation failed" >&2; return 1; } |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
265 } |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
266 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
267 |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
268 # |
| 73 | 269 # "privs" -- adjust privileges |
| 270 # | |
| 271 # To be used when all ZFS datasets are mounted. | |
| 272 # | |
| 273 command_privs() { | |
| 274 # mountpoint | |
|
162
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
275 local _mp _d _veds _get _vestatus |
| 73 | 276 |
| 277 _mp="$1" | |
| 278 if [ -z "${_mp}" ]; then | |
| 279 echo "ERROR: no mountpoint given" >&2 | |
| 280 return 2 | |
| 281 fi | |
| 282 if [ ! -d "${_mp}" ]; then | |
| 283 echo "ERROR: directory \`${_mp}' does not exist" >&2 | |
| 284 return 1 | |
| 285 fi | |
| 286 for _d in tmp var/tmp ; do | |
| 287 chmod 01777 "${_mp}/${_d}" | |
| 288 done | |
| 289 chown root:mail "${_mp}/var/mail" | |
| 290 chmod 0775 "${_mp}/var/mail" | |
|
162
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
291 |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
292 # |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
293 # Handle <mountpoint>/var/empty specially: |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
294 # make it writeable temporarily if it is mounted read-only: |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
295 # |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
296 _vestatus="" |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
297 _veds=$(_get_dataset_for_varempty "${_mp}") |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
298 if [ $? -eq 0 ]; then |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
299 _get=$(zfs get -H readonly ${_veds} 2>/dev/null) || { echo "ERROR: cannot determine readonly status of ${_mp}/var/empty" >&2; return 1; } |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
300 IFS=$'\t' read _dummy _dummy _vestatus _dummy <<EOF |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
301 ${_get} |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
302 EOF |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
303 if [ "${_vestatus}" = "on" ]; then |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
304 zfs set readonly=off ${_veds} >/dev/null 2>/dev/null || { echo "ERROR: cannot reset readonly-status of ${_mp}/var/empty" >&2; return 1; } |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
305 fi |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
306 fi |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
307 # Set the access rights and the file flags as given in mtree |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
308 chmod 0555 "${_mp}/var/empty" |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
309 chflags schg "${_mp}/var/empty" |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
310 # Reset the read-only status of the mountpoint as it was before |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
311 if [ "${_vestatus}" = "on" ]; then |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
312 zfs set readonly=on ${_veds} >/dev/null 2>/dev/null || { echo "ERROR: cannot reactivate readonly-status of ${_mp}/var/empty" >&2; return 1; } |
|
9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
Franz Glasner <hg@dom66.de>
parents:
161
diff
changeset
|
313 fi |
| 73 | 314 } |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
315 |
|
74
247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
Franz Glasner <hg@dom66.de>
parents:
73
diff
changeset
|
316 |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
317 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
318 # Global option handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
319 # |
|
81
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
320 while getopts "Vh" _opt ; do |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
321 case ${_opt} in |
|
81
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
322 V) |
|
144
6be3742d21f7
- FIX: Really print the version in check-ports
Franz Glasner <hg@dom66.de>
parents:
128
diff
changeset
|
323 printf 'fjail v%s (rv:%s)\n' "${VERSION}" '@@HGREVISION@@' |
|
81
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
324 exit 0 |
|
124faa20ae80
Implemented a "-V" global option to print the program's name and version number to stdout
Franz Glasner <fzglas.hg@dom66.de>
parents:
80
diff
changeset
|
325 ;; |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
326 h) |
| 75 | 327 echo "${USAGE}" |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
328 exit 0 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
329 ;; |
|
80
f5cf08e8d246
Handle the error case when option handling fails because of wrong case labels
Franz Glasner <fzglas.hg@dom66.de>
parents:
77
diff
changeset
|
330 \?) |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
331 exit 2; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
332 ;; |
|
80
f5cf08e8d246
Handle the error case when option handling fails because of wrong case labels
Franz Glasner <fzglas.hg@dom66.de>
parents:
77
diff
changeset
|
333 *) |
|
f5cf08e8d246
Handle the error case when option handling fails because of wrong case labels
Franz Glasner <fzglas.hg@dom66.de>
parents:
77
diff
changeset
|
334 echo "ERROR: option handling failed" >&2 |
|
f5cf08e8d246
Handle the error case when option handling fails because of wrong case labels
Franz Glasner <fzglas.hg@dom66.de>
parents:
77
diff
changeset
|
335 exit 2 |
|
f5cf08e8d246
Handle the error case when option handling fails because of wrong case labels
Franz Glasner <fzglas.hg@dom66.de>
parents:
77
diff
changeset
|
336 ;; |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
337 esac |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
338 done |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
339 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
340 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
341 # Reset the Shell's option handling system to prepare for handling |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
342 # command-local options. |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
343 # |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
344 shift $((OPTIND-1)) |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
345 OPTIND=1 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
346 |
|
92
a8e76893140f
Extra error message if no command is given
Franz Glasner <fzglas.hg@dom66.de>
parents:
86
diff
changeset
|
347 test $# -gt 0 || { echo "ERROR: no command given" >&2; exit 2; } |
|
a8e76893140f
Extra error message if no command is given
Franz Glasner <fzglas.hg@dom66.de>
parents:
86
diff
changeset
|
348 |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
349 command="$1" |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
350 shift |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
351 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
352 case "${command}" in |
| 73 | 353 datasets) |
| 354 command_datasets "$@" | |
| 355 ;; | |
| 356 privs) | |
| 357 command_privs "$@" | |
| 358 ;; | |
|
76
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
359 populate) |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
360 command_populate "$@" |
|
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
361 ;; |
|
77
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
362 copy) |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
363 command_copy "$@" |
|
5aab3a28895f
Implemented a "copy" command to employ zfs send/receive for recursively copying jail datasets
Franz Glasner <hg@dom66.de>
parents:
76
diff
changeset
|
364 ;; |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
365 *) |
|
76
fea2ef3ff89a
Populate an existing directory tree with the contents of base.txz
Franz Glasner <hg@dom66.de>
parents:
75
diff
changeset
|
366 echo "ERROR: unknown command \`${command}'" >&2 |
|
72
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
367 exit 2 |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
368 ;; |
|
929051be7845
Begin a simple (ZFS-related) jail setup tool
Franz Glasner <fzglas.hg@dom66.de>
parents:
diff
changeset
|
369 esac |