Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
comparison bin/fjail @ 74:247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Thu, 15 Aug 2019 15:58:24 +0200 |
| parents | 2e991a00035b |
| children | 2e3ac70bdfc8 |
comparison
equal
deleted
inserted
replaced
| 73:2e991a00035b | 74:247d35f910ca |
|---|---|
| 1 #!/bin/sh | 1 #!/bin/sh |
| 2 # -*- indent-tabs-mode: nil; -*- | 2 # -*- indent-tabs-mode: nil; -*- |
| 3 # @(#)$HGid$ | 3 # @(#)$HGid$ |
| 4 | 4 |
| 5 set -e | 5 set -eu |
| 6 | 6 |
| 7 VERSION="@@VERSION@@" | 7 VERSION="@@VERSION@@" |
| 8 | 8 |
| 9 # Reset to standard umask | 9 # Reset to standard umask |
| 10 umask 0022 | 10 umask 0022 |
| 11 | 11 |
| 12 | |
| 12 # | 13 # |
| 13 # "datasets" -- create the ZFS dataset tree | 14 # "datasets" -- create the ZFS dataset tree |
| 14 # | 15 # |
| 15 # command_datasets parent-dataset child-dataset | 16 # command_datasets [ -u ] parent-dataset child-dataset |
| 17 # | |
| 18 # -u do not automatically mount newly created datasets | |
| 16 # | 19 # |
| 17 command_datasets() { | 20 command_datasets() { |
| 18 # parent ZFS dataset -- child ZFS dataset name | 21 # parent ZFS dataset -- child ZFS dataset name |
| 19 local _pds _cds | 22 local _pds _cds |
| 20 # and its mount point | 23 # and its mount point |
| 21 local _pmp _get _dummy | 24 local _pmp _get _dummy |
| 22 # full name of the dataset | 25 # full name of the dataset |
| 23 local _ds | 26 local _ds |
| 27 # dynamic ZFS options | |
| 28 local _zfsopts | |
| 29 | |
| 30 _zfsopts="" | |
| 31 while getopts "u" _opt ; do | |
| 32 case ${_opt} in | |
| 33 u) | |
| 34 # do not mount newly created datasets | |
| 35 _zfsopts="${_zfsopts} -u" | |
| 36 ;; | |
| 37 \?|:) | |
| 38 return 2; | |
| 39 ;; | |
| 40 esac | |
| 41 done | |
| 42 shift $((OPTIND-1)) | |
| 43 OPTIND=1 | |
| 24 | 44 |
| 25 _pds="$1" | 45 _pds="$1" |
| 26 if [ -z "${_pds}" ]; then | 46 if [ -z "${_pds}" ]; then |
| 27 echo "ERROR: no parent dataset given" >&2 | 47 echo "ERROR: no parent dataset given" >&2 |
| 28 return 2 | 48 return 2 |
| 53 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" | 73 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" |
| 54 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then | 74 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then |
| 55 echo "ERROR: dataset \`${_ds}' does already exist" >&2 | 75 echo "ERROR: dataset \`${_ds}' does already exist" >&2 |
| 56 return 1 | 76 return 1 |
| 57 fi | 77 fi |
| 58 zfs create -o atime=off "${_ds}" | 78 zfs create ${_zfsopts} -o atime=off "${_ds}" |
| 59 zfs create -o sync=disabled -o setuid=off "${_ds}/tmp" | 79 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" |
| 60 zfs create "${_ds}/usr" | 80 zfs create ${_zfsopts} "${_ds}/usr" |
| 61 zfs create "${_ds}/var" | 81 zfs create ${_zfsopts} "${_ds}/var" |
| 62 zfs create -o exec=off -o setuid=off "${_ds}/var/audit" | 82 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" |
| 63 zfs create -o exec=off -o setuid=off "${_ds}/var/cache" | 83 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" |
| 64 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" | 84 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" |
| 65 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" | 85 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" |
| 66 zfs create -o exec=off -o setuid=off "${_ds}/var/db" | 86 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" |
| 67 zfs create -o exec=on -o setuid=off "${_ds}/var/db/pkg" | 87 zfs create ${_zfsopts} -o exec=on -o setuid=off "${_ds}/var/db/pkg" |
| 68 zfs create -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" | 88 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" |
| 69 zfs create -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" | 89 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" |
| 70 zfs create -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" | 90 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" |
| 71 zfs create -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" | 91 zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" |
| 72 zfs create -o sync=disabled -o setuid=off "${_ds}/var/tmp" | 92 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" |
| 73 } | 93 } |
| 94 | |
| 74 | 95 |
| 75 # | 96 # |
| 76 # "privs" -- adjust privileges | 97 # "privs" -- adjust privileges |
| 77 # | 98 # |
| 78 # To be used when all ZFS datasets are mounted. | 99 # To be used when all ZFS datasets are mounted. |
| 94 chmod 01777 "${_mp}/${_d}" | 115 chmod 01777 "${_mp}/${_d}" |
| 95 done | 116 done |
| 96 chown root:mail "${_mp}/var/mail" | 117 chown root:mail "${_mp}/var/mail" |
| 97 chmod 0775 "${_mp}/var/mail" | 118 chmod 0775 "${_mp}/var/mail" |
| 98 } | 119 } |
| 120 | |
| 99 | 121 |
| 100 # | 122 # |
| 101 # Global option handling | 123 # Global option handling |
| 102 # | 124 # |
| 103 while getopts "h" _opt ; do | 125 while getopts "h" _opt ; do |
| 127 command_datasets "$@" | 149 command_datasets "$@" |
| 128 ;; | 150 ;; |
| 129 privs) | 151 privs) |
| 130 command_privs "$@" | 152 command_privs "$@" |
| 131 ;; | 153 ;; |
| 132 test) | |
| 133 echo "TEST" | |
| 134 ;; | |
| 135 *) | 154 *) |
| 136 echo "ERROR" >&2 | 155 echo "ERROR" >&2 |
| 137 exit 2 | 156 exit 2 |
| 138 ;; | 157 ;; |
| 139 esac | 158 esac |