Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

comparison bin/fjail @ 73:2e991a00035b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Creation of Jail datasets done
author Franz Glasner <hg@dom66.de>
date Thu, 15 Aug 2019 15:31:28 +0200
parents 929051be7845
children 247d35f910ca
comparison
equal deleted inserted replaced
72:929051be7845 73:2e991a00035b
1 #!/bin/sh 1 #!/bin/sh
2 # -*- indent-tabs-mode: nil; -*- 2 # -*- indent-tabs-mode: nil; -*-
3 # @(#)$HGid$ 3 # @(#)$HGid$
4 4
5 VERSION=@@VERSION@@ 5 set -e
6
7 VERSION="@@VERSION@@"
8
9 # Reset to standard umask
10 umask 0022
11
12 #
13 # "datasets" -- create the ZFS dataset tree
14 #
15 # command_datasets parent-dataset child-dataset
16 #
17 command_datasets() {
18 # parent ZFS dataset -- child ZFS dataset name
19 local _pds _cds
20 # and its mount point
21 local _pmp _get _dummy
22 # full name of the dataset
23 local _ds
24
25 _pds="$1"
26 if [ -z "${_pds}" ]; then
27 echo "ERROR: no parent dataset given" >&2
28 return 2
29 fi
30 _get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; }
31 IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF
32 ${_get}
33 EOF
34 case "${_pmp}" in
35 none)
36 echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2
37 return 1
38 ;;
39 legacy)
40 echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2
41 return 1
42 ;;
43 *)
44 # VOID
45 ;;
46 esac
47 _cds="$2"
48 if [ -z "${_cds}" ]; then
49 echo "ERROR: no child dataset given" >&2
50 return 2
51 fi
52 _ds="${_pds}/${_cds}"
53 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'"
54 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then
55 echo "ERROR: dataset \`${_ds}' does already exist" >&2
56 return 1
57 fi
58 zfs create -o atime=off "${_ds}"
59 zfs create -o sync=disabled -o setuid=off "${_ds}/tmp"
60 zfs create "${_ds}/usr"
61 zfs create "${_ds}/var"
62 zfs create -o exec=off -o setuid=off "${_ds}/var/audit"
63 zfs create -o exec=off -o setuid=off "${_ds}/var/cache"
64 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg"
65 zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash"
66 zfs create -o exec=off -o setuid=off "${_ds}/var/db"
67 zfs create -o exec=on -o setuid=off "${_ds}/var/db/pkg"
68 zfs create -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty"
69 zfs create -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log"
70 zfs create -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail"
71 zfs create -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run"
72 zfs create -o sync=disabled -o setuid=off "${_ds}/var/tmp"
73 }
74
75 #
76 # "privs" -- adjust privileges
77 #
78 # To be used when all ZFS datasets are mounted.
79 #
80 command_privs() {
81 # mountpoint
82 local _mp _d
83
84 _mp="$1"
85 if [ -z "${_mp}" ]; then
86 echo "ERROR: no mountpoint given" >&2
87 return 2
88 fi
89 if [ ! -d "${_mp}" ]; then
90 echo "ERROR: directory \`${_mp}' does not exist" >&2
91 return 1
92 fi
93 for _d in tmp var/tmp ; do
94 chmod 01777 "${_mp}/${_d}"
95 done
96 chown root:mail "${_mp}/var/mail"
97 chmod 0775 "${_mp}/var/mail"
98 }
6 99
7 # 100 #
8 # Global option handling 101 # Global option handling
9 # 102 #
10 while getopts "h" _opt ; do 103 while getopts "h" _opt ; do
11 case ${_opt} in 104 case ${_opt} in
12 h) 105 h)
13 echo "Usage:" 106 echo "Usage: XXX TBD"
14 exit 0 107 exit 0
15 ;; 108 ;;
16 \?|:) 109 \?|:)
17 exit 2; 110 exit 2;
18 ;; 111 ;;
28 121
29 command="$1" 122 command="$1"
30 shift 123 shift
31 124
32 case "${command}" in 125 case "${command}" in
126 datasets)
127 command_datasets "$@"
128 ;;
129 privs)
130 command_privs "$@"
131 ;;
33 test) 132 test)
34 echo "TEST" 133 echo "TEST"
35 ;; 134 ;;
36 *) 135 *)
37 echo "ERROR" >&2 136 echo "ERROR" >&2