FreeBSD/ports/sysutils/local-bsdtools: sbin/fjail comparison

comparison sbin/fjail @ 177:9ffbe53dbc35

Flag for creating a separatate dataset for freebsd-update data. By default this is not needed in jails.

author	Franz Glasner <hg@dom66.de>
date	Tue, 16 Aug 2022 11:44:56 +0200
parents	cf0a91fde79c
children	00fbf2b4b44f

comparison

equal deleted inserted replaced

-:cf0a91fde79c
+:9ffbe53dbc35
 Create ZFS datasets to be used within a jail
 PARENT must exist already and CHILD must not exist.
+-s        Also create a dataset for freebsd-update data files
 -u        Do not automatically mount newly created datasets
 privs MOUNTPOINT
 Adjust some Unix privileges to mounted jail datasets
 local _pds _cds
 # and its mount point
 local _pmp _get _dummy
 # full name of the dataset
 local _ds
+# dynamic ZFS options  -- create cache for freebsd-update
+local _zfsopts _fbsdupdate
+_zfsopts=""
+_fbsdupdate=""
+while getopts "us" _opt ; do
+case ${_opt} in
+u)
+# do not mount newly created datasets
+_zfsopts="${_zfsopts} -u"
+;;
+s)
+# create also a dataset for freebsd-update data
+_fbsdupdate="yes"
+\?|:)
+return 2;
+;;
+esac
+done
+shift $((OPTIND-1))
+OPTIND=1
+_pds="$1"
+if [ -z "${_pds}" ]; then
+echo "ERROR: no parent dataset given" >&2
+return 2
+fi
+_get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; }
+IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF
+${_get}
+EOF
+case "${_pmp}" in
+none)
+echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2
+return 1
+;;
+legacy)
+echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2
+return 1
+;;
+*)
+# VOID
+;;
+esac
+_cds="$2"
+if [ -z "${_cds}" ]; then
+echo "ERROR: no child dataset given" >&2
+return 2
+fi
+_ds="${_pds}/${_cds}"
+echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'"
+if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then
+echo "ERROR: dataset \`${_ds}' does already exist" >&2
+return 1
+fi
+zfs create ${_zfsopts} -o atime=off                                                                      "${_ds}"
+zfs create ${_zfsopts} -o sync=disabled -o setuid=off                                                    "${_ds}/tmp"
+zfs create ${_zfsopts}                                                                                   "${_ds}/usr"
+zfs create ${_zfsopts} -o setuid=off                                                                     "${_ds}/usr/home"
+zfs create ${_zfsopts}                                                                                   "${_ds}/usr/local"
+zfs create ${_zfsopts}                                                                                   "${_ds}/var"
+zfs create ${_zfsopts} -o exec=off -o setuid=off                                                         "${_ds}/var/audit"
+zfs create ${_zfsopts} -o exec=off -o setuid=off                                                         "${_ds}/var/cache"
+zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off             "${_ds}/var/cache/pkg"
+zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off                                      "${_ds}/var/crash"
+if [ "$_fbsdupdate" = "yes" ]; then
+zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off         "${_ds}/var/db/freebsd-update"
+fi
+zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off                                          "${_ds}/var/empty"
+zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata                                "${_ds}/var/log"
+zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on                                             "${_ds}/var/mail"
+zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run"
+zfs create ${_zfsopts} -o sync=disabled -o setuid=off                                                    "${_ds}/var/tmp"
+}
+#
+# "populate" -- populate the datasets with content from a FreeBSD base.txz
+#
+# command_populate mountpoint basetxz
+#
+command_populate() {
+# MOUNTPOINT -- base.txz
+local _mp _basetxz
+_mp="$1"
+_basetxz="$2"
+if [ -z "${_mp}" ]; then
+echo "ERROR: no mountpoint given" >&2
+return 2
+fi
+if [ -z "${_basetxz}" ]; then
+echo "ERROR: no base.txz given" >&2
+return 2
+fi
+if [ ! -d "${_mp}" ]; then
+echo "ERROR: mountpoint \`${_mp}' does not exist" >&2
+return 1
+fi
+if [ ! -r "${_basetxz}" ]; then
+echo "ERROR: file \`${_basetxz}' is not readable" >&2
+return 1
+fi
+#
+# Handle /var/empty separately later: could be already there and
+# mounted read-only.
+#
+tar -C "${_mp}" --exclude=./var/empty -xJp -f "${_basetxz}" || { echo "ERROR: tar encountered errors" >&2; return 1; }
+if [ -d "${_mp}/var/empty" ]; then
+#
+# If /var/empty exists already try to extract with changing the
+# flags (e.g. `schg'). But be tolerant with errors here.
+#
+tar -C "${_mp}" -xJp -f "${_basetxz}" ./var/empty
+else
+# Just extract /var/empty normally
+tar -C "${_mp}" -xJp -f "${_basetxz}" ./var/empty || { echo "ERROR: tar encountered errors" >&2; return 1; }
+fi
+find "${_mp}/boot" -type f -delete
+}
+#
+# "copy" -- ZFS copy of datasets
+#
+# command_copy source-dataset destination-dataset
+#
+command_copy() {
+# source dataset -- destination dataset
+local _source _dest
 # dynamic ZFS options
 local _zfsopts
 _zfsopts=""
 while getopts "u" _opt ; do
 esac
 done
 shift $((OPTIND-1))
 OPTIND=1
-_pds="$1"
-if [ -z "${_pds}" ]; then
-echo "ERROR: no parent dataset given" >&2
-return 2
-fi
-_get=$(zfs get -H mountpoint "${_pds}" 2>/dev/null) || { echo "ERROR: dataset \`${_pds}' does not exist" >&2; return 1; }
-IFS=$'\t' read _dummy _dummy _pmp _dummy <<EOF
-${_get}
-EOF
-case "${_pmp}" in
-none)
-echo "ERROR: dataset \`${_pds}' has no mountpoint" >&2
-return 1
-;;
-legacy)
-echo "ERROR: dataset \`${_pds}' has a \`${_mp}' mountpoint" >&2
-return 1
-;;
-*)
-# VOID
-;;
-esac
-_cds="$2"
-if [ -z "${_cds}" ]; then
-echo "ERROR: no child dataset given" >&2
-return 2
-fi
-_ds="${_pds}/${_cds}"
-echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'"
-if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then
-echo "ERROR: dataset \`${_ds}' does already exist" >&2
-return 1
-fi
-zfs create ${_zfsopts} -o atime=off                                                                      "${_ds}"
-zfs create ${_zfsopts} -o sync=disabled -o setuid=off                                                    "${_ds}/tmp"
-zfs create ${_zfsopts}                                                                                   "${_ds}/usr"
-zfs create ${_zfsopts} -o setuid=off                                                                     "${_ds}/usr/home"
-zfs create ${_zfsopts}                                                                                   "${_ds}/usr/local"
-zfs create ${_zfsopts}                                                                                   "${_ds}/var"
-zfs create ${_zfsopts} -o exec=off -o setuid=off                                                         "${_ds}/var/audit"
-zfs create ${_zfsopts} -o exec=off -o setuid=off                                                         "${_ds}/var/cache"
-zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off             "${_ds}/var/cache/pkg"
-zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off                                      "${_ds}/var/crash"
-zfs create ${_zfsopts} -o exec=off -o setuid=off                                                         "${_ds}/var/db"
-zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off                                          "${_ds}/var/empty"
-zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata                                "${_ds}/var/log"
-zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on                                             "${_ds}/var/mail"
-zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run"
-zfs create ${_zfsopts} -o sync=disabled -o setuid=off                                                    "${_ds}/var/tmp"
-}
-#
-# "populate" -- populate the datasets with content from a FreeBSD base.txz
-#
-# command_populate mountpoint basetxz
-#
-command_populate() {
-# MOUNTPOINT -- base.txz
-local _mp _basetxz
-_mp="$1"
-_basetxz="$2"
-if [ -z "${_mp}" ]; then
-echo "ERROR: no mountpoint given" >&2
-return 2
-fi
-if [ -z "${_basetxz}" ]; then
-echo "ERROR: no base.txz given" >&2
-return 2
-fi
-if [ ! -d "${_mp}" ]; then
-echo "ERROR: mountpoint \`${_mp}' does not exist" >&2
-return 1
-fi
-if [ ! -r "${_basetxz}" ]; then
-echo "ERROR: file \`${_basetxz}' is not readable" >&2
-return 1
-fi
-#
-# Handle /var/empty separately later: could be already there and
-# mounted read-only.
-#
-tar -C "${_mp}" --exclude=./var/empty -xJp -f "${_basetxz}" || { echo "ERROR: tar encountered errors" >&2; return 1; }
-if [ -d "${_mp}/var/empty" ]; then
-#
-# If /var/empty exists already try to extract with changing the
-# flags (e.g. `schg'). But be tolerant with errors here.
-#
-tar -C "${_mp}" -xJp -f "${_basetxz}" ./var/empty
-else
-# Just extract /var/empty normally
-tar -C "${_mp}" -xJp -f "${_basetxz}" ./var/empty || { echo "ERROR: tar encountered errors" >&2; return 1; }
-fi
-find "${_mp}/boot" -type f -delete
-}
-#
-# "copy" -- ZFS copy of datasets
-#
-# command_copy source-dataset destination-dataset
-#
-command_copy() {
-# source dataset -- destination dataset
-local _source _dest
-# dynamic ZFS options
-local _zfsopts
-_zfsopts=""
-while getopts "u" _opt ; do
-case ${_opt} in
-u)
-# do not mount newly created datasets
-_zfsopts="${_zfsopts} -u"
-;;
-\?|:)
-return 2;
-;;
-esac
-done
-shift $((OPTIND-1))
-OPTIND=1
 _source="$1"
 if [ -z "${_source}" ]; then
 echo "ERROR: no source dataset given" >&2
 return 2
 fi

Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools

comparison sbin/fjail @ 177:9ffbe53dbc35