Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
comparison sbin/fjail @ 181:d30a68e66d60
More dataset creation options: -t (tiny) and -T (extra tiny)
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Tue, 16 Aug 2022 12:37:02 +0200 |
| parents | 332276cc0bc8 |
| children | dbd62c32b3fd |
comparison
equal
deleted
inserted
replaced
| 180:332276cc0bc8 | 181:d30a68e66d60 |
|---|---|
| 33 Create ZFS datasets to be used within a jail | 33 Create ZFS datasets to be used within a jail |
| 34 | 34 |
| 35 PARENT must exist already and CHILD must not exist. | 35 PARENT must exist already and CHILD must not exist. |
| 36 | 36 |
| 37 -s Also create a dataset for freebsd-update data files | 37 -s Also create a dataset for freebsd-update data files |
| 38 -t Create a more tiny set of datasets | |
| 39 -T Create only an extra tiny set of datasets | |
| 38 -u Do not automatically mount newly created datasets | 40 -u Do not automatically mount newly created datasets |
| 39 | 41 |
| 40 privs MOUNTPOINT | 42 privs MOUNTPOINT |
| 41 | 43 |
| 42 Adjust some Unix privileges to mounted jail datasets | 44 Adjust some Unix privileges to mounted jail datasets |
| 121 local _pds _cds | 123 local _pds _cds |
| 122 # and its mount point | 124 # and its mount point |
| 123 local _pmp _get _dummy | 125 local _pmp _get _dummy |
| 124 # full name of the dataset | 126 # full name of the dataset |
| 125 local _ds | 127 local _ds |
| 126 # dynamic ZFS options -- create cache for freebsd-update | 128 # dynamic ZFS options -- create cache for freebsd-update -- use a more tiny layout |
| 127 local _zfsopts _fbsdupdate | 129 local _zfsopts _fbsdupdate _tiny |
| 128 | 130 |
| 129 _zfsopts="" | 131 _zfsopts="" |
| 130 _fbsdupdate="" | 132 _fbsdupdate="" |
| 131 while getopts "us" _opt ; do | 133 _tiny="no" |
| 134 while getopts "ustT" _opt ; do | |
| 132 case ${_opt} in | 135 case ${_opt} in |
| 136 t) | |
| 137 # use a more tiny layout | |
| 138 _tiny="yes" | |
| 139 ;; | |
| 140 T) # extra tiny layout | |
| 141 _tiny="extra" | |
| 142 ;; | |
| 133 u) | 143 u) |
| 134 # do not mount newly created datasets | 144 # do not mount newly created datasets |
| 135 _zfsopts="${_zfsopts} -u" | 145 _zfsopts="${_zfsopts} -u" |
| 136 ;; | 146 ;; |
| 137 s) | 147 s) |
| 177 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" | 187 echo "Resulting new root dataset is \`${_ds}' at mountpoint \`${_pmp}/${_cds}'" |
| 178 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then | 188 if zfs get -H mountpoint "${_ds}" >/dev/null 2>/dev/null; then |
| 179 echo "ERROR: dataset \`${_ds}' does already exist" >&2 | 189 echo "ERROR: dataset \`${_ds}' does already exist" >&2 |
| 180 return 1 | 190 return 1 |
| 181 fi | 191 fi |
| 192 | |
| 193 # | |
| 194 # NOTE: For BEs these directory will be *excluded* from the BE | |
| 195 # | |
| 196 # /tmp | |
| 197 # /usr/home | |
| 198 # /usr/ports | |
| 199 # /usr/src | |
| 200 # /var/audit | |
| 201 # /var/crash | |
| 202 # /var/log | |
| 203 # /var/mail | |
| 204 # /var/tmp | |
| 205 # | |
| 182 zfs create ${_zfsopts} -o atime=off "${_ds}" | 206 zfs create ${_zfsopts} -o atime=off "${_ds}" |
| 183 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" | 207 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" |
| 184 zfs create ${_zfsopts} "${_ds}/usr" | 208 if [ "{_tiny}" != "extra" ]; then |
| 185 zfs create ${_zfsopts} -o setuid=off "${_ds}/usr/home" | 209 if [ "${_tiny}" = "yes" ]; then |
| 186 zfs create ${_zfsopts} "${_ds}/usr/local" | 210 zfs create ${_zfsopts} -o canmount=off "${_ds}/usr" |
| 187 zfs create ${_zfsopts} "${_ds}/var" | 211 else |
| 188 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" | 212 zfs create ${_zfsopts} "${_ds}/usr" |
| 189 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" | 213 fi |
| 190 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" | 214 zfs create ${_zfsopts} -o setuid=off "${_ds}/usr/home" |
| 191 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" | 215 zfs create ${_zfsopts} "${_ds}/usr/local" |
| 216 fi | |
| 217 if [ \( "${_tiny}" = "yes" \) -o \( "{_tiny}" = "extra" \) ]; then | |
| 218 zfs create ${_zfsopts} -o canmount=off "${_ds}/var" | |
| 219 else | |
| 220 zfs create ${_zfsopts} "${_ds}/var" | |
| 221 fi | |
| 222 if [ "${_tiny}" != "extra" ]; then | |
| 223 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" | |
| 224 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" | |
| 225 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" | |
| 226 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" | |
| 227 fi | |
| 192 if [ "$_fbsdupdate" = "yes" ]; then | 228 if [ "$_fbsdupdate" = "yes" ]; then |
| 193 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" | 229 if [ \( "${_tiny}" = "yes" \) -o \( "{_tiny}" = "extra" \) ]; then |
| 230 zfs create ${_zfsopts} -o canmount=off -o exec=off -o setuid=off "${_ds}/var/db" | |
| 231 else | |
| 232 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" | |
| 233 fi | |
| 194 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" | 234 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" |
| 195 fi | 235 fi |
| 196 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" | 236 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" |
| 197 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" | 237 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" |
| 198 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" | 238 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" |