Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
comparison sbin/fjail @ 204:ef397b84b047
Implement a "-A" flat for dataset creation: set canmount=noauto
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Sun, 21 Aug 2022 13:23:10 +0200 |
| parents | eb95c986cc59 |
| children | fcfa674c8444 |
comparison
equal
deleted
inserted
replaced
| 203:eb95c986cc59 | 204:ef397b84b047 |
|---|---|
| 32 | 32 |
| 33 Create ZFS datasets to be used within a jail | 33 Create ZFS datasets to be used within a jail |
| 34 | 34 |
| 35 PARENT must exist already and CHILD must not exist. | 35 PARENT must exist already and CHILD must not exist. |
| 36 | 36 |
| 37 -A Set "canmount=auto" for datasets | |
| 37 -s Also create a dataset for freebsd-update data files | 38 -s Also create a dataset for freebsd-update data files |
| 38 -t Create a more tiny set of datasets | 39 -t Create a more tiny set of datasets |
| 39 -T Create only an extra tiny set of datasets | 40 -T Create only an extra tiny set of datasets |
| 40 -u Do not automatically mount newly created datasets | 41 -u Do not automatically mount newly created datasets |
| 41 | 42 |
| 137 # and its mount point | 138 # and its mount point |
| 138 local _pmp _get | 139 local _pmp _get |
| 139 # full name of the dataset | 140 # full name of the dataset |
| 140 local _ds | 141 local _ds |
| 141 # dynamic ZFS options -- create cache for freebsd-update -- use a more tiny layout | 142 # dynamic ZFS options -- create cache for freebsd-update -- use a more tiny layout |
| 142 local _zfsopts _fbsdupdate _tiny | 143 local _zfsopts _fbsdupdate _tiny _zfsnoauto |
| 143 | 144 |
| 144 _zfsopts="" | 145 _zfsopts="" |
| 145 _fbsdupdate="" | 146 _fbsdupdate="" |
| 146 _tiny="no" | 147 _tiny="no" |
| 147 while getopts "ustT" _opt ; do | 148 _zfsnoauto="" |
| 149 while getopts "ustAT" _opt ; do | |
| 148 case ${_opt} in | 150 case ${_opt} in |
| 151 A) | |
| 152 # | |
| 153 # set canmount=noauto where otherwise canmount=on would have been set | |
| 154 # or inherited | |
| 155 # | |
| 156 _zfsnoauto="-o canmount=noauto" | |
| 157 ;; | |
| 149 t) | 158 t) |
| 150 # use a more tiny layout | 159 # use a more tiny layout |
| 151 _tiny="yes" | 160 _tiny="yes" |
| 152 ;; | 161 ;; |
| 153 T) # extra tiny layout | 162 T) # extra tiny layout |
| 211 # /var/crash | 220 # /var/crash |
| 212 # /var/log | 221 # /var/log |
| 213 # /var/mail | 222 # /var/mail |
| 214 # /var/tmp | 223 # /var/tmp |
| 215 # | 224 # |
| 216 zfs create ${_zfsopts} -o atime=off "${_ds}" | 225 zfs create ${_zfsopts} ${_zfsnoauto} -o atime=off "${_ds}" |
| 217 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" | 226 zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o setuid=off "${_ds}/tmp" |
| 218 if [ "${_tiny}" != "extra" ]; then | 227 if [ "${_tiny}" != "extra" ]; then |
| 219 if [ "${_tiny}" = "yes" ]; then | 228 if [ "${_tiny}" = "yes" ]; then |
| 220 zfs create ${_zfsopts} -o canmount=off "${_ds}/usr" | 229 zfs create ${_zfsopts} -o canmount=off "${_ds}/usr" |
| 221 else | 230 else |
| 222 zfs create ${_zfsopts} "${_ds}/usr" | 231 zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/usr" |
| 223 fi | 232 fi |
| 224 zfs create ${_zfsopts} -o setuid=off "${_ds}/usr/home" | 233 zfs create ${_zfsopts} ${_zfsnoauto} -o setuid=off "${_ds}/usr/home" |
| 225 zfs create ${_zfsopts} "${_ds}/usr/local" | 234 zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/usr/local" |
| 226 fi | 235 fi |
| 227 if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then | 236 if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then |
| 228 zfs create ${_zfsopts} -o canmount=off "${_ds}/var" | 237 zfs create ${_zfsopts} -o canmount=off "${_ds}/var" |
| 229 else | 238 else |
| 230 zfs create ${_zfsopts} "${_ds}/var" | 239 zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/var" |
| 231 fi | 240 fi |
| 232 if [ "${_tiny}" != "extra" ]; then | 241 if [ "${_tiny}" != "extra" ]; then |
| 233 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" | 242 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/audit" |
| 234 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" | 243 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/cache" |
| 235 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" | 244 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" |
| 236 zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" | 245 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" |
| 237 fi | 246 fi |
| 238 if [ "$_fbsdupdate" = "yes" ]; then | 247 if [ "$_fbsdupdate" = "yes" ]; then |
| 239 if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then | 248 if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then |
| 240 zfs create ${_zfsopts} -o canmount=off -o exec=off -o setuid=off "${_ds}/var/db" | 249 zfs create ${_zfsopts} -o canmount=off -o exec=off -o setuid=off "${_ds}/var/db" |
| 241 else | 250 else |
| 242 zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" | 251 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/db" |
| 243 fi | 252 fi |
| 244 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" | 253 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" |
| 245 fi | 254 fi |
| 246 zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" | 255 zfs create ${_zfsopts} ${_zfsnoauto} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" |
| 247 zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" | 256 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" |
| 248 zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" | 257 zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" |
| 249 zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" | 258 zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" |
| 250 zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" | 259 zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o setuid=off "${_ds}/var/tmp" |
| 251 } | 260 } |
| 252 | 261 |
| 253 | 262 |
| 254 # | 263 # |
| 255 # "populate" -- populate the datasets with content from a FreeBSD base.txz | 264 # "populate" -- populate the datasets with content from a FreeBSD base.txz |