# HG changeset patch # User Franz Glasner # Date 1662709372 -7200 # Node ID 661e35a9d6e5f1bde17df2fecf717d347ed4c692 # Parent 85aea8ca1ab8401371e836acd45c33db8452e328 Some work on ftjail: creating the very basic ZFS datasets diff -r 85aea8ca1ab8 -r 661e35a9d6e5 sbin/ftjail --- a/sbin/ftjail Thu Sep 08 09:43:31 2022 +0200 +++ b/sbin/ftjail Fri Sep 09 09:42:52 2022 +0200 @@ -75,6 +75,98 @@ # +# PARENT-BASE NAME DRY-RUN +# +command_datasets_tmpl_base() { + local _p_base _name _dry_run + + local _ds_base + + _p_base="${1-}" + _name="${2-}" + _dry_run="${3-}" + + if [ -z "${_p_base}" ]; then + echo "ERROR: no parent dataset for base given" >&2 + return 2 + fi + if [ -z "${_name}" ]; then + echo "ERROR: no name given" >&2 + return 2 + fi + + if ! zfs list -H -o mountpoint -t filesystem "${_p_base}" >/dev/null 2>/dev/null; then + echo "ERROR: parent dataset \`${_p_base}' does not exist" >&2 + return 1 + fi + _ds_base="${_p_base}/${_name}" + if zfs list -H -o mountpoint -t filesystem "${_ds_base}" >/dev/null 2>/dev/null; then + echo "ERROR: dataset \`${_ds_base}' does already exist" >&2 + return 1 + fi + + + [ "${_dry_run}" = "yes" ] && return 0 + + echo "Creating RO base datasets in:" + printf "\\t%s\\n" "${_ds_base}" + + zfs create -u -o canmount=noauto "${_ds_base}" + +} + + +# +# SKELETON NAME DRY-RUN +# +command_datasets_tmpl_skel() { + local _p_base _name _dry_run + + local _ds_skel _child + + _p_skel="${1-}" + _name="${2-}" + _dry_run="${3-}" + + if [ -z "${_p_skel}" ]; then + echo "ERROR: no parent dataset for skeleton given" >&2 + return 2 + fi + if [ -z "${_name}" ]; then + echo "ERROR: no name given" >&2 + return 2 + fi + + if ! zfs list -H -o mountpoint -t filesyhttps://docs.freebsd.org/en/books/handbook/jails/stem "${_p_skel}" >/dev/null 2>/dev/null; then + echo "ERROR: parent dataset \`${_p_skel}' does not exist" >&2 + return 1 + fi + _ds_skel="${_p_skel}/${_name}" + if zfs list -H -o mountpoint -t filesystem "${_ds_skel}" >/dev/null 2>/dev/null; then + echo "ERROR: dataset \`${_ds_skel}' does already exist" >&2 + return 1 + fi + + + [ "${_dry_run}" = "yes" ] && return 0 + + echo "Creating RW skeleton datasets in:" + printf "\\t%s\\n" "${_ds_skel}" + + zfs create -u -o canmount=noauto "${_ds_skel}" + zfs create -u -o canmount=off "${_ds_skel}/usr" + # + # XXX FIXME: What about usr/ports/distfiles + # We typically want to use binary packages. + # And if we use ports they are not in usr/ports typically. + # + for _child in etc usr/local tmp var root ; do + zfs create -u -o canmount=noauto "${_ds_skel}/${_child}" + done +} + + +# # "datasets-tmpl" -- create the ZFS dataset tree # # PARENT-BASE PARENT-SKELETON NAME @@ -87,44 +179,17 @@ _zfsopts="-u -o canmount=noauto" - _p_base="$1" - _p_skel="$2" - _name="$3" - - if [ -z "${_p_base}" ]; then - echo "ERROR: no parent dataset for base given" >&2 - return 2 - fi - if [ -z "${_p_skel}" ]; then - echo "ERROR: no parent dataset for skeleton given" >&2 - return 2 - fi - if [ -z "${_name}" ]; then - echo "ERROR: no name given" >&2 - return 2 - fi + _p_base="${1-}" + _p_skel="${2-}" + _name="${3-}" - _ds_base="${_p_base}/${_name}" - _ds_skel="${_p_skel}/${_name}" - echo "Resulting new root datasets:" - printf "\\t%s\\n" "${_ds_base}" - printf "\\t%s\\n" "${_ds_skel}" - if ! zfs list -H -o mountpoint -t filesystem "${_p_base}" >/dev/null 2>/dev/null; then - echo "ERROR: parent dataset \`${_p_base}' does not exist" >&2 - return 1 - fi - if zfs list -H -o mountpoint -t filesystem "${_ds_base}" >/dev/null 2>/dev/null; then - echo "ERROR: dataset \`${_ds_base}' does already exist" >&2 - return 1 - fi - if ! zfs list -H -o mountpoint -t filesystem "${_p_skel}" >/dev/null 2>/dev/null; then - echo "ERROR: parent dataset \`${_p_skel}' does not exist" >&2 - return 1 - fi - if zfs list -H -o mountpoint -t filesystem "${_ds_skel}" >/dev/null 2>/dev/null; then - echo "ERROR: dataset \`${_ds_skel}' does already exist" >&2 - return 1 - fi + # Check preconditions + command_datasets_tmpl_base "${_p_base}" "${_name}" "yes" || return + command_datasets_tmpl_skel "${_p_skel}" "${_name}" "yes" || return + + # Really do it + command_datasets_tmpl_base "${_p_base}" "${_name}" || return + command_datasets_tmpl_skel "${_p_skel}" "${_name}" || return return 0 #