Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
changeset 74:247d35f910ca
fjail datasets now recognized a "-u" command option to not automatically mount created datasets
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Thu, 15 Aug 2019 15:58:24 +0200 |
| parents | 2e991a00035b |
| children | 2e3ac70bdfc8 |
| files | bin/fjail |
| diffstat | 1 files changed, 39 insertions(+), 20 deletions(-) [+] |
line wrap: on
line diff
--- a/bin/fjail Thu Aug 15 15:31:28 2019 +0200 +++ b/bin/fjail Thu Aug 15 15:58:24 2019 +0200 @@ -2,17 +2,20 @@ # -*- indent-tabs-mode: nil; -*- # @(#)$HGid$ -set -e +set -eu VERSION="@@VERSION@@" # Reset to standard umask umask 0022 + # # "datasets" -- create the ZFS dataset tree # -# command_datasets parent-dataset child-dataset +# command_datasets [ -u ] parent-dataset child-dataset +# +# -u do not automatically mount newly created datasets # command_datasets() { # parent ZFS dataset -- child ZFS dataset name @@ -21,6 +24,23 @@ local _pmp _get _dummy # full name of the dataset local _ds + # dynamic ZFS options + local _zfsopts + + _zfsopts="" + while getopts "u" _opt ; do + case ${_opt} in + u) + # do not mount newly created datasets + _zfsopts="${_zfsopts} -u" + ;; + \?|:) + return 2; + ;; + esac + done + shift $((OPTIND-1)) + OPTIND=1 _pds="$1" if [ -z "${_pds}" ]; then @@ -55,23 +75,24 @@ echo "ERROR: dataset \`${_ds}' does already exist" >&2 return 1 fi - zfs create -o atime=off "${_ds}" - zfs create -o sync=disabled -o setuid=off "${_ds}/tmp" - zfs create "${_ds}/usr" - zfs create "${_ds}/var" - zfs create -o exec=off -o setuid=off "${_ds}/var/audit" - zfs create -o exec=off -o setuid=off "${_ds}/var/cache" - zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" - zfs create -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" - zfs create -o exec=off -o setuid=off "${_ds}/var/db" - zfs create -o exec=on -o setuid=off "${_ds}/var/db/pkg" - zfs create -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" - zfs create -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" - zfs create -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" - zfs create -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" - zfs create -o sync=disabled -o setuid=off "${_ds}/var/tmp" + zfs create ${_zfsopts} -o atime=off "${_ds}" + zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" + zfs create ${_zfsopts} "${_ds}/usr" + zfs create ${_zfsopts} "${_ds}/var" + zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" + zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" + zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/cache/pkg" + zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" + zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" + zfs create ${_zfsopts} -o exec=on -o setuid=off "${_ds}/var/db/pkg" + zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" + zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" + zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" + zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" + zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" } + # # "privs" -- adjust privileges # @@ -97,6 +118,7 @@ chmod 0775 "${_mp}/var/mail" } + # # Global option handling # @@ -129,9 +151,6 @@ privs) command_privs "$@" ;; - test) - echo "TEST" - ;; *) echo "ERROR" >&2 exit 2