Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
changeset 162:9bd38c55a75c
When executing the "privs" command try to make <mountpoint>/var/empty writeable temporarily to set proper permissions and file flags
| author | Franz Glasner <hg@dom66.de> |
|---|---|
| date | Wed, 20 Nov 2019 12:55:52 +0100 |
| parents | 57b9b899bf77 |
| children | 9aef3f0e4d1c |
| files | sbin/fjail |
| diffstat | 1 files changed, 24 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/sbin/fjail Wed Nov 20 09:11:48 2019 +0100 +++ b/sbin/fjail Wed Nov 20 12:55:52 2019 +0100 @@ -272,7 +272,7 @@ # command_privs() { # mountpoint - local _mp _d + local _mp _d _veds _get _vestatus _mp="$1" if [ -z "${_mp}" ]; then @@ -288,6 +288,29 @@ done chown root:mail "${_mp}/var/mail" chmod 0775 "${_mp}/var/mail" + + # + # Handle <mountpoint>/var/empty specially: + # make it writeable temporarily if it is mounted read-only: + # + _vestatus="" + _veds=$(_get_dataset_for_varempty "${_mp}") + if [ $? -eq 0 ]; then + _get=$(zfs get -H readonly ${_veds} 2>/dev/null) || { echo "ERROR: cannot determine readonly status of ${_mp}/var/empty" >&2; return 1; } + IFS=$'\t' read _dummy _dummy _vestatus _dummy <<EOF +${_get} +EOF + if [ "${_vestatus}" = "on" ]; then + zfs set readonly=off ${_veds} >/dev/null 2>/dev/null || { echo "ERROR: cannot reset readonly-status of ${_mp}/var/empty" >&2; return 1; } + fi + fi + # Set the access rights and the file flags as given in mtree + chmod 0555 "${_mp}/var/empty" + chflags schg "${_mp}/var/empty" + # Reset the read-only status of the mountpoint as it was before + if [ "${_vestatus}" = "on" ]; then + zfs set readonly=on ${_veds} >/dev/null 2>/dev/null || { echo "ERROR: cannot reactivate readonly-status of ${_mp}/var/empty" >&2; return 1; } + fi }