Mercurial > hgrepos > FreeBSD > ports > sysutils > local-bsdtools
changeset 204:ef397b84b047
Implement a "-A" flat for dataset creation: set canmount=noauto
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Sun, 21 Aug 2022 13:23:10 +0200 |
| parents | eb95c986cc59 |
| children | fcfa674c8444 |
| files | sbin/fjail |
| diffstat | 1 files changed, 28 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/sbin/fjail Sun Aug 21 12:18:15 2022 +0200 +++ b/sbin/fjail Sun Aug 21 13:23:10 2022 +0200 @@ -34,6 +34,7 @@ PARENT must exist already and CHILD must not exist. + -A Set "canmount=auto" for datasets -s Also create a dataset for freebsd-update data files -t Create a more tiny set of datasets -T Create only an extra tiny set of datasets @@ -139,13 +140,21 @@ # full name of the dataset local _ds # dynamic ZFS options -- create cache for freebsd-update -- use a more tiny layout - local _zfsopts _fbsdupdate _tiny + local _zfsopts _fbsdupdate _tiny _zfsnoauto _zfsopts="" _fbsdupdate="" _tiny="no" - while getopts "ustT" _opt ; do + _zfsnoauto="" + while getopts "ustAT" _opt ; do case ${_opt} in + A) + # + # set canmount=noauto where otherwise canmount=on would have been set + # or inherited + # + _zfsnoauto="-o canmount=noauto" + ;; t) # use a more tiny layout _tiny="yes" @@ -213,41 +222,41 @@ # /var/mail # /var/tmp # - zfs create ${_zfsopts} -o atime=off "${_ds}" - zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/tmp" + zfs create ${_zfsopts} ${_zfsnoauto} -o atime=off "${_ds}" + zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o setuid=off "${_ds}/tmp" if [ "${_tiny}" != "extra" ]; then if [ "${_tiny}" = "yes" ]; then zfs create ${_zfsopts} -o canmount=off "${_ds}/usr" else - zfs create ${_zfsopts} "${_ds}/usr" + zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/usr" fi - zfs create ${_zfsopts} -o setuid=off "${_ds}/usr/home" - zfs create ${_zfsopts} "${_ds}/usr/local" + zfs create ${_zfsopts} ${_zfsnoauto} -o setuid=off "${_ds}/usr/home" + zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/usr/local" fi if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then zfs create ${_zfsopts} -o canmount=off "${_ds}/var" else - zfs create ${_zfsopts} "${_ds}/var" + zfs create ${_zfsopts} ${_zfsnoauto} "${_ds}/var" fi if [ "${_tiny}" != "extra" ]; then - zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/audit" - zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/cache" - zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" - zfs create ${_zfsopts} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/audit" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/cache" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/cache/pkg" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o compression=off "${_ds}/var/crash" fi if [ "$_fbsdupdate" = "yes" ]; then if [ \( "${_tiny}" = "yes" \) -o \( "${_tiny}" = "extra" \) ]; then zfs create ${_zfsopts} -o canmount=off -o exec=off -o setuid=off "${_ds}/var/db" else - zfs create ${_zfsopts} -o exec=off -o setuid=off "${_ds}/var/db" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off "${_ds}/var/db" fi - zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata -o compression=off "${_ds}/var/db/freebsd-update" fi - zfs create ${_zfsopts} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" - zfs create ${_zfsopts} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" - zfs create ${_zfsopts} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" - zfs create ${_zfsopts} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" - zfs create ${_zfsopts} -o sync=disabled -o setuid=off "${_ds}/var/tmp" + zfs create ${_zfsopts} ${_zfsnoauto} -o readonly=on -o exec=off -o setuid=off "${_ds}/var/empty" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o primarycache=metadata "${_ds}/var/log" + zfs create ${_zfsopts} ${_zfsnoauto} -o exec=off -o setuid=off -o atime=on "${_ds}/var/mail" + zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o exec=off -o setuid=off -o compression=off -o primarycache=all "${_ds}/var/run" + zfs create ${_zfsopts} ${_zfsnoauto} -o sync=disabled -o setuid=off "${_ds}/var/tmp" }