From 46b916c0e18f145a5229e5c8cdf4fe655c433346 Mon Sep 17 00:00:00 2001
From: Jake Guffey <jake.guffey@eprotex.com>
Date: Tue, 28 Feb 2012 16:39:08 -0500
Subject: [PATCH] Various bugfixes

Added logic to ensure that /etc/resolv.conf exists within a jail
Replaced /var/db, /var/tmp mountpoints with /var mountpoint in jail
Added logic to ensure that every jail is bound to an interface
Modified how information is inserted into the jail's rc.conf
Added ListenAddress directive for SSHd
Updated manpage to reflect these changes
---
 conf/type/__jail/gencode-remote | 38 +++++++++++++++++++++++----------
 conf/type/__jail/man.text       |  5 +++--
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote
index dc18312b..c0a35784 100755
--- a/conf/type/__jail/gencode-remote
+++ b/conf/type/__jail/gencode-remote
@@ -185,16 +185,18 @@ cat <<EOF
    fi
    mkdir -p "${jaildir}/rw/${name}/etc"
    cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
+   if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then
+      cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/"
+   fi
    mkdir "${jaildir}/rw/${name}/local"
-   mkdir "${jaildir}/rw/${name}/db"
-   if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
-      cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/"
+   mkdir "${jaildir}/rw/${name}/var"
+   if [ -n "\$(ls ${jaildir}/base/var)" ]; then
+      cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/"
    fi
    mkdir "${jaildir}/rw/${name}/home"
    if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
       cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
    fi
-   mkdir "${jaildir}/rw/${name}/tmp"
 EOF
 
 # Create the ro+rw mountpoint entries in fstab
@@ -203,9 +205,8 @@ cat <<EOF
 /usr/jail/base			/usr/jail/${name}		nullfs	ro	0 0
 /usr/jail/rw/${name}/etc	/usr/jail/${name}/etc		nullfs	rw	0 0
 /usr/jail/rw/${name}/local	/usr/jail/${name}/usr/local	nullfs	rw	0 0
-/usr/jail/rw/${name}/db		/usr/jail/${name}/var/db	nullfs	rw	0 0
+/usr/jail/rw/${name}/var		/usr/jail/${name}/var	nullfs	rw	0 0
 /usr/jail/rw/${name}/home	/usr/jail/${name}/usr/home	nullfs	rw	0 0
-/usr/jail/rw/${name}/tmp	/usr/jail/${name}/var/tmp	nullfs	rw	0 0
 END
 EOF
 
@@ -227,6 +228,13 @@ if [ -n "$interface" ]; then
 jail_${name}_interface="${interface}"
 END
 EOF
+else
+   cat <<EOF
+   interface=\$(ifconfig -l | cut '-d ' -f1)
+   cat >>/etc/rc.conf <<END
+jail_${name}_interface="\${interface}"
+END
+EOF
 fi
 
 if [ "$devfsenable" = "true" ]; then
@@ -265,11 +273,19 @@ EOF
 fi
 
 # Add the normal entries into the jail's rc.conf
-echo "echo hostname=\\\"${hostname}\\\" >\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
-echo "echo sshd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
-echo "echo sendmail_enable=\\\"NONE\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
-echo "echo syslogd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
-echo "echo syslogd_flags=\\\"-ss\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
+cat <<EOF
+echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf"
+echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
+echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
+echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
+echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
+
+EOF
+# Configure SSHd's listening address
+cat <<EOF
+ip=\$(echo "${ip}" | cut '-d ' -f1)
+sed -i '.bak' "s/#ListenAddress 0.0.0.0/ListenAddress \${ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config"
+EOF
 }
 
 if [ "$present" = "EXISTS" ]; then   # The jail currently exists
diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text
index e6256975..8e31ef37 100644
--- a/conf/type/__jail/man.text
+++ b/conf/type/__jail/man.text
@@ -36,6 +36,7 @@ hostname::
 
 interface::
    The name of the physical interface on the jail server to bind the jail to.
+   Defaults to the first interface found in the output of ifconfig -l.
 
 devfs-enable::
    Whether to allow devfs mounting within the jail. Must be "true" or "false."
@@ -64,7 +65,7 @@ EXAMPLES
 
 --------------------------------------------------------------------------------
 # Create a jail called www
-__jail www --state present --ip "192.168.1.2 netmask 255.255.255.0"
+__jail www --state present --ip "192.168.1.2"
 
 # Remove the jail called www
 __jail www --state absent
@@ -75,7 +76,7 @@ __jail www --state present --started true \
 
 # Use the name variable explicitly
 __jail thisjail --state present --name www \
-   --ip "192.168.1.2 netmask 255.255.255.0"
+   --ip "192.168.1.2"
 
 # Go nuts
 __jail lotsofoptions --state present --name testjail --started true \