From 46b916c0e18f145a5229e5c8cdf4fe655c433346 Mon Sep 17 00:00:00 2001 From: Jake Guffey <jake.guffey@eprotex.com> Date: Tue, 28 Feb 2012 16:39:08 -0500 Subject: [PATCH] Various bugfixes Added logic to ensure that /etc/resolv.conf exists within a jail Replaced /var/db, /var/tmp mountpoints with /var mountpoint in jail Added logic to ensure that every jail is bound to an interface Modified how information is inserted into the jail's rc.conf Added ListenAddress directive for SSHd Updated manpage to reflect these changes --- conf/type/__jail/gencode-remote | 38 +++++++++++++++++++++++---------- conf/type/__jail/man.text | 5 +++-- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/conf/type/__jail/gencode-remote b/conf/type/__jail/gencode-remote index dc18312b..c0a35784 100755 --- a/conf/type/__jail/gencode-remote +++ b/conf/type/__jail/gencode-remote @@ -185,16 +185,18 @@ cat <<EOF fi mkdir -p "${jaildir}/rw/${name}/etc" cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/" + if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then + cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/" + fi mkdir "${jaildir}/rw/${name}/local" - mkdir "${jaildir}/rw/${name}/db" - if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then - cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/" + mkdir "${jaildir}/rw/${name}/var" + if [ -n "\$(ls ${jaildir}/base/var)" ]; then + cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/" fi mkdir "${jaildir}/rw/${name}/home" if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/" fi - mkdir "${jaildir}/rw/${name}/tmp" EOF # Create the ro+rw mountpoint entries in fstab @@ -203,9 +205,8 @@ cat <<EOF /usr/jail/base /usr/jail/${name} nullfs ro 0 0 /usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0 /usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0 -/usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0 +/usr/jail/rw/${name}/var /usr/jail/${name}/var nullfs rw 0 0 /usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0 -/usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0 END EOF @@ -227,6 +228,13 @@ if [ -n "$interface" ]; then jail_${name}_interface="${interface}" END EOF +else + cat <<EOF + interface=\$(ifconfig -l | cut '-d ' -f1) + cat >>/etc/rc.conf <<END +jail_${name}_interface="\${interface}" +END +EOF fi if [ "$devfsenable" = "true" ]; then @@ -265,11 +273,19 @@ EOF fi # Add the normal entries into the jail's rc.conf -echo "echo hostname=\\\"${hostname}\\\" >\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo sshd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo sendmail_enable=\\\"NONE\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo syslogd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" -echo "echo syslogd_flags=\\\"-ss\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\"" +cat <<EOF +echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf" +echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf" +echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf" + +EOF +# Configure SSHd's listening address +cat <<EOF +ip=\$(echo "${ip}" | cut '-d ' -f1) +sed -i '.bak' "s/#ListenAddress 0.0.0.0/ListenAddress \${ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config" +EOF } if [ "$present" = "EXISTS" ]; then # The jail currently exists diff --git a/conf/type/__jail/man.text b/conf/type/__jail/man.text index e6256975..8e31ef37 100644 --- a/conf/type/__jail/man.text +++ b/conf/type/__jail/man.text @@ -36,6 +36,7 @@ hostname:: interface:: The name of the physical interface on the jail server to bind the jail to. + Defaults to the first interface found in the output of ifconfig -l. devfs-enable:: Whether to allow devfs mounting within the jail. Must be "true" or "false." @@ -64,7 +65,7 @@ EXAMPLES -------------------------------------------------------------------------------- # Create a jail called www -__jail www --state present --ip "192.168.1.2 netmask 255.255.255.0" +__jail www --state present --ip "192.168.1.2" # Remove the jail called www __jail www --state absent @@ -75,7 +76,7 @@ __jail www --state present --started true \ # Use the name variable explicitly __jail thisjail --state present --name www \ - --ip "192.168.1.2 netmask 255.255.255.0" + --ip "192.168.1.2" # Go nuts __jail lotsofoptions --state present --name testjail --started true \