Various bugfixes

Added logic to ensure that /etc/resolv.conf exists within a jail
Replaced /var/db, /var/tmp mountpoints with /var mountpoint in jail
Added logic to ensure that every jail is bound to an interface
Modified how information is inserted into the jail's rc.conf
Added ListenAddress directive for SSHd
Updated manpage to reflect these changes
This commit is contained in:
Jake Guffey 2012-02-28 16:39:08 -05:00
parent 20a3538e72
commit 46b916c0e1
2 changed files with 30 additions and 13 deletions

View file

@ -185,16 +185,18 @@ cat <<EOF
fi
mkdir -p "${jaildir}/rw/${name}/etc"
cp -r ${jaildir}/base/etc/* "${jaildir}/rw/${name}/etc/"
if [ ! -f "${jaildir}/rw/${name}/etc/resolv.conf" ]; then
cp /etc/resolv.conf "${jaildir}/rw/${name}/etc/"
fi
mkdir "${jaildir}/rw/${name}/local"
mkdir "${jaildir}/rw/${name}/db"
if [ -n "\$(ls ${jaildir}/base/var/db)" ]; then
cp -r ${jaildir}/base/var/db/* "${jaildir}/rw/${name}/db/"
mkdir "${jaildir}/rw/${name}/var"
if [ -n "\$(ls ${jaildir}/base/var)" ]; then
cp -r ${jaildir}/base/var/* "${jaildir}/rw/${name}/var/"
fi
mkdir "${jaildir}/rw/${name}/home"
if [ -n "\$(ls ${jaildir}/base/usr/home)" ]; then
cp -r ${jaildir}/base/usr/home/* "${jaildir}/rw/${name}/home/"
fi
mkdir "${jaildir}/rw/${name}/tmp"
EOF
# Create the ro+rw mountpoint entries in fstab
@ -203,9 +205,8 @@ cat <<EOF
/usr/jail/base /usr/jail/${name} nullfs ro 0 0
/usr/jail/rw/${name}/etc /usr/jail/${name}/etc nullfs rw 0 0
/usr/jail/rw/${name}/local /usr/jail/${name}/usr/local nullfs rw 0 0
/usr/jail/rw/${name}/db /usr/jail/${name}/var/db nullfs rw 0 0
/usr/jail/rw/${name}/var /usr/jail/${name}/var nullfs rw 0 0
/usr/jail/rw/${name}/home /usr/jail/${name}/usr/home nullfs rw 0 0
/usr/jail/rw/${name}/tmp /usr/jail/${name}/var/tmp nullfs rw 0 0
END
EOF
@ -227,6 +228,13 @@ if [ -n "$interface" ]; then
jail_${name}_interface="${interface}"
END
EOF
else
cat <<EOF
interface=\$(ifconfig -l | cut '-d ' -f1)
cat >>/etc/rc.conf <<END
jail_${name}_interface="\${interface}"
END
EOF
fi
if [ "$devfsenable" = "true" ]; then
@ -265,11 +273,19 @@ EOF
fi
# Add the normal entries into the jail's rc.conf
echo "echo hostname=\\\"${hostname}\\\" >\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
echo "echo sshd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
echo "echo sendmail_enable=\\\"NONE\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
echo "echo syslogd_enable=\\\"YES\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
echo "echo syslogd_flags=\\\"-ss\\\" >>\\\"${jaildir}/rw/${name}/etc/rc.conf\\\""
cat <<EOF
echo hostname=\"${hostname}\" >"${jaildir}/rw/${name}/etc/rc.conf"
echo sshd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo sendmail_enable=\"NONE\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_enable=\"YES\" >>"${jaildir}/rw/${name}/etc/rc.conf"
echo syslogd_flags=\"-ss\" >>"${jaildir}/rw/${name}/etc/rc.conf"
EOF
# Configure SSHd's listening address
cat <<EOF
ip=\$(echo "${ip}" | cut '-d ' -f1)
sed -i '.bak' "s/#ListenAddress 0.0.0.0/ListenAddress \${ip}/" "${jaildir}/rw/${name}/etc/ssh/sshd_config"
EOF
}
if [ "$present" = "EXISTS" ]; then # The jail currently exists

View file

@ -36,6 +36,7 @@ hostname::
interface::
The name of the physical interface on the jail server to bind the jail to.
Defaults to the first interface found in the output of ifconfig -l.
devfs-enable::
Whether to allow devfs mounting within the jail. Must be "true" or "false."
@ -64,7 +65,7 @@ EXAMPLES
--------------------------------------------------------------------------------
# Create a jail called www
__jail www --state present --ip "192.168.1.2 netmask 255.255.255.0"
__jail www --state present --ip "192.168.1.2"
# Remove the jail called www
__jail www --state absent
@ -75,7 +76,7 @@ __jail www --state present --started true \
# Use the name variable explicitly
__jail thisjail --state present --name www \
--ip "192.168.1.2 netmask 255.255.255.0"
--ip "192.168.1.2"
# Go nuts
__jail lotsofoptions --state present --name testjail --started true \