jail revision 123340
1#!/bin/sh 2# 3# $FreeBSD: head/etc/rc.d/jail 123340 2003-12-09 08:09:04Z mtm $ 4# 5 6# PROVIDE: jail 7# REQUIRE: LOGIN 8# BEFORE: securelevel 9# KEYWORD: FreeBSD shutdown 10 11. /etc/rc.subr 12 13name="jail" 14rcvar=`set_rcvar` 15start_cmd="jail_start" 16stop_cmd="jail_stop" 17 18# init_variables _j 19# Initialize the various jail variables for jail _j. 20# 21init_variables() 22{ 23 _j="$1" 24 25 if [ -z "$_j" ]; then 26 warn "init_variables: you must specify a jail" 27 return 28 fi 29 30 eval jail_rootdir=\"\$jail_${_j}_rootdir\" 31 jail_devdir="${jail_rootdir}/dev" 32 jail_fdescdir="${jail_devdir}/fd" 33 jail_procdir="${jail_rootdir}/proc" 34 eval jail_hostname=\"\$jail_${_j}_hostname\" 35 eval jail_ip=\"\$jail_${_j}_ip\" 36 eval jail_exec=\"\$jail_${_j}_exec\" 37 [ -z "${jail_exec}" ] && jail_exec="/bin/sh /etc/rc" 38 39 # The default jail ruleset will be used by rc.subr if none is specified. 40 eval jail_ruleset=\"\$jail_${_j}_devfs_ruleset\" 41 eval jail_devfs=\"\$jail_${_j}_devfs_enable\" 42 [ -z "${jail_devfs}" ] && jail_devfs="NO" 43 eval jail_fdescfs=\"\$jail_${_j}_fdescfs_enable\" 44 [ -z "${jail_fdescfs}" ] && jail_fdescfs="NO" 45 eval jail_procfs=\"\$jail_${_j}_procfs_enable\" 46 [ -z "${jail_procfs}" ] && jail_procfs="NO" 47 48 # Debuggin aid 49 # 50 debug "$_j devfs enable: $jail_devfs" 51 debug "$_j fdescfs enable: $jail_fdescfs" 52 debug "$_j procfs enable: $jail_procfs" 53 debug "$_j hostname: $jail_hostname" 54 debug "$_j ip: $jail_ip" 55 debug "$_j root: $jail_rootdir" 56 debug "$_j devdir: $jail_devdir" 57 debug "$_j fdescdir: $jail_fdescdir" 58 debug "$_j procdir: $jail_procdir" 59 debug "$_j ruleset: $jail_ruleset" 60} 61 62jail_start() 63{ 64 echo -n 'Configuring jails:' 65 echo -n ' set_hostname_allowed=' 66 if checkyesno jail_set_hostname_allow ; then 67 echo -n 'YES' 68 ${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=1 69 else 70 echo -n 'NO' 71 ${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=0 72 fi 73 74 echo -n ' unixiproute_only=' 75 if checkyesno jail_socket_unixiproute_only ; then 76 echo -n 'YES' 77 ${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=1 78 else 79 echo -n 'NO' 80 ${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=0 81 fi 82 83 echo -n ' sysvipc_allow=' 84 if checkyesno jail_sysvipc_allow ; then 85 echo -n 'YES' 86 ${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=1 87 else 88 echo -n 'NO' 89 ${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=0 90 fi 91 echo '.' 92 93 echo -n 'Starting Jails:' 94 for _jail in ${jail_list} 95 do 96 init_variables $_jail 97 if checkyesno jail_devfs; then 98 info "Mounting devfs on ${jail_devdir}" 99 devfs_mount_jail "${jail_devdir}" ${jail_ruleset} 100 101 # Transitional symlink for old binaries 102 if [ ! -L ${jail_devdir}/log ]; then 103 devfs_link ${jail_devdir} ../var/run/log log 104 fi 105 106 # Jail console output 107 devfs_link ${jail_devdir} ../var/log/console console 108 fi 109 if checkyesno jail_fdescfs; then 110 info "Mounting fdescfs on ${jail_fdescdir}" 111 mount -t fdescfs fdesc "${jail_fdescdir}" 112 fi 113 if checkyesno jail_procfs; then 114 info "Mounting procfs onto ${jail_procdir}" 115 if [ -d ${jail_procdir} ] ; then 116 mount -t procfs proc "${jail_procdir}" 117 fi 118 fi 119 jail 1>${jail_rootdir}/var/log/console.log 2>&1 \ 120 ${jail_rootdir} ${jail_hostname} ${jail_ip} ${jail_exec} 121 [ "$?" -eq 0 ] && echo -n " $jail_hostname" 122 done 123 echo '.' 124} 125 126jail_stop() 127{ 128 echo 'Stopping all jails.' 129 if checkyesno jail_stop_jailer; then 130 rc_pid=$(ps aux | grep "jailer" | awk '$8 ~ /.*J/ {print $2};') 131 else 132 rc_pid=$(ps aux | awk '$8 ~ /.*J/ {print $2};') 133 fi 134 if [ -n "${rc_pid}" ]; then 135 kill -TERM $rc_pid 136 wait_for_pids $rc_pid 137 fi 138 for _jail in ${jail_list} 139 do 140 init_variables $_jail 141 if checkyesno jail_devfs; then 142 if [ -d ${jail_devdir} ] ; then 143 umount -f ${jail_devdir} >/dev/null 2>&1 144 fi 145 fi 146 if checkyesno jail_fdescfs; then 147 umount -f ${jail_fdescdir} >/dev/null 2>&1 148 fi 149 if checkyesno jail_procfs; then 150 if [ -d ${jail_procdir} ] ; then 151 umount -f ${jail_procdir} >/dev/null 2>&1 152 fi 153 fi 154 done 155} 156 157 158load_rc_config $name 159run_rc_command "$1" 160