sjail (3176B)
1 #!/bin/sh 2 3 sjail_init() 4 { 5 echo " 6 path = \"/usr/local/jail/\${name}\"; 7 host.hostname = \"\${name}\"; 8 9 exec.clean; 10 exec.start = \"/bin/sh /etc/rc\"; 11 exec.stop = \"/bin/sh /etc/rc.shutdown\"; 12 allow.mount; 13 allow.raw_sockets = 1; 14 mount.devfs; 15 devfs.ruleset = \"5\"; 16 vnet; 17 sysvmsg = new; 18 sysvsem = new; 19 sysvshm = new; 20 " >> /etc/jail.conf 21 22 echo " 23 if_bridge_load=\"YES\" 24 if_epair_load=\"YES\" 25 26 cloned_interfaces=\"bridge0 epair0\" 27 ifconfig_bridge0=\"addm re0 addm epair0a up\" 28 " >> /etc/rc.conf 29 30 echo " 31 [devfsrules_jails=5] 32 add include \$devfsrules_hide_all 33 add include \$devfsrules_unhide_basic 34 add include \$devfsrules_unhide_login 35 add path 'bpf*' unhide 36 " >> /etc/devfs.rules 37 38 /etc/netstart 39 service devfs restart 40 } 41 42 sjail_jail_exists() 43 { 44 test -d "/usr/local/jail/${name}" 45 } 46 47 sjail_jail_running() 48 { 49 test -n "$(jls -j ${name} 2>/dev/null | sed 1d)" 50 } 51 52 sjail_new() 53 { 54 name="${1}" 55 56 test -z "${name}" && usage 57 58 echo " 59 ${name} { 60 vnet.interface = \"epair0b\"; 61 exec.start += \"dhclient epair0b\"; 62 } 63 " >> /etc/jail.conf 64 65 sjail_jail_exists && err "\"${name}\" exists already" 66 sjail_jail_running && err "\"${name}\" is running" 67 68 mkdir -p /usr/local/jail 69 mkdir -p /usr/local/jail/${name} 70 bsdinstall jail /usr/local/jail/${name} 71 } 72 73 sjail_del() 74 { 75 name="${1}" 76 77 test -z "${name}" && usage 78 sjail_jail_exists || err "\"${name}\" doesn't exist" 79 sjail_jail_running && err "\"${name}\" is running" 80 81 chflags -R noschg /usr/local/jail/${name} 82 rm -rf /usr/local/jail/${name} 83 sed -i '' "/${name} {/,/}/d" /etc/jail.conf 84 } 85 86 sjail_start() 87 { 88 xflag="no" 89 90 while getopts "x" arg; do 91 case "${arg}" in 92 x) xflag="yes" ;; 93 *) usage ;; 94 esac 95 done 96 shift $((OPTIND - 1)) 97 98 name="${1}" 99 test -z "${name}" && usage 100 sjail_jail_exists || err "\"${name}\" doesn't exist" 101 sjail_jail_running && err "\"${name}\" is running" 102 103 ifconfig epair0a destroy 104 ifconfig epair0 create 105 ifconfig bridge0 addm epair0a 106 ifconfig epair0a up 107 if [ -z $(service -e | grep jail) ]; then 108 service jail onestart ${name} 109 else 110 service jail start ${name} 111 fi 112 113 if [ ${xflag} = "yes" ]; then 114 xhost + 115 mount_nullfs /tmp/.X11-unix /usr/local/jail/${name}/tmp/.X11-unix 116 fi 117 } 118 119 sjail_stop() 120 { 121 xflag="no" 122 123 while getopts "x" arg; do 124 case "${arg}" in 125 x) xflag="yes" ;; 126 *) usage ;; 127 esac 128 done 129 shift $((OPTIND - 1)) 130 131 name="${1}" 132 test -z "${name}" && usage 133 sjail_jail_exists || err "\"${name}\" doesn't exist" 134 sjail_jail_running || err "\"${name}\" is not running" 135 136 if [ ${xflag} = "yes" ]; then 137 xhost - 138 umount /usr/local/jail/${name}/tmp/.X11-unix 139 fi 140 141 if [ -z $(service -e | grep jail) ]; then 142 service jail onestop ${name} 143 else 144 service jail stop ${name} 145 fi 146 ifconfig epair0a destroy 147 } 148 149 usage() 150 { 151 echo "usage: ${0##*/} init" 1>&2 152 echo " ${0##*/} new jail" 1>&2 153 echo " ${0##*/} del jail" 1>&2 154 echo " ${0##*/} start [-x] jail" 1>&2 155 echo " ${0##*/} stop [-x] jail" 1>&2 156 exit 1 157 } 158 159 err() 160 { 161 echo "${0##*/}: ${@}" 1>&2 162 exit 1 163 } 164 165 # TODO handle multiple jails (make new epairs for each jail)? 166 cmd="${1}" 167 shift 1 168 case "${cmd}" in 169 init) sjail_init ;; 170 del) sjail_del ${@} ;; 171 new) sjail_new ${@} ;; 172 start) sjail_start ${@} ;; 173 stop) sjail_stop ${@} ;; 174 *) usage ;; 175 esac