Date: Thu, 03 Feb 2011 15:50:56 +0300 From: "Valery V.Smirnov" <valery@smirnov.tv> To: <bug-followup@FreeBSD.org>, <freebsd-pr@smirnov.tv>, <freebsd-bugs@FreeBSD.org> Subject: Re: conf/154484: [patch] request for new functionality. jail zfs dataset on jail start up by /etc/rc.d/jail Message-ID: <6ac4858d0353266c1d2ca99c9e7afd7e@smirnov.tv> In-Reply-To: <201102031236.p13Ca505035277@freefall.freebsd.org> References: <201102031236.p13Ca505035277@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Yes, please. Sorry for double sent. On Thu, 3 Feb 2011 12:36:05 GMT, linimon@FreeBSD.org wrote: > Synopsis: [patch] request for new functionality. jail zfs dataset on > jail start up by /etc/rc.d/jail > > State-Changed-From-To: open->feedback > State-Changed-By: linimon > State-Changed-When: Thu Feb 3 12:35:46 UTC 2011 > State-Changed-Why: > sorry, looks like the patch got stripped. Can you re-send? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=154484 -- Best regards mailto: freebsd-pr@smirnov.tv Valery V.Smirnov [-- Attachment #2 --] *** jail Wed Feb 2 12:53:32 2011 --- jail.updated Thu Feb 3 12:44:25 2011 *************** *** 1,7 **** #!/bin/sh # ! # $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.6.1 2010/12/21 17:09:25 kensmith Exp $ # # PROVIDE: jail # REQUIRE: LOGIN cleanvar --- 1,16 ---- #!/bin/sh # ! # $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.6.2 2011/02/03 11:30:25 kensmith Exp $ ! # patched by sudosu # + # COMMENT: The goal of thish patch is 2 options in rc.conf: + # jail_zfsdataset= Maybe zfs dataset, which you like to use with + # jiled=on option. Only one dataset define is + # possible. + # jail_example_zfsdataset= Boolean value, maybe YES or NONE. This option + # defines if jail use zfs dataset, or no. Enabling + # check if dataset exists and jail it. Dataset + # maybe only $jail_zfsdataset/$jail_name. # PROVIDE: jail # REQUIRE: LOGIN cleanvar *************** *** 21,26 **** --- 30,37 ---- start_cmd="jail_start" stop_cmd="jail_stop" + jail_zfsdataset=${jail_zfsdataset:-"NONE"} + # init_variables _j # Initialize the various jail variables for jail _j. # *************** *** 41,46 **** --- 52,64 ---- eval _ip=\"\$jail_${_j}_ip\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" + eval _zfsdataset=\"\$jail_${_j}_zfsdataset\" + + if [ "$_zfsdataset" = "YES" ]; then + jail_check_zfsdataset $_j + else + _zfsdataset="NONE" + fi i=0 while : ; do *************** *** 276,282 **** fi } - # jail_umount_fs # This function unmounts certain special filesystems in the # currently selected jail. The caller must call the init_variables() --- 294,299 ---- *************** *** 343,348 **** --- 360,431 ---- mount -a -F "${_fstab}" } + # jail_check_zfsdataset + # Check if ZFS Dataset is exists and usable within jails. Per + # jail and global. + # + jail_check_zfsdataset() + { + local _domain + + _domain="$1" + + if [ "$_domain" = "global" ]; then + if [ "$jail_zfsdataset" = "NONE" ]; then + info " No ZFS Dataset defined to use within jails." + return + else + info " ZFS Dataset \"$jail_zfsdataset\" is defined to use within jails." + fi + fi + + # Check if dataset is exists + # + + if [ "$_domain" = "global" ]; then + zfsdataset_exists=$(/sbin/zfs list | /usr/bin/grep ${jail_zfsdataset}) + + if [ ! "$zfsdataset_exists" ]; then + info "Global: ZFS Dataset ${jail_zfsdataset} is not exists." + jail_zfsdataset="NONE" + return + fi + else + zfsdataset_exists=$(/sbin/zfs list | /usr/bin/grep "${jail_zfsdataset}/$_domain") + + if [ ! "$zfsdataset_exists" ]; then + info "Jail _$domain: ZFS Dataset ${jail_zfsdataset}/$_domain is not exists." + _zfsdataset="NONE" + return + else + _zfsdataset="${jail_zfsdataset}/$_domain" + info "jail $_domain: ZFS Dataset ${jail_zfsdataset}/$_domain" + return + fi + fi + + # Check if dataset is jailed + # + if [ "$_domain" = "global" ]; then + zfsdataset_jailed=$(/sbin/zfs get jailed ${jail_zfsdataset} | /usr/bin/grep "${jail_zfsdataset}" | /usr/bin/awk {'print $3'}) + + if [ "$zfsdataset_jailed" = "off" ]; then + info "ZFS Dataset ${jail_zfsdataset} is not jailed and may not to be used within jails." + info "You should exec \"zfs set jaled=on ${jail_zfsdataset}\" to jailed it" + jail_zfsdataset="NONE" + return + fi + fi + } + + + # jail_zfsdataset_jail + # Jail zfs datasets by JID per jail + # + jail_zfsdataset_jail() + { + } + # jail_show_addresses jail # Debug print the input for the given _multi aliases # for a jail for init_variables(). *************** *** 554,559 **** --- 637,643 ---- security.jail.socket_unixiproute_only unixiproute_only set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ sysvipc_allow + jail_check_zfsdataset global echo '.' echo -n 'Starting jails:' *************** *** 656,661 **** --- 740,748 ---- tail +2 ${_tmp_jail} >${_consolelog} echo ${_jail_id} > /var/run/jail_${_jail}.id + if [ "$_zfsdataset" != "NONE" ]; then + /sbin/zfs jail ${_jail_id} $_zfsdataset + fi i=0 while : ; do eval out=\"\${_exec_poststart${i}:-''}\" *************** *** 684,689 **** --- 771,779 ---- _jail_id=$(cat /var/run/jail_${_jail}.id) if [ ! -z "${_jail_id}" ]; then init_variables $_jail + if [ "$_zfsdataset" != "NONE" ]; then + /sbin/zfs unjail ${_jail_id} $_zfsdataset + fi i=0 while : ; do
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ac4858d0353266c1d2ca99c9e7afd7e>