Date: Sun, 5 Dec 2010 22:20:07 GMT From: "joeb" <joeb@a1poweruser.com> To: freebsd-ports-bugs@FreeBSD.org Subject: RE: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly Message-ID: <201012052220.oB5MK7Fa036871@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/148777; it has been noted by GNATS. From: "joeb" <joeb@a1poweruser.com> To: <bug-followup@freebsd.org> Cc: Subject: RE: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly Date: Sun, 5 Dec 2010 17:16:17 -0500 This is a multi-part message in MIME format. ------=_NextPart_000_0008_01CB94A0.20C60E40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit The updated attached port shar file contains fixes to the port makefiles. Please review and commit. Thanks ------=_NextPart_000_0008_01CB94A0.20C60E40 Content-Type: application/octet-stream; name="qjail.portMakefiles.shar" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="qjail.portMakefiles.shar" # This is a shell archive. Save it in a file, remove anything before=0A= # this line, and then unpack it by entering "sh file". Note, it may=0A= # create directories; files and directories will be owned by you and=0A= # have default permissions.=0A= #=0A= # This archive contains:=0A= #=0A= # qjail=0A= # qjail/Makefile=0A= # qjail/pkg-descr=0A= # qjail/pkg-plist=0A= # qjail/pkg-message=0A= # qjail/work=0A= # qjail/work/qjail-1.0=0A= # qjail/work/qjail-1.0/examples=0A= # qjail/work/qjail-1.0/examples/nullmailer-example=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/etc=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/usr=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/usr/local=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc=0A= # = qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=0A= # = qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer= /remotes=0A= # qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor=0A= # qjail/work/qjail-1.0/examples/default=0A= # qjail/work/qjail-1.0/examples/default/etc=0A= # qjail/work/qjail-1.0/examples/default/etc/make.conf=0A= # qjail/work/qjail-1.0/examples/default/etc/periodic.conf=0A= # qjail/work/qjail-1.0/examples/default/etc/rc.conf=0A= # qjail/work/qjail-1.0/examples/default/usr=0A= # qjail/work/qjail-1.0/examples/default/usr/local=0A= # qjail/work/qjail-1.0/examples/default/usr/local/etc=0A= # qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers=0A= # qjail/work/qjail-1.0/examples/default/qjail.flavor=0A= # qjail/work/qjail-1.0/jail2=0A= # qjail/work/qjail-1.0/qjail.conf.sample=0A= # qjail/work/qjail-1.0/qjail.conf.8=0A= # qjail/work/qjail-1.0/qjail.8=0A= # qjail/work/qjail-1.0/qjail-intro.8=0A= # qjail/work/qjail-1.0/qjail=0A= # qjail/work/qjail-1.0/qjail2=0A= # qjail/work/qjail-1.0/pkg-plist=0A= # qjail/work/qjail-1.0/pkg-message=0A= # qjail/work/qjail-1.0/pkg-descr=0A= # qjail/work/qjail-1.0/distinfo=0A= # qjail/work/qjail-1.0/Makefile=0A= # qjail/work/.extract_done.qjail._usr_local=0A= # qjail/work/BSD=0A= # qjail/work/.license-catalog.mk=0A= # qjail/work/.license-report=0A= # qjail/work/.license_done.qjail._usr_local=0A= # qjail/work/.patch_done.qjail._usr_local=0A= # qjail/work/.configure_done.qjail._usr_local=0A= # qjail/work/.build_done.qjail._usr_local=0A= # qjail/work/.PLIST.mktmp=0A= # qjail/work/.PLIST.flattened=0A= # qjail/work/.PLIST.setuid=0A= # qjail/work/.PLIST.writable=0A= # qjail/work/.PLIST.objdump=0A= # qjail/work/.install_done.qjail._usr_local=0A= # qjail/distinfo=0A= #=0A= echo c - qjail=0A= mkdir -p qjail > /dev/null 2>&1=0A= echo x - qjail/Makefile=0A= sed 's/^X//' >qjail/Makefile << '7da10d06f45c8d9771da27572b9a6525'=0A= X# New ports collection makefile for: qjail=0A= X# Date created: July 22 2010=0A= X# Whom: Joe Barbish=0A= X#=0A= X# $FreeBSD$=0A= X=0A= XPORTNAME=3D qjail=0A= XPORTVERSION=3D 1.0=0A= XCATEGORIES=3D sysutils=0A= XMASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE}=0A= XMASTER_SITE_SUBDIR=3D qjail=0A= X#DISTFILES=3D qjail-1.0.tar.bz2=0A= X=0A= XMAINTAINER=3D qjail@a1poweruser.com=0A= XCOMMENT=3D Utility to quickly deploy and manage large numbers of jails=0A= X=0A= XLICENSE=3D BSD=0A= X=0A= XUSE_BZIP2=3D yes=0A= X=0A= XMAN8=3D qjail.8 qjail-intro.8 qjail.conf.8=0A= X=0A= XNO_BUILD=3D yes=0A= X=0A= Xdo-install:=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin/=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d/=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/jail2 ${PREFIX}/etc/rc.d/=0A= X ${CP} ${WRKSRC}/qjail.conf.sample ${PREFIX}/etc/=0A= X ${CP} ${WRKSRC}/qjail.8 ${MANPREFIX}/man/man8/=0A= X ${CP} ${WRKSRC}/qjail-intro.8 ${MANPREFIX}/man/man8/=0A= X ${CP} ${WRKSRC}/qjail.conf.8 ${MANPREFIX}/man/man8/=0A= X ${MKDIR} ${PREFIX}/share/examples/qjail=0A= X ${CP} -rfp ${WRKSRC}/examples/ ${PREFIX}/share/examples/qjail/=0A= X=0A= Xpost-install:=0A= X ${CAT} ${PKGMESSAGE}=0A= X=0A= X.include <bsd.port.mk>=0A= 7da10d06f45c8d9771da27572b9a6525=0A= echo x - qjail/pkg-descr=0A= sed 's/^X//' >qjail/pkg-descr << 'd05ede6e511e945409d9ec363b2f7453'=0A= XQjail [ q =3D quick ] is a 4th generation wrapper for the basic chroot = jail=0A= Xsystem that includes security and performance enhancements. Plus a new = level=0A= Xof "user friendliness" enhancements dealing with deploying just a few = jails or=0A= Xlarge jail environments consisting of 100's of jails.=0A= X=0A= XQjail requires no knowledge of the jail command usage. It uses "nullfs" = for=0A= Xread-only system binaries, sharing one copy of them with all the jails.=0A= X=0A= XUses "mdconfig" to create sparse image jails. Sparse image jails = provide a=0A= Xmethod to limit the total disk space a jail can consume, while only = occupying=0A= Xthe physical disk space of the sum size of the files in the image jail.=0A= X=0A= XAbility to assign ip address with their network device name,=0A= Xso aliases are auto created on jail start and auto removed on jail stop.=0A= X=0A= XAbility to create "ZONE"s of identical qjail systems, each with their = own=0A= Xgroup of jails.=0A= X=0A= XAbility to designate a portion of the jail name as a group prefix so = the =0A= Xcommand being executed will apply to only those jail names matching = that prefix.=0A= X=0A= XQjail reduces the complexities of jail deployments to the novice level. = It has=0A= Xa fully documented manpage written for easy comprehension. Details are = given=0A= Xto facilitate the use of qjail's capabilities to the fullest extent = possible.=0A= X=0A= XWWW: http://sourceforge.net/projects/qjail/=0A= d05ede6e511e945409d9ec363b2f7453=0A= echo x - qjail/pkg-plist=0A= sed 's/^X//' >qjail/pkg-plist << '86541871219192287f62aed437005027'=0A= Xetc/qjail.conf.sample=0A= Xetc/rc.d/jail2=0A= Xetc/rc.d/qjail2=0A= Xbin/qjail=0A= Xshare/examples/qjail/default/qjail.flavor=0A= Xshare/examples/qjail/default/etc/make.conf=0A= Xshare/examples/qjail/default/etc/periodic.conf=0A= Xshare/examples/qjail/default/etc/rc.conf=0A= Xshare/examples/qjail/default/usr/local/etc/sudoers=0A= Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A= Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A= Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A= Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A= X=0A= X@dirrm share/examples/qjail/default/usr/local/etc/=0A= X@dirrm share/examples/qjail/default/usr/local/=0A= X@dirrm share/examples/qjail/default/usr/=0A= X@dirrm share/examples/qjail/default/etc/=0A= X@dirrm share/examples/qjail/default/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/=0A= X@dirrm share/examples/qjail/=0A= 86541871219192287f62aed437005027=0A= echo x - qjail/pkg-message=0A= sed 's/^X//' >qjail/pkg-message << '52855aef6c8b745fc2678a3da244739a'=0A= X*=0A= X*=0A= X************************************************************************= *******=0A= X* = *=0A= X* Use the qjail utility to deploy small or large numbers of jails = quickly. *=0A= X* = *=0A= X* Issue this command on the console command line first "man = qjail-intro" *=0A= X* = *=0A= X* After reading that do "man qjail" for the usage details. = *=0A= X* = *=0A= X************************************************************************= *******=0A= X*=0A= X*=0A= 52855aef6c8b745fc2678a3da244739a=0A= echo c - qjail/work=0A= mkdir -p qjail/work > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0=0A= mkdir -p qjail/work/qjail-1.0 > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples=0A= mkdir -p qjail/work/qjail-1.0/examples > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example > /dev/null = 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example/etc=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/etc > = /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail > = /dev/null 2>&1=0A= echo x - = qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf=0A= sed 's/^X//' = >qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf = << 'e59f3f30d2ee098b0e47a1b133bb77de'=0A= X# replace sendmail with nullmailer=0A= Xsendmail /usr/local/libexec/nullmailer/sendmail=0A= Xsend-mail /usr/local/libexec/nullmailer/sendmail=0A= Xmailq /usr/local/libexec/nullmailer/mailq=0A= e59f3f30d2ee098b0e47a1b133bb77de=0A= echo x - qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf=0A= sed 's/^X//' = >qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf << = '20e7b9a2c95dfaee39ca477e454ef2c6'=0A= X# Pretuned by American Freebsd Software Engineer=0A= X=0A= X# No network interfaces in jails=0A= Xnetwork_interfaces=3D""=0A= X=0A= X# Prevent rpc=0A= Xrpcbind_enable=3D"NO"=0A= X=0A= X# Prevent loads of jails doing their cron jobs at the same time=0A= Xcron_flags=3D"$cron_flags -J 15"=0A= X=0A= X# Prevent syslog to open sockets=0A= Xsyslogd_flags=3D"-ss"=0A= X=0A= X# Prevent sendmail to try to connect to localhost=0A= Xsendmail_enable=3D"NO"=0A= Xsendmail_submit_enable=3D"NO"=0A= Xsendmail_outbound_enable=3D"NO"=0A= Xsendmail_msp_queue_enable=3D"NO"=0A= X=0A= X# Bring up sshd, it takes some time and uses some entropy on first = startup=0A= X# sshd_enable=3D"YES"=0A= X=0A= X# Enable nullmailer for external mail delivery=0A= Xnullmailer_enable=3D"YES"=0A= X=0A= 20e7b9a2c95dfaee39ca477e454ef2c6=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr > = /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr/local=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr/local > = /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc=0A= mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc = > /dev/null 2>&1=0A= echo c - = qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=0A= mkdir -p = qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer= > /dev/null 2>&1=0A= echo x - = qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer= /remotes=0A= sed 's/^X//' = >qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmaile= r/remotes << '4075f385d341ed87d46f76c6a8fe6d82'=0A= X# example smtp route=0A= X# 127.0.0.1 smtp=0A= 4075f385d341ed87d46f76c6a8fe6d82=0A= echo x - qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor=0A= sed 's/^X//' = >qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor << = '4e7d16ce1e7cf2f7ce450ea31b42203d'=0A= X#!/bin/sh=0A= X#=0A= X# BEFORE: DAEMON=0A= X#=0A= X# qjail flavour=0A= X=0A= X# install nullmailer port=0A= Xcd /usr/ports/mail/nullmailer=0A= Xyes | make install=0A= Xhostname > /usr/local/etc/nullmailer/me=0A= 4e7d16ce1e7cf2f7ce450ea31b42203d=0A= echo c - qjail/work/qjail-1.0/examples/default=0A= mkdir -p qjail/work/qjail-1.0/examples/default > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/default/etc=0A= mkdir -p qjail/work/qjail-1.0/examples/default/etc > /dev/null 2>&1=0A= echo x - qjail/work/qjail-1.0/examples/default/etc/make.conf=0A= sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/make.conf << = '65e0948c5ac953a72ee072f1176dd2d3'=0A= XWRKDIRPREFIX=3D /var/ports=0A= XDISTDIR=3D /var/ports/distfiles=0A= XPACKAGES=3D /var/ports/packages=0A= XINDEXDIR=3D /var/ports=0A= 65e0948c5ac953a72ee072f1176dd2d3=0A= echo x - qjail/work/qjail-1.0/examples/default/etc/periodic.conf=0A= sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/periodic.conf << = '39a3027f9d3cf6517548d06af3f4920b'=0A= Xdaily_output=3D"/var/log/daily.log"=0A= Xweekly_output=3D"/var/log/weekly.log"=0A= Xmonthly_output=3D"/var/log/monthly.log"=0A= Xdaily_status_security_output=3D"/var/log/daily_status_security.log"=0A= Xdaily_status_network_enable=3D"NO"=0A= Xdaily_status_security_ipfwlimit_enable=3D"NO"=0A= Xdaily_status_security_ipfwdenied_enable=3D"NO"=0A= Xweekly_whatis_enable=3D"NO" # our jails are read-only /usr=0A= 39a3027f9d3cf6517548d06af3f4920b=0A= echo x - qjail/work/qjail-1.0/examples/default/etc/rc.conf=0A= sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/rc.conf << = 'e8a0ce16a779e5a80091b83d9e5a8263'=0A= X# Pretuned by American Freebsd Software Engineer=0A= X=0A= X# No network interfaces in jails=0A= Xnetwork_interfaces=3D""=0A= X=0A= X# Prevent rpc=0A= Xrpcbind_enable=3D"NO"=0A= X=0A= X# Prevent loads of jails doing their cron jobs at the same time=0A= Xcron_flags=3D"$cron_flags -J 60"=0A= Xcron_flags=3D"$cron_flags -j 60"=0A= X=0A= X# Prevent syslog to open sockets=0A= Xsyslogd_flags=3D"-ss"=0A= X=0A= X# Prevent sendmail to try to connect to localhost=0A= Xsendmail_enable=3D"NO"=0A= Xsendmail_submit_enable=3D"NO"=0A= Xsendmail_outbound_enable=3D"NO"=0A= Xsendmail_msp_queue_enable=3D"NO"=0A= X=0A= X# Bring up sshd, it takes some time and uses some entropy on first = startup=0A= X# sshd_enable=3D"YES"=0A= e8a0ce16a779e5a80091b83d9e5a8263=0A= echo c - qjail/work/qjail-1.0/examples/default/usr=0A= mkdir -p qjail/work/qjail-1.0/examples/default/usr > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/default/usr/local=0A= mkdir -p qjail/work/qjail-1.0/examples/default/usr/local > /dev/null 2>&1=0A= echo c - qjail/work/qjail-1.0/examples/default/usr/local/etc=0A= mkdir -p qjail/work/qjail-1.0/examples/default/usr/local/etc > /dev/null = 2>&1=0A= echo x - qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers=0A= sed 's/^X//' = >qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers << = '349feedf0669d917a3b5c5c625b244b2'=0A= X# sudoers file.=0A= X#=0A= X# This file MUST be edited with the 'visudo' command as root.=0A= X#=0A= X# See the sudoers man page for the details on how to write a sudoers = file.=0A= X#=0A= X=0A= X# Host alias specification=0A= X=0A= X# User alias specification=0A= X=0A= X# Cmnd alias specification=0A= X=0A= X# Defaults specification=0A= X=0A= X# Runas alias specification=0A= X=0A= X# User privilege specification=0A= Xroot ALL=3D(ALL) ALL=0A= X=0A= X# Uncomment to allow people in group wheel to run all commands=0A= X%wheel ALL=3D(ALL) ALL=0A= X=0A= X# Same thing without a password=0A= X# %wheel ALL=3D(ALL) NOPASSWD: ALL=0A= X=0A= X# Samples=0A= X# %users ALL=3D/sbin/mount /cdrom,/sbin/umount /cdrom=0A= X# %users localhost=3D/sbin/shutdown -h now=0A= 349feedf0669d917a3b5c5c625b244b2=0A= echo x - qjail/work/qjail-1.0/examples/default/qjail.flavor=0A= sed 's/^X//' >qjail/work/qjail-1.0/examples/default/qjail.flavor << = 'f2e13aba781a2f0481eda4e8d92724d1'=0A= X#!/bin/sh=0A= X#=0A= X# BEFORE: DAEMON=0A= X#=0A= X# the is the qjail.flavor first time jail start configuration script.=0A= X#=0A= X# After creating the new jail and before starting it for the first time,=0A= X# you can edit this script to customize the jail to your liking.=0A= X#=0A= X# This qjail.flavor script is part of the default flavor and=0A= X# gets run on first start of the jail no mater if you make changes =0A= X# to it or not.=0A= X#=0A= X# Groups=0A= X#########=0A= X#=0A= X# You will probably start with some groups your users should be in=0A= X=0A= X# pw groupadd -q -n coders # -g 1004=0A= X# pw groupadd -q -n sales # -g 1005=0A= X=0A= X# Users=0A= X########=0A= X#=0A= X# You might want to add some users. The password is to be provided in = the=0A= X# encrypted form as found in /etc/master.passwd.=0A= X# The example password here is "admin"=0A= X# Refer to crypt(3) and pw(8) for more information=0A= X=0A= X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A= X# pw useradd -n admin -u 1001 -s /bin/sh -m -d /home/admin -G wheel -c = 'Admin User' -H 0=0A= X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A= X# pw useradd -n saag -u 1002 -s /bin/sh -m -d /home/saag -G coders -c = 'Mutton Saag' -H 0=0A= X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A= X# pw useradd -n mac -u 1002 -s /bin/sh -m -d /home/mac -G sales -c 'Big = Mac' -H 0=0A= X#=0A= X# Example of having password assigned right in the script.=0A= X#pw adduser test -g wheel -c "FBSD test" -d /home/test -h 0 << EOD=0A= X#testpw=0A= X#EOD=0A= X=0A= X=0A= X# Files=0A= X########=0A= X#=0A= X# You can give premission to files for users just created=0A= X=0A= X# chown -R admin:coders /usr/local/cvsroot=0A= X# chown -R admin:sales /usr/local/nfs/sales=0A= X=0A= X=0A= X# Postinstall=0A= X##############=0A= X#=0A= X# Your own stuff here, for example set login shells that were only=0A= X# installed just before.=0A= X=0A= X# Please note, that for all network related stuff like ports,=0A= X# package remote fetching, etc. you need a sane /etc/resolv.conf=0A= X# in you jailname directory tree. Here another method is shown for=0A= X# installing packages=0A= X=0A= X# chpass -s /usr/local/bin/bash admin=0A= X# pkg_add -r pico=0A= X# cd /usr/ports/sysutils/screen && make install=0A= f2e13aba781a2f0481eda4e8d92724d1=0A= echo x - qjail/work/qjail-1.0/jail2=0A= sed 's/^X//' >qjail/work/qjail-1.0/jail2 << = '7de5d3d87e129c730a6d4f52cad6ec34'=0A= X#!/bin/sh=0A= X#=0A= X# $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.2.1 2009/10/25 01:10:29 = kensmith Exp $=0A= X#=0A= X=0A= X# PROVIDE: jail=0A= X# REQUIRE: LOGIN cleanvar=0A= X# BEFORE: securelevel=0A= X# KEYWORD: nojail shutdown=0A= X=0A= X# WARNING: This script deals with untrusted data (the data and=0A= X# processes inside the jails) and care must be taken when changing the=0A= X# code related to this! If you have any doubt whether a change is=0A= X# correct and have security impact, please get the patch reviewed by=0A= X# the FreeBSD Security Team prior to commit.=0A= X=0A= X. /etc/rc.subr=0A= X=0A= Xname=3D"jail"=0A= Xrcvar=3D`set_rcvar`=0A= Xstart_cmd=3D"jail_start"=0A= Xstop_cmd=3D"jail_stop"=0A= X=0A= X# init_variables _j=0A= X# Initialize the various jail variables for jail _j.=0A= X#=0A= Xinit_variables()=0A= X{=0A= X _j=3D"$1"=0A= X=0A= X if [ -z "$_j" ]; then=0A= X warn "init_variables: you must specify a jail"=0A= X return=0A= X fi=0A= X=0A= X eval _rootdir=3D\"\$jail_${_j}_rootdir\"=0A= X _devdir=3D"${_rootdir}/dev"=0A= X _fdescdir=3D"${_devdir}/fd"=0A= X _procdir=3D"${_rootdir}/proc"=0A= X eval _hostname=3D\"\$jail_${_j}_hostname\"=0A= X eval _ip=3D\"\$jail_${_j}_ip\"=0A= X eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=0A= X eval _exec=3D\"\$jail_${_j}_exec\"=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval = _exec_prestart${i}=3D\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_pres= tart${i}}}\"=0A= X [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X eval _exec_start=3D\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"=0A= X=0A= X i=3D1=0A= X while : ; do=0A= X eval = _exec_afterstart${i}=3D\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_= afterstart${i}}}\"=0A= X [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval = _exec_poststart${i}=3D\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_po= ststart${i}}}\"=0A= X [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval = _exec_prestop${i}=3D\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_presto= p${i}}}\"=0A= X [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X eval _exec_stop=3D\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval = _exec_poststop${i}=3D\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_post= stop${i}}}\"=0A= X [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X if [ -n "${_exec}" ]; then=0A= X # simple/backward-compatible execution=0A= X _exec_start=3D"${_exec}"=0A= X _exec_stop=3D""=0A= X else=0A= X # flexible execution=0A= X if [ -z "${_exec_start}" ]; then=0A= X _exec_start=3D"/bin/sh /etc/rc"=0A= X if [ -z "${_exec_stop}" ]; then=0A= X _exec_stop=3D"/bin/sh /etc/rc.shutdown"=0A= X fi=0A= X fi=0A= X fi=0A= X=0A= X # The default jail ruleset will be used by rc.subr if none is = specified.=0A= X eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"=0A= X eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"=0A= X [ -z "${_devfs}" ] && _devfs=3D"NO"=0A= X eval = _fdescfs=3D\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"=0A= X [ -z "${_fdescfs}" ] && _fdescfs=3D"NO"=0A= X eval _procfs=3D\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"=0A= X [ -z "${_procfs}" ] && _procfs=3D"NO"=0A= X=0A= X eval _mount=3D\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"=0A= X [ -z "${_mount}" ] && _mount=3D"NO"=0A= X # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is = specified.=0A= X eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"=0A= X [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"=0A= X eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"=0A= X [ -z "${_flags}" ] && _flags=3D"-l -U root"=0A= X eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"=0A= X [ -z "${_consolelog}" ] && = _consolelog=3D"/var/log/jail_${_j}_console.log"=0A= X eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"=0A= X=0A= X # Debugging aid=0A= X #=0A= X debug "$_j devfs enable: $_devfs"=0A= X debug "$_j fdescfs enable: $_fdescfs"=0A= X debug "$_j procfs enable: $_procfs"=0A= X debug "$_j mount enable: $_mount"=0A= X debug "$_j hostname: $_hostname"=0A= X debug "$_j ip: $_ip"=0A= X jail_show_addresses ${_j}=0A= X debug "$_j interface: $_interface"=0A= X debug "$_j fib: $_fib"=0A= X debug "$_j root: $_rootdir"=0A= X debug "$_j devdir: $_devdir"=0A= X debug "$_j fdescdir: $_fdescdir"=0A= X debug "$_j procdir: $_procdir"=0A= X debug "$_j ruleset: $_ruleset"=0A= X debug "$_j fstab: $_fstab"=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_prestart${i}:-''}\"=0A= X if [ -z "$out" ]; then=0A= X break=0A= X fi=0A= X debug "$_j exec pre-start #${i}: ${out}"=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X debug "$_j exec start: $_exec_start"=0A= X=0A= X i=3D1=0A= X while : ; do=0A= X eval out=3D\"\${_exec_afterstart${i}:-''}\"=0A= X=0A= X if [ -z "$out" ]; then=0A= X break;=0A= X fi=0A= X=0A= X debug "$_j exec after start #${i}: ${out}"=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_poststart${i}:-''}\"=0A= X if [ -z "$out" ]; then=0A= X break=0A= X fi=0A= X debug "$_j exec post-start #${i}: ${out}"=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_prestop${i}:-''}\"=0A= X if [ -z "$out" ]; then=0A= X break=0A= X fi=0A= X debug "$_j exec pre-stop #${i}: ${out}"=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X debug "$_j exec stop: $_exec_stop"=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_poststop${i}:-''}\"=0A= X if [ -z "$out" ]; then=0A= X break=0A= X fi=0A= X debug "$_j exec post-stop #${i}: ${out}"=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X debug "$_j flags: $_flags"=0A= X debug "$_j consolelog: $_consolelog"=0A= X=0A= X if [ -z "${_hostname}" ]; then=0A= X err 3 "$name: No hostname has been defined for ${_j}"=0A= X fi=0A= X if [ -z "${_rootdir}" ]; then=0A= X err 3 "$name: No root directory has been defined for ${_j}"=0A= X fi=0A= X}=0A= X=0A= X# set_sysctl rc_knob mib msg=0A= X# If the mib sysctl is set according to what rc_knob=0A= X# specifies, this function does nothing. However if=0A= X# rc_knob is set differently than mib, then the mib=0A= X# is set accordingly and msg is displayed followed by=0A= X# an '=3D" sign and the word 'YES' or 'NO'.=0A= X#=0A= Xset_sysctl()=0A= X{=0A= X _knob=3D"$1"=0A= X _mib=3D"$2"=0A= X _msg=3D"$3"=0A= X=0A= X _current=3D`${SYSCTL} -n $_mib 2>/dev/null`=0A= X if checkyesno $_knob ; then=0A= X if [ "$_current" -ne 1 ]; then=0A= X echo -n " ${_msg}=3DYES"=0A= X ${SYSCTL_W} 1>/dev/null ${_mib}=3D1=0A= X fi=0A= X else=0A= X if [ "$_current" -ne 0 ]; then=0A= X echo -n " ${_msg}=3DNO"=0A= X ${SYSCTL_W} 1>/dev/null ${_mib}=3D0=0A= X fi=0A= X fi=0A= X}=0A= X=0A= X# is_current_mountpoint()=0A= X# Is the directory mount point for a currently mounted file=0A= X# system?=0A= X#=0A= Xis_current_mountpoint()=0A= X{=0A= X local _dir _dir2=0A= X=0A= X _dir=3D$1=0A= X=0A= X _dir=3D`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`=0A= X [ ! -d "${_dir}" ] && return 1=0A= X _dir2=3D`df ${_dir} | tail +2 | awk '{ print $6 }'`=0A= X [ "${_dir}" =3D "${_dir2}" ]=0A= X return $?=0A= X}=0A= X=0A= X# is_symlinked_mountpoint()=0A= X# Is a mount point, or any of its parent directories, a symlink?=0A= X#=0A= Xis_symlinked_mountpoint()=0A= X{=0A= X local _dir=0A= X=0A= X _dir=3D$1=0A= X=0A= X [ -L "$_dir" ] && return 0=0A= X [ "$_dir" =3D "/" ] && return 1=0A= X is_symlinked_mountpoint `dirname $_dir`=0A= X return $?=0A= X}=0A= X=0A= X# secure_umount=0A= X# Try to unmount a mount point without being vulnerable to=0A= X# symlink attacks.=0A= X#=0A= Xsecure_umount()=0A= X{=0A= X local _dir=0A= X=0A= X _dir=3D$1=0A= X=0A= X if is_current_mountpoint ${_dir}; then=0A= X umount -f ${_dir} >/dev/null 2>&1=0A= X else=0A= X debug "Nothing mounted on ${_dir} - not unmounting"=0A= X fi=0A= X}=0A= X=0A= X=0A= X# jail_umount_fs=0A= X# This function unmounts certain special filesystems in the=0A= X# currently selected jail. The caller must call the init_variables()=0A= X# routine before calling this one.=0A= X#=0A= Xjail_umount_fs()=0A= X{=0A= X local _device _mountpt _rest=0A= X=0A= X if checkyesno _fdescfs; then=0A= X if [ -d "${_fdescdir}" ] ; then=0A= X secure_umount ${_fdescdir}=0A= X fi=0A= X fi=0A= X if checkyesno _devfs; then=0A= X if [ -d "${_devdir}" ] ; then=0A= X secure_umount ${_devdir}=0A= X fi=0A= X fi=0A= X if checkyesno _procfs; then=0A= X if [ -d "${_procdir}" ] ; then=0A= X secure_umount ${_procdir}=0A= X fi=0A= X fi=0A= X if checkyesno _mount; then=0A= X [ -f "${_fstab}" ] || warn "${_fstab} does not exist"=0A= X tail -r ${_fstab} | while read _device _mountpt _rest; do=0A= X case ":${_device}" in=0A= X :#* | :)=0A= X continue=0A= X ;;=0A= X esac=0A= X secure_umount ${_mountpt}=0A= X done=0A= X fi=0A= X}=0A= X=0A= X# jail_mount_fstab()=0A= X# Mount file systems from a per jail fstab while trying to=0A= X# secure against symlink attacks at the mount points.=0A= X#=0A= X# If we are certain we cannot secure against symlink attacks we=0A= X# do not mount all of the file systems (since we cannot just not=0A= X# mount the file system with the problematic mount point).=0A= X#=0A= X# The caller must call the init_variables() routine before=0A= X# calling this one.=0A= X#=0A= Xjail_mount_fstab()=0A= X{=0A= X local _device _mountpt _rest=0A= X=0A= X while read _device _mountpt _rest; do=0A= X case ":${_device}" in=0A= X :#* | :)=0A= X continue=0A= X ;;=0A= X esac=0A= X if is_symlinked_mountpoint ${_mountpt}; then=0A= X warn "${_mountpt} has symlink as parent - not mounting from = ${_fstab}"=0A= X return=0A= X fi=0A= X done <${_fstab}=0A= X mount -a -F "${_fstab}"=0A= X}=0A= X=0A= X# jail_show_addresses jail=0A= X# Debug print the input for the given _multi aliases=0A= X# for a jail for init_variables().=0A= X#=0A= Xjail_show_addresses()=0A= X{=0A= X local _j _type alias=0A= X _j=3D"$1"=0A= X alias=3D0=0A= X=0A= X if [ -z "${_j}" ]; then=0A= X warn "jail_show_addresses: you must specify a jail"=0A= X return=0A= X fi=0A= X=0A= X while : ; do=0A= X eval _addr=3D\"\$jail_${_j}_ip_multi${alias}\"=0A= X if [ -n "${_addr}" ]; then=0A= X debug "${_j} ip_multi${alias}: $_addr"=0A= X alias=3D$((${alias} + 1))=0A= X else=0A= X break=0A= X fi=0A= X done=0A= X}=0A= X=0A= X# jail_extract_address argument=0A= X# The second argument is the string from one of the _ip=0A= X# or the _multi variables. In case of a comma separated list=0A= X# only one argument must be passed in at a time.=0A= X# The function alters the _type, _iface, _addr and _mask variables.=0A= X#=0A= Xjail_extract_address()=0A= X{=0A= X local _i=0A= X _i=3D$1=0A= X=0A= X if [ -z "${_i}" ]; then=0A= X warn "jail_extract_address: called without input"=0A= X return=0A= X fi=0A= X=0A= X # Check if we have an interface prefix given and split into=0A= X # iFace and rest.=0A= X case "${_i}" in=0A= X *\|*) # ifN|.. prefix there=0A= X _iface=3D${_i%%|*}=0A= X _r=3D${_i##*|}=0A= X ;;=0A= X *) _iface=3D""=0A= X _r=3D${_i}=0A= X ;;=0A= X esac=0A= X=0A= X # In case the IP has no interface given, check if we have a global one.=0A= X _iface=3D${_iface:-${_interface}}=0A= X=0A= X # Set address, cut off any prefix/netmask/prefixlen.=0A= X _addr=3D${_r}=0A= X _addr=3D${_addr%%[/ ]*}=0A= X=0A= X # Theoretically we can return here if interface is not set,=0A= X # as we only care about the _mask if we call ifconfig.=0A= X # This is not done because we may want to santize IP addresses=0A= X # based on _type later, and optionally change the type as well.=0A= X=0A= X # Extract the prefix/netmask/prefixlen part by cutting off the address.=0A= X _mask=3D${_r}=0A= X _mask=3D`expr "${_mask}" : "${_addr}\(.*\)"`=0A= X=0A= X # Identify type {inet,inet6}.=0A= X case "${_addr}" in=0A= X *\.*\.*\.*) _type=3D"inet" ;;=0A= X *:*) _type=3D"inet6" ;;=0A= X *) warn "jail_extract_address: type not identified"=0A= X ;;=0A= X esac=0A= X=0A= X # Handle the special /netmask instead of /prefix or=0A= X # "netmask xxx" case for legacy IP.=0A= X # We do NOT support shortend class-full netmasks.=0A= X if [ "${_type}" =3D "inet" ]; then=0A= X case "${_mask}" in=0A= X /*\.*\.*\.*) _mask=3D" netmask ${_mask#/}" ;;=0A= X *) ;;=0A= X esac=0A= X=0A= X # In case _mask is still not set use /32.=0A= X _mask=3D${_mask:-/32}=0A= X=0A= X elif [ "${_type}" =3D "inet6" ]; then=0A= X # In case _maske is not set for IPv6, use /128.=0A= X _mask=3D${_mask:-/128}=0A= X fi=0A= X}=0A= X=0A= X# jail_handle_ips_option {add,del} input=0A= X# Handle a single argument imput which can be a comma separated=0A= X# list of addresses (theoretically with an option interface and=0A= X# prefix/netmask/prefixlen).=0A= X#=0A= Xjail_handle_ips_option()=0A= X{=0A= X local _x _action _type _i=0A= X _action=3D$1=0A= X _x=3D$2=0A= X=0A= X if [ -z "${_x}" ]; then=0A= X # No IP given. This can happen for the primary address=0A= X # of each address family.=0A= X return=0A= X fi=0A= X=0A= X # Loop, in case we find a comma separated list, we need to handle=0A= X # each argument on its own.=0A= X while [ ${#_x} -gt 0 ]; do=0A= X case "${_x}" in=0A= X *,*) # Extract the first argument and strip it off the list.=0A= X _i=3D`expr "${_x}" : '^\([^,]*\)'`=0A= X _x=3D`expr "${_x}" : "^[^,]*,\(.*\)"`=0A= X ;;=0A= X *) _i=3D${_x}=0A= X _x=3D""=0A= X ;;=0A= X esac=0A= X=0A= X _type=3D""=0A= X _iface=3D""=0A= X _addr=3D""=0A= X _mask=3D""=0A= X jail_extract_address "${_i}"=0A= X=0A= X # make sure we got an address.=0A= X case "${_addr}" in=0A= X "") continue ;;=0A= X *) ;;=0A= X esac=0A= X=0A= X # Append address to list of addresses for the jail command.=0A= X case "${_addrl}" in=0A= X "") _addrl=3D"${_addr}" ;;=0A= X *) _addrl=3D"${_addrl},${_addr}" ;;=0A= X esac=0A= X=0A= X # Configure interface alias if requested by a given interface=0A= X # and if we could correctly parse everything.=0A= X case "${_iface}" in=0A= X "") continue ;;=0A= X esac=0A= X case "${_type}" in=0A= X inet) ;;=0A= X inet6) ;;=0A= X *) warn "Could not determine address family. Not going" \=0A= X "to ${_action} address '${_addr}' for ${_jail}."=0A= X continue=0A= X ;;=0A= X esac=0A= X case "${_action}" in=0A= X add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias=0A= X ;;=0A= X del) # When removing the IP, ignore the _mask.=0A= X ifconfig ${_iface} ${_type} ${_addr} -alias=0A= X ;;=0A= X esac=0A= X done=0A= X}=0A= X=0A= X# jail_ips {add,del}=0A= X# Extract the comma separated list of addresses and return them=0A= X# for the jail command.=0A= X# Handle more than one address via the _multi option as well.=0A= X# If an interface is given also add/remove an alias for the=0A= X# address with an optional netmask.=0A= X#=0A= Xjail_ips()=0A= X{=0A= X local _action=0A= X _action=3D$1=0A= X=0A= X case "${_action}" in=0A= X add) ;;=0A= X del) ;;=0A= X *) warn "jail_ips: invalid action '${_action}'"=0A= X return=0A= X ;;=0A= X esac=0A= X=0A= X # Handle addresses.=0A= X jail_handle_ips_option ${_action} "${_ip}"=0A= X # Handle jail_xxx_ip_multi<N>=0A= X alias=3D0=0A= X while : ; do=0A= X eval _x=3D\"\$jail_${_jail}_ip_multi${alias}\"=0A= X case "${_x}" in=0A= X "") break ;;=0A= X *) jail_handle_ips_option ${_action} "${_x}"=0A= X alias=3D$((${alias} + 1))=0A= X ;;=0A= X esac=0A= X done=0A= X}=0A= X=0A= Xjail_start()=0A= X{=0A= X# echo -n 'Configuring jails:'=0A= X# echo -e 'Configuring jails:'=0A= X set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \=0A= X set_hostname_allow=0A= X set_sysctl jail_socket_unixiproute_only \=0A= X security.jail.socket_unixiproute_only unixiproute_only=0A= X set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \=0A= X sysvipc_allow=0A= X# echo '.'=0A= X=0A= X# echo -n 'Starting jails:'=0A= X# echo -e 'Starting jails:'=0A= X _tmp_dir=3D`mktemp -d /tmp/jail.XXXXXXXX` || \=0A= X err 3 "$name: Can't create temp dir, exiting..."=0A= X for _jail in ${jail_list}=0A= X do=0A= X init_variables $_jail=0A= X if [ -f /var/run/jail_${_jail}.id ]; then=0A= X# echo -n " [${_hostname} already running = (/var/run/jail_${_jail}.id exists)]"=0A= X echo -e "Already running. ${_hostname}"=0A= X=0A= X continue;=0A= X fi=0A= X _addrl=3D""=0A= X jail_ips "add"=0A= X if [ -n "${_fib}" ]; then=0A= X _setfib=3D"setfib -F '${_fib}'"=0A= X else=0A= X _setfib=3D""=0A= X fi=0A= X if checkyesno _mount; then=0A= X info "Mounting fstab for jail ${_jail} (${_fstab})"=0A= X if [ ! -f "${_fstab}" ]; then=0A= X err 3 "$name: ${_fstab} does not exist"=0A= X fi=0A= X jail_mount_fstab=0A= X fi=0A= X if checkyesno _devfs; then=0A= X # If devfs is already mounted here, skip it.=0A= X df -t devfs "${_devdir}" >/dev/null=0A= X if [ $? -ne 0 ]; then=0A= X if is_symlinked_mountpoint ${_devdir}; then=0A= X warn "${_devdir} has symlink as parent - not starting jail = ${_jail}"=0A= X continue=0A= X fi=0A= X info "Mounting devfs on ${_devdir}"=0A= X devfs_mount_jail "${_devdir}" ${_ruleset}=0A= X # Transitional symlink for old binaries=0A= X if [ ! -L "${_devdir}/log" ]; then=0A= X __pwd=3D"`pwd`"=0A= X cd "${_devdir}"=0A= X ln -sf ../var/run/log log=0A= X cd "$__pwd"=0A= X fi=0A= X fi=0A= X=0A= X # XXX - It seems symlinks don't work when there=0A= X # is a devfs(5) device of the same name.=0A= X # Jail console output=0A= X # __pwd=3D"`pwd`"=0A= X # cd "${_devdir}"=0A= X # ln -sf ../var/log/console console=0A= X # cd "$__pwd"=0A= X fi=0A= X if checkyesno _fdescfs; then=0A= X if is_symlinked_mountpoint ${_fdescdir}; then=0A= X warn "${_fdescdir} has symlink as parent, not mounting"=0A= X else=0A= X info "Mounting fdescfs on ${_fdescdir}"=0A= X mount -t fdescfs fdesc "${_fdescdir}"=0A= X fi=0A= X fi=0A= X if checkyesno _procfs; then=0A= X if is_symlinked_mountpoint ${_procdir}; then=0A= X warn "${_procdir} has symlink as parent, not mounting"=0A= X else=0A= X info "Mounting procfs onto ${_procdir}"=0A= X if [ -d "${_procdir}" ] ; then=0A= X mount -t procfs proc "${_procdir}"=0A= X fi=0A= X fi=0A= X fi=0A= X _tmp_jail=3D${_tmp_dir}/jail.$$=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_prestart${i}:-''}\"=0A= X [ -z "$out" ] && break=0A= X ${out}=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \=0A= X \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1=0A= X=0A= X if [ "$?" -eq 0 ] ; then=0A= X _jail_id=3D$(head -1 ${_tmp_jail})=0A= X i=3D1=0A= X while : ; do=0A= X eval out=3D\"\${_exec_afterstart${i}:-''}\"=0A= X=0A= X if [ -z "$out" ]; then=0A= X break;=0A= X fi=0A= X=0A= X jexec "${_jail_id}" ${out}=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X# echo -n " $_hostname"=0A= X echo -e "Started successfully. $_hostname"=0A= X tail +2 ${_tmp_jail} >${_consolelog}=0A= X echo ${_jail_id} > /var/run/jail_${_jail}.id=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_poststart${i}:-''}\"=0A= X [ -z "$out" ] && break=0A= X ${out}=0A= X i=3D$((i + 1))=0A= X done=0A= X else=0A= X jail_umount_fs=0A= X jail_ips "del"=0A= X# echo " cannot start jail \"${_jail}\": "=0A= X echo " cannot start jail \"${_jail}\": " echo = " cannot start jail \"${_jail}\": "=0A= X tail +2 ${_tmp_jail}=0A= X fi=0A= X rm -f ${_tmp_jail}=0A= X done=0A= X rmdir ${_tmp_dir}=0A= X# echo '.'=0A= X}=0A= X=0A= Xjail_stop()=0A= X{=0A= X# echo -n 'Stopping jails:'=0A= X# echo -e 'Stopping jails:'=0A= X for _jail in ${jail_list}=0A= X do=0A= X if [ -f "/var/run/jail_${_jail}.id" ]; then=0A= X _jail_id=3D$(cat /var/run/jail_${_jail}.id)=0A= X if [ ! -z "${_jail_id}" ]; then=0A= X init_variables $_jail=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_prestop${i}:-''}\"=0A= X [ -z "$out" ] && break=0A= X ${out}=0A= X i=3D$((i + 1))=0A= X done=0A= X=0A= X if [ -n "${_exec_stop}" ]; then=0A= X eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \=0A= X >> ${_consolelog} 2>&1=0A= X fi=0A= X killall -j ${_jail_id} -TERM > /dev/null 2>&1=0A= X sleep 1=0A= X killall -j ${_jail_id} -KILL > /dev/null 2>&1=0A= X jail_umount_fs=0A= X# echo -n " $_hostname"=0A= X echo -e "Stopped successfully. $_hostname"=0A= X=0A= X=0A= X i=3D0=0A= X while : ; do=0A= X eval out=3D\"\${_exec_poststop${i}:-''}\"=0A= X [ -z "$out" ] && break=0A= X ${out}=0A= X i=3D$((i + 1))=0A= X done=0A= X fi=0A= X jail_ips "del"=0A= X rm /var/run/jail_${_jail}.id=0A= X else=0A= X# echo " cannot stop jail ${_jail}. No jail id in = /var/run"=0A= X echo -e "Already stopped. ${_jail}"=0A= X fi=0A= X done=0A= X# echo '.'=0A= X}=0A= X=0A= Xload_rc_config $name=0A= Xcmd=3D"$1"=0A= Xif [ $# -gt 0 ]; then=0A= X shift=0A= Xfi=0A= Xif [ -n "$*" ]; then=0A= X jail_list=3D"$*"=0A= Xfi=0A= Xrun_rc_command "${cmd}"=0A= 7de5d3d87e129c730a6d4f52cad6ec34=0A= echo x - qjail/work/qjail-1.0/qjail.conf.sample=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail.conf.sample << = 'e9185b94f97dded71dadcec18ce87551'=0A= X#=0A= X# qjail.conf.sample file=0A= X#=0A= X# All these configuration options are hard coded in the qjail script.=0A= X# To permanently override any of the hard coded defaults, =0A= X# this qjail.conf.sample file has to be renamed qjail.conf and the = selected=0A= X# option statement un-commented. =0A= X#=0A= X#=0A= X# Note: If you want to alter the "jaildir" variable after =0A= X# running "qjail install" you will have to delete all your jails=0A= X# using "qjail delete" command and them "rm -rf /usr/jails/"=0A= X# before un-commenting it and running the "qjail install" command again.=0A= X#=0A= X# Location of jail root directories=0A= X# qjail_jaildir=3D/usr/jails=0A= X=0A= X#=0A= X# Note: If you want to alter the "archivedir" variable after running =0A= X# "qjail install" command you will have to create the directory at the =0A= X# new path and copy any archive files from the old location to the new =0A= X# or they will be un-accessable.=0A= X#=0A= X# This is the default location where ezjail archives its jails to=0A= X# qjail_archivedir=3D/usr/jails/archive=0A= X#=0A= X#=0A= X# Note: Altering the following variables take effect immediately.=0A= X#=0A= X# This is the flavor used by default when creating a new jail=0A= X# qjail_default_flavor=3D"default"=0A= X#=0A= X# Location of your copy of FreeBSD's source tree=0A= X# qjail_sourcetree=3D/usr/src=0A= X#=0A= X# Remote server the "qjail install" command uses to fetch its RELEASE = from =0A= X# distribution files from=0A= X# qjail_ftphost=3Dftp2.freebsd.org=0A= X#=0A= X##=0A= X# Logon command used by "qjail console" command=0A= X# qjail_default_execute=3D"/usr/bin/login -f root"=0A= X=0A= e9185b94f97dded71dadcec18ce87551=0A= echo x - qjail/work/qjail-1.0/qjail.conf.8=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail.conf.8 << = '4f18ae94e7a5df5b3be0e3ae7e24e062'=0A= X.Dd July 22, 2010=0A= X.Dt qjail.conf 8 =0A= X.Os=0A= X.Sh NAME=0A= X.Nm qjail.conf=0A= X.Nd The qjail default configuration file.=0A= X.Sh DESCRIPTION=0A= X\fBqjail.conf\fR contains the qjail environment defaults. In most=0A= Xcases the defaults do not need changing. It's recommended to use the=0A= Xdefaults. The defaults are hard coded in the qjail script. The = \fBqjail.conf\fR=0A= Xfile as delivered is located at \fB/usr/local/etc/qjail.conf.sample\fR = and is=0A= Xnot required for the qjail system to run. To make a permanent override=0A= Xto the defaults, you first must remove the .sample suffix.=0A= X.Sh PATH OPTIONS=0A= XIf you want to alter the "jaildir" variable after running "qjail = install" =0A= Xyou will have to delete all your jails using the "qjail delete" command =0A= Xand them "rm -rf /usr/jails/" before un-commenting it and running =0A= Xthe "qjail install" command again.=0A= X.Pp=0A= X qjail_jaildir =0A= X Location of qjail environment root directory=0A= X default: /usr/jails=0A= X.Pp=0A= XIf you want to alter the "archivedir" variable after running "qjail = install"=0A= Xyou will have to create the directory at the new path and copy any = archive=0A= Xfiles from the old location to the new or they will be un-accessable.=0A= X.Pp=0A= X qjail_archivedir =0A= X Archive location used by subcommands=0A= X archive, restore, and create.=0A= X default: /usr/jails/archive=0A= X.Pp=0A= XAltering the following variables take effect immediately. =0A= X.Pp=0A= X qjail_default_flavor =0A= X This is the flavor name used by default when creating=0A= X a new jail.=0A= X default: default=0A= X.Pp=0A= X qjail_sourcetree =0A= X Location of FreeBSD's source tree "qjail install" =0A= X command uses.=0A= X default: /usr/src=0A= X.Pp=0A= X qjail_ftphost=0A= X Remote server the "qjail install" command uses to fetch its =0A= X RELEASE distribution files from=0A= X default: ftp2.freebsd.org=0A= X.Pp=0A= X qjail_default_execute =0A= X Logon command used by "qjail console" command =0A= X default: /usr/bin/login -f root=0A= X=0A= X=0A= 4f18ae94e7a5df5b3be0e3ae7e24e062=0A= echo x - qjail/work/qjail-1.0/qjail.8=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail.8 << = '9fb8cfec62881def0155bbd4d72a9aa6'=0A= X.Dd July 22, 2010=0A= X.Dt qjail 8=0A= X.Os=0A= X.Sh NAME=0A= X.Nm qjail=0A= X.Nd Utility for deployment of large jail environments =0A= X.Sh SYNOPSIS=0A= X.Nm=0A= Xinstall [-z zone] [-mMsS] [-h host] [-r release] =0A= X.Nm=0A= Xcreate [-z zone] [-a archive] [-f flavor] [-i -s size] =0A= X [-D duplicate# -I ] [-n interface] jailname jailip=0A= X.Nm=0A= Xlist [-z zone] [jailname...]=0A= X.Nm=0A= Xstart [-z zone] [jailname...]=0A= X.Nm=0A= Xstop [-z zone] [jailname...]=0A= X.Nm=0A= Xrestart [-z zone] [jailname...]=0A= X.Nm=0A= Xconsole [-z zone] [-e] jailname=0A= X.Nm=0A= Xarchive [-z zone] [-A] [jailname...]=0A= X.Nm=0A= Xdelete [-z zone] [-A] [jailname...]=0A= X.Nm=0A= Xrestore [-z zone] [-f] [jailname...]=0A= X.Nm=0A= Xconfig [-z zone] [-r run|norun -A] [-n newname] =0A= X [-i newip] [-c newnic] [jailname...]=0A= X.Nm=0A= Xupdate [-z zone] [-b] [-p] =0A= X.Nm=0A= Xhelp [manual]=0A= X.Sh DESCRIPTION=0A= X.hy 0=0A= XThe \fBqjail\fR utility is used to manage the qjail environment=0A= Xand all the jails inside the qjail scope. Qjail's administration ease=0A= Xdoes not evaporate as jails deployed grow beyond 15 jails. For the =0A= Xdeployment of a large number of jails, qjail provides two facilities=0A= Xdesigned to make their management easy. The First facility is the group =0A= Xprefix selection ability, which is advantageous in managing both small=0A= Xand large jail deployments. The group prefix equal sign "=3D" wildcard =0A= Xused on the jailname allows for management of jails based on common =0A= Xjailname group prefixes. The second facility is qjail's ability to =0A= Xcreate multiple unique jail environments, thus providing another=0A= Xmethod to group common jails together for easier management. A large =0A= Xdeployment of hundreds of jails is possible if your host system =0A= Xresources are adequate and a jail naming convention is used to =0A= Xsegregate jails into manageable groups. =0A= X.Pp=0A= XThis utility deploys two different jail types. The first type is based =0A= Xon a Directory tree. This type has unlimited disk space growth = potential,=0A= Xit shares the host's disk space. The jail will never run out of space =0A= Xuntil the host does. The second type is based on a sparse image file.=0A= XA sparse file is one that occupies only the sum size of its contents,=0A= Xnot it's allocation size. IE; a sparse file allocated size of 5M, but =0A= Xonly having 7 files, each 1k in size, only occupies 7k of physical disk=0A= Xspace. As content is added, additional physical disk space is occupied=0A= Xup to the 5M allocation ceiling. The sparse file is mounted as a memory = disk =0A= Xusing the mdconfig command and populated with the directory tree content=0A= Xof a jail. This configuration is called a sparse image jail. It's major=0A= Xbenefits is it provides a way to put a hard limit on the maximum amount=0A= Xof disk space a jail can consume. This provides an addition level of =0A= Xprotection to the host from intentional or unintentional run-a-way=0A= Xprocesses inside of a jail consuming disk space until the host system = dies.=0A= X.Pp=0A= XFollowing the command "qjail" is the function sub-command. Each =0A= Xfunction sub-command has its own list of unique options. It's executed =0A= Xfrom /usr/local/bin/ and is a command interpreter Bourne type (shell) =0A= Xscript. =0A= X.Sh qjail install=0A= X.hy 0=0A= XThis function sub-command allocates the directory structure used by = qjail=0A= Xand populates the basejail with a pristine copy of the running binaries=0A= Xmatching the FreeBSD RELEASE version running on the host system. By =0A= Xdefault it will fetch the RELEASE distribution files from a pool of=0A= XFreeBSD FTP servers. This behavior may be overridden through the use of=0A= Xthe -h file:// option. Installing with out any options selected is the=0A= Xequivalent of selecting the \fBminimal system\fR distribution set from=0A= Xsysinstall. =0A= X.Pp=0A= XAs part of the install process the /usr/jails/flavors directory is=0A= Xallocated. The /usr/local/share/example/qjail/default file that's=0A= Xdistributed with the qjail port is copied to the /usr/jails/flavors=0A= Xdirectory. These customized host files are copied to=0A= X/usr/jails/flavor/default to facilitate usage. /etc/resolv.conf =0A= X/etc/localtime =0A= X.Pp=0A= XThis command can be run any time to add the sources, or man pages, if = not=0A= Xdone on the initial run. It can also be used to rebuild the basejail and=0A= Xthe newjail template from scratch while not disturbing the existing=0A= Xjails. If rebuilding using a newer major RELEASE, IE: 7.2 to 8.0, then =0A= Xremember, all existing jails that have ports or packages in them will =0A= Xneed them updated to versions compatible with the new marjor RELEASE =0A= Xversion. If going from a subversion to a newer subversion within the = same=0A= Xmarjor RELEASE, IE: 8.0 to 8.1, then there is no need to update your =0A= Xinstalled ports/packages. =0A= X =0A= X.Pp=0A= XThe default location for qjail's basejail is \fB/usr/jails\fR, so be = sure you=0A= Xhave enough space there, a FreeBSD base Release without man pages,=0A= Xsources and ports is around 145MB.=0A= X.Pp=0A= XThe options are as follows:=0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode this option to create multiple unique jailed environments.=0A= XThe coded zone value is appended to /usr/jail as /usr/jail.zone=0A= Xand to /usr/local/etc/fstab.qjail.zone and =0A= X/usr/local/etc/qjail.zone which uniquely segregates the qjail=0A= Xenvironments. All ". - /" in the zone name are converted to "_"=0A= Xunderscores to standardize zone names. All the other qjail = sub-commands =0A= X"MUST" code the same zone value to process against =0A= Xthe zone created here. If absent /usr/jail and = /usr/local/etc/fstab.qjail =0A= Xand /usr/local/etc/qjail/ is used.=0A= X.It Fl m=0A= XThat's a lower case letter "m". Fetch and install the man pages=0A= Xwhile installing the base system. (10MB)=0A= X.It Fl s=0A= XThat's a lower case letter "s". Fetch and install the sources=0A= Xwhile installing the base system (510MB). The downloaded sources=0A= Xare populated under the basejail directory tree location =0A= X/usr/src. Note: Normally the sources are never installed. This=0A= Xoption is intended for those rare cases where a jail is going to=0A= Xbe used for FreeBSD education purposes. =0A= X.It Fl M=0A= XThat's a upper case letter "M". Behaves just like it's lower case = pendants, =0A= Xbut disables (re)installing the basejail, used to add man pages if not =0A= Xselected on original install.=0A= X.It Fl S=0A= XThat's a upper case letter "S". Behaves just like it's lower case = pendants, =0A= Xbut disables (re)installing the basejail, used to add sources if not =0A= Xselected on original install.=0A= X.It Fl h=0A= XThe remote host to fetch FreeBSD RELEASES from. If absent the =0A= Xdefault host ftp2.freebsd.org is used. You may change the default using =0A= Xthe -h ftp7.freebsd.org option or permanently changed by using the =0A= X\fBqjail.conf\fR file.=0A= XRead this for complete list of FTP servers to choose from.=0A= Xwww.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html =0A= X.Pp=0A= XIf -h contains \fBfile://\fR you can target any of three RELEASE = sources =0A= Xas the source to populate the basejail from. That could be the mounted =0A= Xdisc1 cdrom, or the downloaded disc1.iso file, or the downloaded = RELEASE =0A= Xdirectories. =0A= X.It Fl r =0A= XFreeBSD ftp-servers do NOT provide release candidates or CURRENT=0A= Xbuilds, just "offical" RELEASES. You can use the -r option to =0A= Xspecify a next newer "offical" RELEASE on the command line to build =0A= Xbasejail with that RELEASE version. The -r value has to be coded =0A= Xusing this format: X.X-RELEASE; where X.X would be the "offical" =0A= Xrelease number. IE; 8.0-RELEASE. When the -r option is coded, the =0A= XFTP server will be logged into a maximum of 5 times, each time =0A= Xchecking a different path for the -r value you entered. These are =0A= Xthe directory paths inspected for your -r value.=0A= Xpub/FreeBSD/releases/i386/ pub/FreeBSD/snapshot/i386/ pub/FreeBSD/i386/=0A= Xreleases/i386/ snapshots/i386/ if a match is not found, the -r value you=0A= Xentered is not valid.=0A= X.Pp=0A= XIf the -r is absent from the command, the default OS version to be = fetched=0A= Xis what ever "uname -r" shows on the host system, if it matches the =0A= XX.X-RELEASE format. On a non-match the FTP server is accessed for a = list of=0A= Xavailable X.X-RELEASE names you can select from.=0A= X.El=0A= X.Sh qjail install examples=0A= X.hy 0=0A= X1. qjail install (without any options)=0A= X The RELEASE system binaries used to populate the basejail will=0A= X be fetched from an FreeBSD FTP server and be the same RELEASE =0A= X version as the host. No man pages or source files are =0A= X downloaded. Some times at the publication of a new RELEASE =0A= X version, the FTP server may become so busy that the download =0A= X gets timed out or connection is refused because of too many =0A= X current users. RE-issuing the command will start the FTP =0A= X download from the beginning again.=0A= X.Pp=0A= X2. qjail install -r 8.1-RELEASE=0A= X Same behavior as above, except the next newer RELEASE will be =0A= X fetched from an FreeBSD FTP server and used to populate the =0A= X basejail. No man pages or source files are downloaded. =0A= X=0A= X.Pp=0A= X3. qjail install -m -s -h ftp6.freebsd.org=0A= X Same behavior as above, except the "man pages" and sources =0A= X used to populate the basejail will also be fetched from the =0A= X FreeBSD ftp server specified in the -h option.=0A= X.Pp=0A= X4. mount /cdrom=0A= X qjail install -z env1 -m -h file:///cdrom/8.0-RELEASE=0A= X Use this option to target a mounted disc1 RELEASE cdrom =0A= X as the source of the running binaries used to populate =0A= X the basejail. In addition the "man pages" will be installed=0A= X into the basejail. It's content also originating from the=0A= X mounted disc1 RELEASE cdrom. Plus a uniquely named qjail=0A= X zone is created named "env1". =0A= X.Pp=0A= X5. mdconfig -a -f /usr/8.0-RELEASE-i386-disc1.iso md0=0A= X mount -v -t cd9660 /dev/md0 /mnt=0A= X qjail install -m -s -h file:///mnt/8.0-RELEASE=0A= X If you downloaded the disc1.iso to /usr.=0A= X Use this option to target a mounted disc1.iso RELEASE file=0A= X as the source of the running binaries used to populate=0A= X the basejail. In addition the "man pages" and sources=0A= X will be installed into the basejail. Their content also =0A= X originating from the mounted disc1.iso RELEASE file.=0A= X.Pp=0A= X After the install completes, execute the following commands=0A= X to release the disc1.iso md0 file.=0A= X cd /usr=0A= X umount /mnt=0A= X mdconfig -d -u md0=0A= X.Pp=0A= X6. To fetch the RELEASE base files manually create the \fB.netrc\fR = file =0A= X in your user id's home directory (~/) and populate it with this. =0A= X NOTE; If you plan not to install manpages or source then remove them=0A= X from the $getdir statement.=0A= X machine ftp2.FreeBSD.org=0A= X login anonymous=0A= X password FBSD@home.com=0A= X macdef init=0A= X prompt off=0A= X cd /pub/FreeBSD/releases/i386/8.0-RELEASE=0A= X epsv4 off=0A= X $ getdir base kernels manpages src=0A= X quit=0A= X.Pp=0A= X macdef getdir=0A= X ! mkdir $i=0A= X mreget $i/*=0A= X.Pp=0A= X.Pp=0A= X Then issue these commands on the command line. If the FTP download =0A= X times out re-issue the FTP command again to resume where it left = off.=0A= X mkdir /usr/8.0-RELEASE=0A= X cd /usr/8.0-RELEASE=0A= X ftp -v ftp2.FreeBSD.org=0A= X.Pp=0A= X qjail install -h file:///usr/8.0-RELEASE=0A= X Use this option to target the 8.0-RELEASE files you FTP'ed=0A= X as the source of the running binaries used to populate=0A= X the basejail. =0A= X.Sh qjail create=0A= X.hy 0=0A= XCreates a new jail inside qjail's scope. It has great flexibility in=0A= Xcreating Directory Tree type jails and sparse file image type jails from=0A= Xthe newjail template or from a previously made archive file. This = coupled =0A= Xwith the ability to auto duplicate jails makes a easy and simple task =0A= Xto deploy a large number of jails quickly. During the =0A= X\fBqjail install\fR process the "default" flavor was automatically =0A= Xpopulated with the host files necessary for jail network access right =0A= Xfrom its first start up. By default all jails are flavored by the =0A= X"default" flavor, unless overridden with the -f option. Jailname and IP=0A= Xaddress are mandatory parameters.=0A= X.Pp=0A= XDuring the creation process three administration files are created = which are =0A= Xnecessary to interface with the FreeBSD jail command. They are=0A= X\fB/usr/local/etc/fstab.qjail.jailname\fR file and the=0A= X\fB/usr/local/etc/qjail/jailname\fR that holds the properties =0A= Xinformation describing the jail and the =0A= X\fB/usr/local/etc/qjail.global/jailname\fR file used by =0A= X\fB/etc/rc.d/qjail.sh\fR. =0A= X.Pp=0A= XThe options are as follows:=0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl a=0A= XYou can use an archive file as the template to create your new =0A= Xjail on. If just the archived jailname is coded, then the most =0A= Xcurrent archive file matching that jailname will be used as the =0A= Xsource. The full archive file name can also be coded. It's prefixed =0A= Xwith the jailname and has the date & time the archive =0A= Xwas created appended as a suffix. Coding the full archive file =0A= Xname is how you select an archive file other than the most current =0A= Xone. This option is normally used to clone multiple jails =0A= Xwith the same status as the archived jail has. If the -a flag =0A= Xis absent, the newjail template is used. Note: The -a and -f options=0A= Xcannot be used together. By design jails created from a archive file =0A= Xcannot be flavored. Use "ls /usr/jails/archive/" to list all archive =0A= Xfile names. =0A= X.Pp=0A= XAn archive of a image jail can be used to create a new directory tree =0A= Xjail or a new image jail with a larger sized sparse file image jail. =0A= XAn archive of a directory tree jail can be used to create a new =0A= Xdirectory tree jail or a new image jail. The -n interface nic name from =0A= Xthe archive file is dropped. The -n option has to be coded if one is =0A= Xdesired. =0A= X.It Fl f=0A= XUsing the \fBflavor\fR option you can apply an qjail flavor to your new =0A= Xjailname. If the -f flavor option is coded, the flavor directory =0A= Xtree is merged into the new jail's directory tree. If no flavor =0A= Xoption is coded, the "default" flavor is merged into the new =0A= Xjail's directory tree. Qjail has no function to delete unwanted =0A= Xflavor directories. It's the users responsibility to delete =0A= Xunwanted flavor's using the host's \fBrm -rf /user/jails/flavor/name\fR =0A= Xcommand. Note: The -f and -a options cannot be used together. By =0A= Xdesign jails created from a archive file cannot be flavored. The =0A= Xdefault flavor name "default" can be permanently changed using the =0A= X\fBqjail.conf\fR file. =0A= X.Pp=0A= XAs part of the "install" sub-command, a flavor base directory =0A= Xwas created as \fB/usr/jails/flavors\fR and populated with an single =0A= Xflavor named \fBdefault\fR. This "default" flavor contains 3 files =0A= Xcustomized for running in a jail (make.conf, periodic.conf, rc.conf).=0A= XOn inspection you will see that these files are in their normal = directory =0A= Xtree locations. When customizing your own flavors you have to manually =0A= Xcreate your own flavor directory tree populating it with your =0A= Xcustomized files in their correct paths for merging into the new jail.=0A= X.Pp=0A= XThe "default" flavor also contains the \fBqjail.flavor\fR script. This =0A= Xscript runs the first time the jail is started no matter if you =0A= Xmake changes to it or not and then deletes it's self. You may =0A= Xcustomize this script to do such things as "add user groups, add =0A= Xusers, chmod files, and do pkg_add's" with out internet access. =0A= XRead the "GENERAL QJAIL USAGE TIPS" section below about "SEED" =0A= Xjails for details on how to share a single copy of the package =0A= Xfile with multiple jails. =0A= X.Pp=0A= XWhen creating your own flavor always use the "default" flavor as your =0A= Xstarting base. =0A= X.Pp=0A= XA second sample flavor directory configuration resides under=0A= X\fB/usr/local/share/examples/qjail/nullmailer-example\fR. Some =0A= Xtypical jail initialization actions are demonstrated, and your=0A= Xencouraged to use it as a template for your flavors.=0A= X.It Fl D=0A= XUpper case "D". Enter a numeric number representing the number of =0A= Xtimes you want this jailname duplicated. A suffix number starting =0A= Xat one and incremented by one for each duplication is appended to=0A= Xeach newly created jailname. Any number greater than 100 is invalid.=0A= X.It Fl I=0A= XUpper case "I". Only valid when used with the -D option. This option =0A= Xincrements the last octet of the ip address by 1 for each repetition=0A= Xof the duplication cycle. If the last octet of the ip address coded=0A= Xon the command was .72, then on the first iteration it would be .73.=0A= XIf you wanted to start assigning ip address starting at 1, then code=0A= Xthe last octet of the ip address on the command with .0. =0A= X.It Fl i=0A= XLower case "i". When coded means create a sparse file image type jail.=0A= XWhen absent an directory tree type jail is created.=0A= X.It Fl s=0A= XLower case "s". Mandatory when the -i option is coded. This value=0A= Xis the allocation ceiling size of the sparse file. Only suffixes=0A= Xm|M for megabytes or g|G for gigabytes are valid entries. The sparse=0A= Ximage file has a .img suffix and resides in the jailname =0A= Xdirectory as a single file. When the image jail is stopped the =0A= Xjailname.img file will be visible. Issuing ls -lh jailname.img =0A= Xwill show you the allocated size, issuing du -h jailname.img =0A= Xwill show you the amount of space used. A jail exiting the create=0A= Xprocess without any packages being installed consumes 2.2M. If a=0A= Ximage jail should consume all of its disk space allocation, you can =0A= Xincrease it by following this procedure, archive it, delete it,=0A= Xand create it using the -a option using the image archive as input =0A= Xwith a larger -s value.=0A= X.It Fl n=0A= XThis is the "network interface name" servicing the jails ip address =0A= Xrange. If this option is coded, then when qjail starts the jail it=0A= Xwill pass this value to the FreeBSD jail script which automatically=0A= Xcreates an alias for the jails ip address on that "network interface=0A= Xname". When qjail stops the jail, the FreeBSD jail script will=0A= Xautomatically remove the alias. The benefit is you don't have to code=0A= Xall the possible jail ip address on the ifconfig command in =0A= X/etc/rc.conf for that "network interface name" as aliases. =0A= X.Pp=0A= XVery important CAUTIONARY note: If you assign the same ip address =0A= Xto more than a single jail and assign the same "network interface =0A= Xname", only a single alias is created for that ip address. If you =0A= Xshould stop one of the jails with that ip address, the alias is =0A= Xremoved and the remaining running jails with that ip address lose =0A= Xtheir network access instantly. Another thing to be aware of is =0A= Xthe LAN ip address range your DHCP server is dynamically = assigning.=0A= XDo not assign those ip address to jails or your LAN users =0A= Xwill instantly lose their network access when the jail is started=0A= Xand it's alias gets created. =0A= X.It \fBjailname\fR=0A= XOnly a single jailname is valid when the -D option is coded. If the =0A= X-D option is absent, then multiple jailnames separated by a space =0A= Xare allowed on the command. To better manage large jail deployments=0A= Xa jail naming convention that groups jails by common function or user=0A= Xgroups is advised. The maximum jailname size is 55 characters. The =0A= Xequal sign "=3D" is not valid in jailnames. Jailnames have to be unique=0A= Xacross all the zones. Just remember that you will be typing in this=0A= Xjailname or some prefix of it on all the sub-commands you use, so =0A= Xtry to keep the jailname short but meaningful.=0A= X.It \fBjailip\fR=0A= XThis is either a static IP address or a private IP address.=0A= XMore than a single IP address can be assigned to a jail. Multiple IP=0A= Xaddress have to be a list of IP address separated by a comma ","=0A= Xwithout spaces before or after. Example 10.0.0.2,10.0.0.3,10.0.0.4=0A= X.Pp=0A= XAccording to RFC 1918, you can use the following IP address ranges for=0A= Xprivate nets which will never be connected to the Internet.=0A= XThis is normally intended for Local Area Networks.=0A= X #=0A= X # 10.0.0.0 - 10.255.255.255=0A= X # 172.16.0.0 - 172.31.255.255=0A= X # 192.168.0.0 - 192.168.255.255=0A= X #=0A= X.Pp=0A= XStatic IP address (permanent, never changes) public Internet =0A= Xroutable IP addresses are assigned to you by your ISP. If you =0A= Xpurchased a continuous block of static public internet routable =0A= XIP address, then each jail could be assigned one of those individual =0A= XIP address from the block.=0A= X.Pp=0A= XNormally cable providers and DSL providers assign dynamic IP address.=0A= XThe assigned IP address may change when the lease time expires or you =0A= Xreboot your system. Use at your own risk.=0A= X.El=0A= X.Sh qjail create examples=0A= X.hy 0=0A= X1. qjail create -n rl0 webserver 10.0.10.2=0A= X This creates a new jail as \fB/usr/jails/webserver\fR=0A= X from the newjail template. The jailname you use to =0A= X reference it is \fBwebserver\fR. The auto alias function=0A= X is enabled.=0A= X.Pp=0A= X2. qjail create -n rl0 -f myflavor bld21a-floorA-cell01 10.0.10.2=0A= X This creates a new jail as = \fBusr/jails/bld21a-floorA-cell01\fR=0A= X from the newjail template and copies the myflavor =0A= X directory tree onto the bld21a-floorA-cell01 directory tree.=0A= X The auto alias function is enabled.=0A= X.Pp=0A= X3. qjail create -a cell-a prison-B 10.0.10.2=0A= X This creates a new jail as \fB/usr/jails/prison-B\fR=0A= X using the archive file named cell-a as the template directory =0A= X tree for the new jailname.=0A= X.Pp=0A= X4. qjail create -a cell-a -D 15 room 10.0.10.2=0A= X This creates a new jail as \fB/usr/jails/room-1\fR=0A= X using the archive file named cell-a as the template directory=0A= X tree for the new jailname, and then duplicates it 15=0A= X times. Creating jailnames room-1 through room-15.=0A= X.Pp=0A= X5. qjail create -D 15 room 10.0.10.2=0A= X This creates a new jail as \fB/usr/jails/room-1\fR=0A= X using the newjail template directory tree for the new = jailname, =0A= X and then duplicates it 15 times creating jailnames=0A= X room-1 through room-15.=0A= X.Pp=0A= X6. qjail create -n rl0 -D 15 -I room 10.0.10.20=0A= X This creates a new jail as \fB/usr/jails/room-1\fR=0A= X using the newjail template directory tree for the new = jailname,=0A= X and then duplicates it 15 times creating jailnames=0A= X room-1 through room-15.=0A= X At the same time the last octet of the ip address=0A= X 10.0.10.20 is incremented by one.=0A= X room-1 10.0.10.21 room-2 10.0.10.22 room-15 10.0.10.35 =0A= X The auto alias function is enabled.=0A= X.Pp=0A= X7. qjail create -n rl0 -D 15 -I -i -s 5m classroom 10.0.10.20=0A= X This creates a new sparse image jail as = \fB/usr/jails/classroom-1\fR=0A= X using the newjail template directory tree to populate the = image =0A= X jailname, and then duplicates it 15 times creating =0A= X jailnames classroom-1 through classroom-15.=0A= X At the same time the last octet of the ip address=0A= X 10.0.10.20 is incremented by one.=0A= X room-1 10.0.10.21 room-2 10.0.10.22 room-15 10.0.10.35=0A= X The auto alias function is enabled.=0A= X.Pp=0A= X8. qjail create -i -s 5m barroom 10.0.10.20=0A= X This creates a new sparse image jail as = \fB/usr/jails/barroom-1\fR=0A= X using the newjail template directory tree to populate the = image=0A= X jail with a maximum size of 10m.=0A= X.Pp=0A= X9. qjail create -a cell-a -i -s 5M room 10.0.10.2=0A= X This creates a new sparse image jail as \fB/usr/jails/room\fR=0A= X using the archive file named cell-a as the template directory=0A= X tree for populating the image jail.=0A= X.Pp =0A= X10. qjail create -z env1 -a cell-a -i -s 5M room 10.0.10.2=0A= X This does the same as the previous one except this jail is =0A= X being created in the "env1" zone.=0A= X.Sh qjail list=0A= X.hy 0=0A= XLists jails inside qjail's scope. They are shown by the order they=0A= Xstart up, as defined by rcorder.=0A= X.Pp=0A= XThe format of the listing is straightforward. The left most column is=0A= Xthe status flag consisting of 2 letter, the first letter can be a = \fB(D)\fR=0A= Xfor Directory tree based jail, or \fB(I)\fR for image file based jail, = the=0A= Xsecond letter can be a \fB(R)\fR meaning the jail is currently running,=0A= Xor a \fB(S)\fR meaning the jail is stopped. An optional third letter =0A= X\fB(N)\fR means the jail is in norun status. You use the =0A= X\fBqjail config\fR sub-command -r option to enable and disable the=0A= Xnorun setting.=0A= X.Pp=0A= XThe rest of the columns in the row is the jail's jid (only available if = the=0A= Xjail is started), the network interface device name, (You use the=0A= X\fBqjail config\fR sub-command -c option to change this setting), the=0A= Xjails IP address, and the jails jailname.=0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone. When this option=0A= Xis coded an addition heading "Jails in zone xxxx" displays right =0A= Xabove the normal heading. "xxxx" is the zone name.=0A= X.It \fBjailname\fR=0A= XIf absent all the jails are listed. Multiple jailnames separated =0A= Xby a space are allowed on the command. The group prefix option is =0A= Xenabled. xxxx=3D will cause only those jailnames matching the xxxx =0A= Xcharacters to be selected for processing. The equal sign "=3D" is =0A= Xthe wildcard symbol that signifies all the characters to its left=0A= Xare to be used to match on jailname to create a list of jailnames=0A= Xto be processed.=0A= X.El=0A= X.Sh qjail [start | stop | restart] jailname.....=0A= X.hy 0=0A= XWhen start, stop, or restart command is issued WITHOUT jailnames, all =0A= Xthe jails under qjail control are processed. When start, stop, or =0A= Xrestart command is issued WITH jailnames, only those jailnames are=0A= Xprocessed. A single line informational message is issued as each = jailname=0A= Xis processed saying \fBStarted successfully jailname\fR or =0A= X\fBAlready running jailname\fR or \fBStopped successfully jailname\fR =0A= Xor \fBAlready stopped jailname\fR or \fBBypassed norun status = jailname\fR.=0A= X.Pp=0A= X.Pp=0A= XThe options are as follows:=0A= X.Pp=0A= X \fBstart\fR Start all jails at once if jailname is absent.=0A= X.Pp=0A= X \fBstop\fR Stop all jails at once if jailname is absent.=0A= X.Pp=0A= X \fBrestart\fR Restart all jails at once if jailname is absent.=0A= X.Bl -tag -width indent=0A= X.It \fBjailname\fR=0A= XIf absent all the jails are listed. Multiple jailnames separated =0A= Xby a space are allowed on the command. The group prefix option is =0A= Xenabled for these sub-commands. xxxx=3D will cause only those =0A= Xjailnames matching the "xxxx" to be selected for processing. The =0A= Xequal sign "=3D" is the wildcard symbol that signifies all the =0A= Xcharacters to its left are to be used to match on jailname to =0A= Xcreate a list of jailnames to be processed. Use the qjail "list" =0A= Xsub-command to list all the jails under qjail's scope.=0A= X.El=0A= X.Sh qjail console=0A= X.hy 0=0A= XAttaches your \fBhost\fR console to the selected jail. You are logged = in as =0A= Xroot by default. The command line prompt shows the name of the jail and =0A= Xthe path. Entering \fBexit\fR will terminate the console. You can =0A= Xnot activate the jails console if the jail is not currently running. = This is=0A= Xintended for administration use only. Normally used to install ports or=0A= Xpackages and do other system customization. =0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl e=0A= XIf this is absent, the \fB/usr/bin/login -f root\fR command is executed =0A= Xlogging you in as root. A one time change to use the standard login = prompt=0A= Xto enter the user id and password of some user account all ready=0A= Xcreated in the jail can be accomplished by using this =0A= X\fB-e /usr/bin/login\fR option on the "console" command =0A= X(or) permanently changed using the \fBqjail.conf\fR file. =0A= X.It \fBjailname\fR=0A= XJailname is a mandatory parameter. Only a single jailname is valid. Use =0A= Xthe sub-command list to display list of all jailnames.=0A= X.El=0A= X.Sh qjail archive=0A= X.hy 0=0A= XCreates a backup of one, or all jails. The specified jails =0A= Xdirectory tree is backed up as a tar gzip file. The jails to be =0A= Xarchived are required to be in stopped mode before this "archive" =0A= Xcommand executes. The basejail and the newjail can also be archived, =0A= Xbut only when specified as the only jailname on the "archive" command. =0A= XThe archive file name is derived from jailname, with the date and time=0A= Xof the archive appended to the file name. The default archive directory=0A= Xis \fB/usr/jails/archive\fR. The name and location can be permanently =0A= Xchanged using the \fB/qjail.conf\fR file. =0A= X.Pp=0A= XThere is no qjail function to delete archive files. It's the users =0A= Xresponsibility to delete un-wanted archives using the host's \fBrm\fR = command.=0A= XIt's also the user responsibility to keep a log of archive file names =0A= Xwith a description of why the archive was created, so the correct =0A= Xarchive can be restored if desired. =0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl A=0A= XWhen used with no other parameters all jails are archived. Any other =0A= Xparameter coded with -A is an syntax error.=0A= X.It \fBjailname\fR=0A= XMultiple jailnames separated by a space are allowed on this command.=0A= XThe group prefix option is enabled. xxxx=3D will cause only those=0A= Xjailnames matching the xxxx character to be selected for processing.=0A= XThe equal sign "=3D" is the wildcard symbol that signifies all the=0A= Xcharacters to its left are to be used to match on jailname to=0A= Xcreate a list of jailnames to be processed. Jailname is a mandatory=0A= Xparameter. Jails in "norun" status are also candidates for archiving.=0A= X.Pp=0A= XIf jailname is \fBbasejail\fR or \fBnewjail\fR and it's the only =0A= Xjailname on the command, it will be archived. A basejail containing=0A= Xonly the minimum system install, takes less than one minute elapse =0A= Xtime to complete. A basejail containing manpages, sources and portsnap =0A= Xdownloaded ports tree may take up to 7 minutes elapse time to =0A= Xcomplete. newjail and all other jails with out any "desktop" =0A= Xinstalled takes less than 15 seconds elapse time to complete.=0A= XUse the sub-command list to display list of all jailnames. =0A= X.Pp=0A= XUse qjail restore to restore an archive.=0A= X.El=0A= X.Sh qjail delete=0A= X.hy 0=0A= XThis sub-function command totally removes the jailnames directory=0A= X\fB/usr/jails/jailname\fR, and its three administration control files=0A= X\fB/usr/local/etc/fstab.qjail.jailname\fR and = \fB/usr/local/etc/qjail/jailname\fR.=0A= Xand \fB/usr/local/etc/qjail.global.jailname\fR. The jailnames to be =0A= Xdeleted are required to be in stopped mode before=0A= Xthis "delete" command executes. =0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl A=0A= XThis option will delete all the jails under qjail's control. You=0A= Xare advised to archive all your jails before doing this.=0A= X.It \fBjailname\fR=0A= XMultiple jailnames separated by a space are allowed on this command.=0A= XThe group prefix option is enabled. xxxx=3D will cause only those =0A= Xjailnames matching the xxxx character to be selected for processing. =0A= XThe equal sign "=3D" is the wildcard symbol that signifies all the =0A= Xcharacters to its left are to be used to match on jailname to =0A= Xcreate a list of jailnames to be processed. Jailname is a mandatory =0A= Xparameter. Jails in "norun" status are NOT excluded from being deleted.=0A= X.El=0A= X.Sh qjail restore=0A= X.hy 0=0A= XCreates new jails from archive files. The default archive directory is=0A= X\fB/usr/jails/archive\fR. If a jail exists with the same jailname as the=0A= Xarchive being restored, the restore is terminated. You have to delete = the=0A= Xexisting matching jailname before you can restore it. Archived jails =0A= Xthat have "norun" status will be restored with "norun" status intact.=0A= XThe name and location of the archive directory can be permanently =0A= Xchanged using the \fBqjail.conf\fR file. =0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl f=0A= XBy design restore refuses to restore a archive file created on a = different =0A= Xhost system than the one the restore is running on. This means the = selected =0A= Xarchive file and the current basejail are of different RELEASE = versions. =0A= XUse the -f flag to force the restore of this archive file.=0A= X.It \fBjailname\fR =0A= XThe most current archive file matching the jailname will =0A= Xbe restored. To restore an older file you have to specify the full =0A= Xarchive file name with the date and time of the archive appended=0A= Xto it. Multiple jailnames separated by a space are allowed on the=0A= Xcommand. The group prefix option is enabled for this sub-command.=0A= Xxxxx=3D will cause only those jailnames matching the xxxx character=0A= Xto be selected for processing. The equal sign "=3D" is the wildcard=0A= Xsymbol that signifies all the characters to its left are to be =0A= Xused to match on jailname to create a list of jailnames to be =0A= Xprocessed. Jailname is a mandatory parameter. Use this command to=0A= X\fBls /usr/jails/archive/\fR to view all the full archive file names.=0A= X.Pp=0A= XIf jailname is \fBbasejail\fR or \fBnewjail\fR and it's the only = jailname on =0A= Xthe command, it will be restored. A basejail containing only the =0A= Xminimum system install, takes less than one minute elapse time to =0A= Xcomplete. A basejail with manpages, sources and full ports tree =0A= Xmay take up to 7 minutes elapse time to complete. The existing=0A= Xbasejail or newjail will be renamed before restoring begins to =0A= Xprevious.basejail and previous.newjail. =0A= X.El=0A= X.Sh qjail config=0A= X.hy 0=0A= XManage parameters of specific jails.=0A= X.Pp=0A= XThe options are as follows:=0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl r=0A= XIf qjail_enable=3D"YES" is present in the "host's" /etc/rc.conf =0A= Xfile, then all jails will be started when the system is booted.=0A= XYou can prevent this behavior by using the -r norun option on the =0A= Xjailnames you don't want auto started at boot time and re-enable =0A= Xboot auto start by using the -r run option on those jailnames.=0A= X.It Fl A=0A= XThis option is only valid when coded with option -r. When coded, =0A= Xjailnames are invalid. This -A option means to set "ALL" the =0A= Xjailnames to the "norun" status or the "run" status. =0A= X.It Fl n=0A= XThe new jailname you want to replace the selected jailname with. This =0A= Xchanges the jailname and the jails directory name that the jail is = known by.=0A= X.It Fl i=0A= XThe new IP address you want to replace the selected jailname IP address = with.=0A= X.It Fl c=0A= XThe new network interface device name you want to replace the =0A= Xselected jailname "NIC" network interface device name with. Coding = \fB-c null\fR will disable=0A= Xthe auto alias feature. Review the create sub-command -n option for = details.=0A= X.It \fBjailname\fR=0A= XFor the -c -r and -i options multiple jailnames separated by a =0A= Xspace are allowed on the command. The group prefix option is =0A= Xenabled. xxxx=3D will cause only those jailnames matching the xxxx =0A= Xcharacter to be selected for processing. The equal sign "=3D" is =0A= Xthe wildcard symbol that signifies all the characters to its left =0A= Xare to be used to match on jailname to create a list of jailnames =0A= Xto be processed. For the -n option only a single jailname is =0A= Xvalid. Jailname is a mandatory parameter. Use sub-command "list" =0A= Xto show a list of all jailnames.=0A= X.El=0A= X.Sh qjail update=0A= X.hy 0=0A= XThis update function provides the ability to add or update the ports=0A= Xcollection on basejail, and a method for synchronizing the host's=0A= Xsystem binaries and those of the \fBbasejail\fR.=0A= X.Bl -tag -width indent=0A= X.It Fl z=0A= XCode the same zone value used with the "install" sub-command to=0A= Xhave this sub-command process against that zone.=0A= X.It Fl b=0A= XThe basic requirement of FreeBSD jails is the jail environment=0A= Xand the host run the same version of the systems binaries. Since=0A= Xthe FreeBSD-update utility only inspects the host system to=0A= Xdetermine the systems RELEASE level it's not applicable in a=0A= Xjailed environment. Performing a make buildworld/installworld on=0A= Xbasejail's source is such a waste of effort and resources after=0A= Xhaving done this already for the host system. This option makes=0A= Xthe buildworld/installworld obsolete for the qjail environment.=0A= X.Pp=0A= XThis option deletes all the system binaries from the basejail and=0A= Xthem copies the host's system binaries to basejail. It's intended=0A= Xto be used after running the FreeBSD-update utility on the host=0A= Xto apply security updates or to upgrade the GENERIC host from one=0A= XRELEASE to another newer RELEASE, or after performing a make =0A= Xbuildworld/installworld on the host updating its system binaries. =0A= XBasically update the host and copy your work to the basejail getting =0A= Xboth environments synchronized.=0A= X.It Fl p=0A= XThis option Invokes the portsnap utility to fetch and =0A= Xextract a FreeBSD ports tree from portsnap.FreeBSD.org (475MB).=0A= X.Pp=0A= XPortsnap will initially download a compressed file containing the =0A= Xcomplete ports tree. Elapse download time greater than 15 minutes=0A= Xis normal. On it's initial execution, an extract is performed=0A= Xcreating the /usr/ports directory and populating it. Subsequent=0A= Xexecutions, the /usr/ports directory exists, so an update is done=0A= Xpopulating the /usr/ports directory tree with only things that=0A= Xhave been changed or added. This is portsnap's default behavior.=0A= XThis behavior can be somewhat modified by changing the content of=0A= Xthe hosts /etc/portsnap.conf file. Add REFUSE statements to =0A= Xselect the ports categories you don't want populated to your =0A= X/usr/ports directory tree. Ideal candidates are the non-English=0A= Xlanguages, astro, biology, cad, finance, games, math, mbone, and =0A= Xscience. From there you can select additional categories based on=0A= Xyour normal port usage. In the FreeBSD Handbook, See Appendix =0A= XA.6-Using Portsnap and Chapter 24.3 Portsnap: "A Ports Collection=0A= Xupdate tool" for more details or man portsnap.=0A= X.El=0A= X.Sh qjail help=0A= X.hy 0=0A= XThe "help" function displays the syntax of all the sub-commands.=0A= X.Bl -tag -width indent=0A= X.It \fBmanual\fR=0A= XThis Launches the man 8 qjail command to display the full manual.=0A= X.El=0A= X.Sh GENERAL QJAIL USAGE TIPS=0A= X.hy 0=0A= X.Pp=0A= X* After qjail is installed, a one-time boot is necessary to =0A= X synchronize FreeBSD's \fB/etc/rc.d/jail\fR script and qjail's =0A= X \fB/usr/local/etc/rc.d/qjail.sh\fR script together. =0A= X.Pp=0A= X* In environments where a large number of jails are deployed, it's =0A= X common for a few SEED jails to be used as the source to clone =0A= X all of the other jails from. Create your basic SEED jail using the=0A= X newjail template. You may wish to customize a flavor to contain any=0A= X desired /etc config files unique to that seed, and or pre-stage =0A= X pkg_add distribution files in the hosts /usr/packages/ directory so=0A= X they can be shared with any jail you want that package installed in=0A= X without that jail needing to wait for the download to complete.=0A= X Along with the parent package be sure to also include any dependant =0A= X packages the parent may auto fetch during its install. You have to=0A= X manually create the hosts /usr/packages/ directory. Then issue the=0A= X setenv PKGDIR "/usr/packages/" to create the pkg_add environment =0A= X variable, followed by pkg_add -nrK packageName to populate the=0A= X /usr/packages/ directory with the downloaded package files. Then=0A= X your pkg_add commands in the qjail.flavor script will not need =0A= X internet access to download the pkg_add distribution files, thus=0A= X drastically shorting the elapse time during it's one time =0A= X execution on the first time the SEED jail is started. This pkg_add=0A= X technique is also applicable to normal jails that all share the same=0A= X package usage. The pkg_add environment variable PKGDIR is not = carried=0A= X forward across "reboots" so adding it to you rc.conf is recommended.=0A= X Additionally you can start the SEED jails console and perform any=0A= X other customization if so desired. When you are satisfied with the =0A= X SEED's jail's configuration, archive it. Then use the SEED's = archive =0A= X file jailname in the -a option of the create sub-command so it's =0A= X used as the source template to create the other jails from. =0A= X Optionally you could use the -D and or -I options with the -a option=0A= X for mass duplication of jails based on that SEED configuration. =0A= X.Pp=0A= X* In the situation where you want "all" the jails that you EVER create=0A= X to have the same ports included as a standard, follow these steps. =0A= X After running the "qjail install" sub-command and before you start =0A= X creating all your production jails. Create a single directory tree =0A= X type "standard" jail and populate it with your selection of = standard =0A= X ports. When your satisfied with the "standard" jail, delete the =0A= X /usr/jails/newjail directory and copy the "standard" jail to create =0A= X a new /usr/jails/newjail directory. =0A= X \fBcp -rf /usr/jails/standard /usr/jails/newjail\fR=0A= X From that point on, all new jails created using the newjail template=0A= X will contain your standard ports.=0A= X.Pp=0A= X* The /etc/rc.conf in the default flavor has this statement;=0A= X \fBcron_flags=3D"$cron_flags -J 60"\fR This enables time jitter=0A= X for all /etc/crontab jobs run by the superuser, which on a =0A= X pristine jail environmemt is everything in the crontab file.=0A= X Time jitter works this way: Prior to executing commands in the=0A= X /etc/crontab file, cron will sleep a random number of seconds=0A= X in the range from 1 to 60 seconds. This option greatly helps =0A= X to reduce host system load spikes during moments when a =0A= X lot of cron jobs are likely to start at once, IE, at the =0A= X beginning of the first minute of each hour. Without this =0A= X statement in every deployed jail to randomly spread the =0A= X starting of cron tasks over the first minute, most likely=0A= X the host system would come to a darn near halt. The default=0A= X flavor has another customized configuration file just for=0A= X jails. The /etc/periodic.conf overrides the normal emailing =0A= X of reports and instead creates daily, weekly, and monthly =0A= X logs within each jails /var/log directory. These logs get =0A= X rotated and deleted as specified in the jails =0A= X /etc/newsyslog.conf. =0A= X.Pp=0A= X* Its a mandatory requirement of the FreeBSD "jail" system that the=0A= X host and the jails are both running the same version of the = operating=0A= X system binaries. First you have to get your host system running at =0A= X the newer RELEASE version. You can do the fresh install from scratch=0A= X method, or update your host's current RELEASE version by using the =0A= X Freebsd-update utility or cvs update your system source and make =0A= X buildworld/installworld. After the host is running the new RELEASE =0A= X version and before starting any qjail's. You can run the "install" =0A= X sub-command again and re-install with the newer RELEASE version=0A= X matching what is on the host, without disturbing the existing =0A= X installed jails, or run the "update" sub-command with the -b option =0A= X to copy the hosts operating system binaries to the basejail.=0A= X If going to a newer major RELEASE, IE: 6.4 to 7.1; 7.2 to 8.0;=0A= X then remember, all existing jails that have ports or packages in =0A= X them will need them updated to versions compatible with the new =0A= X major RELEASE version. On the other hand, if going from a =0A= X subversion to a newer subversion within the same major RELEASE, =0A= X IE: 7.1 to 7.2; 8.0 to 8.1, then there is no need to update your=0A= X installed ports/packages.=0A= X.Pp=0A= X* Each jail has a console log located in the host's /var/log/=0A= X directory named jail_*_console.log. Where "*" =3D jailname.=0A= X These logs don't grow much but if the jails are going to be =0A= X used long term, their names should be added to the hosts=0A= X /etc/newsyslog.conf so they get auto rotated and deleted.=0A= X You don't want some jail user to cause console messages and=0A= X flood the jails log until all the host's disk space is =0A= X consumed bring the host to a abrupt stop. =0A= X.Pp=0A= X* If you have qjail start a image jail, then the contents of its =0A= X sparse image file are accessible by the host system. From the host =0A= X you can "cd" into the image jails jailname directory and access =0A= X the directory tree there just like any other directory tree.=0A= X.Pp=0A= X* ICMP is disallowed by default for all jails. This is not a qjail=0A= X restriction, but a design default of the FreeBSD jail command. This =0A= X means the ping command will get "Operation not permitted." error =0A= X when issued from inside of a jail. =0A= X Read the manual for jail(8) for details.=0A= X.Pp=0A= X* Once your jail has public network access, (test with whois or dig) =0A= X then all your normal application install functions are available,=0A= X (ports tree update, cvs update, ports and package installs) right =0A= X from the jails console.=0A= X.Pp=0A= X* Jails in their current form (RELEASE-8.0) do not have a network = stack=0A= X of their own, so they can't have a firewall. The host's firewall and=0A= X network is in control. =0A= X.Pp=0A= X* If you want absolute control over starting your Jails. (IE. no boot =0A= X time auto-start of the jails), then don't put the = qjail_enable=3D"YES"=0A= X statement in the hosts rc.conf file.=0A= X.Pp=0A= X* If for whatever reason you want to completely delete the qjail=0A= X jail environment so you can start over with the install=0A= X sub-command from scratch, execute these commands;=0A= X \fBrm -rf /usr/jails\fR=0A= X \fBrm -rf /usr/local/etc/qjail\fR=0A= X \fBrm -rf /usr/local/etc/qjail.global\fR=0A= X \fBrm /usr/local/etc/fstab.*\fR=0A= X \fBrm /var/log/jail_*\fR=0A= X.Sh FILES=0A= X/usr/local/bin/qjail The main work horse =0A= X.br=0A= X/usr/local/etc/rc.d/qjail.sh start/stop/restart + boot time start =0A= X.br=0A= X/etc/rc.d/jail FreeBSD jail start/stopper=0A= X.br=0A= X/usr/local/etc/qjail.conf Changes defaults permanently=0A= X.br=0A= X/usr/local/etc/qjail/* Property record for each jail=0A= X.br=0A= X/usr/local/etc/qjail.global/* Property records for all zones=0A= X.br=0A= X/usr/local/etc/fstab.* basejail null mount record for each = jail=0A= X.br=0A= X/var/run/* Run id record for each started jail=0A= X.br=0A= X/var/log/jail_*_console.log * =3D jailname=0A= X.br=0A= X/usr/local/share/examples/qjail Example flavors=0A= X.br=0A= X/usr/jails/archive Location of qjail's archives=0A= X.br=0A= X/usr/jails/flavors Location of qjail's flavors=0A= X.Sh "SEE ALSO"=0A= Xqjail-intro(8), qjail.conf(8), jail(8), chroot(8), mount_nullfs(8),=0A= X.br=0A= Xmdconfig(8), devfs(5), fdescfs(5), procfs(5),=0A= X.br=0A= Xportsnap(8) freebsd-update(8)=0A= X.Sh AUTHOR=0A= X.An Joe Barbish=0A= X.Aq qjail@a1poweruser.com=0A= X=0A= 9fb8cfec62881def0155bbd4d72a9aa6=0A= echo x - qjail/work/qjail-1.0/qjail-intro.8=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail-intro.8 << = 'f36d28df9565f8c7591d42357c05b1dc'=0A= X.Dd July 22, 2010=0A= X.Dt quail-intro 8 USD=0A= X.Os=0A= X.Sh NAME=0A= X.Nm qjail-intro=0A= X.Nd Introduction to chroot directory tree, jails, and qjail.=0A= X.Sh DESCRIPTION=0A= X.hy 0=0A= XQjail [ q =3D quick ] is a \fB4th generation\fR wrapper for the basic = chroot jail =0A= Xsystem that includes security and performance enhancements. Plus a new =0A= Xlevel of \fB"user friendliness"\fR enhancements dealing with deploying = large =0A= Xjail environments, 100's of jails. Qjail requires no knowledge of the =0A= Xjail command usage. =0A= X.Sh OVERVIEW=0A= X.hy 0=0A= XThe original developers felt the need for a method to restrict a =0A= Xprocesses access to the host system resources so if it becomes =0A= Xcompromised the host system is protected from also being compromised. =0A= XThey achieved this goal with the "chroot" command which was in the =0A= Xoriginal 4.4BSD system, from which the current FreeBSD RELEASE is a = direct =0A= Xdescendant. This \fBfirst generation\fR "chroot" environment, made it = look =0A= Xlike the named directory was the "root" IE starting point; of a system =0A= Xdirectory tree. Just like "/" is to FreeBSD. In this basic incarnation, =0A= Xthe directory tree would just have the binaries necessary to form a =0A= Xenvironment for a single application such as apache web server. You = could =0A= Xhave multiple such "chroot" environments. They all shared the hosts =0A= Xnetwork and disk space. This trait continues into today's jail systems.=0A= XAs you can imagine, occupants of these basic "chroot's" influenced = users =0A= Xto stay at the RELEASE they were at because of the size of the task to =0A= Xredevelop them under a new RELEASE mixture of binaries. Jail = deployments =0A= Xof two were uncommon.=0A= X.Pp=0A= XThe jail utility appeared in FreeBSD 4.0. With this \fBsecond = generation\fR =0A= X"chroot" enhancement came the renaming of a "chroot" environment to a =0A= X"jail', the ability to assign ip address to a jail, auto starting jails=0A= Xat boot time, and a general shift in thought about the occupant of the =0A= Xjail. The customized streamline apache web server jail that had no way = too =0A= Xbe easily configured, progressed into a complete clone of the operating =0A= Xsystem with all the customizing options one is familiar with on the = host. =0A= XThe major shortcoming of this type jail system is each jail has it's = own =0A= Xcopy of the running system binaries. FreeBSD reserves a limited number = of =0A= Xcontrol structures for storing files and directories, called = \fBinodes\fR. =0A= XCreating a few jails consumes many of those valuable inodes, eventually =0A= Xpreventing the creation of new jails. Worse yet is each jail loads it's =0A= Xown copy of the running binaries into memory, which causes thrashing on =0A= Xthe swap device as memory pages are swapped in and out as the limited =0A= Xmemory is shared between the host and the jails. Besides consuming =0A= Xresources and creating performance degradation, this also causes a major=0A= Xadministration headache when wanting to update the host running system, =0A= Xbecause the host and the jails have to be running the same version of =0A= Xthe binaries. Jail deployments of four were uncommon.=0A= X.Pp=0A= XThen about RELEASE 5.4 the creative use of the nullfs command added the =0A= Xability for jails to share a single set of the running binaries between =0A= Xall the jails. This \fBthird generation\fR solution solved the = performance =0A= Xproblems of the second generation, but had it's own problems. Setting up=0A= Xa nullfs running binaries environment to support multiple jails was a =0A= Xundocumented manual one. Plus a second type of jail became available=0A= Xcalled an "image". The image jail introduced the ability to predefine = the =0A= Xamount of disk space a jail could consume. This was accomplished with = the =0A= Xmdconfig command, which mounts a flat file as a directory tree. Jail =0A= Xdeployments of 10 or more were uncommon. The administration of this = jail =0A= Xsystem type became increasing difficult with each newly added jail. =0A= X.Pp=0A= XDuring FreeBSD RELEASE 8.0, "qjail" was introduced which is a wrapper =0A= Xthat camouflages the underlying "jail" commands and automates those =0A= Xmanual setup steps into a single command. The nullfs mounted running =0A= Xbinaries as read-only files became the method forming the basic design =0A= Xof the "qjail" jail system. The functions necessary to manage jails = were =0A= Xcondensed into the following commands, "install" for installing an =0A= Xpristine copy of the RELEASE version of FreeBSD, the "create" command = to =0A= Xcreate both directory tree type jails and sparse image type jails. This =0A= Xincludes the ability to assign ip address with their network device = name, =0A= Xso aliases are auto created on jail start and auto removed on jail = stop. =0A= XAn archived seed jail pre-configured with ports can be used as the =0A= Xtemplate to form new jails. To make the deployment of many jails with =0A= Xthe same configuration, jails can be auto duplicated while at the same =0A= Xtime incrementing the last octet of the ip address. The archive, = restore =0A= Xand delete commands are commonly understood functions. The "update" =0A= Xcommand for using the portsnap command to populate a complete ports = tree, =0A= Xand the ability to copy the host's running binaries after a host = RELEASE =0A= Xupgrade. A "list" command to display the qjail jail status. The = "config" =0A= Xcommand can flag a jail as "norun" to exclude it from being auto = started =0A= Xat boot time. The norun / run status can be toggled back and forth on a =0A= Xsingle jail or all jails at once. Jails can be renamed and their ip =0A= Xaddress changed.=0A= X.Pp=0A= XQjail deploys two different jail types. The first type is based=0A= Xon a Directory tree. This type has unlimited disk space growth = potential,=0A= Xit shares the host's disk space. The jail will never run out of space=0A= Xuntil the host does. The second type is based on a sparse image file.=0A= XA sparse file is one that occupies only the sum size of its contents,=0A= Xnot it's allocation size. IE; a sparse file allocated size of 5M, but=0A= Xonly having 7 files, each 1k in size, only occupies 7k of physical disk=0A= Xspace. As content is added, additional physical disk space is occupied=0A= Xup to the 5M allocation ceiling. The sparse file is mounted as a memory = disk=0A= Xusing the mdconfig command and populated with the directory tree content=0A= Xof a jail. This configuration is called a sparse image jail. It's major=0A= Xbenefits is it provides a way to put a hard limit on the maximum amount=0A= Xof disk space a jail can consume. This provides an addition level of=0A= Xprotection to the host from intentional or unintentional run-a-way=0A= Xprocesses inside of a jail consuming disk space until the host system = dies.=0A= X.Pp=0A= XBut by far "qjail" greatest achievement to the advancement of jailed =0A= Xsystems, is the addition of "user-friendliness" that simplifies the =0A= Xmanagement of large deployments of hundreds of jails. This enhancement =0A= Xadds the ability to designate a portion of the jail name as a group =0A= Xprefix so the command being executed will apply to only those jail = names =0A= Xmatching that prefix. A simple jail naming convention allows the =0A= Xgrouping of like function jails together. The other advancement is the =0A= Xability to create different "zones" consisting of identical jail = systems =0A= Xeach with their own groups of jails.=0A= X.Pp=0A= XQjail reduces the complexities of large jail deployments to the novice =0A= Xlevel. Qjail has a fully documented manpage, which is a rarity in the =0A= XFreeBSD world. Details are given to facilitate the use of qjail's =0A= Xcapabilities to the fullest extent possible.=0A= X.Sh "QJAIL SYSTEM" =0A= X.hy 0=0A= XThe qjail system is comprised of three components, qjail, qjail.conf, = and =0A= Xthe qjail.sh boot time script.=0A= X.Pp=0A= X\fBqjail\fR is the main workhorse utility. It can install the qjail=0A= Xenvironment, create new jails, archive, restore, delete and update = jails, =0A= Xopen a jail console, and list the status of all the jails. See qjail(8) =0A= Xfor complete usage details.=0A= X.Pp=0A= X\fBqjail.conf\fR contains qjail environment defaults. In most cases the =0A= Xdefaults do not need changing. It's recommended to use the defaults. = The =0A= Xdefaults are hard coded in the qjail code. The \fBqjail.conf\fR file as =0A= Xdelivered is located at \fB/usr/local/etc/qjail.conf.sample\fR and is = not =0A= Xrequired for the qjail system to run. To make a permanent override to = the =0A= Xdefaults, you first must remove the .sample suffix. =0A= X.Pp=0A= X\fBqjail.sh\fR script is located at /usr/local/etc/rc.d/qjail.sh. It's = main =0A= Xpurpose is to start and stop jails when called by qjail. In addition it =0A= Xcan auto start all the jails at boot time. Adding = \fBqjail_enable=3D"YES"\fR =0A= Xto \fB/etc/rc.conf\fR will activate it.=0A= X.Pp=0A= X.Sh "SEE ALSO"=0A= Xqjail(8), qjail.conf(8), chroot(8), jail(8), mount_nullfs(8), = mdconfig(8) =0A= X.Sh AUTHOR=0A= X.An Joe Barbish =0A= X.Aq qjail@a1poweruser.com=0A= X=0A= f36d28df9565f8c7591d42357c05b1dc=0A= echo x - qjail/work/qjail-1.0/qjail=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail << = '433526c77a92f103ae7efdcc8d87ebf7'=0A= X#!/bin/sh=0A= X#=0A= X# Copyright 2010, Qjail project. All rights reserved.=0A= X#=0A= X# Redistribution and use in source and binary forms, with or without=0A= X# modification, are permitted provided that the following conditions=0A= X# are met:=0A= X# 1. Redistributions of source code must retain the above copyright=0A= X# notice, this list of conditions and the following disclaimer.=0A= X# 2. Redistributions in binary form must reproduce the above copyright=0A= X# notice, this list of conditions and the following disclaimer in the=0A= X# documentation and/or other materials provided with the = distribution.=0A= X#=0A= X# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' = AND=0A= X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE=0A= X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR = PURPOSE=0A= X# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE = LIABLE=0A= X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR = CONSEQUENTIAL=0A= X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE = GOODS=0A= X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)=0A= X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, = STRICT=0A= X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY = WAY=0A= X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF=0A= X# SUCH DAMAGE.=0A= X#=0A= X =0A= X################################=0A= X# Start of variable initialization.=0A= X# =0A= Xqjail_prefix=3D/usr/local=0A= Xqjail_cmd=3D`basename -- $0`=0A= Xqjail_etc=3D"${qjail_prefix}/etc"=0A= Xqjail_share=3D"${qjail_prefix}/share/qjail"=0A= Xqjail_examples=3D"${qjail_prefix}/share/examples/qjail"=0A= Xqjail_jailprops=3D"${qjail_etc}/qjail"=0A= Xqjail_jailprops_global=3D"${qjail_etc}/qjail.global"=0A= Xqjail_fstab=3D"${qjail_etc}/fstab.qjail"=0A= Xqjail_uglyperlhack=3D"YES"=0A= Xqjail_mount_enable=3D"YES"=0A= Xqjail_devfs_enable=3D"YES"=0A= Xqjail_devfs_ruleset=3D"devfsrules_jail"=0A= Xqjail_procfs_enable=3D"YES"=0A= Xqjail_fdescfs_enable=3D"YES"=0A= Xqjail_exec_start=3D"/bin/sh /etc/rc"=0A= X =0A= X# Read user customized qjail.conf file if there is one.=0A= X[ -f "${qjail_etc}/qjail.conf" ] && . "${qjail_etc}/qjail.conf"=0A= X =0A= X# Set these variables defaults to this if qjail.conf not found or=0A= X# override with "qjail.conf" values that are un-commented.=0A= X: ${qjail_jaildir=3D"/usr/jails"}=0A= X: ${qjail_archivedir=3D"${qjail_jaildir}/archive"}=0A= X: ${qjail_default_flavor=3D"default"}=0A= X: ${qjail_sourcetree=3D"/usr/src"}=0A= X: ${qjail_ftphost=3D"ftp2.freebsd.org"}=0A= X: ${qjail_default_execute=3D"/usr/bin/login -f root"}=0A= X =0A= Xqjail_newjail=3D"${qjail_jaildir}/newjail"=0A= Xqjail_basejail=3D"${qjail_jaildir}/basejail"=0A= Xqjail_fulljail=3D"${qjail_jaildir}/fulljail"=0A= Xqjail_tempjail=3D"${qjail_jaildir}/tempjail"=0A= Xqjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A= X =0A= Xqjail_dirlist=3D"bin boot lib libexec sbin usr/bin usr/include usr/lib = usr/src "=0A= Xqjail_dirlist=3D"${qjail_dirlist}usr/libdata usr/libexec usr/sbin = usr/share"=0A= X =0A= Xqjail_basesystem=3D"base"=0A= X =0A= X# amd64 needs some extra libs=0A= Xcase `uname -p` in amd64) qjail_dirlist=3D"${qjail_dirlist} usr/lib32"; = qjail_basesystem=3D"${qjail_basesystem} lib32";; esac=0A= X =0A= X# Usage command options messages.=0A= Xqjail_usage_commands=3D"${qjail_cmd} v1.0\n\=0A= XUsage: ${qjail_cmd} = [install|create|list|start|stop|restart|console|archive|\n\=0A= Xdelete|restore|config|update|help] {parameters}"=0A= Xqjail_usage_install=3D"Usage: ${qjail_cmd} install [-z zone] [-mMsS] = [-h host] [-r release]"=0A= Xqjail_usage_create=3D"Usage: ${qjail_cmd} create [-z zone] [-a = archive] [-f flavor] [-D duplicate# -I]\n\=0A= X [-n] [-i -s size] jailname jailip"=0A= Xqjail_usage_list=3D"Usage: ${qjail_cmd} list [-z zone] [jailname...]"=0A= Xqjail_usage_console=3D"Usage: ${qjail_cmd} console [-z zone] [-e] = jailname"=0A= Xqjail_usage_archive=3D"Usage: ${qjail_cmd} archive [-z zone] [-A] = [jailname...]"=0A= Xqjail_usage_delete=3D"Usage: ${qjail_cmd} delete [-z zone] [-A] = [jailname...]"=0A= Xqjail_usage_restore=3D"Usage: ${qjail_cmd} restore [-z zone] [-f] = [jailname...]"=0A= Xqjail_usage_config=3D"Usage: ${qjail_cmd} config [-z zone] [-r = run|norun -A] [-n newname] [-i newip]\n\=0A= X [-c newnic] jailname"=0A= Xqjail_usage_update=3D"Usage: ${qjail_cmd} update [-z zone] [-b] [-p]"=0A= Xqjail_usage_start=3D"Usage: ${qjail_cmd} start [-z zone] = [jailname...]"=0A= Xqjail_usage_stop=3D"Usage: ${qjail_cmd} stop [-z zone] [jailname...]"=0A= Xqjail_usage_restart=3D"Usage: ${qjail_cmd} restart [-z zone] = [jailname...]"=0A= Xqjail_usage_help=3D"Usage: ${qjail_cmd} help manual"=0A= X =0A= X# End of variable initialization.=0A= X################################=0A= X#=0A= X# Start of function definitions.=0A= X#=0A= X =0A= X# Define the bail out shortcut=0A= Xexerr () { echo -e "$*" >&2 ; exit 1; }=0A= X=0A= Xgroup-prefixing () {=0A= X =0A= X # Save the command line list of jailnames if any=0A= X qjail_cmdlist=3D$@=0A= X =0A= X if [ "${qjail_cmdlist}" ]; then=0A= X =0A= X # Check for group prefix.=0A= X qjail_group=3D$1=0A= X qjail_jailname=3D$1=0A= X =0A= X # Remove the =3D sign from the i/p value which designates this=0A= X # as a "group prefix", if its there.=0A= X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A= X =0A= X # Determine if this is a prefix request.=0A= X if [ "${qjail_jailname}" !=3D "${qjail_group}" ]; then=0A= X =0A= X # covert all - to _ in the prefix if there are any=0A= X qjail_group=3D`echo -n "${qjail_group}" | tr -c '[:alnum:]' _`=0A= X =0A= X =0A= X # The list, start/stop/restart, delete, archive and config = commands=0A= X # look in /usr/local/etc/qjail directory for matching jailnames. =0A= X =0A= X unset qjail_list=0A= X =0A= X for qjail in "${qjail_jailprops}/${qjail_group}"*; do=0A= X =0A= X test "${qjail}" =3D "${qjail_jailprops}/${qjail_group}*" \=0A= X && exerr "Error: No match for group prefix. ${qjail_group}" = =0A= X =0A= X # Strip off the path from in front of the file name=0A= X qjail_filename=3D${qjail##*/}=0A= X =0A= X # Accumulate file names into a list.=0A= X # qjail_filename variable has .norun suffix if present=0A= X qjail_list=3D"${qjail_list} ${qjail_filename}"=0A= X =0A= X done=0A= X =0A= X else=0A= X =0A= X # Process the jailnames on the command line, building a list of=0A= X # file names and check they are all valid.=0A= X =0A= X # Roll through the command line.=0A= X for qjail in $qjail_cmdlist; do=0A= X shift=0A= X =0A= X # Read the jails property record populating the environment = variables =0A= X # with the jails values.=0A= X fetch-property-info ${qjail}=0A= X =0A= X # Check for existence of jail in our records.=0A= X [ "${qjail_config}" ] || \=0A= X exerr "Error: Jail don't exist. ${qjail}"=0A= X =0A= X # Remove the directory path prefix.=0A= X qjail=3D${qjail_config##*/}=0A= X =0A= X # Accumulate file names into a list.=0A= X # qjail variable has .norun suffix if present.=0A= X qjail_list=3D"${qjail_list} ${qjail}"=0A= X =0A= X done=0A= X fi=0A= X else=0A= X # No jailnames on the command line, so Accumulate all the file = jailnames,=0A= X # jailnames will include the .norun suffix if present.=0A= X =0A= X [ -d "${qjail_jailprops}/" ] && \=0A= X cd "${qjail_jailprops}/" && qjail_list=3D`ls | xargs rcorder`=0A= X fi=0A= X}=0A= X =0A= Xwrite-property-info () {=0A= X =0A= X# Write everything we know about an qjail to config=0A= X =0A= X qjail_destconf=3D$1=0A= X qjail_sourceconf=3D$2=0A= X=0A= X (=0A= X if [ "${qjail_sourceconf}" ]; then=0A= X grep -E ^\# ${qjail_sourceconf}; echo=0A= X else=0A= X echo -e "# To specify the start up order of your qjails, use these = lines"=0A= X echo -e "# to create a Jail dependency tree. See rcorder(8) for = details."=0A= X echo -e "#\n# PROVIDE: standard_qjail\n# REQUIRE: \n# BEFORE: \n#\n"=0A= X fi=0A= X =0A= X# The _hostname , _ip, _rootdir ECT can not be changed. Those are = handles=0A= X# used by the /etc/rc.d/jail script, This script does not belong to = qjail.=0A= X# Its provided ar part of the official FreeBSD RELEASE. =0A= X# =0A= X echo export jail_${qjail_safename}_hostname=3D\"${qjail_jailname}\"=0A= X echo export jail_${qjail_safename}_ip=3D\"${qjail_ips}\"=0A= X echo export jail_${qjail_safename}_rootdir=3D\"${qjail_rootdir}\"=0A= X echo export = jail_${qjail_safename}_exec_start=3D\"${qjail_exec_start}\"=0A= X echo export jail_${qjail_safename}_exec_stop=3D\"${qjail_exec_stop}\"=0A= X echo export = jail_${qjail_safename}_mount_enable=3D\"${qjail_mount_enable}\"=0A= X echo export = jail_${qjail_safename}_devfs_enable=3D\"${qjail_devfs_enable}\"=0A= X echo export = jail_${qjail_safename}_devfs_ruleset=3D\"${qjail_devfs_ruleset}\"=0A= X echo export = jail_${qjail_safename}_procfs_enable=3D\"${qjail_procfs_enable}\"=0A= X echo export = jail_${qjail_safename}_fdescfs_enable=3D\"${qjail_fdescfs_enable}\"=0A= X echo export jail_${qjail_safename}_image=3D\"${qjail_image}\"=0A= X echo export jail_${qjail_safename}_imagetype=3D\"${qjail_imagetype}\"=0A= X echo export = jail_${qjail_safename}_interface=3D\"${qjail_nic_devicename}\"=0A= X echo export jail_${qjail_safename}_fstab=3D\"${qjail_fstab}\"=0A= X =0A= X ) > "${qjail_destconf}"=0A= X global_jailname=3D${qjail_destconf##*/}=0A= X cp "${qjail_destconf}" "${qjail_jailprops_global}/${global_jailname}"=0A= X} =0A= X =0A= X =0A= Xfetch-property-info () {=0A= X =0A= X# Read the jails property record /usr/local/etc/qjail/jailname =0A= X# populating the environment variables with the jails values. =0A= X =0A= X qjail_name=3D$1=0A= X =0A= X # Clean variables, prevent pollution.=0A= X unset qjail_jailname qjail_ips qjail_rootdir qjail_nic_devicename=0A= X unset qjail_exec_start qjail_exec_stop qjail_exec qjail_mount_enable=0A= X unset qjail_devfs_enable qjail_devfs_ruleset qjail_procfs_enable =0A= X unset qjail_fdescfs_enable qjail_id qjail_config qjail_fstab =0A= X =0A= X unset qjail_image qjail_imagetype =0A= X =0A= X qjail_safename=3D`echo -n "${qjail_name}" | tr -c '[:alnum:]' _`=0A= X =0A= X if [ -z "$2" ]; then=0A= X [ -e "${qjail_jailprops}/${qjail_safename}" ] && \=0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}" =0A= X [ -e "${qjail_jailprops}/${qjail_safename}.norun" ] && \=0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}.norun"=0A= X else=0A= X qjail_config=3D$2=0A= X fi=0A= X=0A= X [ "${qjail_config}" ] || return 0=0A= X =0A= X . "${qjail_config}"=0A= X eval qjail_jailname=3D\"\$jail_${qjail_safename}_hostname\"=0A= X eval qjail_ips=3D\"\$jail_${qjail_safename}_ip\"=0A= X eval qjail_rootdir=3D\"\$jail_${qjail_safename}_rootdir\"=0A= X =0A= X eval qjail_exec_start=3D\"\$jail_${qjail_safename}_exec_start\"=0A= X eval qjail_exec_stop=3D\"\$jail_${qjail_safename}_exec_stop\"=0A= X # fix backward compatibility issue=0A= X eval qjail_exec=3D\"\$jail_${qjail_safename}_exec\"=0A= X [ "${qjail_exec}" -a -z "${qjail_exec_start}" ] && = qjail_exec_start=3D${qjail_exec}=0A= X =0A= X eval qjail_mount_enable=3D\"\$jail_${qjail_safename}_mount_enable\"=0A= X eval qjail_devfs_enable=3D\"\$jail_${qjail_safename}_devfs_enable\"=0A= X eval qjail_devfs_ruleset=3D\"\$jail_${qjail_safename}_devfs_ruleset\"=0A= X eval qjail_procfs_enable=3D\"\$jail_${qjail_safename}_procfs_enable\"=0A= X eval = qjail_fdescfs_enable=3D\"\$jail_${qjail_safename}_fdescfs_enable\"=0A= X eval qjail_image=3D\"\$jail_${qjail_safename}_image\"=0A= X eval qjail_imagetype=3D\"\$jail_${qjail_safename}_imagetype\"=0A= X eval qjail_nic_devicename=3D\"\$jail_${qjail_safename}_interface\"=0A= X eval qjail_fstab=3D\"\$jail_${qjail_safename}_fstab\"=0A= X=0A= X=0A= X qjail_softlink=3D${qjail_jaildir}/`basename -- "${qjail_rootdir}"`=0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X =0A= X if [ "${qjail_image}" -a -L "${qjail_devicelink}" ]; then=0A= X # Fetch destination of soft link=0A= X qjail_device=3D`stat -f "%Y" ${qjail_devicelink}`=0A= X qjail_device_geom=3D${qjail_device#/dev/}=0A= X =0A= X # Add this device to the list of devices to be unmounted.=0A= X qjail_imagedevice=3D${qjail_device_geom}=0A= X =0A= X mount -p -v | grep -q -E = "^${qjail_devicelink}[[:space:]]+${qjail_rootdir}" && = qjail_attached=3D"YES"=0A= X mount -p -v | grep -q -E = "^${qjail_device}[[:space:]]+${qjail_rootdir}" && qjail_attached=3D"YES"=0A= X =0A= X # Stale device link detected. Remove and clean.=0A= X [ -z "${qjail_attached}" ] && unset qjail_device && rm -f = "${qjail_devicelink}"=0A= X fi=0A= X =0A= X [ -f "/var/run/jail_${qjail_safename}.id" ] && \=0A= X qjail_id=3D`cat /var/run/jail_${qjail_safename}.id` || return=0A= X jls | grep -q -E "^ +${qjail_id} " || unset qjail_id=0A= X} =0A= X =0A= Xdetach_images () {=0A= X =0A= X# Generic detach routine for image jails.=0A= X =0A= X # Avoid ending up inside mount point.=0A= X cd /=0A= X =0A= X # unmount and detach memory disc.=0A= X if [ "${qjail_imagedevice}" ]; then=0A= X umount "${qjail_rootdir}" > /dev/null 2> /dev/null=0A= X mdconfig -d -u "${qjail_imagedevice}" > /dev/null=0A= X [ "$1" =3D "keep" ] || rm -f "${qjail_image}"=0A= X fi=0A= X =0A= X # Remove soft link (which acts as a lock).=0A= X [ -e "/dev/${qjail_imagedevice}" ] || rm -f "${qjail_devicelink}"=0A= X =0A= X # This function is being called in case of error. Keep $? bad.=0A= X return 1=0A= X} =0A= X =0A= X#############################=0A= X# End of function definitions.=0A= X# "=0A= X =0A= X# This is the beginning of the script processing.=0A= X# Check that the first word after "qjail" is a sub-command.=0A= X =0A= X[ $# -gt 0 ] || exerr ${qjail_usage_commands}=0A= X =0A= Xcase "$1" in=0A= X =0A= X####jjbc#################### qjail CREATE ########################=0A= Xcreate)=0A= X =0A= X # Clean variables, prevent pollution.=0A= X unset qjail_rootdir qjail_fromarchive qjail_flavor qjail_config =0A= X unset qjail_bump_ip qjail_zone qjail_duplicate_times=0A= X =0A= X qjail_duplicate_count=3D000=0A= X =0A= X shift; while getopts f:a:n:D:s:z:Ii arg; do case ${arg} in=0A= X f) qjail_flavor=3D${OPTARG};;=0A= X a) qjail_fromarchive=3D${OPTARG};;=0A= X n) qjail_nic_devicename=3D${OPTARG};;=0A= X D) qjail_duplicate_times=3D${OPTARG};;=0A= X I) qjail_bump_ip=3D"YES";;=0A= X i) qjail_create_image=3D"YES";;=0A= X s) qjail_imagesize=3D${OPTARG};;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_create};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A= X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A= X qjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A= X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A= X fi =0A= X =0A= X qjail_name=3D$1; qjail_ips=3D$2=0A= X =0A= X # Need at least a name and an ip for new jail.=0A= X [ "${qjail_name}" -a "${qjail_ips}" -a $# -eq 2 ] || \=0A= X exerr ${qjail_usage_create}=0A= X =0A= X # Check that -i also has -s.=0A= X [ -n "${qjail_create_image}" -a -z "${qjail_imagesize}" ] \=0A= X && exerr "Error: Option -i requires option -s."=0A= X =0A= X # Check that -s was not coded without -i.=0A= X [ -z "${qjail_create_image}" -a -n "${qjail_imagesize}" ] \=0A= X && exerr "Error: Option -s requires option -i."=0A= X =0A= X # Check that -D value was entered and it's numeric.=0A= X if [ -n "${qjail_duplicate_times}" ]; then=0A= X if expr "${qjail_duplicate_times}" : "[0-9]*$" > /dev/null=0A= X then=0A= X # numeric let fall through =0A= X else=0A= X exerr "Error: Option -D requires a numeric value."=0A= X fi=0A= X =0A= X # Check that duplicate_times is not over limit.=0A= X [ "${qjail_duplicate_times}" -gt "100" ] \=0A= X && exerr "Error: -D value greater than the maximum of 100."=0A= X else=0A= X qjail_duplicate_times=3D0=0A= X fi=0A= X =0A= X ##### Start of check for valid image size value. #########=0A= X # =0A= X if [ "${qjail_imagesize}" ]; then=0A= X =0A= X # Check if entered value is alpha, IE missing numbers.=0A= X echo "${qjail_imagesize}" | grep "^[0-9]" > /dev/null=0A= X [ $? -ne 0 ] && exerr "Error: -s value missing numbers."=0A= X =0A= X # Only suffix of G|g or M|m are valid. g for gigabyte, m for = megabyte.=0A= X # Translate upper case characters to lower case.=0A= X qjail_imagesize=3D`echo "${qjail_imagesize}"| tr GM gm`=0A= X =0A= X # Only populate Timagesize if begins with digits and ends with g or = m omly.=0A= X unset qjail_Timagesize=0A= X qjail_Timagesize=3D`echo "${qjail_imagesize}" | sed -n = 's/^\([0-9]\{1,\}[gm]\)$/\1/p'`=0A= X [ -z "${qjail_Timagesize}" ] && \=0A= X exerr "Error: Invalid -s value. Only G|g or M|m suffix is = valid."=0A= X =0A= X # Calculate blocks. =0A= X value=3D`echo "${qjail_imagesize}"| \=0A= X sed -Ees:g:km:g -es:m:kk:g -es:k:"*2b":g -es:b:"*128w":g -es:w:"*4 = ":g -e"s:(^|[^0-9])0x:\1\0X:g" -ey:x:"*":|bc`=0A= X [ $? -eq 0 -a ${value} -gt 0 ] || \=0A= X exerr "Error: The image size you specified is invalid. = ${qjail_imagesize}"=0A= X =0A= X qjail_imageblockcount=3D`echo ${value} / 1048576 | bc`=0A= X =0A= X fi =0A= X =0A= X # Check, whether qjail has been set up correctly. Existence of=0A= X # qjail_basejail is the indicator.=0A= X # =0A= X [ -d "${qjail_basejail}" ] || exerr "Error: basejail does not exist."=0A= X =0A= X [ "${qjail_flavor}" -a "${qjail_fromarchive}" ] && \=0A= X exerr "Error: -a and -f invalid together."=0A= X =0A= X # The =3D sign in the jailname is reserved for group prefix processing=0A= X # so it can not be used as part of a jailname. Remove it if there. =0A= X =0A= X qjail_tjailname=3D`echo -n "${qjail_name}" | sed 's/=3D.*$//'`=0A= X =0A= X # Check for existence of =3D sign in jailname.=0A= X if [ "${qjail_tjailname}" !=3D "${qjail_name}" ]; then=0A= X exerr "Error: Equal sign is not valid in jailname. ${qjail_name}"=0A= X fi =0A= X =0A= X # Standardize jail names.=0A= X qjail_new_jailname=3D`echo -n "${qjail_name}" | tr '/~' '__'`=0A= X qjail_new_safename=3D`echo -n "${qjail_name}" | tr -c '[:alnum:]' _`=0A= X qjail_new_rootdir=3D"${qjail_jaildir}/${qjail_new_jailname}"=0A= X qjail_new_config=3D"${qjail_jailprops}/${qjail_new_safename}"=0A= X qjail_new_ips=3D"${qjail_ips}"=0A= X qjail_new_nic_devicename=3D"${qjail_nic_devicename}"=0A= X =0A= X # Has a qjail reserved directory name been coded on the command?=0A= X # =0A= X case ${qjail_new_jailname} in = basejail|newjail|fulljail|flavors|tempjail|archive) \=0A= X exerr "Error: This name is unavailable. ${qjail_new_jailname}";; esac=0A= X =0A= X # Check if new jailname is used already across any zones.=0A= X qjail_test_config=3D"${qjail_jailprops_global}/${qjail_new_safename}"=0A= X [ -e "${qjail_test_config}" -o -e "${qjail_test_config}.norun" ] && \=0A= X exerr "Error: Jailname already exists. ${qjail_new_jailname}"=0A= X =0A= X =0A= X###jjbcc#### Start of creating jail routine. ################=0A= X# =0A= X# By this point in the create sub-command logic, all the command input=0A= X# has been validated and sanity checks passed ok. The following "if"=0A= X# statement will create a directory tree type jail using a archive as =0A= X# the template. The "else" condition will create a directory tree type =0A= X# jail using the newjail template and be flavorized by the default = flavor=0A= X# or a custom flavor if -f is coded on the command. =0A= X# =0A= X =0A= X if [ "${qjail_fromarchive}" ]; then=0A= X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A= X qjail_archive_safename=3D`echo -n "${qjail_fromarchive}" | sed = 's/-.*$//'`=0A= X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A= X else=0A= X # Use qjail_fromarchive jailname to locate most current archive=0A= X # Convert all - or . in jailname to _=0A= X qjail_archive_jailname=3D`echo -n "${qjail_fromarchive}" | tr = '/~' '__'`=0A= X qjail_archive_safename=3D`echo -n "${qjail_fromarchive}" | tr -c = '[:alnum:]' _`=0A= X unset qjail_fromarchive=0A= X =0A= X # Roll through the archive directory looking for the last = occurrence=0A= X # to match the jailname being the most current archive.=0A= X # IE: Most current archive for the jallname has higher number date=0A= X # so physically follows the older dated archive files in the=0A= X # archive directory.=0A= X #=0A= X for qjail_archive in = "${qjail_archivedir}/${qjail_archive_safename}"*; do=0A= X qjail_fromarchive=3D${qjail_archive}=0A= X done=0A= X =0A= X [ -f "${qjail_fromarchive}" ] || \=0A= X exerr "No archive found. ${qjail_archive_safename}"=0A= X fi=0A= X =0A= X # Get the property record file name from the archive file.=0A= X qjail_nameprop=3D`pax -zn -f ${qjail_fromarchive} prop.qjail-\*`=0A= X [ $? -eq 0 -a "${qjail_nameprop}" ] || exerr \=0A= X "Error: File is not an qjail archive. ${qjail_fromarchive}"=0A= X =0A= X # Create /tmp file to save restored porperty info to.=0A= X qjail_config=3D`mktemp /tmp/qjail.prop.XXXXXXXX`=0A= X [ $? -ne 0 ] && exerr "Error: Couldn't create temporary properties = file."=0A= X =0A= X # Get the property data from the archive file & put it in = qjail_config.=0A= X pax -rzn -s:${qjail_nameprop}:${qjail_config}: -f = ${qjail_fromarchive} ${qjail_nameprop}=0A= X =0A= X # Export the variables from the archive file.=0A= X fetch-property-info ${qjail_archive_safename} ${qjail_config}=0A= X =0A= X # Prep the variables.=0A= X qjail_archive_jailname=3D"${qjail_jailname}"=0A= X qjail_rootdir=3D"${qjail_new_rootdir}"=0A= X qjail_jailname=3D"${qjail_new_jailname}"=0A= X qjail_safename=3D"${qjail_new_safename}"=0A= X qjail_fromarchive_config=3D${qjail_config}=0A= X qjail_archive_opt=3D"-f ${qjail_fromarchive}"=0A= X qjail_config=3D"${qjail_new_config}"=0A= X qjail_fstab=3D"${qjail_etc}/fstab.qjail.${qjail_new_safename}"=0A= X qjail_ips=3D"${qjail_new_ips}"=0A= X qjail_nic_devicename=3D"${qjail_new_nic_devicename}"=0A= X =0A= X =0A= X # Restore the archive file,=0A= X mkdir -p "${qjail_rootdir}" && cd "${qjail_rootdir}" && \=0A= X pax -rz -pe ${qjail_archive_opt} -s:^qjail:.: qjail/*=0A= X [ $? -eq 0 ] || \=0A= X exerr "Error: Couldn't extract archive from. = ${qjail_fromarchive}"=0A= X =0A= X # Remove the /tmp work file created above.=0A= X rm -f "${qjail_fromarchive_config}"=0A= X =0A= X # If the jail just restored is a image jail, then it has to be = mdconfig=0A= X # and it's directory tree copied to a non-image directory tree for = passing=0A= X # to the jail create logic below.=0A= X # =0A= X if [ -n "${qjail_imagetype}" ]; then =0A= X =0A= X # If the temporary directory named tempjail exists, then delete it=0A= X # and create it a new.=0A= X [ -d "${qjail_tempjail}" ] && rm -rf "${qjail_tempjail}"=0A= X mkdir -p "${qjail_tempjail}" || exerr \=0A= X "Error: Failed to create tempjail directory for create = command."=0A= X =0A= X # Copy just the flat image file to tempjail.=0A= X qjail_image=3D"${qjail_new_rootdir}/${qjail_archive_jailname}.img"=0A= X cp "${qjail_image}" "${qjail_tempjail}"=0A= X =0A= X # Create full path to flat image file location.=0A= X = qjail_tempjail_image=3D"${qjail_tempjail}/${qjail_archive_jailname}.img"=0A= X =0A= X # Delete the flat image from it's original location.=0A= X rm "${qjail_image}" =0A= X =0A= X # Attach the .img file as a memory disk.=0A= X qjail_imagedevice=3D`mdconfig -a -t vnode -f = "${qjail_tempjail_image}"`=0A= X [ $? -eq 0 ] || rm -rf "${qjail_tempjail}" || exerr \=0A= X "Error: Failed to 'mdconfig' the image file. = ${qjail_tempjail_image}"=0A= X =0A= X # Mount the memory disk image.=0A= X mount "/dev/${qjail_imagedevice}" "${qjail_tempjail}" || \=0A= X exerr "Error: Couldn't mount memory disk for create command. = ${qjail_imagedevice}"=0A= X =0A= X # Copy the contents of the image directory tree.=0A= X cd "${qjail_tempjail}" \=0A= X && find . | cpio -p -v "${qjail_rootdir}" 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || cd / \ =0A= X umount "${qjail_tempjail}" > /dev/null 2> = /dev/null \=0A= X mdconfig -d -u "${qjail_imagedevice}" > /dev/null = \=0A= X exerr "Error: Couldn't copy image directory tree to = ${qjail_rootdir}"=0A= X =0A= X # Detach memory disk.=0A= X cd / =0A= X umount "${qjail_tempjail}" > /dev/null 2> /dev/null=0A= X mdconfig -d -u "${qjail_imagedevice}" > /dev/null=0A= X =0A= X rm -rf "${qjail_tempjail}"=0A= X unset qjail_image qjail_imagetype=0A= X =0A= X fi =0A= X =0A= X # Write the jails properties file.=0A= X write-property-info "${qjail_config}"=0A= X =0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> \=0A= X "${qjail_fstab}"=0A= X =0A= X [ "${qjail_duplicate_times}" -eq "0" -a -z "${qjail_create_image}" = ] \=0A= X && echo "Successfully created ${qjail_jailname}"=0A= X =0A= X else=0A= X =0A= X # This is the start of create jail without using an archive as a = template.=0A= X # Using the newjail template.=0A= X # =0A= X =0A= X # Prep the variables.=0A= X qjail_rootdir=3D"${qjail_new_rootdir}"=0A= X qjail_jailname=3D"${qjail_new_jailname}"=0A= X qjail_safename=3D"${qjail_new_safename}"=0A= X qjail_config=3D"${qjail_new_config}"=0A= X qjail_fstab=3D"${qjail_etc}/fstab.qjail.${qjail_new_safename}"=0A= X qjail_ips=3D"${qjail_new_ips}"=0A= X qjail_nic_devicename=3D"${qjail_new_nic_devicename}"=0A= X =0A= X # If no -f option then everyone gets the default flavor=0A= X # named "default".=0A= X # =0A= X [ ${qjail_flavor} ] || qjail_flavor=3D${qjail_default_flavor}=0A= X =0A= X # Does the flavor exist?=0A= X [ -e "${qjail_flavors_dir}/${qjail_flavor}" ] || \=0A= X exerr "Error: Flavor not found. ${qjail_flavor}"=0A= X =0A= X =0A= X # Create the new jailname directory and copy the newjail template = to it.=0A= X mkdir -p "${qjail_rootdir}" && cd "${qjail_newjail}" && \=0A= X find . | cpio -p "${qjail_rootdir}" 1> /dev/null 2>&1 =0A= X [ $? -eq 0 ] || exerr "Error: Couldn't copy newjail template."=0A= X =0A= X # Merge the flavor files into the newly created jailname directory = tree.=0A= X # Doing it under a "for" so the "default" directory is not copied, = just=0A= X # it's contents. =0A= X # =0A= X installed_flavors=3D0=0A= X for flavor in ${qjail_flavor}; do=0A= X =0A= X cd "${qjail_flavors_dir}/${flavor}" && find . | \=0A= X cpio -p -u "${qjail_rootdir}" 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || =0A= X echo "Warning: Could not fully install flavor ${qjail_flavor}."=0A= X done=0A= X =0A= X =0A= X # If the flavor user customizable script is found, make it auto run = on =0A= X # jails first startup. User has to rename it from = qjail.flavor.sample=0A= X # to qjail.flavor to enable it.=0A= X # =0A= X installed_flavors=3D0=0A= X if [ -f "${qjail_rootdir}/qjail.flavor" ]; then=0A= X chmod 0755 "${qjail_rootdir}/qjail.flavor"=0A= X mv "${qjail_rootdir}/qjail.flavor" = "${qjail_rootdir}/qjail.flavor".`printf %04d $(( installed_flavors+=3D1 = ))`=0A= X =0A= X # Post the trigger script that makes the user customized = qjail.flavor =0A= X # script get executed at jails first start up. =0A= X cat > "${qjail_rootdir}/etc/rc.d/qjail-config" <<"EOF"=0A= X#!/bin/sh=0A= X# =0A= X# BEFORE: DAEMON=0A= X# PROVIDES: qjail-config=0A= X# =0A= X# This launches the qjail.flavor script located in the selected flavor =0A= X# directory name on first time the new jail is started and deletes it = self.=0A= X# =0A= Xcase "$1" in=0A= X *start)=0A= X rm -f "/etc/rc.d/qjail-config"=0A= X for qjail_flavor in /qjail.flavor.*; do=0A= X [ -x "${qjail_flavor}" ] && "${qjail_flavor}"=0A= X rm -f "${qjail_flavor}"=0A= X done=0A= X ;; =0A= X *) =0A= X ;; =0A= Xesac=0A= XEOF=0A= X =0A= X # Give the trigger script permission to execute.=0A= X chmod 0755 "${qjail_rootdir}/etc/rc.d/qjail-config"=0A= X =0A= X fi=0A= X =0A= X # Create the fstab entry for the new jailname, it is used at boot = time and=0A= X # jail start time.=0A= X # =0A= X # Create the jails fstab file.=0A= X echo -n > "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> = \=0A= X "${qjail_fstab}"=0A= X =0A= X # Create the property record for the newjail.=0A= X write-property-info "${qjail_config}"=0A= X =0A= X [ "${qjail_duplicate_times}" -eq "0" -a -z "${qjail_create_image}" = ] \=0A= X && echo "Successfully created ${qjail_jailname}"=0A= X =0A= X fi # end of if [ "${qjail_fromarchive}" ]; then=0A= X =0A= X =0A= X####jjbi####### Start of image jail processing ###############=0A= X# =0A= X# By this point in the create sub-command logic, a directory tree type = jail =0A= X# has already been created for the jailname, either using an archive = file =0A= X# as the template or using the newjail as the template and being = flavorized=0A= X# by the default flavor or a custom flavor by the above logic. =0A= X# =0A= X# If the image jail type was coded, -i on the create command then this = following=0A= X# logic is executed which creates a empty sparse image file, copies the =0A= X# directory tree jail into the sparse jail, deletes the directory tree = jail =0A= X# and renames the image jail with the directory tree jail names, builds = the =0A= X# fstab and property files.=0A= X# =0A= X =0A= X if [ -n "${qjail_create_image}" ]; then=0A= X =0A= X # Prep work variables.=0A= X qjail_saved_rootdir=3D"${qjail_rootdir}"=0A= X =0A= X # Create the build directory; the .img file is going to be located = in.=0A= X # This will also be it's mount point.=0A= X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}-img"=0A= X mkdir -p "${qjail_rootdir}" || \=0A= X exerr "Error: Couldn't create jail mount point. ${qjail_rootdir}"=0A= X =0A= X # The sparse image is located inside it's mount point directory.=0A= X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A= X =0A= X # Create the empty .img file.=0A= X touch "${qjail_image}"=0A= X =0A= X # Create the sparse image file.=0A= X if [ "${qjail_imageblockcount}" -gt 0 ]; then=0A= X dd if=3D"/dev/zero" of=3D"${qjail_image}" bs=3D1m count=3D0 \=0A= X seek=3D${qjail_imageblockcount} 1> /dev/null 2>&1 || \=0A= X exerr "Error: Couldn't create the sparse image file. = ${qjail_image}"=0A= X else=0A= X exerr "Error: Invalid image block count for image file. = ${qjail_image}"=0A= X fi=0A= X =0A= X # Attach the .img file as a memory disk.=0A= X qjail_imagedevice=3D`mdconfig -a -t vnode -f "${qjail_image}"`=0A= X [ $? -eq 0 ] || detach_images || exerr \=0A= X "Error: Failed to 'mdconfig' the sparse image. ${qjail_image}"=0A= X =0A= X qjail_device=3D${qjail_imagedevice}=0A= X =0A= X # Format memory disk image.=0A= X newfs -U "/dev/${qjail_imagedevice}" 1> /dev/null 2>&1 || = detach_images \=0A= X || exerr "Error: Couldn't newfs the memory disk. = ${qjail_imagedevice}"=0A= X =0A= X # Mount the memory disk image.=0A= X mount "/dev/${qjail_imagedevice}" "${qjail_rootdir}" || = detach_images || \=0A= X exerr "Error: Couldn't mount memory disk. ${qjail_device}"=0A= X =0A= X # Copy the contents of the previously built directory tree jail. =0A= X cd "${qjail_saved_rootdir}" \=0A= X && find . | cpio -p -v "${qjail_rootdir}" 1> /dev/null 2>&1 =0A= X [ $? -eq 0 ] || detach_images || \=0A= X exerr "Error: Couldn't copy directory tree to image jail. = ${qjail_rootdir}"=0A= X =0A= X # Detach memory disks.=0A= X detach_images keep=0A= X =0A= X # Scratch the directory tree jail and it's admin files.=0A= X # freeing up it's jailname.=0A= X rm -rf "${qjail_saved_rootdir}"=0A= X rm -rf "${qjail_jailprops_global}/${qjail_safename}"=0A= X rm -f "${qjail_config}"=0A= X rm -f "${qjail_fstab}" =0A= X =0A= X # Rename the image build directory using the =0A= X # directory tree jailname.=0A= X mv "${qjail_rootdir}" "${qjail_saved_rootdir}"=0A= X =0A= X # Re-populate the variables with correct content so every thing that=0A= X # follows will have the correct info.=0A= X qjail_rootdir=3D"${qjail_saved_rootdir}"=0A= X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A= X qjail_imagetype=3D"simple"=0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X =0A= X echo -n > "${qjail_fstab}"=0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A= X "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> \=0A= X "${qjail_fstab}"=0A= X =0A= X write-property-info "${qjail_config}"=0A= X =0A= X [ "${qjail_duplicate_times}" -ne "${qjail_duplicate_count}" ] || \=0A= X echo "Successfully created ${qjail_jailname}"=0A= X =0A= X fi =0A= X =0A= X =0A= X############ Start of duplication routine. ################ =0A= X# =0A= X# By this point in the create sub-command logic, there is either a=0A= X# directory tree type jail or a sparse image jail present.=0A= X# The following logic will duplicate this jail this number of times=0A= X# appending the count to the jail name.=0A= X# =0A= X =0A= X if [ "${qjail_duplicate_times}" -ne "${qjail_duplicate_count}" ]; then=0A= X =0A= X # Prep some work variables. =0A= X qjail_saved_jailname=3D"${qjail_jailname}"=0A= X qjail_saved_safename=3D"${qjail_safename}"=0A= X qjail_saved_rootdir=3D"${qjail_rootdir}"=0A= X qjail_saved_config=3D"${qjail_config}"=0A= X qjail_saved_fstab=3D"${qjail_fstab}"=0A= X =0A= X while [ "${qjail_duplicate_count}" -ne "${qjail_duplicate_times}" = ]; do=0A= X qjail_duplicate_count=3D$(( $qjail_duplicate_count + 1 ))=0A= X =0A= X = qjail_safename=3D"${qjail_saved_safename}_${qjail_duplicate_count}"=0A= X = qjail_jailname=3D"${qjail_saved_jailname}-${qjail_duplicate_count}"=0A= X =0A= X # Check if new dup jailname is created already=0A= X qjail_tmp_config=3D"${qjail_jailprops}/${qjail_safename}"=0A= X =0A= X if [ -e "${qjail_tmp_config}" -o -e "${qjail_tmp_config}.norun" = ]; then=0A= X echo "Bypassed existing jail ${qjail_jailname}"=0A= X continue=0A= X fi =0A= X =0A= X # Create the dup jailname directory and populate it.=0A= X qjail_rootdir=3D"${qjail_saved_rootdir}-${qjail_duplicate_count}"=0A= X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A= X =0A= X if [ "${qjail_create_image}" ]; then=0A= X mkdir -p "${qjail_rootdir}"=0A= X dd if=3D"${qjail_saved_rootdir}/${qjail_saved_jailname}.img" \=0A= X of=3D"${qjail_image}" conv=3Dsparse 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || exerr \=0A= X "Error: Couldn't dd jails img file. ${qjail_image}"=0A= X else =0A= X unset qjail_image=0A= X mkdir -p "${qjail_rootdir}" && \=0A= X cd "${qjail_saved_rootdir}" && \=0A= X find . | cpio -p "${qjail_rootdir}" 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || exerr "Error: Couldn't copy template jail."=0A= X fi =0A= X =0A= X # Create the jails fstab file.=0A= X qjail_fstab=3D"${qjail_saved_fstab}_${qjail_duplicate_count}"=0A= X if [ "${qjail_create_image}" ]; then=0A= X echo -n > "${qjail_fstab}"=0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A= X "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X else=0A= X echo -n > "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X fi =0A= X =0A= X if [ "${qjail_bump_ip}" =3D "YES" ]; then=0A= X qjail_short_ip=3D"${qjail_ips%.*}"=0A= X qjail_ip_suffix=3D"${qjail_ips##*.}"=0A= X qjail_ip_suffix=3D$(( ${qjail_ip_suffix} + 1 ))=0A= X qjail_ips=3D"${qjail_short_ip}.${qjail_ip_suffix}"=0A= X fi =0A= X =0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A= X =0A= X # Create the property record for the newjail.=0A= X write-property-info "${qjail_config}" =0A= X echo "Successfully created ${qjail_jailname}"=0A= X =0A= X done =0A= X =0A= X rm -rf "${qjail_saved_rootdir}"=0A= X rm -rf "${qjail_saved_config}"=0A= X rm -rf "${qjail_jailprops_global}/${qjail_saved_safename}"=0A= X rm -rf "${qjail_saved_fstab}"=0A= X fi =0A= X####### End of duplication routine. #########################=0A= X =0A= X ;;=0A= X =0A= X =0A= X###jjbd##################### qjail DELETE ########################=0A= Xdelete)=0A= X=0A= X shift; while getopts Az: arg; do case ${arg} in=0A= X A) qjail_deletealljails=3D"YES";;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_delete};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X fi=0A= X =0A= X # Specifying no jailsnames is only acceptable if deleting all jails.=0A= X [ $# -lt 1 -a -z "${qjail_deletealljails}" ] && \=0A= X exerr ${qjail_usage_archive}=0A= X =0A= X # -A flag to delete all the jails cannot have jailnames on it=0A= X [ $# -gt 0 -a "${qjail_deletealljails}" ] && \=0A= X exerr "Syntax Error: Must not specify jailnames on delete -A."=0A= X =0A= X # Save the command line list of jailnames if any=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Perform the group-prefixing function.=0A= X group-prefixing ${qjail_cmdlist}=0A= X =0A= X # Process the qjail_list built by group-prefixing.=0A= X for qjail in ${qjail_list}; do=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X # If jail is still running, bypass deleting it.=0A= X if [ "${qjail_id}" ]; then=0A= X echo "Bypassed running jail ${qjail_jailname}"=0A= X continue=0A= X fi=0A= X =0A= X # Now we have everything needed to delete the jail. Delete the=0A= X # jailname property record and it's fstab.qjail.jailname record,=0A= X # plus the global property record.=0A= X #=0A= X # Strip off the path from in front of the file name so we can=0A= X # get the jailname with .norun if it be there.=0A= X qjail_filename=3D${qjail_config##*/}=0A= X rm -f "${qjail_config}" =0A= X rm -f "${qjail_jailprops_global}/${qjail_filename}"=0A= X rm -f "${qjail_fstab}"=0A= X =0A= X # Delete the jail directory=0A= X rm -rf "${qjail_rootdir}"=0A= X =0A= X echo "Successfully deleted ${qjail_jailname}"=0A= X =0A= X done=0A= X ;;=0A= X =0A= X#######jjbl################# qjail LIST ########################=0A= Xlist)=0A= X =0A= X # Clean variables, prevent pollution.=0A= X unset qjail_cmdlist qjail_group qjail_jailname qjail_filename=0A= X unset qjail qjail_list qjail_state qjail_zone=0A= X =0A= X # no flags allowed, error out, but still shift over var line.=0A= X shift; while getopts z: arg; do case ${arg} in=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_list};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_zone_msg=3D"Jails in zone ${qjail_zone}"=0A= X fi=0A= X =0A= X # Save the command line list of jailnames if any.=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Perform the group-prefixing function.=0A= X group-prefixing ${qjail_cmdlist}=0A= X =0A= X =0A= X echo " "=0A= X echo "${qjail_zone_msg}"=0A= X printf "%-3s %-4s %-3s %-15s %s\\n" STA JID NIC IP Jailname =0A= X echo "--- ---- --- --------------- = ---------------------------------------------------"=0A= X =0A= X # Process the qjail_list built by group-prefixing and list the = jailname info.=0A= X for qjail in ${qjail_list}; do=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X if [ "${qjail_imagetype}" ]; then=0A= X qjail_state=3D"I"=0A= X else=0A= X qjail_state=3D"D"=0A= X fi=0A= X =0A= X if [ "${qjail_id}" ]; then=0A= X qjail_state=3D"${qjail_state}R"=0A= X else=0A= X qjail_state=3D"${qjail_state}S"=0A= X fi=0A= X =0A= X # Check to see if jailname has .norun suffix. =0A= X [ "${qjail_safename}" !=3D "${qjail}" ] && = qjail_state=3D"${qjail_state}N"=0A= X =0A= X TIFS=3D${IFS}; IFS=3D,; unset _multiline=0A= X for qjail_ip in ${qjail_ips:=3D"-"}; do=0A= X if [ -z "${_multiline}" ]; then=0A= X printf "%-3s %-4s %-3s %-15s %s\\n" "${qjail_state}" = "${qjail_id:-N/A}" "${qjail_nic_devicename}" "${qjail_ip}" = "${qjail_jailname}"=0A= X =0A= X _multiline=3Dyes=0A= X else=0A= X printf " %-4s %s\\n" "${qjail_id:-N/A}" "${qjail_ip}"=0A= X fi=0A= X done=0A= X IFS=3D${TIFS}=0A= X qjail_state=3D""=0A= X done=0A= X echo " "=0A= X echo " "=0A= X ;;=0A= X =0A= X =0A= X###jjbu##################### qjail UPDATE ########################=0A= Xupdate)=0A= X =0A= X # Clean variables, prevent pollution.=0A= X unset qjail_action_b qjail_action_p =0A= X =0A= X flag_count=3D0=0A= X =0A= X shift; while getopts bpz: arg; do case ${arg} in=0A= X b) qjail_action_b=3D"binary-update"; flag_count=3D$(( $flag_count = + 1 ));;=0A= X p) qjail_action_p=3D"portsnap"; flag_count=3D$(( $flag_count + 1 = ));;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_update};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A= X fi=0A= X =0A= X # Check for no flags set.=0A= X [ $flag_count -eq 0 ] && exerr \=0A= X "Error: NO options coded.\n ${qjail_usage_update}"=0A= X [ $flag_count -gt 1 ] && exerr \=0A= X "Error: To many options coded.\n ${qjail_usage_update}"=0A= X =0A= X # Run portsnap option? =0A= X if [ "${qjail_action_p}" ]; then=0A= X qjail_action_p=3D"fetch"=0A= X echo " "=0A= X date=0A= X echo " "=0A= X echo "The elapse download time of the portsnap compressed ports = file"=0A= X echo "is estimated at 25 minutes for the initial fetch."=0A= X echo "Subsequent fetches will generally take less than a minute."=0A= X echo " "=0A= X portsnap ${qjail_action_p}=0A= X [ $? -eq 0 ] || exerr "Error: Portsnap fetch failed." \=0A= X && echo "Portsnap fetch completed successfully"=0A= X echo " " =0A= X date=0A= X echo " "=0A= X qjail_action_p=3D"extract"=0A= X =0A= X [ -d "${qjail_basejail}/usr/ports" ] && qjail_action_p=3D"update"=0A= X =0A= X if [ "${qjail_action_p}" =3D "extract" ]; then=0A= X echo "The ports are being extracted to basejail/usr/ports = directory tree."=0A= X echo "The elapse time for this to complete is estimated at 20 = minutes"=0A= X echo "for the initial extract."=0A= X fi =0A= X =0A= X if [ "${qjail_action_p}" =3D "update" ]; then=0A= X echo "The ports basejail/usr/ports directory tree is being = updated."=0A= X echo "The elapse time for this to complete is estimated at 1 = minute"=0A= X echo "to 10 minutes depending on how current your ports system = is."=0A= X fi =0A= X echo " "=0A= X portsnap -p "${qjail_basejail}/usr/ports" ${qjail_action_p} 1> = /dev/null 2>&1=0A= X [ $? -eq 0 ] || exerr "Error: Portsnap extract/update failed." \=0A= X && echo "Portsnap ${qjail_action_p} completed = successfully"=0A= X fi =0A= X =0A= X # Run basejail system binaries update? =0A= X if [ "${qjail_action_b}" ]; then=0A= X =0A= X # =0A= X [ -d "${qjail_basejail}" ] || exerr "Error: basejail does not = exist."=0A= X =0A= X [ "`sysctl -n kern.securelevel`" -gt 0 ] && exerr \=0A= X "Error: The host is running in a secure level higher than 0.\n\=0A= X Reboot the host into a lower secure level."=0A= X =0A= X # Check to see if any jails are running.=0A= X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && = qjail_list=3D`ls | xargs rcorder`=0A= X for qjail in ${qjail_list}; do=0A= X # Strip off the .norun suffix if present & read the jails = property=0A= X # record populating the environment variables with the jails = values.=0A= X fetch-property-info ${qjail%.norun}=0A= X if [ "${qjail_id}" ]; then=0A= X exerr "Error: All jails have to be stopped. This jail is = running. ${qjail_name}"=0A= X fi=0A= X done=0A= X # No jails running so ok to create basejail from source.=0A= X =0A= X qjail_b_dirlist=3D"bin boot lib libexec sbin usr/bin usr/include = usr/lib "=0A= X qjail_b_dirlist=3D"${qjail_b_dirlist}usr/libdata usr/libexec = usr/sbin"=0A= X =0A= X # amd64 needs some extra libs=0A= X case `uname -p` in amd64) qjail_b_dirlist=3D"${qjail_b_dirlist} = usr/lib32";; esac=0A= X =0A= X echo " "=0A= X cd "${qjail_basejail}"=0A= X for dir in ${qjail_b_dirlist}; do=0A= X rm -r ${dir} || \=0A= X exerr "Error: Delete of basejail binaries for ${dir} failed." \=0A= X && echo "Deletion of basejail binaries successful for ${dir}."=0A= X done=0A= X =0A= X echo " " =0A= X =0A= X cd /=0A= X for dir in ${qjail_b_dirlist}; do=0A= X find ${dir} | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 || = \=0A= X exerr "Error: Copying host's binaries for ${dir} failed." \=0A= X && echo "Copied host's binaries to basejail successfully for = ${dir}."=0A= X done=0A= X =0A= X echo " " =0A= X echo "Host to basejail binaries update completed successfully."=0A= X =0A= X fi =0A= X =0A= X ;;=0A= X =0A= X =0A= X#####jjbin################### qjail INSTALL ########################=0A= Xinstall)=0A= X =0A= X # Clean variables, prevent pollution.=0A= X unset qjail_release qjail_installmanpages qjail_installports =0A= X unset qjail_installsources qjail_dir qjail_reldir =0A= X unset qjail_ftpserverqueried qjail_zone=0A= X =0A= X shift; while getopts mMsSh:r:z: arg; do case ${arg} in=0A= X m) qjail_installmanpages=3D" manpages";;=0A= X M) qjail_installmanpages=3D" manpages"; unset qjail_basesystem;;=0A= X s) qjail_installsources=3D" src";;=0A= X S) qjail_installsources=3D" src"; unset qjail_basesystem;;=0A= X h) qjail_ftphost=3D${OPTARG};;=0A= X r) qjail_release=3D${OPTARG};;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_install};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X # NO positional parameters allowed on this sub-command.=0A= X [ $# -eq 0 ] || exerr ${qjail_usage_install}=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_safezone=3D`echo -n "${qjail_zone}" | tr -c '[:alnum:]' _`=0A= X echo "This is the zone name used ${qjail_safezone}"=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_safezone}"=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_safezone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_safezone}"=0A= X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A= X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A= X qjail_fulljail=3D"${qjail_jaildir}/fulljail"=0A= X qjail_tempjail=3D"${qjail_jaildir}/tempjail"=0A= X qjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A= X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A= X fi =0A= X =0A= X qjail_installarch=3D`uname -p`=0A= X qjail_dir=3D${qjail_ftphost#file://}=0A= X [ "${qjail_dir%%[!/]*}" ] || qjail_reldir=3D`pwd -P`=0A= X =0A= X [ "`sysctl -n kern.securelevel`" -gt 0 ] && \=0A= X exerr "Error: The host is running in a secure level higher than 0.\n\=0A= X Reboot the host into a lower secure level."=0A= X =0A= X # Check for basejail when not installing base jail.=0A= X [ "${qjail_basesystem}" -o -d "${qjail_basejail}" ] || \=0A= X exerr "Error: The basejail does not exist.\n\=0A= X Coding -M or -S is invalid, use -m or -s instead."=0A= X =0A= X # Build correct path for the ftp server based on your cpu type and = RELEASE=0A= X # ftp servers normally wont provide non-RELEASE-builds=0A= X =0A= X if [ -z "${qjail_release}" -a "${qjail_dir}" =3D "${qjail_ftphost}" = ]; then=0A= X qjail_release=3D`uname -r`=0A= X case ${qjail_release} in *-STABLE) = qjail_release=3D"${qjail_release%-STABLE}-RELEASE";; esac=0A= X if [ "${qjail_release%-RELEASE}" =3D "${qjail_release}" ]; then=0A= X echo -e "\nYour system is ${qjail_release}."=0A= X echo -e "\nNormally FTP-servers don't provide non-RELEASE-builds."=0A= X =0A= X # Try to fetch the list of releases the server provides.=0A= X echo -e "\nQuerying your ftp-server... "=0A= X TIFS=3D${IFS}; IFS=3D=0A= X for qjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot = pub/FreeBSD releases snapshots NO; do=0A= X if [ ${qjail_path} =3D "NO" ]; then=0A= X echo " "=0A= X exerr "Error: No distribution sources found at. = ${qjail_ftphost}"=0A= X fi=0A= X qjail_ftpresponse=3D`echo ls -1 | ftp = "${qjail_ftphost}:${qjail_path}/${qjail_installarch}/" 2> /dev/null` 2> = /dev/null=0A= X if [ $? -eq 0 ]; then=0A= X echo " "=0A= X echo -e "The ftp server you specified = (${qjail_ftphost})\nprovides the following RELEASE = distributions:...Select one.\n\n${qjail_ftpresponse}"=0A= X break=0A= X fi=0A= X done=0A= X IFS=3D${TIFS}=0A= X =0A= X echo -n "Release [ ${qjail_release} ]: "=0A= X read qjail_releasetmp=0A= X [ "${qjail_releasetmp}" ] && qjail_release=3D${qjail_releasetmp}=0A= X fi =0A= X fi =0A= X =0A= X # New we have a Know FTP server path to the distribution sources.=0A= X # Now the rest of the logic is fall through. =0A= X # =0A= X # If the tempjail or fulljail directories exist, then delete them.=0A= X # The tempjail gets populated with RELEASE distribution files from the=0A= X # FTP download. Then the RELEASE distribution install script is run=0A= X # populating the fulljail with the system directory tree content.=0A= X # This includes the -m manpages and -s sources options if coded at =0A= X # the same time same as the base system is being created. Selected = content=0A= X # from the fulljail is populated into the basejail and the fulljail is=0A= X # renamed to newjail. The newjail is the template from which all = created=0A= X # jails are populated from. =0A= X # =0A= X =0A= X [ -d "${qjail_fulljail}" ] \=0A= X && chflags -R noschg "${qjail_fulljail}" && rm -rf = "${qjail_fulljail}"=0A= X =0A= X mkdir -p "${qjail_fulljail}" || exerr \=0A= X "Error: Couldn't create fulljail directory."=0A= X =0A= X DESTDIR=3D${qjail_fulljail}=0A= X =0A= X # If the temporary directory named tempjail exists, then delete it.=0A= X [ -d "${qjail_tempjail}" ] && rm -rf "${qjail_tempjail}" =0A= X =0A= X # Start loop to process the different RELEASE distributions. =0A= X for pkg in ${qjail_basesystem} ${qjail_installmanpages} = ${qjail_installsources}; do=0A= X =0A= X # Do remote fetch of RELEASE source files populating tempjail with = then=0A= X # followed by installing them to fulljail directory tree. =0A= X # =0A= X =0A= X if [ "${qjail_dir}" =3D "${qjail_ftphost}" ]; then=0A= X # Create tempjail directory. Its used as the target=0A= X # for the remote FTP download of RELEASE distribution files.=0A= X #=0A= X mkdir -p "${qjail_tempjail}" || exerr \=0A= X "Error: Failed to create tempjail directory."=0A= X cd "${qjail_tempjail}" || exerr \=0A= X "Error: Could not cd to ${qjail_tempjail}."=0A= X # Try all paths as stolen from sysinstall, break on success.=0A= X =0A= X for qjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot = pub/FreeBSD releases snapshots NO; do=0A= X if [ "${qjail_path}" =3D "NO" ]; then=0A= X exerr "\nCould not fetch ${pkg} from ${qjail_ftphost}.\n\=0A= XMaybe your release (${qjail_release}) is specified incorrectly or\n\=0A= Xthe host ${qjail_ftphost} does not provide that release build.\n\=0A= XUse the -r option to specify an existing release or the -h option to\n\=0A= Xspecify an alternative ftp server." =0A= X fi=0A= X = qjail_path=3D"${qjail_path}/${qjail_installarch}/${qjail_release}"=0A= X ftp "${qjail_ftphost}:${qjail_path}/${pkg}/*" && break=0A= X done=0A= X # =0A= X # By this point the tempjail directory has successfully been = populated=0A= X # with the FTP downloaded source files. The following code = executes the=0A= X # RELEASE install script, which populated the fulljail directory = with=0A= X # a full running system directory tree.=0A= X # =0A= X # =0A= X # These sources want $1 to contain the set=0A= X # of sources to install, base asks the user if he is sure, hence = the=0A= X # yes and the set -- all=0A= X =0A= X if [ "${pkg}" =3D "base" ]; then =0A= X echo -e "\nThe base RELEASE distribution files are populating = the tempjail."=0A= X fi =0A= X =0A= X if [ "${pkg}" =3D "src" ]; then=0A= X mkdir -p "${qjail_fulljail}/usr/src"=0A= X echo -e "\nThe source RELEASE distribution files are = populating the tempjail."=0A= X fi =0A= X =0A= X if [ "${pkg}" =3D "manpages" ]; then=0A= X echo -e "\nThe manpages RELEASE distribution files are = populating the tempjail."=0A= X fi =0A= X =0A= X set -- all=0A= X [ -f install.sh ] && yes | . install.sh 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || exerr "Error: RELEASE distribution install script = for ${pkg} failed."=0A= X =0A= X rm -rf "${qjail_tempjail}"=0A= X =0A= X else =0A= X =0A= X # Process the -h file:\\ option=0A= X # The RELEASE files from the mounted disc1 RELEASE cdrom or =0A= X # from a mounted disc1.iso RELEASE file may be used as the source=0A= X # of the FreeBSD system binaries used to populate the =0A= X # /usr/jails/fulljail directory.=0A= X # =0A= X cd "${qjail_reldir}/${qjail_dir}/${pkg}" || exerr \=0A= X "Error: Couldn't cd to ${qjail_reldir}/${qjail_dir}/${pkg}."=0A= X =0A= X if [ "${pkg}" =3D "base" ]; then=0A= X echo -e "\nThe base RELEASE distribution files are populating = the tempjail."=0A= X fi =0A= X =0A= X if [ "${pkg}" =3D "src" ]; then=0A= X mkdir -p "${qjail_fulljail}/usr/src"=0A= X echo -e "\nThe source RELEASE distribution files are = populating the tempjail."=0A= X fi =0A= X =0A= X if [ "${pkg}" =3D "manpages" ]; then=0A= X echo -e "\nThe manpages RELEASE distribution files are = populating the tempjail."=0A= X fi =0A= X =0A= X set -- all=0A= X [ -f install.sh ] && yes | . install.sh 1> /dev/null 2>&1=0A= X [ $? -eq 0 ] || exerr "Error: RELEASE distribution install script = for ${pkg} failed."=0A= X =0A= X fi =0A= X done =0A= X =0A= X # End of the fulljail RELEASE install population process.=0A= X =0A= X # If installing the complete qjail system,=0A= X # then selectively populate the basejail & newjail from the =0A= X # just created fulljail.=0A= X # =0A= X =0A= X if [ "${qjail_basesystem}" ]; then=0A= X =0A= X # Verify that fulljail exists.=0A= X cd "${qjail_fulljail}" || exerr \=0A= X "Error: Couldn't cd into fulljail directory."=0A= X =0A= X # basejail directory does not exist yet. The following code = allocates the=0A= X # basejail directory with /usr all at one time.=0A= X # =0A= X mkdir -p "${qjail_basejail}/usr"=0A= X =0A= X echo -e " "=0A= X echo -e "Basejail & newjail are being populated."=0A= X echo -e "Est LT 1 minute elapse time for this to complete."=0A= X =0A= X # Using the dirlist the desired directories are copied to the=0A= X # basejail directory tree and deleted from the fulljail directory = tree.=0A= X # Then the remaining contents of the fulljail constitutes the = newjail.=0A= X # fulljail gets renamed to newjail.=0A= X # =0A= X for dir in ${qjail_dirlist}; do=0A= X find ${dir} | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 || = \=0A= X exerr "Error: Installation of ${dir} failed." \=0A= X && chflags -R noschg ${dir}; rm -r ${dir}; ln -s = /basejail/${dir} ${dir}=0A= X done =0A= X =0A= X # If newjail happens to exist then delete it.=0A= X [ -d "${qjail_newjail}" ] && rm -rf "${qjail_newjail}"=0A= X mv "${qjail_fulljail}" "${qjail_newjail}"=0A= X rm -rf "${qjail_newjail}"/rescue=0A= X mkdir "${qjail_newjail}"/basejail=0A= X chflags -R noschg "${qjail_newjail}"=0A= X =0A= X # Populate default flavor from qjail release example.=0A= X # If the default flavor named default has not yet been copied, do = it now.=0A= X [ -d "${qjail_flavors_dir}" ] || mkdir -p "${qjail_flavors_dir}"\=0A= X && cp -p -R "${qjail_examples}/default" "${qjail_flavors_dir}"=0A= X =0A= X # If the default archive directory is not allocated yet, do it now.=0A= X [ -d "${qjail_jaildir}/archive" ] || mkdir -p "${qjail_archivedir}"=0A= X =0A= X # qjail has 2 property directories, The jailprops_global one has a=0A= X # duplicate copy of every jail's property record from all zones.=0A= X # This directory is used by the /usr/local/etc/rc.d/qjail2=0A= X # script when called at boot time to start all the qjail jails, =0A= X # and when called by this script to start, stop, and restart =0A= X # qjail zone jails.=0A= X #=0A= X # The jailprops directories are suffixed with the zone and are only = used=0A= X # in this script to segregate the jail's property records by zone. = =0A= X #=0A= X # If the global properties directory is not allocated yet, do it = now.=0A= X [ -d "${qjail_jailprops_global}" ] || mkdir -p = "${qjail_jailprops_global}"=0A= X =0A= X # If the properties directory is not allocated yet, do it now.=0A= X [ -d "${qjail_jailprops}" ] || mkdir -p "${qjail_jailprops}"=0A= X =0A= X # Link to /basejail/usr/ports=0A= X [ -e "${qjail_newjail}/usr/ports" ] || \=0A= X ln -s /basejail/usr/ports "${qjail_newjail}/usr/ports"=0A= X =0A= X # Populate the default flavor named "default" with files from the = host=0A= X # necessary for a network accessible jail.=0A= X = qjail_default_flavor=3D"${qjail_jaildir}/flavors/${qjail_default_flavor}"=0A= X mkdir -p "${qjail_default_flavor}/root/"=0A= X =0A= X cp "${qjail_newjail}/root/.cshrc" "${qjail_default_flavor}/root/"=0A= X echo 'set prompt =3D "`/bin/hostname -s` %/ >"' >> \=0A= X "${qjail_default_flavor}/root/.cshrc"=0A= X =0A= X echo "Welcome to your FreeBSD jail" > = "${qjail_default_flavor}/etc/motd"=0A= X cp /etc/localtime "${qjail_default_flavor}/etc/"=0A= X cp /etc/resolv.conf "${qjail_default_flavor}/etc/"=0A= X =0A= X # The ugly perl hack[tm]. This is in the qjail config file.=0A= X [ "${qjail_uglyperlhack}" -a ! -L "${qjail_basejail}/usr/bin/perl" = ] && \=0A= X ln -s /usr/local/bin/perl "${qjail_basejail}/usr/bin/perl"=0A= X =0A= X # Replace the FBSD jail script with my version that has the bugs = fixed.=0A= X # The bugs deal with how the strat/stop jail msgs are displayed.=0A= X # Had to install fixed version this way because not allowed in port = to=0A= X # replace FBSD system modules. New jail script comming out in 9.0 = maybe.=0A= X cp /usr/local/etc/rc.d/jail2 /etc/rc.d/jail=0A= X =0A= X echo "Successfully installed qjail system."=0A= X =0A= X fi =0A= X =0A= X # Install system sources on existing basejail option -S=0A= X if [ "${qjail_installsources}" -a ! "${qjail_basesystem}" ]; then=0A= X cd "${qjail_fulljail}" || exerr \=0A= X "Error: Couldn't cd into the fulljail directory."=0A= X echo "Starting to populate basejail with the source."=0A= X echo "Relax, take a break, this is going that 10 plus minutes."=0A= X find usr/src | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 \=0A= X || exerr "Error: Installation of sources failed."=0A= X cd ${qjail_jaildir}=0A= X rm -r "${qjail_fulljail}"=0A= X echo "Successfully installed the sources"=0A= X =0A= X fi =0A= X =0A= X # Install system manpages on existing basejail option -M=0A= X if [ "${qjail_installmanpages}" -a ! "${qjail_basesystem}" ]; then=0A= X cd "${qjail_fulljail}" || exerr \=0A= X "Error: Couldn't cd into the fulljail directory."=0A= X find usr/share/man | cpio -d -p "${qjail_basejail}" 1> /dev/null = 2>&1 \=0A= X || exerr "Error: Installing manpages failed."=0A= X cd ${qjail_jaildir}=0A= X rm -r "${qjail_fulljail}"=0A= X echo "Successfully installed the manpages"=0A= X fi =0A= X =0A= X ;; =0A= X =0A= X =0A= X######jjbs######### qjail START / STOP / RESTART = ########################=0A= X*start|*stop|*restart)=0A= X=0A= X # Clean variables, prevent pollution=0A= X unset qjail_cmdlist qjail qjail_list qjail_zone=0A= X =0A= X # Action is first variable in command list.=0A= X # Can only be start, stop, restart=0A= X # force the use of one prefix all the time=0A= X qjail_action=3D"one"=0A= X=0A= X # Append the i/p command from the i/p command line=0A= X qjail_action=3D"${qjail_action}$1"=0A= X =0A= X shift; while getopts z: arg; do case ${arg} in=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_console};;=0A= X esac; done; shift $(( $OPTIND - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X fi=0A= X=0A= X # Save the command line list of jailnames if any=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Perform the group-prefixing function. =0A= X group-prefixing ${qjail_cmdlist}=0A= X =0A= X # Beginning here the start/stop/restart processing starts=0A= X =0A= X [ -x "${qjail_prefix}/etc/rc.d/qjail2" ] || \=0A= X exerr "Error: Couldn't find ${qjail_prefix}/etc/rc.d/qjail2\n\=0A= X or its not marked as executable."=0A= X =0A= X # Process the qjail_list built by group-prefixing =0A= X for qjail in ${qjail_list}; do=0A= X =0A= X # drop all "norun" jails in list.=0A= X # =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X =0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A= X echo "Bypassed norun status ${qjail_jailname}"=0A= X continue=0A= X fi =0A= X =0A= X =0A= X # if jail is running and trying to start it, skip it.=0A= X if [ "${qjail_id}" -a "${qjail_action}" =3D "onestart" ]; then=0A= X echo "Already running. ${qjail_jailname}"=0A= X continue=0A= X fi=0A= X =0A= X # if jail is not running and trying to stop it, skip it.=0A= X if [ -z "${qjail_id}" -a "${qjail_action}" =3D "onestop" ]; then=0A= X echo "Already stopped. ${qjail_jailname}"=0A= X continue=0A= X fi=0A= X =0A= X [ -x "${qjail_prefix}/etc/rc.d/qjail2" ] && \=0A= X (exec "${qjail_prefix}/etc/rc.d/qjail2" ${qjail_action} \=0A= X ${qjail_jailname})=0A= X [ $? -eq 0 ] || exerr "Error: ${qjail_prefix}/etc/rc.d/qjail2 = failed."=0A= X done =0A= X ;; =0A= X =0A= X =0A= X###########jjbc############# qjail CONSOLE ########################=0A= Xconsole)=0A= X =0A= X # Clean variables, prevent pollution=0A= X unset qjail_execute_override =0A= X =0A= X shift; while getopts e:z: arg; do case ${arg} in=0A= X e) qjail_execute_override=3D${OPTARG};;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_console};;=0A= X esac; done; shift $(( $OPTIND - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X fi=0A= X =0A= X qjail=3D$1=0A= X =0A= X # Need name of jail to open console for =0A= X [ "${qjail}" ] || exerr ${qjail_usage_console}=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X # check for existence of jail in our records=0A= X [ "${qjail_config}" ] || exerr \=0A= X "Error: Nothing known about this jail. ${qjail_name}"=0A= X =0A= X # if jail is not running, terminate.=0A= X [ "${qjail_id}" ] || exerr \=0A= X "Error: Jail not running. ${qjail_name}"=0A= X =0A= X # Start console using override login user name=0A= X [ "${qjail_execute_override}" ] && \=0A= X exec jexec ${qjail_id} ${qjail_execute_override} =0A= X =0A= X # Start console using default root login.=0A= X [ "${qjail_execute_override}" ] || \=0A= X exec jexec ${qjail_id} ${qjail_default_execute}=0A= X =0A= X ;; =0A= X =0A= X =0A= X##jjba###################### qjail ARCHIVE ########################=0A= Xarchive)=0A= X =0A= X # Clean variables, prevent pollution=0A= X unset qjail_archive qjail_archive_tag qjail_addfiles = qjail_running_jails =0A= X unset qjail_archivealljails qjail_archive_from qjail_archive_to=0A= X =0A= X shift; while getopts Az: arg; do case ${arg} in=0A= X A) qjail_archivealljails=3D"YES";;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_archive};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A= X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A= X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A= X fi =0A= X =0A= X# Specifying no jailsnames is only acceptable if archiving all jails=0A= X [ $# -lt 1 -a -z "${qjail_archivealljails}" ] && \=0A= X exerr ${qjail_usage_archive}=0A= X =0A= X # -A flag to archive all the jails can not have jailnames on it =0A= X [ $# -gt 0 -a "${qjail_archivealljails}" ] && \=0A= X exerr "Syntax Error: Must not specify jailnames on archive -A."=0A= X =0A= X =0A= X################ Special routine to archive basejail =0A= X#=0A= X# Create a simple tar archive of the basejail=0A= X =0A= X if [ "$1" =3D "basejail" -o "$1" =3D "newjail" ]; then=0A= X qjail_archive_from=3D$1=0A= X qjail_archive_to=3D$1=0A= X =0A= X # Check to see if any jails are running=0A= X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && = qjail_list=3D`ls | xargs rcorder`=0A= X for qjail in ${qjail_list}; do=0A= X # Strip off the .norun suffix if present & read the jails = property=0A= X # record populating the environment variables with the jails = values.=0A= X fetch-property-info ${qjail%.norun}=0A= X if [ "${qjail_id}" ]; then=0A= X echo "This jail is running. ${qjail_jailname}"=0A= X qjail_running_jails=3D"YES" =0A= X continue=0A= X fi=0A= X done=0A= X =0A= X [ ${qjail_running_jails} ] && \=0A= X exerr "Error: All jails have to be stopped to archive $1."=0A= X =0A= X # No jails running so ok to archive basejail or newjail.=0A= X =0A= X # Append archive date and time to jailname as archive = identification.=0A= X qjail_archive_to=3D"${qjail_archive_to}-`date +%Y%m%d%H%M.%S`"=0A= X qjail_archive_to=3D"${qjail_archive_to}.tar.gz"=0A= X qjail_archive=3D"${qjail_archive_to}"=0A= X =0A= X # Prepend archive directory to archive file name.=0A= X qjail_archive_from=3D${qjail_jaildir}/${qjail_archive_from}=0A= X qjail_archive_to=3D${qjail_archivedir}/${qjail_archive_to}=0A= X =0A= X =0A= X if [ "$1" =3D "basejail" ]; then=0A= X echo "Tar has started archiving basejail."=0A= X echo "Est LT 1 minute elapse time for basejail minimum system = install."=0A= X echo "basejail with sources and manpages and full ports system = may"=0A= X echo "take up to 7 minutes."=0A= X tar czPf $qjail_archive_to $qjail_archive_from || \=0A= X exerr "Error: Archive of basejail had RC gt zero" \=0A= X && echo "Successfully archived basejail"=0A= X =0A= X fi=0A= X =0A= X if [ "$1" =3D "newjail" ]; then=0A= X echo "Tar has started archiving newjail."=0A= X echo "Est LT 1 minute elapse time for newjail."=0A= X tar czPf $qjail_archive_to $qjail_archive_from || \=0A= X exerr "Error: Archive of newjail had RC gt zero" \=0A= X && echo "Successfully archived newjail"=0A= X fi=0A= X=0A= X else=0A= X =0A= X######## Archive ALL and Archive jailnames are handled here = ############=0A= X =0A= X # Save the command line list of jailnames if any=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Perform the group-prefixing function.=0A= X group-prefixing ${qjail_cmdlist}=0A= X =0A= X # Process the qjail_list built by group-prefixing=0A= X for qjail in ${qjail_list}; do=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X # If jail is still running, bypass archiving it=0A= X if [ "${qjail_id}" ]; then=0A= X echo "Bypassed running jail ${qjail_jailname}" =0A= X continue=0A= X fi =0A= X =0A= X # Append archive date and time to jailname as archive = identification.=0A= X qjail_archive_tag=3D"${qjail_safename}-`date +%Y%m%d%H%M.%S`"=0A= X =0A= X # Add correct file type suffix to new archive file name=0A= X [ "${qjail_archive}" ] || = qjail_archive=3D"${qjail_archive_tag}.tar.gz"=0A= X =0A= X # Restore by default only re-installs jails on the same pc/system = as the=0A= X # archive file was created on. To accomplish this. This archive = routine=0A= X # conceals the hostname, cpu type, and RELEASE version as a file = name=0A= X # in the archive. =0A= X # =0A= X # The jails property record is also concealed as a file =0A= X # in the archive file. =0A= X =0A= X qjail_hostsystem_name=3D$( echo -n `uname -n` | tr -c '[:alnum:].' = _ )=0A= X qjail_hostsystem_version=3D$( echo -n `uname -r` | tr -c = '[:alnum:].' _ )=0A= X qjail_hostsystem_cpu=3D$( echo -n `uname -p` | tr -c '[:alnum:].' _ = )=0A= X =0A= X = qjail_archive_tag=3D"${qjail_archive_tag}-${qjail_hostsystem_name}-${qjai= l_hostsystem_version}-${qjail_hostsystem_cpu}"=0A= X =0A= X # Prepend archive directory to archive file name.=0A= X qjail_archive=3D${qjail_archivedir}/${qjail_archive}=0A= X =0A= X # For stdout don't specify anything=0A= X [ "${qjail_archive}" =3D "-" ] && unset qjail_archive_opt || \=0A= X qjail_archive_opt=3D"-f ${qjail_archive}"=0A= X =0A= X # Obtain the fstab record for jailname to be inserted into the = archive file=0A= X [ -f "${qjail_fstab}.${qjail_safename}" ] && \=0A= X qjail_addfiles=3D"${qjail_fstab}.${qjail_safename}"=0A= X =0A= X # The pax command is really creating the tar archive file and =0A= X # concealing the property record as the first file of the archive.=0A= X # The property record is named like this....=0A= X # prop.qjail-Jailname-201006021741.41-hostname-8.0_RELEASE-i386=0A= X # Inside this record is a copy of the archived jail's =0A= X # /usr/local/etc/qjail/jailname data.=0A= X # After the archive file has been created you can list the archive = files=0A= X # tar -tf org1-201006011803.26.tar.gz > org1.tarlist and then look = at it,=0A= X # or do a manual restore tar -xf org1-201006011803.26.tar.gz =0A= X # using your full archive file name instead of the one shown here.=0A= X =0A= X cd "${qjail_rootdir}" || exerr "Error: Couldn't cd to = ${qjail_root}."=0A= X pax -wzXt -x cpio ${qjail_archive_opt} \=0A= X = -s:"^[^\\.].*/${qjail_safename}\$":prop.qjail-${qjail_archive_tag}: \=0A= X = -s:"^[^\\.].*/${qjail_safename}.norun\$":prop.qjail-${qjail_archive_tag}-= .norun: \=0A= X -s:"etc/fstab.${qjail_safename}\$":fstab.qjail: \=0A= X -s:"^\\.":qjail: \=0A= X "${qjail_config}" ${qjail_addfiles} .=0A= X =0A= X qjail_paxresult=3D$?=0A= X =0A= X # An error on a jail not running is bad=0A= X [ ${qjail_paxresult} -eq 0 ] || exerr \=0A= X "Warning: Archiving jail ${qjail_name} was not successful."=0A= X =0A= X echo "Successfully archived ${qjail_jailname}"=0A= X =0A= X unset qjail_archive qjail_addfiles qjail_archive_opt = qjail_archive_tag=0A= X =0A= X done =0A= X fi =0A= X ;; =0A= X =0A= X =0A= X##jjbr##################### qjail RESTORE ########################=0A= Xrestore)=0A= X =0A= X # Clean variables, prevent pollution=0A= X unset qjail_safename qjail_forcerestore qjail_flavor=0A= X =0A= X # forcerestore means when basejail release version is different then=0A= X # the release version of the jailname being restored.=0A= X =0A= X shift; while getopts fz: arg; do case ${arg} in=0A= X f) qjail_forcerestore=3D"YES";;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_restore};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A= X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A= X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A= X fi=0A= X =0A= X [ $# -eq 0 ] && exerr ${qjail_usage_restore}=0A= X =0A= X # Check for group prefix=0A= X qjail_group=3D$1=0A= X qjail_jailname=3D$1=0A= X =0A= X # Remove the =3D sign from the i/p value which designates this=0A= X # as a group prefix if its there=0A= X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A= X =0A= X # Determine if this is a prefix request=0A= X [ "${qjail_jailname}" !=3D "${qjail_group}" ] && \=0A= X exerr "Error: Group prefix equal sign is invalid in restore = processing\n\=0A= X Code multiple jailnames on the restore command."=0A= X =0A= X =0A= X################ Special routine to restore basejail=0A= X =0A= X qjail_fromarchive=3D$1=0A= X =0A= X # i/p value may be full file name=0A= X # Strip off the everything to the right of the jailname=0A= X # IE: the -date time suffix=0A= X qjail_safenamet=3D`echo -n "${qjail_fromarchive}" | sed 's/-.*$//'`=0A= X =0A= X if [ "${qjail_safenamet}" =3D "basejail" -o "${qjail_safenamet}" =3D = "newjail" ]; then=0A= X if [ "${qjail_safenamet}" =3D "basejail" ]; then=0A= X =0A= X # Check to see if any jails are running=0A= X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && = qjail_list=3D`ls | xargs rcorder`=0A= X for qjail in ${qjail_list}; do=0A= X # Strip off the .norun suffix if present & read the jails = property=0A= X # record populating the environment variables with the jails = values.=0A= X fetch-property-info ${qjail%.norun}=0A= X if [ "${qjail_id}" ]; then=0A= X echo "This jail is running. ${qjail_jailname}"=0A= X qjail_running_jails=3D"YES"=0A= X continue=0A= X fi=0A= X done=0A= X =0A= X [ ${qjail_running_jails} ] && \=0A= X exerr "Error: All jails have to be stopped to restore = basejail"=0A= X =0A= X # No jails running so ok to restore basejail=0A= X =0A= X # Verify basejail exists.=0A= X [ -d "${qjail_basejail}" ] || exerr \=0A= X "Error: basejail does not exist.\n\=0A= X Run install command first."=0A= X fi=0A= X =0A= X # This is common for both basejail and newjail. =0A= X # Go hunt for the most current basejail archive file =0A= X unset qjail_safename qjail_nameprop=0A= X =0A= X # This "search the archive" code is copied from below where=0A= X # the normal restore logic is located. See that code for=0A= X # comments describing how this works.=0A= X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A= X qjail_safename=3D`echo -n "${qjail_fromarchive}" | sed 's/-.*$//'`=0A= X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A= X else =0A= X qjail_safename=3D`echo -n "${qjail_fromarchive}" | tr -c = '[:alnum:]' _`=0A= X unset qjail_fromarchive=0A= X for qjail_archive in "${qjail_archivedir}/${qjail_safename}"*; do=0A= X qjail_fromarchive=3D${qjail_archive}=0A= X done =0A= X [ -f "${qjail_fromarchive}" ] || \=0A= X exerr "No archive found for ${qjail_safename}"=0A= X fi=0A= X =0A= X if [ "${qjail_safenamet}" =3D "basejail" ]; then=0A= X # If previous saved old basejail exists, remove it.=0A= X [ -d "${qjail_jaildir}"/previous.basejail ] && \=0A= X echo "Deleting the previous.basejail directory tree, this may = take a few minutes.";=0A= X rm -rf "${qjail_jaildir}"/previous.basejail =0A= X =0A= X # Save current basejail by renaming it previous.basejail.=0A= X mv "${qjail_basejail}" "${qjail_jaildir}"/previous.basejail || \=0A= X exerr "Error: Rename "${qjail_basejail}" to = "${qjail_jaildir}"/previous.basejail failed."=0A= X =0A= X echo "Tar has started restoring basejail."=0A= X echo "Est LT 1 minute elapse time for basejail minimum system = install."=0A= X echo "basejail with sources and manpages and full ports system = may"=0A= X echo "take up to 7 minutes."=0A= X =0A= X cd / =0A= X tar xPf ${qjail_fromarchive} || \=0A= X exerr "Error: Restore of basejail had RC gt zero." \=0A= X && echo "Successfully restored basejail."=0A= X fi =0A= X =0A= X if [ "${qjail_safenamet}" =3D "newjail" ]; then=0A= X # If previous saved old newjail exists, remove it.=0A= X [ -d "${qjail_jaildir}"/previous.newjail ] && \=0A= X rm -rf "${qjail_jaildir}"/previous.newjail=0A= X =0A= X # Save current basejail by renaming it previous.basejail.=0A= X mv "${qjail_newjail}" "${qjail_jaildir}"/previous.newjail || \=0A= X exerr "Error: Rename "${qjail_newjail}" to = "${qjail_jaildir}"/previous.newjail failed."=0A= X =0A= X echo "Tar has started restoring newjail."=0A= X echo "Est LT 1 minute elapse time for newjail restore."=0A= X =0A= X cd /=0A= X tar xPf ${qjail_fromarchive} || \=0A= X exerr "Error: Restore of newjail had RC gt zero." \=0A= X && echo "Successfully restored newjail."=0A= X fi =0A= X =0A= X else =0A= X =0A= X # This is start of normal restore jailname logic.=0A= X =0A= X # Save the command line list of jailnames=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Process the command line list =0A= X for qjail_fromarchive in ${qjail_cmdlist}; do=0A= X =0A= X unset qjail_safename qjail_nameprop qjail_nameprop_norun=0A= X =0A= X # The fromarchive value can be the complete archive file name, =0A= X # IE: jailname plus the date and time the archive was made, =0A= X # or just the jailname.=0A= X # jailname only will select the most current archive for that = jailname.=0A= X # Using the full archive file name is how an older archive of = many for the =0A= X # jailname is selected.=0A= X =0A= X # At this point we don't know if the input value is just jailname = or the=0A= X # full archive file name and if it's correct.=0A= X =0A= X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A= X # i/p value is full file name and its found=0A= X # Strip off the everything to the right of the jailname=0A= X # IE: the -date time suffix =0A= X qjail_safename=3D`echo -n "${qjail_fromarchive}" | sed = 's/-.*$//'`=0A= X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A= X else =0A= X # Use jailname to locate most current archive=0A= X # Convert all - or . in jailname to _ =0A= X qjail_safename=3D`echo -n "${qjail_fromarchive}" | tr -c = '[:alnum:]' _`=0A= X unset qjail_fromarchive=0A= X =0A= X # Roll through the archive directory looking for the last = occurrence=0A= X # to match the jailname being the most current archive. =0A= X # IE: Most current archive for the jallname has higher number = date =0A= X # so physically follows the older dated archive files in the =0A= X # archive directory. =0A= X # =0A= X for qjail_archive in "${qjail_archivedir}/${qjail_safename}"*; = do=0A= X qjail_fromarchive=3D${qjail_archive} =0A= X done=0A= X =0A= X [ -f "${qjail_fromarchive}" ] || \=0A= X exerr "Error: No archive found for ${qjail_safename}"=0A= X =0A= X # Strip off the everything to the right of the jailname=0A= X # IE: the -date time suffix=0A= X qjail_archive=3D`echo -n "${qjail_fromarchive}" | sed = 's/-.*$//'`=0A= X # Strip off the path from in front of the file name=0A= X qjail_archive=3D${qjail_archive##*/}=0A= X =0A= X [ "${qjail_safename}" =3D "${qjail_archive}" ] || \=0A= X exerr "Error: Found archive name ${qjail_archive}\n\=0A= X it does not match requested archive ${qjail_safename}\n\=0A= X Use the full archive file name you want restored."=0A= X =0A= X fi =0A= X =0A= X # Check if jailname is used already=0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A= X [ -e "${qjail_config}" -o -e "${qjail_config}.norun" ] && \=0A= X exerr "Error: Jail exists. ${qjail_safename}" =0A= X =0A= X # Check out some content from archive. In order to reduce=0A= X # security implication this may have, check owner and permission.=0A= X # =0A= X [ `stat -f %u "${qjail_fromarchive}"` -eq 0 ] || \=0A= X exerr "Error: Insecure ownership of archive = ${qjail_fromarchive}.\n\=0A= X Check the file and chown it to root if you trust its source."=0A= X =0A= X [ $(( `stat -f %OLp "${qjail_fromarchive}"` & 0022 )) -eq 0 ] || \=0A= X exerr "Error: Insecure permissions for archive = ${qjail_fromarchive}.\n\=0A= X Check the file and fix permission (chmod og-w) if you trust its = source."=0A= X =0A= X # Get the property record file name from the archive file.=0A= X qjail_nameprop=3D`pax -zn -f ${qjail_fromarchive} prop.qjail-\*`=0A= X [ $? -eq 0 -a "${qjail_nameprop}" ] || exerr \=0A= X "Error: This File is not an qjail archive. ${qjail_fromarchive}"=0A= X =0A= X # Figure out, what jail and jail environment the archive contains.=0A= X TIFS=3D${IFS}; IFS=3D-; set - ${qjail_nameprop}=0A= X qjail_nameprop_safename=3D$2 qjail_nameprop_hsname=3D$4 \=0A= X qjail_nameprop_hsversion=3D$5 qjail_nameprop_hscpu=3D$6 \=0A= X qjail_nameprop_norun=3D$7=0A= X IFS=3D${TIFS}=0A= X =0A= X =0A= X # Figure out current system environment=0A= X qjail_hsname=3D$( echo -n `uname -n` | tr -c '[:alnum:].' _ )=0A= X qjail_hsversion=3D$( echo -n `uname -r` | tr -c '[:alnum:].' _ )=0A= X qjail_hscpu=3D$( echo -n `uname -p` | tr -c '[:alnum:].' _ )=0A= X =0A= X # Check that the archive was made on same environment as = restoring on.=0A= X # =0A= X [ "${qjail_safename}" -a "${qjail_safename}" !=3D = "${qjail_nameprop_safename}" ] && \=0A= X exerr "Error: Archive name ${qjail_fromarchive}\n\=0A= X does not match archived jail ${qjail_nameprop_safename}."=0A= X =0A= X [ "${qjail_hsname}" !=3D "${qjail_nameprop_hsname}" \=0A= X -a -z "${qjail_forcerestore}" ] && \=0A= X exerr "Error: Archive was created on different host named = ${qjail_nameprop_hsname}.\n\=0A= X Use restore -f ${qjail_fromarchive} to force the restore."=0A= X =0A= X [ "${qjail_hscpu}" !=3D "${qjail_nameprop_hscpu}" -a -z = "${qjail_forcerestore}" ] && \=0A= X exerr "Error: Archive was created on a different CPU.\n\=0A= X Use restore -f ${qjail_fromarchive} to force the restore."=0A= X =0A= X # Save config to tempfile and source it=0A= X qjail_config=3D`mktemp /tmp/qjail.prop.XXXXXXXX`=0A= X [ $? -ne 0 ] && exerr "Error: Couldn't create temporary config = file."=0A= X =0A= X # Get the property data from the archive file.=0A= X pax -rzn -s:${qjail_nameprop}:${qjail_config}: -f = ${qjail_fromarchive} ${qjail_nameprop}=0A= X =0A= X fetch-property-info ${qjail_safename} ${qjail_config}=0A= X =0A= X =0A= X # Check that all the variables have values.=0A= X [ "${qjail_rootdir}" -a "${qjail_ips}" -a "${qjail_jailname}" ] = || \=0A= X exerr "Error: Archive does not contain a valid qjail properties = file.\n\=0A= X Some jails properties are missing."=0A= X =0A= X # Prep the variables.=0A= X qjail_fromarchive_config=3D${qjail_config}=0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A= X qjail_archive_opt=3D"-f ${qjail_fromarchive}"=0A= X =0A= X # Restore the archive file=0A= X mkdir -p "${qjail_rootdir}" && cd "${qjail_rootdir}" && \=0A= X pax -rz -pe ${qjail_archive_opt} -s:^qjail:.: qjail/*=0A= X [ $? -eq 0 ] || \=0A= X exerr "Error: Couldn't extract archive from = ${qjail_fromarchive}."=0A= X =0A= X # Create the jails fstab file.=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_safename}"=0A= X if [ "${qjail_imagetype}" ]; then=0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X echo -n > "${qjail_fstab}"=0A= X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A= X "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X else =0A= X echo -n > "${qjail_fstab}"=0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X fi =0A= X =0A= X # Create the restored jails properties file and tag it with = "norun",=0A= X # if that is what the archive file says it was at archive time.=0A= X =0A= X if [ "${qjail_nameprop_norun}" =3D ".norun" ]; then=0A= X write-property-info "${qjail_config}${qjail_nameprop_norun}" = "${qjail_fromarchive_config}"=0A= X else =0A= X write-property-info "${qjail_config}" = "${qjail_fromarchive_config}"=0A= X fi =0A= X =0A= X =0A= X # Remove the /tmp work file created above.=0A= X rm -f "${qjail_fromarchive_config}"=0A= X =0A= X echo "Successfully restored ${qjail_jailname}"=0A= X =0A= X done =0A= X fi =0A= X ;; =0A= X =0A= X =0A= X##jjbf###################### qjail CONFIG ########################=0A= Xconfig)=0A= X =0A= X # Clean variables, prevent pollution=0A= X unset qjail_setrunnable qjail_new_name qjail_setrunAll =0A= X unset qjail_old_config qjail_new_ip =0A= X =0A= X flag_count=3D0=0A= X =0A= X shift; while getopts r:i:c:n:z:A arg; do case ${arg} in=0A= X r) qjail_setrunnable=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 = ));;=0A= X A) qjail_setrunAll=3D"YES";;=0A= X i) qjail_new_ip=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 ));;=0A= X n) qjail_new_name=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 = ));;=0A= X c) qjail_new_nic=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 ));;=0A= X z) qjail_zone=3D${OPTARG};;=0A= X ?) exerr ${qjail_usage_config};;=0A= X esac; done; shift $(( ${OPTIND} - 1 ))=0A= X =0A= X if [ "${qjail_zone}" ]; then=0A= X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A= X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A= X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A= X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A= X fi =0A= X =0A= X # Check for no flags set.=0A= X [ $flag_count -eq 0 ] && exerr \=0A= X "Error: No options coded.\n${qjail_usage_config}" =0A= X =0A= X # No parameters and -r and -A=0A= X [ $# -eq 0 -a -z "${qjail_setrunAll}" ] && \=0A= X exerr "Error: Only with options -r and -A together is no jailname = valid."=0A= X =0A= X # -A can only be coded with -r=0A= X [ "${qjail_setrunAll}" -a -z "${qjail_setrunnable}" ] && \=0A= X exerr "Error: Option -A is only valid when coded with option -r."=0A= X =0A= X [ $flag_count -gt 1 ] && \=0A= X exerr "Error: Only 1 option allowed at a time.\n${qjail_usage_config}"=0A= X =0A= X # Has the -n newjailname option been selected?=0A= X if [ -n "${qjail_new_name}" ]; then=0A= X =0A= X # Check for group prefix=0A= X qjail_group=3D$1=0A= X qjail_jailname=3D$1=0A= X =0A= X # Remove the =3D sign from the i/p value which designates this=0A= X # as a "group prefix", if its there=0A= X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A= X =0A= X # Determine if this is a prefix request=0A= X [ "${qjail_jailname}" !=3D "${qjail_group}" ] && \=0A= X exerr "Error: Group prefix '=3D'invalid on -n option."=0A= X =0A= X # Check is new_name & jailname are same=0A= X [ "${qjail_new_name}" =3D "${qjail_jailname}" ] && \=0A= X exerr "Error: -n newname and jailname are the same."=0A= X =0A= X # Is newname a reserved name?=0A= X case ${qjail_new_name} in = basejail|newjail|archive|flavors|fulljail|tempjail) \=0A= X exerr "Error: Cannot name the jail ${qjail_new_name}.\n\=0A= X The ${qjail_new_name} directory name is reserved.\n\=0A= X Please select an unique jailname.";; esac=0A= X =0A= X # Check to see if newname exists. =0A= X [ -e "${qjail_jailprops}/${qjail_new_name}" ] && \=0A= X exerr "Error: New name already exists. ${qjail_new_name}"=0A= X =0A= X # $1 holds the old jailname from the command.=0A= X qjail=3D$1=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X # Check for existence of jailname in our records=0A= X [ "${qjail_config}" ] || \=0A= X exerr "Error: Nothing known about jail. ${qjail_name}"=0A= X =0A= X # If jail is running, stop jail first=0A= X [ -n "${qjail_id}" ] && \=0A= X exerr "Error: Jail is running. ${qjail_name}"=0A= X =0A= X # Save some old values=0A= X qjail_old_rootdir=3D"${qjail_rootdir}"=0A= X qjail_old_image=3D"${qjail_image}"=0A= X qjail_old_imagetype=3D"${qjail_imagetype}"=0A= X qjail_old_interface=3D"${qjail_interface}"=0A= X qjail_old_fstab=3D"${qjail_fstab}"=0A= X qjail_old_config=3D"${qjail_config}"=0A= X qjail_old_jailname=3D"${qjail_jailname}"=0A= X qjail_old_safename=3D"${qjail_safename}"=0A= X = qjail_old_jailprops_global=3D"${qjail_jailprops_global}/${qjail_safename}= " =0A= X =0A= X # The new values for the jail=0A= X qjail_jailname=3D`echo -n ${qjail_new_name} | tr '/~' '__'`=0A= X qjail_safename=3D`echo -n "${qjail_new_name}" | tr -c '[:alnum:]' _`=0A= X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A= X =0A= X # Is the old jail a image jail?=0A= X if [ "${qjail_old_image}" ]; then=0A= X =0A= X # Prep the new locations.=0A= X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}"=0A= X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A= X =0A= X # Rename the flat image file in it's old location=0A= X mv "${qjail_old_image}" = "${qjail_old_rootdir}/${qjail_jailname}.img"=0A= X =0A= X # Rename the old directory to new directory name=0A= X mv "${qjail_old_rootdir}" "${qjail_rootdir}"=0A= X =0A= X # Refresh fstab with new directory paths and jailnames.=0A= X qjail_fstab_old_path=3D"${qjail_fstab%.*}"=0A= X qjail_fstab=3D"${qjail_fstab_old_path}.${qjail_safename}"=0A= X =0A= X echo -n > "${qjail_fstab}"=0A= X =0A= X qjail_devicelink=3D"${qjail_rootdir}.device"=0A= X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A= X "${qjail_fstab}"=0A= X =0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X =0A= X rm -f "${qjail_old_fstab}"=0A= X else =0A= X =0A= X # This is regular directory tree jail=0A= X =0A= X # Rename old jail to new jailname. =0A= X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}"=0A= X mv "${qjail_old_rootdir}" "${qjail_rootdir}"=0A= X =0A= X # Refresh fstab with new directory paths and jailnames.=0A= X qjail_fstab_old_path=3D"${qjail_fstab%.*}"=0A= X qjail_fstab=3D"${qjail_fstab_old_path}.${qjail_safename}"=0A= X =0A= X echo -n > "${qjail_fstab}"=0A= X =0A= X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 = >> \=0A= X "${qjail_fstab}"=0A= X =0A= X rm -f "${qjail_old_fstab}"=0A= X =0A= X fi =0A= X =0A= X # Both jail types use same property config update logic.=0A= X # =0A= X write-property-info "${qjail_config}" =0A= X =0A= X # Delete old property record from zone directory and global zone.=0A= X rm -f "${qjail_old_config}"=0A= X rm -f "${qjail_old_jailprops_global}"=0A= X =0A= X echo "Successfully renamed ${qjail_jailname}"=0A= X =0A= X else =0A= X =0A= X # Start of group prefix processing for -i and -r and -c options.=0A= X # =0A= X =0A= X # Save the command line list of jailnames if any=0A= X qjail_cmdlist=3D$@=0A= X =0A= X # Perform the group-prefixing function.=0A= X group-prefixing ${qjail_cmdlist}=0A= X =0A= X # Process the qjail_list built by group-prefixing=0A= X for qjail in ${qjail_list}; do=0A= X =0A= X # Strip off the .norun suffix if present & read the jails property=0A= X # record populating the environment variables with the jails = values.=0A= X fetch-property-info ${qjail%.norun}=0A= X =0A= X # Check for existence of jail in our records=0A= X [ "${qjail_config}" ] || \=0A= X exerr "Error: Nothing known about jail. ${qjail_name}"=0A= X =0A= X # Check if -i option, newip =0A= X if [ -n "${qjail_new_ip}" ]; then =0A= X =0A= X # if jail is running, stop jail first=0A= X if [ "${qjail_id}" ]; then=0A= X echo "Bypassed running jail ${qjail_jailname}"=0A= X continue=0A= X fi=0A= X =0A= X # Replace old ip with new ip=0A= X qjail_ips=3D"${qjail_new_ip}"=0A= X =0A= X # Write new property config file from old one=0A= X write-property-info "${qjail_config}" =0A= X =0A= X echo "Successfull ip change ${qjail_jailname}"=0A= X =0A= X fi =0A= X =0A= X # Check if -c option, newnic.=0A= X if [ -n "${qjail_new_nic}" ]; then=0A= X =0A= X [ "${qjail_new_nic}" =3D "null" ] \=0A= X && unset qjail_nic \=0A= X || qjail_nic=3D"${qjail_new_nic}" =0A= X =0A= X # if jail is running, stop jail first=0A= X if [ "${qjail_id}" ]; then=0A= X echo "Bypassed running jail ${qjail_jailname}"=0A= X continue=0A= X fi=0A= X =0A= X # Replace old nic with new nic=0A= X qjail_nic_devicename=3D"${qjail_nic}"=0A= X =0A= X # Write new property config file from old one=0A= X write-property-info "${qjail_config}" =0A= X =0A= X echo "Successfull nic change ${qjail_jailname}"=0A= X =0A= X fi =0A= X =0A= X if [ -n "${qjail_setrunnable}" ]; then=0A= X =0A= X [ "${qjail_setrunnable}" =3D "run" -o "${qjail_setrunnable}" = =3D "norun" ] ||=0A= X exerr "Error: Invalid value in -r option =3D = ${qjail_setrunnable}" =0A= X =0A= X # If jail is still running, bypass it=0A= X if [ "${qjail_id}" ]; then=0A= X echo "Bypassed running jail ${qjail_jailname}"=0A= X continue=0A= X fi =0A= X =0A= X if [ "${qjail_setrunnable}" =3D "run" ]; then=0A= X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A= X mv "${qjail_jailprops}/${qjail_safename}.norun" \=0A= X "${qjail_jailprops}/${qjail_safename}" =0A= X mv "${qjail_jailprops_global}/${qjail_safename}.norun" \=0A= X "${qjail_jailprops_global}/${qjail_safename}"=0A= X echo "Successfull set run ${qjail_jailname}"=0A= X else =0A= X echo "Already set to run ${qjail_jailname}"=0A= X fi=0A= X fi =0A= X =0A= X if [ "${qjail_setrunnable}" =3D "norun" ]; then=0A= X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A= X echo "Already set to norun ${qjail_jailname}"=0A= X else=0A= X mv "${qjail_jailprops}/${qjail_safename}" \=0A= X "${qjail_jailprops}/${qjail_safename}.norun"=0A= X mv "${qjail_jailprops_global}/${qjail_safename}" \=0A= X "${qjail_jailprops_global}/${qjail_safename}.norun"=0A= X echo "Successfull set norun ${qjail_jailname}"=0A= X fi =0A= X fi =0A= X fi =0A= X done =0A= X fi =0A= X;; =0A= X =0A= X########jjbh################ qjail HELP ########################=0A= Xhelp) =0A= X =0A= X qjail_manpage=3D$2=0A= X [ ${qjail_manpage} ] && exec man 8 qjail=0A= X =0A= X echo -e "${qjail_usage_commands}"=0A= X echo " "=0A= X echo -e "${qjail_usage_install}"=0A= X echo -e "${qjail_usage_create}"=0A= X echo -e "${qjail_usage_list}"=0A= X echo -e "${qjail_usage_console}"=0A= X echo -e "${qjail_usage_archive}" =0A= X echo -e "${qjail_usage_delete}"=0A= X echo -e "${qjail_usage_restore}"=0A= X echo -e "${qjail_usage_config}"=0A= X echo -e "${qjail_usage_update}"=0A= X echo -e "${qjail_usage_start}"=0A= X echo -e "${qjail_usage_stop}"=0A= X echo -e "${qjail_usage_restart}"=0A= X echo -e "${qjail_usage_help}"=0A= X =0A= X ;;=0A= X=0A= X################ End of Sub-command logic #########=0A= X*)=0A= X exerr "${qjail_usage_commands}"=0A= X ;;=0A= Xesac=0A= Xexit 0=0A= X=0A= 433526c77a92f103ae7efdcc8d87ebf7=0A= echo x - qjail/work/qjail-1.0/qjail2=0A= sed 's/^X//' >qjail/work/qjail-1.0/qjail2 << = '21f145fbb6b17e9ede06d75ac3884a51'=0A= X#!/bin/sh=0A= X# =0A= X# $FreeBSD$=0A= X# =0A= X# PROVIDE: qjail=0A= X# REQUIRE: LOGIN cleanvar sshd=0A= X# BEFORE: securelevel=0A= X# KEYWORD: nojail shutdown=0A= X# =0A= X# Add qjail_enable=3D"YES" /etc/rc.conf to enable boot time jail starts=0A= X# =0A= X# Please do not change this file, configure in /usr/local/etc/qjail.conf=0A= X =0A= X# qjail_prefix=3D/usr/local=0A= X =0A= X. /etc/rc.subr=0A= X =0A= Xname=3Dqjail=0A= Xrcvar=3D`set_rcvar`=0A= Xload_rc_config ${name}=0A= X =0A= Xqjail_enable=3D${qjail_enable:-"NO"}=0A= X =0A= Xrestart_cmd=3D"do_cmd restart _"=0A= Xstart_cmd=3D"do_cmd start '_ qjail'"=0A= Xstop_cmd=3D"do_cmd stop '_ qjail'"=0A= X =0A= Xdo_cmd()=0A= X{ =0A= X=0A= X unset qjail_list qjail_pass qjail_mds qjail_stop=0A= X=0A= X action=3D$1; message=3D$2; shift 2;=0A= X qjail_prefix=3D/usr/local=0A= X qjail_jailprops=3D${qjail_prefix}/etc/qjail.global=0A= X=0A= X qjail_fromrc=3D"YES"=0A= X =0A= X case "${action}" in *stop) qjail_stop=3D"YES";; esac=0A= X =0A= X # If a jail list is given on command line, process it=0A= X # If not, fetch it from our config directory=0A= X =0A= X if [ "$*" ]; then=0A= X qjail_list=3D`echo -n $* | tr -c '[:alnum:] ' '_'` =0A= X unset qjail_fromrc=0A= X else=0A= X [ "${qjail_stop}" ] && reverse_command=3D"tail -r" || = reverse_command=3D"cat"=0A= X [ -d "${qjail_jailprops}" ] && cd "${qjail_jailprops}" && \=0A= X qjail_list=3D`ls | xargs rcorder | ${reverse_command}`=0A= X [ "${message}" =3D "_ qjail" ] && unset message=0A= X echo -n "${message##_}"=0A= X fi=0A= X =0A= X for qjail in ${qjail_list}; do=0A= X unset qjail_config qjail_norun=0A= X =0A= X [ -e "${qjail_jailprops}/${qjail}" ] && \=0A= X qjail_config=3D"${qjail_jailprops}/${qjail}"=0A= X =0A= X [ -e "${qjail_jailprops}/${qjail}.norun" ] && \=0A= X qjail_config=3D"${qjail_jailprops}/${qjail}.norun" && = qjail_norun=3D"YES"=0A= X =0A= X # Check for jails config=0A= X [ ! -f "${qjail_config}" ] && \=0A= X# echo " Warning: Jail ${qjail} not found." && continue=0A= X echo " Warning: Jail ${qjail} not found." && continue=0A= X =0A= X # If jail is temporary disabled (dot in name), skip it for starts=0A= X # Meaning config name with .norun suffix.=0A= X [ "${qjail_stop}" ] && qjail=3D"${qjail%%.*}"=0A= X [ "${qjail%.*}" !=3D "${qjail}" -o "${qjail_norun}" ] && \=0A= X# echo -n " skipping ${qjail}" && continue=0A= X echo -e " Skipping ${qjail}" && continue=0A= X =0A= X # Read config file=0A= X . ${qjail_config}=0A= X =0A= X eval qjail_rootdir=3D\"\$jail_${qjail}_rootdir\"=0A= X eval qjail_image=3D\"\$jail_${qjail}_image\"=0A= X eval qjail_imagetype=3D\"\$jail_${qjail}_imagetype\"=0A= X =0A= X # Fix backward compatibility issue=0A= X eval qjail_exec_start=3D\"\$jail_${qjail}_exec_start\"=0A= X eval qjail_exec=3D\"\$jail_${qjail}_exec\"=0A= X eval = jail_${qjail}_exec_start=3D\"\${qjail_exec_start:-${qjail_exec}}\"=0A= X eval unset jail_${qjail}_exec=0A= X =0A= X # Do we still have a root to run in?=0A= X [ ! -d "${qjail_rootdir}" ] && \=0A= X# echo " Warning: root directory ${qjail_rootdir} of ${qjail}\n\=0A= X echo " Warning: root directory ${qjail_rootdir} of ${qjail}\n\=0A= X does not exist." && continue=0A= X =0A= X # Try to attach memory disk devices=0A= X if [ "${qjail_image}" ]; then=0A= X attach_detach_pre || continue=0A= X fi=0A= X =0A= X qjail_pass=3D"${qjail_pass} ${qjail}"=0A= X done=0A= X =0A= X # Pass control to jail script which does the actual work=0A= X [ "${qjail_pass}" ] && sh /etc/rc.d/jail one${action} ${qjail_pass}=0A= X =0A= X # Configure settings that need to be done after the jail has been = started=0A= X if [ "${action}" =3D "start" ]; then=0A= X for qjail in ${qjail_list}; do=0A= X qjail_safename=3D`echo -n "${qjail}" | tr -c '[:alnum:]' _`=0A= X # Get the JID of the jail=0A= X [ -f "/var/run/jail_${qjail_safename}.id" ] && \=0A= X qjail_id=3D`cat /var/run/jail_${qjail_safename}.id` || return=0A= X =0A= X done=0A= X fi =0A= X =0A= X # Can only detach after unmounting (from fstab.JAILNAME in = /etc/rc.d/jail)=0A= X attach_detach_post=0A= X} =0A= X =0A= Xattach_detach_pre ()=0A= X{ =0A= X case "${action}" in=0A= X start|restart)=0A= X # If jail is running, do not mount devices, this is the same check = as=0A= X # /etc/rc.d/jail does=0A= X [ -e "/var/run/jail_${qjail}.id" ] && return 0=0A= X =0A= X if [ -L "${qjail_rootdir}.device" ]; then=0A= X # Fetch destination of soft link=0A= X qjail_device=3D`stat -f "%Y" ${qjail_rootdir}.device`=0A= X =0A= X mount -p -v | grep -E "^${qjail_rootdir}.device.${qjail_rootdir}" = && \=0A= X echo "Warning: Skipping jail. Jail image file ${qjail} already\n\=0A= X attached as ${qjail_device}." \=0A= X && return 1=0A= X =0A= X mount -p -v | grep -E "^${qjail_device}.${qjail_rootdir}" && \=0A= X echo "Warning: Skipping jail. Jail image file ${qjail} already\n\=0A= X attached as ${qjail_device}." \=0A= X && return 1=0A= X =0A= X # Remove stale device link=0A= X rm -f "${qjail_rootdir}.device"=0A= X fi =0A= X =0A= X # Create a memory disc from jail image=0A= X qjail_device=3D`mdconfig -a -t vnode -f ${qjail_image}` || return 1=0A= X =0A= X # Clean image=0A= X fsck -t ufs -p -B "/dev/${qjail_device}"=0A= X =0A= X # relink image device=0A= X rm -f "${qjail_rootdir}.device"=0A= X ln -s "/dev/${qjail_device}" "${qjail_rootdir}.device"=0A= X ;; =0A= X stop) =0A= X # If jail is not running, do not unmount devices, this is the same = check=0A= X # as /etc/rc.d/jail does=0A= X [ -e "/var/run/jail_${qjail}.id" ] || return 1=0A= X =0A= X # If soft link to device is not set, we cannot unmount=0A= X [ -e "${qjail_rootdir}.device" ] || return=0A= X =0A= X # Fetch destination of soft link=0A= X qjail_device=3D`stat -f "%Y" "${qjail_rootdir}.device"`=0A= X =0A= X # Add this device to the list of devices to be unmounted=0A= X qjail_mds=3D"${qjail_mds} ${qjail_device}"=0A= X =0A= X # Remove soft link (which acts as a lock)=0A= X rm -f "${qjail_rootdir}.device"=0A= X ;; =0A= X esac =0A= X} =0A= X =0A= Xattach_detach_post () {=0A= X # In case of a stop, unmount image devices after stopping jails=0A= X for md in ${qjail_mds}; do=0A= X mdconfig -d -u "${md#/dev/}"=0A= X done=0A= X} =0A= X =0A= Xrun_rc_command $*=0A= X=0A= 21f145fbb6b17e9ede06d75ac3884a51=0A= echo x - qjail/work/qjail-1.0/pkg-plist=0A= sed 's/^X//' >qjail/work/qjail-1.0/pkg-plist << = 'b304f8fa53205d4f0577c5294a4d11a9'=0A= Xetc/qjail.conf.sample=0A= Xetc/rc.d/jail2=0A= Xetc/rc.d/qjail2=0A= Xbin/qjail=0A= Xshare/examples/qjail/default/qjail.flavor=0A= Xshare/examples/qjail/default/etc/make.conf=0A= Xshare/examples/qjail/default/etc/periodic.conf=0A= Xshare/examples/qjail/default/etc/rc.conf=0A= Xshare/examples/qjail/default/usr/local/etc/sudoers=0A= Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A= Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A= Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A= Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A= X=0A= X@dirrm share/examples/qjail/default/usr/local/etc/=0A= X@dirrm share/examples/qjail/default/usr/local/=0A= X@dirrm share/examples/qjail/default/usr/=0A= X@dirrm share/examples/qjail/default/etc/=0A= X@dirrm share/examples/qjail/default/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/=0A= X@dirrm share/examples/qjail/=0A= b304f8fa53205d4f0577c5294a4d11a9=0A= echo x - qjail/work/qjail-1.0/pkg-message=0A= sed 's/^X//' >qjail/work/qjail-1.0/pkg-message << = '15c899f864e4b659f98bb968b6b52d5a'=0A= X*=0A= X*=0A= X************************************************************************= *******=0A= X* = *=0A= X* Use the qjail utility to deploy small or large numbers of jails = quickly. *=0A= X* = *=0A= X* Issue this command on the console command line first "man = qjail-intro" *=0A= X* = *=0A= X* After reading that do "man qjail" for the usage details. = *=0A= X* = *=0A= X************************************************************************= *******=0A= X*=0A= X*=0A= 15c899f864e4b659f98bb968b6b52d5a=0A= echo x - qjail/work/qjail-1.0/pkg-descr=0A= sed 's/^X//' >qjail/work/qjail-1.0/pkg-descr << = 'c105fd184d4d0e29714d10373a2eb9fc'=0A= XQjail [ q =3D quick ] is a 4th generation wrapper for the basic chroot = jail=0A= Xsystem that includes security and performance enhancements. Plus a new = level=0A= Xof "user friendliness" enhancements dealing with deploying just a few = jails or=0A= Xlarge jail environments consisting of 100's of jails.=0A= X=0A= XQjail requires no knowledge of the jail command usage. It uses "nullfs" = for=0A= Xread-only system binaries, sharing one copy of them with all the jails.=0A= X=0A= XUses "mdconfig" to create sparse image jails. Sparse image jails = provide a=0A= Xmethod to limit the total disk space a jail can consume, while only = occupying=0A= Xthe physical disk space of the sum size of the files in the image jail.=0A= X=0A= XAbility to assign ip address with their network device name,=0A= Xso aliases are auto created on jail start and auto removed on jail stop.=0A= X=0A= XAbility to create "ZONE"s of identical qjail systems, each with their = own=0A= Xgroup of jails.=0A= X=0A= XAbility to designate a portion of the jail name as a group prefix so = the =0A= Xcommand being executed will apply to only those jail names matching = that prefix.=0A= X=0A= XQjail reduces the complexities of jail deployments to the novice level. = It has=0A= Xa fully documented manpage written for easy comprehension. Details are = given=0A= Xto facilitate the use of qjail's capabilities to the fullest extent = possible.=0A= X=0A= XWWW: http://sourceforge.net/projects/qjail/=0A= c105fd184d4d0e29714d10373a2eb9fc=0A= echo x - qjail/work/qjail-1.0/distinfo=0A= sed 's/^X//' >qjail/work/qjail-1.0/distinfo << = 'f1039f42e40af84e76531f5abff4a63d'=0A= XSHA256 (qjail-1.0.tar.bz2) =3D = ce797b47cc7839be3be39498e31a1f4d1105e69a917fc97434aa6255345c74c6=0A= XSIZE (qjail-1.0.tar.bz2) =3D 40738=0A= f1039f42e40af84e76531f5abff4a63d=0A= echo x - qjail/work/qjail-1.0/Makefile=0A= sed 's/^X//' >qjail/work/qjail-1.0/Makefile << = '1cc0024aa776af52d46a3b7f48a77e8e'=0A= X# New ports collection makefile for: qjail=0A= X# Date created: July 22 2010=0A= X# Whom: Joe Barbish=0A= X#=0A= X# $FreeBSD$=0A= X=0A= XPORTNAME=3D qjail=0A= XPORTVERSION=3D 1.0=0A= XCATEGORIES=3D sysutils=0A= XMASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE}=0A= XMASTER_SITE_SUBDIR=3D qjail=0A= X#DISTFILES=3D qjail-1.0.tar.bz2=0A= X=0A= XMAINTAINER=3D qjail@a1poweruser.com=0A= XCOMMENT=3D Utility to quickly deploy and manage large numbers of jails=0A= X=0A= XLICENSE=3D BSD=0A= X=0A= XUSE_BZIP2=3D yes=0A= X=0A= XMAN8=3D qjail.8 qjail-intro.8 qjail.conf.8=0A= X=0A= XNO_BUILD=3D yes=0A= X=0A= Xdo-install:=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin/=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d/=0A= X ${INSTALL_SCRIPT} ${WRKSRC}/jail2 ${PREFIX}/etc/rc.d/=0A= X ${CP} ${WRKSRC}/qjail.conf.sample ${PREFIX}/etc/=0A= X ${CP} ${WRKSRC}/qjail.8 ${MANPREFIX}/man/man8/=0A= X ${CP} ${WRKSRC}/qjail-intro.8 ${MANPREFIX}/man/man8/=0A= X ${CP} ${WRKSRC}/qjail.conf.8 ${MANPREFIX}/man/man8/=0A= X ${MKDIR} ${PREFIX}/share/examples/qjail=0A= X ${CP} -rfp ${WRKSRC}/examples/ ${PREFIX}/share/examples/qjail/=0A= X=0A= Xpost-install:=0A= X ${CAT} ${PKGMESSAGE}=0A= X=0A= X.include <bsd.port.mk>=0A= 1cc0024aa776af52d46a3b7f48a77e8e=0A= echo x - qjail/work/.extract_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.extract_done.qjail._usr_local << = 'f00edc49e1f452003650e64abee89669'=0A= f00edc49e1f452003650e64abee89669=0A= echo x - qjail/work/BSD=0A= sed 's/^X//' >qjail/work/BSD << '1c9355fb09677f60171f5b55f6566a9d'=0A= XThe license: BSD (BSD license) is standard, please read from the=0A= Xweb.=0A= 1c9355fb09677f60171f5b55f6566a9d=0A= echo x - qjail/work/.license-catalog.mk=0A= sed 's/^X//' >qjail/work/.license-catalog.mk << = 'f50301072c05dd3b3a81ed5f5531ddd4'=0A= X_LICENSE=3DBSD=0A= X_LICENSE_NAME=3DBSD license=0A= X_LICENSE_PERMS=3Ddist-mirror dist-sell pkg-mirror pkg-sell auto-accept=0A= X_LICENSE_GROUPS=3DFSF OSI=0A= X_LICENSE_DISTFILES=3Dqjail-1.0.tar.bz2=0A= f50301072c05dd3b3a81ed5f5531ddd4=0A= echo x - qjail/work/.license-report=0A= sed 's/^X//' >qjail/work/.license-report << = 'd9bfc2eba895a21607808a9786ba170b'=0A= XThis package has a single license: BSD (BSD license).=0A= d9bfc2eba895a21607808a9786ba170b=0A= echo x - qjail/work/.license_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.license_done.qjail._usr_local << = '55abb982edff2968e51c971ef5d48c9b'=0A= 55abb982edff2968e51c971ef5d48c9b=0A= echo x - qjail/work/.patch_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.patch_done.qjail._usr_local << = '6151fa3bb5c08954a39bed54c601f9eb'=0A= 6151fa3bb5c08954a39bed54c601f9eb=0A= echo x - qjail/work/.configure_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.configure_done.qjail._usr_local << = 'e45babfc1c08d7d7c900e6e7987e84ad'=0A= e45babfc1c08d7d7c900e6e7987e84ad=0A= echo x - qjail/work/.build_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.build_done.qjail._usr_local << = '65fd8faa3f2753c0376c76f3860d9189'=0A= 65fd8faa3f2753c0376c76f3860d9189=0A= echo x - qjail/work/.PLIST.mktmp=0A= sed 's/^X//' >qjail/work/.PLIST.mktmp << = '50ae80252c64b699d7fb7cfc50041e59'=0A= Xshare/licenses/qjail-1.0/catalog.mk=0A= Xshare/licenses/qjail-1.0/LICENSE=0A= Xshare/licenses/qjail-1.0/BSD=0A= Xman/man8/qjail.8.gz=0A= Xman/man8/qjail-intro.8.gz=0A= Xman/man8/qjail.conf.8.gz=0A= X@unexec rm -f %D/man/cat8/qjail.8.gz %D/man/cat8/qjail.8 = %D/man/cat8/qjail.8.gz %D/man/cat8/qjail.8.gz.gz = %D/man/cat8/qjail.8.gz.bz2=0A= X@unexec rm -f %D/man/cat8/qjail-intro.8.gz %D/man/cat8/qjail-intro.8 = %D/man/cat8/qjail-intro.8.gz %D/man/cat8/qjail-intro.8.gz.gz = %D/man/cat8/qjail-intro.8.gz.bz2=0A= X@unexec rm -f %D/man/cat8/qjail.conf.8.gz %D/man/cat8/qjail.conf.8 = %D/man/cat8/qjail.conf.8.gz %D/man/cat8/qjail.conf.8.gz.gz = %D/man/cat8/qjail.conf.8.gz.bz2=0A= Xetc/qjail.conf.sample=0A= Xetc/rc.d/jail2=0A= Xetc/rc.d/qjail2=0A= Xbin/qjail=0A= Xshare/examples/qjail/default/qjail.flavor=0A= Xshare/examples/qjail/default/etc/make.conf=0A= Xshare/examples/qjail/default/etc/periodic.conf=0A= Xshare/examples/qjail/default/etc/rc.conf=0A= Xshare/examples/qjail/default/usr/local/etc/sudoers=0A= Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A= Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A= Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A= Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A= X=0A= X@dirrm share/examples/qjail/default/usr/local/etc/=0A= X@dirrm share/examples/qjail/default/usr/local/=0A= X@dirrm share/examples/qjail/default/usr/=0A= X@dirrm share/examples/qjail/default/etc/=0A= X@dirrm share/examples/qjail/default/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A= X@dirrm share/examples/qjail/nullmailer-example/usr/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A= X@dirrm share/examples/qjail/nullmailer-example/etc/=0A= X@dirrm share/examples/qjail/nullmailer-example/=0A= X@dirrm share/examples/qjail/=0A= X@cwd /usr/local=0A= X@dirrm share/licenses/qjail-1.0=0A= X@unexec rmdir %D/share/licenses 2>/dev/null || true=0A= 50ae80252c64b699d7fb7cfc50041e59=0A= echo x - qjail/work/.PLIST.flattened=0A= sed 's/^X//' >qjail/work/.PLIST.flattened << = 'a6435676d92da9555e850d87f6b15048'=0A= X/usr/local/share/licenses/qjail-1.0/catalog.mk=0A= X/usr/local/share/licenses/qjail-1.0/LICENSE=0A= X/usr/local/share/licenses/qjail-1.0/BSD=0A= X/usr/local/man/man8/qjail.8.gz=0A= X/usr/local/man/man8/qjail-intro.8.gz=0A= X/usr/local/man/man8/qjail.conf.8.gz=0A= X/usr/local/etc/qjail.conf.sample=0A= X/usr/local/etc/rc.d/jail2=0A= X/usr/local/etc/rc.d/qjail2=0A= X/usr/local/bin/qjail=0A= X/usr/local/share/examples/qjail/default/qjail.flavor=0A= X/usr/local/share/examples/qjail/default/etc/make.conf=0A= X/usr/local/share/examples/qjail/default/etc/periodic.conf=0A= X/usr/local/share/examples/qjail/default/etc/rc.conf=0A= X/usr/local/share/examples/qjail/default/usr/local/etc/sudoers=0A= X/usr/local/share/examples/qjail/nullmailer-example/qjail.flavor=0A= X/usr/local/share/examples/qjail/nullmailer-example/etc/rc.conf=0A= X/usr/local/share/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A= X/usr/local/share/examples/qjail/nullmailer-example/usr/local/etc/nullmai= ler/remotes=0A= X/usr/local/=0A= a6435676d92da9555e850d87f6b15048=0A= echo x - qjail/work/.PLIST.setuid=0A= sed 's/^X//' >qjail/work/.PLIST.setuid << = '39f5f53d8236297edbb5b94bcb1c9dad'=0A= 39f5f53d8236297edbb5b94bcb1c9dad=0A= echo x - qjail/work/.PLIST.writable=0A= sed 's/^X//' >qjail/work/.PLIST.writable << = 'ca5da2c93546689b73fc0703c9ad18dd'=0A= ca5da2c93546689b73fc0703c9ad18dd=0A= echo x - qjail/work/.PLIST.objdump=0A= sed 's/^X//' >qjail/work/.PLIST.objdump << = '46c3012526c3c712724071e90d0fb2c2'=0A= 46c3012526c3c712724071e90d0fb2c2=0A= echo x - qjail/work/.install_done.qjail._usr_local=0A= sed 's/^X//' >qjail/work/.install_done.qjail._usr_local << = '290191260a4c486e75f8bcd4e34cd198'=0A= 290191260a4c486e75f8bcd4e34cd198=0A= echo x - qjail/distinfo=0A= sed 's/^X//' >qjail/distinfo << 'd40ad96dbaed37de64038921d4ac07b1'=0A= XSHA256 (qjail-1.0.tar.bz2) =3D = d3f787490d80ee9ed5129ba7f55287a1267497472b177afac6a35aa5585029c7=0A= XSIZE (qjail-1.0.tar.bz2) =3D 41800=0A= d40ad96dbaed37de64038921d4ac07b1=0A= exit=0A= =0A= ------=_NextPart_000_0008_01CB94A0.20C60E40--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012052220.oB5MK7Fa036871>