Date: Mon, 22 Jul 2013 18:14:53 +0200 (CEST) From: "Julian H. Stacey" <jhs@berklix.com> To: FreeBSD-gnats-submit@freebsd.org Cc: Maintainer of ports/sysutils/ezjail <erdgeist@erdgeist.org> Subject: ports/180739: ports/sysutils/ezjail patch Message-ID: <201307221614.r6MGErgp011734@lapr.js.berklix.net> Resent-Message-ID: <201307221620.r6MGK1bq020046@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 180739 >Category: ports >Synopsis: ports/sysutils/ezjail patch >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jul 22 16:20:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Julian H. Stacey >Release: FreeBSD 9.1-RELEASE amd64 >Organization: http://www.berklix.com >Environment: System: FreeBSD lapr.js.berklix.net 9.1-RELEASE FreeBSD 9.1-RELEASE #3: Tue Apr 9 14:33:17 CEST 2013 jhs@lapr.js.berklix.net:/sys/amd64/compile/LAPR.small amd64 >Description: patch to fix ports/sysutils/ezjail Description private mailed to maintainer & S.O. >How-To-Repeat: >Fix: How To Repeat private mailed to maintainer & S.O. Patch appended, a later fix for more may appear at master copy: http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/gen/sysutils/ezjail/files/patch-bb.REL=ALL Applies to ports/sysutils/ezjail using ezjail-3.3 on current ports @ Mon Jul 22 15:53:40 CEST 2013 As well as applying the ports/ patch, it is reccomended that administrators with prisons hosting jails within, that were created by ports/sysutils/ezjail should: cd /usr/jails ; chmod o-rwx * ; chmod o+rx basejail (Administrators & users of jails do not need to do anything). I suggest port Maintainer should also modify permissions with which /usr/jails/newjail gets installed (with an o-rwx), as those permissions get inherited by "ezjail-admin create" (& fixed by patch below). (Sorry, no time to also do that currently, as about to travel) Explanatory notes privately mailed to: "Maintainer of ports/sysutils/ezjail" <erdgeist@erdgeist.org>, & S O *** ezjail-admin.orig Mon Jul 22 14:47:30 2013 --- ezjail-admin Mon Jul 22 14:57:02 2013 *************** *** 645,650 **** --- 645,651 ---- newfs -U "/dev/${ezjail_device}" || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}." # Create mount point and mount mkdir -p "${ezjail_rootdir}" || detach_images || exerr "Error: Could not create jail root mount point ${ezjail_rootdir}." + chmod o-rwx ${ezjail_rootdir} mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}." else if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then *************** *** 660,665 **** --- 662,668 ---- ezjail_makeabsolute ezjail_fromarchive [ "${ezjail_fromarchive}" = "-" ] && unset ezjail_archive_opt || ezjail_archive_opt="-f ${ezjail_fromarchive}" mkdir -p "${ezjail_rootdir}" && cd "${ezjail_rootdir}" && pax -rz -pe ${ezjail_archive_opt} -s:^ezjail:.: ezjail/* + chmod o-rwx ${ezjail_rootdir} [ $? -eq 0 ] || detach_images || exerr "Error: Could not extract archive from ${ezjail_fromarchive}." elif [ -z "${ezjail_exists}" ]; then # now take a copy of our template jail *************** *** 671,676 **** --- 675,681 ---- /sbin/zfs destroy ${ezjail_jailzfs}/newjail@_createnewjailtmp else mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null + chmod o-rwx ${ezjail_rootdir} fi [ $? -eq 0 ] || detach_images || exerr "Error: Could not copy template jail." >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307221614.r6MGErgp011734>