Date: Wed, 22 Feb 2023 18:24:48 GMT From: Gleb Popov <arrowd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 44b00ffe5fb0 - main - ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services. Message-ID: <202302221824.31MIOmTt058239@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by arrowd: URL: https://cgit.FreeBSD.org/ports/commit/?id=44b00ffe5fb01943fb830ebcc58d933593c7a0cb commit 44b00ffe5fb01943fb830ebcc58d933593c7a0cb Author: Gleb Popov <arrowd@FreeBSD.org> AuthorDate: 2023-02-05 21:02:43 +0000 Commit: Gleb Popov <arrowd@FreeBSD.org> CommitDate: 2023-02-22 18:24:43 +0000 ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services. This library follows the declarative style of Ports Makefiles - as much as possible functionality is implemented as knobs. Differential Revision: https://reviews.freebsd.org/D38394 --- ports-mgmt/Makefile | 1 + ports-mgmt/rc-subr-jail/Makefile | 24 ++++++ ports-mgmt/rc-subr-jail/distinfo | 1 + ports-mgmt/rc-subr-jail/files/rc.subr.jail | 129 +++++++++++++++++++++++++++++ ports-mgmt/rc-subr-jail/pkg-descr | 3 + 5 files changed, 158 insertions(+) diff --git a/ports-mgmt/Makefile b/ports-mgmt/Makefile index 25aca9847b2d..1a2f123dc7d3 100644 --- a/ports-mgmt/Makefile +++ b/ports-mgmt/Makefile @@ -72,6 +72,7 @@ SUBDIR += py-FreeBSD-ports SUBDIR += py-pytoport SUBDIR += py-skog + SUBDIR += rc-subr-jail SUBDIR += reprise SUBDIR += sccache-overlay SUBDIR += synth diff --git a/ports-mgmt/rc-subr-jail/Makefile b/ports-mgmt/rc-subr-jail/Makefile new file mode 100644 index 000000000000..40bca73902ef --- /dev/null +++ b/ports-mgmt/rc-subr-jail/Makefile @@ -0,0 +1,24 @@ +PORTNAME= rc-subr-jail +PORTVERSION= 1 +CATEGORIES= ports-mgmt +MASTER_SITES= # +DISTFILES= # +EXTRACT_ONLY= # + +MAINTAINER= arrowd@FreeBSD.org +COMMENT= Shell library to help writing RC scripts with jail support +WWW= https://cgit.freebsd.org/ports/tree/ports-mgmt/rc-subr-jail + +LICENSE= BSD3CLAUSE + +NO_ARCH= yes +NO_BUILD= yes +NO_MTREE= yes + +PLIST_FILES= share/rc-subr-jail/rc.subr.jail + +do-install: + @${MKDIR} ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${PATCHDIR}/rc.subr.jail ${STAGEDIR}${DATADIR}/rc.subr.jail + +.include <bsd.port.mk> diff --git a/ports-mgmt/rc-subr-jail/distinfo b/ports-mgmt/rc-subr-jail/distinfo new file mode 100644 index 000000000000..fc4b159bbb3d --- /dev/null +++ b/ports-mgmt/rc-subr-jail/distinfo @@ -0,0 +1 @@ +TIMESTAMP = 1675627821 diff --git a/ports-mgmt/rc-subr-jail/files/rc.subr.jail b/ports-mgmt/rc-subr-jail/files/rc.subr.jail new file mode 100644 index 000000000000..8dc5271405b3 --- /dev/null +++ b/ports-mgmt/rc-subr-jail/files/rc.subr.jail @@ -0,0 +1,129 @@ +# This file can be included in the RC script by adding following line: +# . %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail + +# The behavior of routines defined in this file are affected by the following +# global variables, which can be used in the same manner as Makefile knobs: + +# jail_copy_resolv_conf +# set this to "yes" to copy /etc/resolv.conf file into the jail being created + +# jail_copy_services +# set this to "yes" to copy /etc/services file into the jail being created + +# jail_copy_programs +# set this to a list of binaries, which should be copied into /bin directory +# of the jail. Dynamic libraries required by each program will be placed into +# the /lib directory of the jail + +# jail_mount_devfs +# set this to "yes" to mount a devfs filesystem under the /dev directory of the +# jail + +# jail_ip_inherit +# set this to "yes" to make "ip4=inherit" and "ip6=inherit" arguments to be +# passed to the jail + +# jail_prepare_inside_cmds +# set this to the shell command that will be run before starting the jail +# commands are run after changing directory into the jail's root + +# jail_nullfs_mounts +# set this to a list of triplets of "src_dir dst_dir opts" that will be passed +# to mount_nullfs +# make sure to pass either "ro" or "rw" as "opts" value + + +# prepare_jail jroot +# sets $jail_prepared_args that can be used in jail(4) invocation +# intended to be run during "start" command +prepare_jail() +{ + local jroot jargs + jroot="$1" + jargs="-c path=${jroot} " + + destroy_jail "$jroot" 2> /dev/null + + mkdir -p "$jroot" + + if [ "$jail_copy_resolv_conf" = "yes" ]; then + mkdir -p "$jroot/etc" + cp /etc/resolv.conf "$jroot/etc" + fi + if [ "$jail_copy_services" = "yes" ]; then + mkdir -p "$jroot/etc" + cp /etc/services "$jroot/etc" + fi + + local _prog _interp + for _prog in $jail_copy_programs; do + mkdir -p "$jroot/bin" + mkdir -p "$jroot/lib" + + cp "$_prog" "$jroot/bin" + ldd "$_prog" 2> /dev/null | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jroot}/lib/" + + _interp=$(file "$_prog" | grep -o '/libexec/ld-elf.so[0-9\.]*') + if [ "$_interp" ]; then + mkdir "$jroot/libexec" + cp "$_interp" "$jroot/libexec/" + fi + done + + if [ "$jail_mount_devfs" = "yes" ]; then + mkdir -p "$jroot/dev" + jargs="$jargs mount.devfs " + fi + if [ "$jail_ip_inherit" = "yes" ]; then + + if check_kern_features inet; then + jargs="$jargs ip4=inherit " + fi + if check_kern_features inet6; then + jargs="$jargs ip6=inherit " + fi + fi + + if [ "$jail_nullfs_mounts" ]; then + local _mnt_line + echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do + local _src _dst _opts + _src=$(echo "$_mnt_line" | awk '{print $1}') + _dst=$(echo "$_mnt_line" | awk '{print $2}') + _opts=$(echo "$_mnt_line" | awk '{print $3}') + mkdir -p "$_dst" + mount_nullfs -o "$_opts" "$_src" "$_dst" + done + fi + + if [ "$jail_prepare_inside_cmds" ]; then + /bin/sh -c "cd \"$jroot\" && $jail_prepare_inside_cmds" + fi + + jail_prepared_args=$jargs +} + +# destroy_jail jail_root +# cleans up the jail, unmounts all filesystems and finally removes jail_root +# intended to be run during both "stop" and "start" commands +destroy_jail() +{ + local jroot + jroot="$1" + + if [ "$jail_mount_devfs" ]; then + rmdir "$jroot/dev" + fi + + if [ "$jail_nullfs_mounts" ]; then + local _mnt_line + echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do + local _dst + _dst=$(echo "$_mnt_line" | awk '{print $2}') + umount "$_dst" + rmdir "$_dst" + done + fi + + rm -rf "$jroot" +} diff --git a/ports-mgmt/rc-subr-jail/pkg-descr b/ports-mgmt/rc-subr-jail/pkg-descr new file mode 100644 index 000000000000..e0f5cdccfe9a --- /dev/null +++ b/ports-mgmt/rc-subr-jail/pkg-descr @@ -0,0 +1,3 @@ +This port install a shell source intended to be included by rc scripts that +want to run services inside a jail. +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302221824.31MIOmTt058239>