From owner-svn-src-stable@freebsd.org Thu Dec 31 01:24:17 2015 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD962A56B68; Thu, 31 Dec 2015 01:24:17 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9E12D1185; Thu, 31 Dec 2015 01:24:17 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBV1OGFn095314; Thu, 31 Dec 2015 01:24:16 GMT (envelope-from jamie@FreeBSD.org) Received: (from jamie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBV1OGSw095313; Thu, 31 Dec 2015 01:24:16 GMT (envelope-from jamie@FreeBSD.org) Message-Id: <201512310124.tBV1OGSw095313@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jamie set sender to jamie@FreeBSD.org using -f From: Jamie Gritton Date: Thu, 31 Dec 2015 01:24:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r292967 - stable/10/etc/rc.d X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Dec 2015 01:24:18 -0000 Author: jamie Date: Thu Dec 31 01:24:16 2015 New Revision: 292967 URL: https://svnweb.freebsd.org/changeset/base/292967 Log: MFC r292759: Let old-style (shell-based) jail configuration handle jail names that contain characters not allowed in a shell variable (such as "-"). These will be replaced by an underscore in jail config variables, e.g. for jail "foo-bar" you would set "jail_foo_bar_hostname". This is separate from the current code that changes the jail names if they contain "." or "/". It also doesn't apply to jails defined in a jail.conf file. PR: 191181 Modified: stable/10/etc/rc.d/jail Directory Properties: stable/10/ (props changed) Modified: stable/10/etc/rc.d/jail ============================================================================== --- stable/10/etc/rc.d/jail Wed Dec 30 23:27:24 2015 (r292966) +++ stable/10/etc/rc.d/jail Thu Dec 31 01:24:16 2015 (r292967) @@ -28,16 +28,16 @@ extra_commands="config console status" need_dad_wait= -# extract_var jail name param num defval -# Extract value from ${jail_$jail_$name} or ${jail_$name} and +# extract_var jv name param num defval +# Extract value from ${jail_$jv_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. -# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and +# When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and # $param is set by using +=. # When $num is YN or NY, the value is interpret as boolean. extract_var() { - local i _j _name _param _num _def _name1 _name2 - _j=$1 + local i _jv _name _param _num _def _name1 _name2 + _jv=$1 _name=$2 _param=$3 _num=$4 @@ -45,7 +45,7 @@ extract_var() case $_num in YN) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then @@ -55,7 +55,7 @@ extract_var() fi ;; NY) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then @@ -67,7 +67,7 @@ extract_var() [0-9]*) i=$_num while : ; do - _name1=jail_${_j}_${_name}${i} + _name1=jail_${_jv}_${_name}${i} _name2=jail_${_name}${i} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then @@ -79,7 +79,7 @@ extract_var() done ;; *) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then @@ -89,22 +89,23 @@ extract_var() esac } -# parse_options _j +# parse_options _j _jv # Parse options and create a temporary configuration file if necessary. # parse_options() { - local _j _p + local _j _jv _p _j=$1 + _jv=$2 _confwarn=0 if [ -z "$_j" ]; then warn "parse_options: you must specify a jail" return fi - eval _jconf=\"\${jail_${_j}_conf:-/etc/jail.${_j}.conf}\" - eval _rootdir=\"\$jail_${_j}_rootdir\" - eval _hostname=\"\$jail_${_j}_hostname\" + eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\" + eval _rootdir=\"\$jail_${_jv}_rootdir\" + eval _hostname=\"\$jail_${_jv}_hostname\" if [ -z "$_rootdir" -o \ -z "$_hostname" ]; then if [ -r "$_jconf" ]; then @@ -120,7 +121,7 @@ parse_options() fi return 1 fi - eval _ip=\"\$jail_${_j}_ip\" + eval _ip=\"\$jail_${_jv}_ip\" if [ -z "$_ip" ] && ! check_kern_features vimage; then warn "no ipaddress specified and no vimage support. " \ "Jail $_j was ignored." @@ -138,10 +139,10 @@ parse_options() fi /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 - eval : \${jail_${_j}_flags:=${jail_flags}} - eval _exec=\"\$jail_${_j}_exec\" - eval _exec_start=\"\$jail_${_j}_exec_start\" - eval _exec_stop=\"\$jail_${_j}_exec_stop\" + eval : \${jail_${_jv}_flags:=${jail_flags}} + eval _exec=\"\$jail_${_jv}_exec\" + eval _exec_start=\"\$jail_${_jv}_exec_start\" + eval _exec_stop=\"\$jail_${_jv}_exec_stop\" if [ -n "${_exec}" ]; then # simple/backward-compatible execution _exec_start="${_exec}" @@ -155,20 +156,20 @@ parse_options() fi fi fi - eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" - eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\" - eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" + eval _interface=\"\${jail_${_jv}_interface:-${jail_interface}}\" + eval _parameters=\"\${jail_${_jv}_parameters:-${jail_parameters}}\" + eval _fstab=\"\${jail_${_jv}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" ( date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S" echo "$_j {" - extract_var $_j hostname host.hostname - "" - extract_var $_j rootdir path - "" + extract_var $_jv hostname host.hostname - "" + extract_var $_jv rootdir path - "" if [ -n "$_ip" ]; then - extract_var $_j interface interface - "" + extract_var $_jv interface interface - "" jail_handle_ips_option $_ip $_interface alias=0 while : ; do - eval _x=\"\$jail_${_j}_ip_multi${alias}\" + eval _x=\"\$jail_${_jv}_ip_multi${alias}\" [ -z "$_x" ] && break jail_handle_ips_option $_x $_interface @@ -184,37 +185,37 @@ parse_options() ;; esac # These are applicable only to non-vimage jails. - extract_var $_j fib exec.fib - "" - extract_var $_j socket_unixiproute_only \ + extract_var $_jv fib exec.fib - "" + extract_var $_jv socket_unixiproute_only \ allow.raw_sockets NY YES else echo " vnet;" - extract_var $_j vnet_interface vnet.interface - "" + extract_var $_jv vnet_interface vnet.interface - "" fi echo " exec.clean;" echo " exec.system_user = \"root\";" echo " exec.jail_user = \"root\";" - extract_var $_j exec_prestart exec.prestart 0 "" - extract_var $_j exec_poststart exec.poststart 0 "" - extract_var $_j exec_prestop exec.prestop 0 "" - extract_var $_j exec_poststop exec.poststop 0 "" + extract_var $_jv exec_prestart exec.prestart 0 "" + extract_var $_jv exec_poststart exec.poststart 0 "" + extract_var $_jv exec_prestop exec.prestop 0 "" + extract_var $_jv exec_poststop exec.poststop 0 "" echo " exec.start += \"$_exec_start\";" - extract_var $_j exec_afterstart exec.start 1 "" + extract_var $_jv exec_afterstart exec.start 1 "" echo " exec.stop = \"$_exec_stop\";" - extract_var $_j consolelog exec.consolelog - \ + extract_var $_jv consolelog exec.consolelog - \ /var/log/jail_${_j}_console.log if [ -r $_fstab ]; then echo " mount.fstab = \"$_fstab\";" fi - eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}} - if checkyesno jail_${_j}_devfs_enable; then + eval : \${jail_${_jv}_devfs_enable:=${jail_devfs_enable:-NO}} + if checkyesno jail_${_jv}_devfs_enable; then echo " mount.devfs;" - eval _ruleset=\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}} + eval _ruleset=\${jail_${_jv}_devfs_ruleset:-${jail_devfs_ruleset}} case $_ruleset in "") ;; [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; @@ -227,22 +228,22 @@ parse_options() *) warn "devfs_ruleset must be an integer." ;; esac fi - eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} - if checkyesno jail_${_j}_fdescfs_enable; then + eval : \${jail_${_jv}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} + if checkyesno jail_${_jv}_fdescfs_enable; then echo " mount.fdescfs;" fi - eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} - if checkyesno jail_${_j}_procfs_enable; then + eval : \${jail_${_jv}_procfs_enable:=${jail_procfs_enable:-NO}} + if checkyesno jail_${_jv}_procfs_enable; then echo " mount.procfs;" fi - eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} - if checkyesno jail_${_j}_mount_enable; then + eval : \${jail_${_jv}_mount_enable:=${jail_mount_enable:-NO}} + if checkyesno jail_${_jv}_mount_enable; then echo " allow.mount;" >> $_conf fi - extract_var $_j set_hostname_allow allow.set_hostname YN NO - extract_var $_j sysvipc_allow allow.sysvipc YN NO + extract_var $_jv set_hostname_allow allow.set_hostname YN NO + extract_var $_jv sysvipc_allow allow.sysvipc YN NO for _p in $_parameters; do echo " ${_p%\;};" done @@ -380,14 +381,15 @@ jail_handle_ips_option() jail_config() { - local _j + local _j _jv case $1 in _ALL) return ;; esac for _j in $@; do _j=$(echo $_j | tr /. _) - if parse_options $_j; then + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + if parse_options $_j $_jv; then echo "$_j: parameters are in $_conf." fi done @@ -395,7 +397,7 @@ jail_config() jail_console() { - local _j _cmd + local _j _jv _cmd # One argument that is not _ALL. case $#:$1 in @@ -403,9 +405,10 @@ jail_console() 1:*) ;; esac _j=$(echo $1 | tr /. _) + _jv=$(echo -n $1 | tr -c '[:alnum:]' _) shift case $# in - 0) eval _cmd=\${jail_${_j}_consolecmd:-$jail_consolecmd} ;; + 0) eval _cmd=\${jail_${_jv}_consolecmd:-$jail_consolecmd} ;; *) _cmd=$@ ;; esac $jail_jexec $_j $_cmd @@ -419,7 +422,7 @@ jail_status() jail_start() { - local _j _jid _jl _id _name + local _j _jv _jid _jl _id _name if [ $# = 0 ]; then return @@ -452,11 +455,12 @@ jail_start() _jl= for _j in $@; do _j=$(echo $_j | tr /. _) - parse_options $_j || continue + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + parse_options $_j $_jv || continue _jl="$_jl $_j" - eval rc_flags=\${jail_${_j}_flags:-$jail_flags} - eval command=\${jail_${_j}_program:-$jail_program} + eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} + eval command=\${jail_${_jv}_program:-$jail_program} command_args="-i -f $_conf -c $_j" $command $rc_flags $command_args \ >/dev/null 2>&1 /dev/null 2>&1; then continue fi - eval command=\${jail_${_j}_program:-$jail_program} + eval command=\${jail_${_jv}_program:-$jail_program} echo -n " ${_hostname:-${_j}}" _tmp=`mktemp -t jail` || exit 3 $command -q -f $_conf -r $_j >> $_tmp 2>&1