PERFORCE change 123081 for review

Xin LI delphij at FreeBSD.org
Sun Jul 8 02:31:50 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=123081

Change 123081 by delphij at charlie on 2007/07/08 02:31:13

	skeljail - make use of nullfs(5) to simplify jail creation and
	management.

Affected files ...

.. //depot/projects/delphij_fork/Makefile#2 edit
.. //depot/projects/delphij_fork/Makefile.inc1#2 edit
.. //depot/projects/delphij_fork/etc/defaults/rc.conf#2 edit
.. //depot/projects/delphij_fork/etc/rc.d/jail#2 edit

Differences ...

==== //depot/projects/delphij_fork/Makefile#2 (text+ko) ====

@@ -9,6 +9,8 @@
 #                       upgrades.
 # installworld        - Install everything built by "buildworld".
 # world               - buildworld + installworld, no kernel.
+# installskel         - Install directory structure and minimal set of files
+#                       which is suitable for a skeleton jail.
 # buildkernel         - Rebuild the kernel and the kernel-modules.
 # installkernel       - Install the kernel and the kernel-modules.
 # installkernel.debug
@@ -82,6 +84,7 @@
 	depend distribute distributeworld distrib-dirs distribution doxygen \
 	everything hierarchy install installcheck installkernel \
 	installkernel.debug reinstallkernel reinstallkernel.debug \
+	installskel \
 	installworld kernel-toolchain libraries lint maninstall \
 	obj objlink regress rerelease showconfig tags toolchain update \
 	_worldtmp _legacy _bootstrap-tools _cleanobj _obj \
@@ -93,6 +96,7 @@
 BITGTS:=${BITGTS} ${BITGTS:S/^/build/} ${BITGTS:S/^/install/}
 TGTS+=	${BITGTS}
 
+.ORDER: buildworld installskel
 .ORDER: buildworld installworld
 .ORDER: buildworld distributeworld
 .ORDER: buildworld buildkernel

==== //depot/projects/delphij_fork/Makefile.inc1#2 (text+ko) ====

@@ -586,6 +586,17 @@
 	${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}
 	rm -rf ${INSTALLTMP}
 
+# installskel
+#
+# Installs a minimum set of files that can support a mini-jail
+#
+installskel:
+	@echo "--------------------------------------------------------------"
+	@echo ">>> Making installskel"
+	@echo "--------------------------------------------------------------"
+	{_+_}cd ${.CURDIR}; ${MAKE} hierarchy
+	{_+_}cd ${.CURDIR}/etc; ${MAKE} distribution
+
 #
 # reinstall
 #

==== //depot/projects/delphij_fork/etc/defaults/rc.conf#2 (text+ko) ====

@@ -23,6 +23,15 @@
 
 rc_debug="NO"		# Set to YES to enable debugging output from rc.d
 rc_info="NO"		# Enables display of informational messages at boot.
+rc_fancy="NO"		# Enables fancy messages for rc scripts. YES|NO|COLOR
+rc_fancy_verbose="YES"	# Enables fancy boot messages on system rc scripts
+rc_fancy_msg_failed="FAILED"	# Sets fancy word for 'failed' script.
+rc_fancy_msg_error="ERROR"	# Sets fancy word for scripts that errored.
+rc_fancy_msg_skipped="SKIPPED"	# Sets fancy word for scripts skipped.
+rc_fancy_msg_ok="OK"		# Sets fancy word for scripts that started ok.
+rc_fancy_msg_width="8"		# Max width for fancy message.
+rc_fancy_cols="80"		# Default columns on display
+
 rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
 early_late_divider="FILESYSTEMS"	# Script that separates early/late
 			# stages of the boot process.  Make sure you know
@@ -570,6 +579,7 @@
 ### Jail Configuration #######################################
 ##############################################################
 jail_enable="NO"	# Set to NO to disable starting of any jails
+jail_skel_enable="NO"	# Set to NO to disable skeleton jail by default
 jail_list=""		# Space separated list of names of jails
 jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
 jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
@@ -599,6 +609,11 @@
 #jail_example_devfs_ruleset="ruleset_name"	# devfs ruleset to apply to jail
 #jail_example_fstab=""				# fstab(5) for mount/umount
 #jail_example_flags="-l -U root"		# flags for jail(8)
+#jail_example_skel_enable="NO"			# Whether to use skeleton jail
+#jail_example_skel_root="/"			# Mount jail from this template
+#jail_example_skel_romounts="bin sbin lib libexec usr/bin usr/sbin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/ports"					# Mount these directories read-only into jail
+#jail_example_skel_rwmounts=""			# Mount these directories read-write into jail
+
 
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##

==== //depot/projects/delphij_fork/etc/rc.d/jail#2 (text+ko) ====

@@ -78,6 +78,16 @@
 	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
 	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
 
+	# Default settings for skel jail
+	eval _skel_enable=\"\${jail_${_j}_skel_enable:-${jail_skel_enable}}\"
+	[ -z "${_skel_enable}" ] && _skel_enable="NO"
+	eval _skel_root=\"\${jail_${_j}_skel_root:-${jail_skel_root}}\"
+	[ -z "${_skel_root}" ] && _skel_root="/"
+	eval _skel_romounts=\"\${jail_${_j}_skel_romounts:-${jail_skel_romounts}}\"
+	[ -z "${_skel_romounts}" ] && _skel_romounts="bin sbin lib libexec usr/bin usr/sbin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share"
+	eval _skel_rwmounts=\"\${jail_${_j}_skel_rwmounts:-${jail_skel_rwmounts}}\"
+	[ -z "${_skel_rwmounts}" ] && _skel_rwmounts="usr/ports"
+
 	# Debugging aid
 	#
 	debug "$_j devfs enable: $_devfs"
@@ -111,6 +121,10 @@
 	debug "$_j exec stop: $_exec_stop"
 	debug "$_j flags: $_flags"
 	debug "$_j consolelog: $_consolelog"
+	debug "$_j skel enable: $_skel_enable"
+	debug "$_j skel mount-readonly: $_skel_romounts"
+	debug "$_j skel mount-readwrite: $_skel_rwmounts"
+	debug "$_j skel mount skeleton from: $_skel_root"
 
 	if [ -z "${_hostname}" ]; then
 		err 3 "$name: No hostname has been defined for ${_j}"
@@ -236,6 +250,14 @@
 			secure_umount ${_mountpt}
 		done
 	fi
+	if checkyesno _skel_enable; then
+		for _mntpt in ${_skel_romounts} ${_skel_rwmounts}
+		do
+			if [ -d "${_rootdir}/${_mntpt}" ] ; then
+				umount -f ${_rootdir}/${_mntpt} > /dev/null 2>&1
+			fi
+		done
+	fi
 }
 
 # jail_mount_fstab()
@@ -298,6 +320,17 @@
 			fi
 			jail_mount_fstab
 		fi
+		if checkyesno _skel_enable; then
+			info "Mounting skeleton for jail ${_jail} from ${_skel_root}"
+			for _mntpt in $_skel_romounts
+			do
+				mount_nullfs -ordonly ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1
+			done
+			for _mntpt in $_skel_rwmounts
+			do
+				mount_nullfs ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1
+			done
+		fi
 		if checkyesno _devfs; then
 			# If devfs is already mounted here, skip it.
 			df -t devfs "${_devdir}" >/dev/null

More information about the p4-projects mailing list