jail

Valery V.Smirnov Thu, 03 Feb 2011 05:10:33 -0800

Yes, please.

Sorry for double sent.


On Thu, 3 Feb 2011 12:36:05 GMT, lini...@freebsd.org wrote:

Synopsis: [patch] request for new functionality. jail zfs dataset on
jail start up by /etc/rc.d/jail

State-Changed-From-To: open->feedback
State-Changed-By: linimon
State-Changed-When: Thu Feb 3 12:35:46 UTC 2011
State-Changed-Why:
sorry, looks like the patch got stripped.  Can you re-send?

http://www.freebsd.org/cgi/query-pr.cgi?pr=154484


--
Best regards
mailto: freebsd...@smirnov.tv
Valery V.Smirnov

*** jail	Wed Feb  2 12:53:32 2011
--- jail.updated	Thu Feb  3 12:44:25 2011
***************
*** 1,7 ****
  #!/bin/sh
  #
! # $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.6.1 2010/12/21 17:09:25 kensmith Exp $
  #
  
  # PROVIDE: jail
  # REQUIRE: LOGIN cleanvar
--- 1,16 ----
  #!/bin/sh
  #
! # $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.6.2 2011/02/03 11:30:25 kensmith Exp $
! #	patched by sudosu
  #
+ # COMMENT: The goal of thish patch is 2 options in rc.conf:
+ # jail_zfsdataset= 		Maybe zfs dataset, which you like to use with
+ #				jiled=on option. Only one dataset define is
+ #				possible.
+ # jail_example_zfsdataset=	Boolean value, maybe YES or NONE. This option
+ #				defines if jail use zfs dataset, or no. Enabling
+ #				check if dataset exists and jail it. Dataset 
+ #				maybe only $jail_zfsdataset/$jail_name.
  
  # PROVIDE: jail
  # REQUIRE: LOGIN cleanvar
***************
*** 21,26 ****
--- 30,37 ----
  start_cmd="jail_start"
  stop_cmd="jail_stop"
  
+ jail_zfsdataset=${jail_zfsdataset:-"NONE"}
+ 
  # init_variables _j
  #	Initialize the various jail variables for jail _j.
  #
***************
*** 41,46 ****
--- 52,64 ----
  	eval _ip=\"\$jail_${_j}_ip\"
  	eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
  	eval _exec=\"\$jail_${_j}_exec\"
+ 	eval _zfsdataset=\"\$jail_${_j}_zfsdataset\"
+ 
+ 	if [ "$_zfsdataset" = "YES" ]; then
+ 		jail_check_zfsdataset $_j
+ 	else
+ 		_zfsdataset="NONE"
+ 	fi	
  
  	i=0
  	while : ; do
***************
*** 276,282 ****
  	fi
  }
  
- 
  # jail_umount_fs
  #	This function unmounts certain special filesystems in the
  #	currently selected jail. The caller must call the init_variables()
--- 294,299 ----
***************
*** 343,348 ****
--- 360,431 ----
  	mount -a -F "${_fstab}"
  }
  
+ # jail_check_zfsdataset
+ #	Check if ZFS Dataset is exists and usable within jails. Per
+ #	jail and global.
+ #
+ jail_check_zfsdataset()
+ {
+ 	local _domain
+ 
+ 	_domain="$1"
+ 
+ 	if [ "$_domain" = "global" ]; then
+ 		if [ "$jail_zfsdataset" = "NONE" ]; then
+ 			info " No ZFS Dataset defined to use within jails."
+ 			return
+ 		else
+ 			info " ZFS Dataset \"$jail_zfsdataset\" is defined to use within jails."
+ 		fi
+ 	fi
+ 
+ 	# Check if dataset is exists
+ 	#
+ 
+ 	if [ "$_domain" = "global" ]; then
+ 		zfsdataset_exists=$(/sbin/zfs list | /usr/bin/grep ${jail_zfsdataset})
+ 
+ 		if [ ! "$zfsdataset_exists" ]; then
+ 			info "Global: ZFS Dataset ${jail_zfsdataset} is not exists."
+ 			jail_zfsdataset="NONE"
+ 			return
+ 		fi
+ 	else 
+ 		zfsdataset_exists=$(/sbin/zfs list | /usr/bin/grep "${jail_zfsdataset}/$_domain")
+ 
+ 		if [ ! "$zfsdataset_exists" ]; then
+ 			info "Jail _$domain: ZFS Dataset ${jail_zfsdataset}/$_domain is not exists."
+ 			_zfsdataset="NONE"
+ 			return
+ 		else
+ 			_zfsdataset="${jail_zfsdataset}/$_domain"
+ 			info "jail $_domain: ZFS Dataset ${jail_zfsdataset}/$_domain"
+ 			return
+ 		fi
+ 	fi
+ 
+ 	# Check if dataset is jailed
+ 	#
+ 	if [ "$_domain" = "global" ]; then
+ 		zfsdataset_jailed=$(/sbin/zfs get jailed ${jail_zfsdataset} | /usr/bin/grep "${jail_zfsdataset}" | /usr/bin/awk {'print $3'})
+ 
+ 		if [ "$zfsdataset_jailed" = "off" ]; then
+ 			info "ZFS Dataset ${jail_zfsdataset} is not jailed and may not to be used within jails."
+ 			info "You should exec \"zfs set jaled=on ${jail_zfsdataset}\" to jailed it"
+ 			jail_zfsdataset="NONE"
+ 			return
+ 		fi
+ 	fi
+ }
+ 
+ 
+ # jail_zfsdataset_jail
+ #	Jail zfs datasets by JID per jail
+ #
+ jail_zfsdataset_jail()
+ {
+ }
+ 
  # jail_show_addresses jail
  #	Debug print the input for the given _multi aliases
  #	for a jail for init_variables().
***************
*** 554,559 ****
--- 637,643 ----
  	    security.jail.socket_unixiproute_only unixiproute_only
  	set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \
  	    sysvipc_allow
+ 	jail_check_zfsdataset global
  	echo '.'
  
  	echo -n 'Starting jails:'
***************
*** 656,661 ****
--- 740,748 ----
  			tail +2 ${_tmp_jail} >${_consolelog}
  			echo ${_jail_id} > /var/run/jail_${_jail}.id
  
+ 			if [ "$_zfsdataset" != "NONE" ]; then
+ 				/sbin/zfs jail ${_jail_id} $_zfsdataset
+ 			fi
  			i=0
  			while : ; do
  				eval out=\"\${_exec_poststart${i}:-''}\"
***************
*** 684,689 ****
--- 771,779 ----
  			_jail_id=$(cat /var/run/jail_${_jail}.id)
  			if [ ! -z "${_jail_id}" ]; then
  				init_variables $_jail
+ 				if [ "$_zfsdataset" != "NONE" ]; then
+ 					/sbin/zfs unjail ${_jail_id} $_zfsdataset
+ 				fi
  
  				i=0
  				while : ; do

_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Re: conf/154484: [patch] request for new functionality. jail zfs dataset on jail start up by /etc/rc.d/jail

Reply via email to