ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services.

This library follows the declarative style of Ports Makefiles - as much as possible functionality is implemented as knobs. Differential Revision: https://reviews.freebsd.org/D38394
2024-10-18 19:49:40 +00:00 · 2023-02-06 00:02:43 +03:00 · 2023-02-06 00:02:43 +03:00 · 44b00ffe5f
commit 44b00ffe5f
parent 0966f577e7
5 changed files with 158 additions and 0 deletions
--- a/ports-mgmt/Makefile
+++ b/ports-mgmt/Makefile
@ -72,6 +72,7 @@
    SUBDIR += py-FreeBSD-ports
    SUBDIR += py-pytoport
    SUBDIR += py-skog
+    SUBDIR += rc-subr-jail
    SUBDIR += reprise
    SUBDIR += sccache-overlay
    SUBDIR += synth
--- a/ports-mgmt/rc-subr-jail/Makefile
+++ b/ports-mgmt/rc-subr-jail/Makefile
@ -0,0 +1,24 @@
+PORTNAME=	rc-subr-jail
+PORTVERSION=	1
+CATEGORIES=	ports-mgmt
+MASTER_SITES=	#
+DISTFILES=	#
+EXTRACT_ONLY=	#
+
+MAINTAINER=	arrowd@FreeBSD.org
+COMMENT=	Shell library to help writing RC scripts with jail support
+WWW=		https://cgit.freebsd.org/ports/tree/ports-mgmt/rc-subr-jail
+
+LICENSE=	BSD3CLAUSE
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+NO_MTREE=	yes
+
+PLIST_FILES=	share/rc-subr-jail/rc.subr.jail
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${PATCHDIR}/rc.subr.jail ${STAGEDIR}${DATADIR}/rc.subr.jail
+
+.include <bsd.port.mk>
--- a/ports-mgmt/rc-subr-jail/distinfo
+++ b/ports-mgmt/rc-subr-jail/distinfo
@ -0,0 +1 @@
+TIMESTAMP = 1675627821
--- a/ports-mgmt/rc-subr-jail/files/rc.subr.jail
+++ b/ports-mgmt/rc-subr-jail/files/rc.subr.jail
@ -0,0 +1,129 @@
+# This file can be included in the RC script by adding following line:
+# . %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail
+
+# The behavior of routines defined in this file are affected by the following
+# global variables, which can be used in the same manner as Makefile knobs:
+
+# jail_copy_resolv_conf
+# set this to "yes" to copy /etc/resolv.conf file into the jail being created
+
+# jail_copy_services
+# set this to "yes" to copy /etc/services file into the jail being created
+
+# jail_copy_programs
+# set this to a list of binaries, which should be copied into /bin directory
+# of the jail. Dynamic libraries required by each program will be placed into
+# the /lib directory of the jail
+
+# jail_mount_devfs
+# set this to "yes" to mount a devfs filesystem under the /dev directory of the
+# jail
+
+# jail_ip_inherit
+# set this to "yes" to make "ip4=inherit" and "ip6=inherit" arguments to be
+# passed to the jail
+
+# jail_prepare_inside_cmds
+# set this to the shell command that will be run before starting the jail
+# commands are run after changing directory into the jail's root
+
+# jail_nullfs_mounts
+# set this to a list of triplets of "src_dir dst_dir opts" that will be passed
+# to mount_nullfs
+# make sure to pass either "ro" or "rw" as "opts" value
+
+
+# prepare_jail jroot
+# sets $jail_prepared_args that can be used in jail(4) invocation
+# intended to be run during "start" command
+prepare_jail()
+{
+    local jroot jargs
+    jroot="$1"
+    jargs="-c path=${jroot} "
+
+    destroy_jail "$jroot" 2> /dev/null
+
+    mkdir -p "$jroot"
+
+    if [ "$jail_copy_resolv_conf" = "yes" ]; then
+        mkdir -p "$jroot/etc"
+        cp /etc/resolv.conf "$jroot/etc"
+    fi
+    if [ "$jail_copy_services" = "yes" ]; then
+        mkdir -p "$jroot/etc"
+        cp /etc/services "$jroot/etc"
+    fi
+
+    local  _prog _interp
+    for _prog in $jail_copy_programs; do
+        mkdir -p "$jroot/bin"
+        mkdir -p "$jroot/lib"
+
+        cp "$_prog" "$jroot/bin"
+        ldd "$_prog" 2> /dev/null | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jroot}/lib/"
+
+        _interp=$(file "$_prog" | grep -o '/libexec/ld-elf.so[0-9\.]*')
+        if [ "$_interp" ]; then
+            mkdir "$jroot/libexec"
+            cp "$_interp" "$jroot/libexec/"
+        fi
+    done
+
+    if [ "$jail_mount_devfs" = "yes" ]; then
+        mkdir -p "$jroot/dev"
+        jargs="$jargs mount.devfs "
+    fi
+    if [ "$jail_ip_inherit" = "yes" ]; then
+
+        if check_kern_features inet; then
+            jargs="$jargs ip4=inherit "
+        fi
+        if check_kern_features inet6; then
+            jargs="$jargs ip6=inherit "
+        fi
+    fi
+
+    if [ "$jail_nullfs_mounts" ]; then
+        local _mnt_line
+        echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
+            local _src _dst _opts
+            _src=$(echo "$_mnt_line" | awk '{print $1}')
+            _dst=$(echo "$_mnt_line" | awk '{print $2}')
+            _opts=$(echo "$_mnt_line" | awk '{print $3}')
+            mkdir -p "$_dst"
+            mount_nullfs -o "$_opts" "$_src" "$_dst"
+        done
+    fi
+
+    if [ "$jail_prepare_inside_cmds" ]; then
+        /bin/sh -c "cd \"$jroot\" && $jail_prepare_inside_cmds"
+    fi
+
+    jail_prepared_args=$jargs
+}
+
+# destroy_jail jail_root
+# cleans up the jail, unmounts all filesystems and finally removes jail_root
+# intended to be run during both "stop" and "start" commands
+destroy_jail()
+{
+    local jroot
+    jroot="$1"
+
+    if [ "$jail_mount_devfs" ]; then
+        rmdir "$jroot/dev"
+    fi
+
+    if [ "$jail_nullfs_mounts" ]; then
+        local _mnt_line
+        echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
+            local _dst
+            _dst=$(echo "$_mnt_line" | awk '{print $2}')
+            umount "$_dst"
+            rmdir "$_dst"
+        done
+    fi
+
+    rm -rf "$jroot"
+}
--- a/ports-mgmt/rc-subr-jail/pkg-descr
+++ b/ports-mgmt/rc-subr-jail/pkg-descr
@ -0,0 +1,3 @@
+This port install a shell source intended to be included by rc scripts that
+want to run services inside a jail.
+