mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
ports-mgmt/rc-subr-jail: + Shell library to help writing jailed rc services.
This library follows the declarative style of Ports Makefiles - as much as possible functionality is implemented as knobs. Differential Revision: https://reviews.freebsd.org/D38394
This commit is contained in:
parent
0966f577e7
commit
44b00ffe5f
@ -72,6 +72,7 @@
|
||||
SUBDIR += py-FreeBSD-ports
|
||||
SUBDIR += py-pytoport
|
||||
SUBDIR += py-skog
|
||||
SUBDIR += rc-subr-jail
|
||||
SUBDIR += reprise
|
||||
SUBDIR += sccache-overlay
|
||||
SUBDIR += synth
|
||||
|
24
ports-mgmt/rc-subr-jail/Makefile
Normal file
24
ports-mgmt/rc-subr-jail/Makefile
Normal file
@ -0,0 +1,24 @@
|
||||
PORTNAME= rc-subr-jail
|
||||
PORTVERSION= 1
|
||||
CATEGORIES= ports-mgmt
|
||||
MASTER_SITES= #
|
||||
DISTFILES= #
|
||||
EXTRACT_ONLY= #
|
||||
|
||||
MAINTAINER= arrowd@FreeBSD.org
|
||||
COMMENT= Shell library to help writing RC scripts with jail support
|
||||
WWW= https://cgit.freebsd.org/ports/tree/ports-mgmt/rc-subr-jail
|
||||
|
||||
LICENSE= BSD3CLAUSE
|
||||
|
||||
NO_ARCH= yes
|
||||
NO_BUILD= yes
|
||||
NO_MTREE= yes
|
||||
|
||||
PLIST_FILES= share/rc-subr-jail/rc.subr.jail
|
||||
|
||||
do-install:
|
||||
@${MKDIR} ${STAGEDIR}${DATADIR}
|
||||
${INSTALL_DATA} ${PATCHDIR}/rc.subr.jail ${STAGEDIR}${DATADIR}/rc.subr.jail
|
||||
|
||||
.include <bsd.port.mk>
|
1
ports-mgmt/rc-subr-jail/distinfo
Normal file
1
ports-mgmt/rc-subr-jail/distinfo
Normal file
@ -0,0 +1 @@
|
||||
TIMESTAMP = 1675627821
|
129
ports-mgmt/rc-subr-jail/files/rc.subr.jail
Normal file
129
ports-mgmt/rc-subr-jail/files/rc.subr.jail
Normal file
@ -0,0 +1,129 @@
|
||||
# This file can be included in the RC script by adding following line:
|
||||
# . %%LOCALBASE%%/share/rc-subr-jail/rc.subr.jail
|
||||
|
||||
# The behavior of routines defined in this file are affected by the following
|
||||
# global variables, which can be used in the same manner as Makefile knobs:
|
||||
|
||||
# jail_copy_resolv_conf
|
||||
# set this to "yes" to copy /etc/resolv.conf file into the jail being created
|
||||
|
||||
# jail_copy_services
|
||||
# set this to "yes" to copy /etc/services file into the jail being created
|
||||
|
||||
# jail_copy_programs
|
||||
# set this to a list of binaries, which should be copied into /bin directory
|
||||
# of the jail. Dynamic libraries required by each program will be placed into
|
||||
# the /lib directory of the jail
|
||||
|
||||
# jail_mount_devfs
|
||||
# set this to "yes" to mount a devfs filesystem under the /dev directory of the
|
||||
# jail
|
||||
|
||||
# jail_ip_inherit
|
||||
# set this to "yes" to make "ip4=inherit" and "ip6=inherit" arguments to be
|
||||
# passed to the jail
|
||||
|
||||
# jail_prepare_inside_cmds
|
||||
# set this to the shell command that will be run before starting the jail
|
||||
# commands are run after changing directory into the jail's root
|
||||
|
||||
# jail_nullfs_mounts
|
||||
# set this to a list of triplets of "src_dir dst_dir opts" that will be passed
|
||||
# to mount_nullfs
|
||||
# make sure to pass either "ro" or "rw" as "opts" value
|
||||
|
||||
|
||||
# prepare_jail jroot
|
||||
# sets $jail_prepared_args that can be used in jail(4) invocation
|
||||
# intended to be run during "start" command
|
||||
prepare_jail()
|
||||
{
|
||||
local jroot jargs
|
||||
jroot="$1"
|
||||
jargs="-c path=${jroot} "
|
||||
|
||||
destroy_jail "$jroot" 2> /dev/null
|
||||
|
||||
mkdir -p "$jroot"
|
||||
|
||||
if [ "$jail_copy_resolv_conf" = "yes" ]; then
|
||||
mkdir -p "$jroot/etc"
|
||||
cp /etc/resolv.conf "$jroot/etc"
|
||||
fi
|
||||
if [ "$jail_copy_services" = "yes" ]; then
|
||||
mkdir -p "$jroot/etc"
|
||||
cp /etc/services "$jroot/etc"
|
||||
fi
|
||||
|
||||
local _prog _interp
|
||||
for _prog in $jail_copy_programs; do
|
||||
mkdir -p "$jroot/bin"
|
||||
mkdir -p "$jroot/lib"
|
||||
|
||||
cp "$_prog" "$jroot/bin"
|
||||
ldd "$_prog" 2> /dev/null | cut -s -d " " -f 3 | grep -E '^(/lib|/usr)' | sort -u | xargs -I % cp % "${jroot}/lib/"
|
||||
|
||||
_interp=$(file "$_prog" | grep -o '/libexec/ld-elf.so[0-9\.]*')
|
||||
if [ "$_interp" ]; then
|
||||
mkdir "$jroot/libexec"
|
||||
cp "$_interp" "$jroot/libexec/"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ "$jail_mount_devfs" = "yes" ]; then
|
||||
mkdir -p "$jroot/dev"
|
||||
jargs="$jargs mount.devfs "
|
||||
fi
|
||||
if [ "$jail_ip_inherit" = "yes" ]; then
|
||||
|
||||
if check_kern_features inet; then
|
||||
jargs="$jargs ip4=inherit "
|
||||
fi
|
||||
if check_kern_features inet6; then
|
||||
jargs="$jargs ip6=inherit "
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$jail_nullfs_mounts" ]; then
|
||||
local _mnt_line
|
||||
echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
|
||||
local _src _dst _opts
|
||||
_src=$(echo "$_mnt_line" | awk '{print $1}')
|
||||
_dst=$(echo "$_mnt_line" | awk '{print $2}')
|
||||
_opts=$(echo "$_mnt_line" | awk '{print $3}')
|
||||
mkdir -p "$_dst"
|
||||
mount_nullfs -o "$_opts" "$_src" "$_dst"
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$jail_prepare_inside_cmds" ]; then
|
||||
/bin/sh -c "cd \"$jroot\" && $jail_prepare_inside_cmds"
|
||||
fi
|
||||
|
||||
jail_prepared_args=$jargs
|
||||
}
|
||||
|
||||
# destroy_jail jail_root
|
||||
# cleans up the jail, unmounts all filesystems and finally removes jail_root
|
||||
# intended to be run during both "stop" and "start" commands
|
||||
destroy_jail()
|
||||
{
|
||||
local jroot
|
||||
jroot="$1"
|
||||
|
||||
if [ "$jail_mount_devfs" ]; then
|
||||
rmdir "$jroot/dev"
|
||||
fi
|
||||
|
||||
if [ "$jail_nullfs_mounts" ]; then
|
||||
local _mnt_line
|
||||
echo "$jail_nullfs_mounts" | xargs -n 3 | while read -r _mnt_line; do
|
||||
local _dst
|
||||
_dst=$(echo "$_mnt_line" | awk '{print $2}')
|
||||
umount "$_dst"
|
||||
rmdir "$_dst"
|
||||
done
|
||||
fi
|
||||
|
||||
rm -rf "$jroot"
|
||||
}
|
3
ports-mgmt/rc-subr-jail/pkg-descr
Normal file
3
ports-mgmt/rc-subr-jail/pkg-descr
Normal file
@ -0,0 +1,3 @@
|
||||
This port install a shell source intended to be included by rc scripts that
|
||||
want to run services inside a jail.
|
||||
|
Loading…
Reference in New Issue
Block a user