diff options
| -rwxr-xr-x | ezjail-admin | 37 | ||||
| -rwxr-xr-x | ezjail.sh | 19 |
2 files changed, 30 insertions, 26 deletions
diff --git a/ezjail-admin b/ezjail-admin index 1846138..49ddee3 100755 --- a/ezjail-admin +++ b/ezjail-admin | |||
| @@ -148,8 +148,7 @@ case "$1" in | |||
| 148 | ######################## ezjail-admin CREATE ######################## | 148 | ######################## ezjail-admin CREATE ######################## |
| 149 | create) | 149 | create) |
| 150 | # Clean variables, prevent polution | 150 | # Clean variables, prevent polution |
| 151 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists | 151 | unset ezjail_rootdir ezjail_flavour ezjail_softlink ezjail_image ezjail_imagetype ezjail_imageparams ezjail_imagesize ezjail_device ezjail_config ezjail_attachparams ezjail_passphraseurl ezjail_exists ezjail_attachblocking |
| 152 | |||
| 153 | shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in | 152 | shift; while getopts :f:r:s:xic:u:C: arg; do case ${arg} in |
| 154 | x) ezjail_exists="YES";; | 153 | x) ezjail_exists="YES";; |
| 155 | r) ezjail_rootdir="${OPTARG}";; | 154 | r) ezjail_rootdir="${OPTARG}";; |
| @@ -253,13 +252,14 @@ create) | |||
| 253 | # And attach device | 252 | # And attach device |
| 254 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` | 253 | ezjail_imagedevice=`mdconfig -a -t vnode -f ${ezjail_image}` |
| 255 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" | 254 | [ $? = 0 ] || detach_images || exerr "Error: Could not attach image device. (Command failed was 'mdconfig -a -t vnode -f ${ezjail_image}')" |
| 256 | |||
| 257 | case "${ezjail_imagetype}" in | 255 | case "${ezjail_imagetype}" in |
| 258 | bde|eli) | 256 | bde|eli) |
| 259 | # parse imageparams, generate attachparams | 257 | # parse imageparams, generate attachparams |
| 258 | ezjail_attachblocking="YES" | ||
| 260 | if [ -n "${ezjail_imageparams}" ]; then | 259 | if [ -n "${ezjail_imageparams}" ]; then |
| 261 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` | 260 | ezjail_attachparams=`echo $0 _parse_g${ezjail_imagetype}_attach_args_ ${ezjail_imageparams} | /bin/sh ` |
| 262 | [ 0 -eq $? ] || exerr "processing of ezjail_imageparams failed" | 261 | [ 5 -eq $? ] && exerr "processing of ezjail_imageparams failed" |
| 262 | [ 3 -eq $? ] && unset ezjail_attachblocking | ||
| 263 | fi | 263 | fi |
| 264 | case "${ezjail_imagetype}" in | 264 | case "${ezjail_imagetype}" in |
| 265 | bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}" | 265 | bde) init_cmd="gbde init /dev/${ezjail_imagedevice} ${ezjail_imageparams}" |
| @@ -267,13 +267,14 @@ create) | |||
| 267 | eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}" | 267 | eli) init_cmd="geli init ${ezjail_imageparams} /dev/${ezjail_imagedevice}" |
| 268 | attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";; | 268 | attach_cmd="geli attach ${ezjail_attachparams} /dev/${ezjail_imagedevice}";; |
| 269 | esac | 269 | esac |
| 270 | echo "Initialising crypto device. Enter a new passphrase twice... (if necessary)" | 270 | [ -n "${ezjail_attachblocking}" ] && echo "Initialising crypto device. Enter a new passphrase twice... " |
| 271 | |||
| 271 | ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image." | 272 | ( echo ${init_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not initialise crypto image." |
| 272 | 273 | ||
| 273 | echo "Attaching crypto device. Enter the passphrase... (if necessary)" | 274 | [ -n "${ezjail_attachblocking}" ] && echo "Attaching crypto device. Enter the passphrase... " |
| 274 | ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." | 275 | ( echo ${attach_cmd} | /bin/sh ) || detach_images || exerr "Error: Could not attach crypto image." |
| 275 | ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} | 276 | ezjail_device=${ezjail_imagedevice}.${ezjail_imagetype} |
| 276 | ;; | 277 | ;; |
| 277 | simple) | 278 | simple) |
| 278 | ezjail_device=${ezjail_imagedevice} | 279 | ezjail_device=${ezjail_imagedevice} |
| 279 | ;; | 280 | ;; |
| @@ -324,6 +325,7 @@ create) | |||
| 324 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} | 325 | echo export jail_${ezjail_safename}_image=\"${ezjail_image}\" >> ${ezjail_config} |
| 325 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} | 326 | echo export jail_${ezjail_safename}_imagetype=\"${ezjail_imagetype}\" >> ${ezjail_config} |
| 326 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} | 327 | echo export jail_${ezjail_safename}_attachparams=\"${ezjail_attachparams}\" >> ${ezjail_config} |
| 328 | echo export jail_${ezjail_safename}_attachblocking=\"${ezjail_attachblocking}\" >> ${ezjail_config} | ||
| 327 | echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config} | 329 | echo export jail_${ezjail_safename}_passphraseurl=\"${ezjail_passphraseurl}\" >> ${ezjail_config} |
| 328 | 330 | ||
| 329 | # Final steps for flavour installation | 331 | # Final steps for flavour installation |
| @@ -570,18 +572,20 @@ config) | |||
| 570 | ############################################################################## | 572 | ############################################################################## |
| 571 | # ezjail_imageparams HACK starts here | 573 | # ezjail_imageparams HACK starts here |
| 572 | # | 574 | # |
| 573 | # | 575 | # |
| 574 | _parse_geli_attach_args_) | 576 | _parse_geli_attach_args_) |
| 575 | # create geli(8) attach arguments from geli(8) init arguments: | 577 | # create geli(8) attach arguments from geli(8) init arguments: |
| 576 | # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, | 578 | # -P becomes -p if present, -K newkeyfile becomes -k newkeyfile if present, |
| 577 | # everything else is dicarded | 579 | # everything else is dicarded |
| 580 | # exit values: 2->NO_ERROR, 3->NO_ERROR,PASSWORD_SET, 5->PARSER_ERROR | ||
| 581 | _exit=2 | ||
| 578 | shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in | 582 | shift; while getopts :bPva:i:K:l:s: arg; do case ${arg} in |
| 579 | b|v|a|i|l|s);; # ignore these | 583 | b|v|a|i|l|s);; # ignore these |
| 580 | P) echo -n "-p ";; | 584 | P) echo -n "-p "; _exit=3 ;; |
| 581 | K) echo -n "-k '$OPTARG' ";; | 585 | K) echo -n "-k '$OPTARG' ";; |
| 582 | ?) exit 11;; | 586 | ?) exit 5;; |
| 583 | esac; done | 587 | esac; done |
| 584 | exit 0 | 588 | exit ${_exit} |
| 585 | ;; | 589 | ;; |
| 586 | _parse_gbde_attach_args_) | 590 | _parse_gbde_attach_args_) |
| 587 | # create gbde(8) attach arguments from gbde(8) init arguments: | 591 | # create gbde(8) attach arguments from gbde(8) init arguments: |
| @@ -589,18 +593,21 @@ _parse_gbde_attach_args_) | |||
| 589 | # -K keyfile becomes -k keyfile if present | 593 | # -K keyfile becomes -k keyfile if present |
| 590 | # -P passphrase becomes -p passphrase if present | 594 | # -P passphrase becomes -p passphrase if present |
| 591 | # everything else is discarded | 595 | # everything else is discarded |
| 596 | # exit values: 2->NO_ERROR, 3->NO_ERROR+PASSWORD_SET, 5->PARSER_ERROR | ||
| 597 | _exit=2 | ||
| 592 | shift; while getopts :iK:f:L:P: arg; do case ${arg} in | 598 | shift; while getopts :iK:f:L:P: arg; do case ${arg} in |
| 593 | i|f);; # ignore these | 599 | i|f);; # ignore these |
| 594 | P) echo -n "-p '$OPTARG' ";; | 600 | P) echo -n "-p '$OPTARG' "; _exit=3;; |
| 595 | K) echo -n "-k '$OPTARG' ";; | 601 | K) echo -n "-k '$OPTARG' ";; |
| 596 | L) echo -n "-l '$OPTARG' ";; | 602 | L) echo -n "-l '$OPTARG' ";; |
| 597 | ?) exit 11;; | 603 | ?) exit 5;; |
| 598 | esac; done | 604 | esac; done |
| 599 | exit 0 | 605 | exit ${_exit} |
| 600 | ;; | 606 | ;; |
| 601 | # | 607 | # |
| 602 | # ezjail_imageparams HACK ends here (thank god) | 608 | # ezjail_imageparams HACK ends here (thank god) |
| 603 | ############################################################################## | 609 | ############################################################################## |
| 610 | |||
| 604 | *) | 611 | *) |
| 605 | exerr ${ezjail_usage_ezjail} | 612 | exerr ${ezjail_usage_ezjail} |
| 606 | ;; | 613 | ;; |
| @@ -62,19 +62,16 @@ do_cmd() | |||
| 62 | eval ezjail_image=\"\$jail_${ezjail}_image\" | 62 | eval ezjail_image=\"\$jail_${ezjail}_image\" |
| 63 | eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" | 63 | eval ezjail_imagetype=\"\$jail_${ezjail}_imagetype\" |
| 64 | eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" | 64 | eval ezjail_attachparams=\"\$jail_${ezjail}_attachparams\" |
| 65 | eval ezjail_attachblocking=\"\$jail_${ezjail}_attachblocking\" | ||
| 65 | 66 | ||
| 66 | # Cannot auto mount crypto jails without interrupting boot process | 67 | # Cannot auto mount blocking crypto jails without interrupting boot process |
| 67 | if [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" ]; then | 68 | [ "${ezjail_fromrc}" = "YES" -a "${action}" = "start" && "${ezjail_attachblocking}" = "YES" ] && continue |
| 68 | case "${ezjail_imagetype}" in crypto|eli|bde) continue;; esac | ||
| 69 | fi | ||
| 70 | 69 | ||
| 71 | # Explicitely do only run crypto jails when *crypto is requested | 70 | # Explicitely do only run blocking crypto jails when *crypto is requested |
| 72 | if [ "${action%crypto}" != "${action}" ]; then | 71 | [ "${action%crypto}" != "${action}" -a -z "${ezjail_attachblocking}" ] && continue |
| 73 | case "${ezjail_imagetype}" in crypto|eli|bde) ;; *) continue;; esac | ||
| 74 | fi | ||
| 75 | 72 | ||
| 76 | # Try to attach (crypto) devices | 73 | # Try to attach (crypto) devices |
| 77 | [ "${ezjail_image}" ] && attach_detach_pre | 74 | [ -n "${ezjail_image}" ] && attach_detach_pre |
| 78 | 75 | ||
| 79 | ezjail_pass="${ezjail_pass} ${ezjail}" | 76 | ezjail_pass="${ezjail_pass} ${ezjail}" |
| 80 | done | 77 | done |
| @@ -100,13 +97,13 @@ attach_detach_pre () | |||
| 100 | # this is. In this case, the device to mount is | 97 | # this is. In this case, the device to mount is |
| 101 | case ${ezjail_imagetype} in | 98 | case ${ezjail_imagetype} in |
| 102 | crypto|bde) | 99 | crypto|bde) |
| 103 | echo "Attaching gbde device for image jail ${ezjail}..." | 100 | echo "Attaching bde device for image jail ${ezjail}..." |
| 104 | echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh | 101 | echo gbde attach /dev/${ezjail_device} ${ezjail_attachparams} | /bin/sh |
| 105 | # Device to mount is not md anymore | 102 | # Device to mount is not md anymore |
| 106 | ezjail_device=${ezjail_device}.bde | 103 | ezjail_device=${ezjail_device}.bde |
| 107 | ;; | 104 | ;; |
| 108 | eli) | 105 | eli) |
| 109 | echo "Attaching gbde device for image jail ${ezjail}..." | 106 | echo "Attaching eli device for image jail ${ezjail}..." |
| 110 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh | 107 | echo geli attach ${ezjail_attachparams} /dev/${ezjail_device} | /bin/sh |
| 111 | # Device to mount is not md anymore | 108 | # Device to mount is not md anymore |
| 112 | ezjail_device=${ezjail_device}.eli | 109 | ezjail_device=${ezjail_device}.eli |