forked from evolix/evobackup
bkctld-start: extract "mount_jail_fs" function
This commit is contained in:
parent
f8ef5b22cd
commit
3f3ffbfffd
|
@ -18,27 +18,7 @@ test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
||||||
|
|
||||||
# Prepare the chroot
|
# Prepare the chroot
|
||||||
cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
|
mount_jail_fs "${jail_name}"
|
||||||
|
|
||||||
grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc
|
|
||||||
grep -q "${jail_path}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail_name}" dev
|
|
||||||
[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
|
|
||||||
[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
|
|
||||||
[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
|
|
||||||
[ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
|
|
||||||
[ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
|
|
||||||
[ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
|
|
||||||
[ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
|
|
||||||
chown root:tty dev/console dev/ptmx dev/tty
|
|
||||||
ln -fs proc/self/fd dev/fd
|
|
||||||
ln -fs proc/self/fd/0 dev/stdin
|
|
||||||
ln -fs proc/self/fd/1 dev/stdout
|
|
||||||
ln -fs proc/self/fd/2 dev/stderr
|
|
||||||
ln -fs proc/kcore dev/core
|
|
||||||
mkdir -p dev/pts
|
|
||||||
mkdir -p dev/shm
|
|
||||||
grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
|
||||||
grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
|
||||||
|
|
||||||
# Start SSH in the chroot
|
# Start SSH in the chroot
|
||||||
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start SSH."
|
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start SSH."
|
||||||
|
|
41
lib/includes
41
lib/includes
|
@ -239,3 +239,44 @@ setup_jail_config() {
|
||||||
install -m 0640 "${inctpl}" "${jail_incs_policy_file}"
|
install -m 0640 "${inctpl}" "${jail_incs_policy_file}"
|
||||||
"${LIBDIR}/bkctld-port" "${jail_name}" auto
|
"${LIBDIR}/bkctld-port" "${jail_name}" auto
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_mounted_inside_jail() {
|
||||||
|
target=${1:?}
|
||||||
|
|
||||||
|
# TODO: try to find why it doesn't work with this findmnt(8) command
|
||||||
|
# findmnt --target "${target}" --tab-file /proc/mounts
|
||||||
|
grep -q "${target}" /proc/mounts
|
||||||
|
}
|
||||||
|
|
||||||
|
mount_jail_fs() {
|
||||||
|
jail_name=${1:?}
|
||||||
|
|
||||||
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
is_mounted_inside_jail "${jail_path}/dev" || mount -nt tmpfs "dev-${jail_name}" "${jail_path}/dev"
|
||||||
|
|
||||||
|
[ -e "dev/console" ] || mknod -m 622 "${jail_path}/dev/console" c 5 1
|
||||||
|
chown root:tty "${jail_path}/dev/console"
|
||||||
|
[ -e "dev/null" ] || mknod -m 666 "${jail_path}/dev/null" c 1 3
|
||||||
|
[ -e "dev/zero" ] || mknod -m 666 "${jail_path}/dev/zero" c 1 5
|
||||||
|
[ -e "dev/ptmx" ] || mknod -m 666 "${jail_path}/dev/ptmx" c 5 2
|
||||||
|
chown root:tty "${jail_path}/dev/ptmx"
|
||||||
|
[ -e "dev/tty" ] || mknod -m 666 "${jail_path}/dev/tty" c 5 0
|
||||||
|
chown root:tty "${jail_path}/dev/tty"
|
||||||
|
[ -e "dev/random" ] || mknod -m 444 "${jail_path}/dev/random" c 1 8
|
||||||
|
[ -e "dev/urandom" ] || mknod -m 444 "${jail_path}/dev/urandom" c 1 9
|
||||||
|
|
||||||
|
mkdir -p "${jail_path}/dev/pts"
|
||||||
|
is_mounted_inside_jail "${jail_path}/dev/pts" || mount -t devpts -o gid=4,mode=620 none "${jail_path}/dev/pts"
|
||||||
|
|
||||||
|
mkdir -p "${jail_path}/dev/shm"
|
||||||
|
is_mounted_inside_jail "${jail_path}/dev/shm" || mount -t tmpfs none "${jail_path}/dev/shm"
|
||||||
|
|
||||||
|
is_mounted_inside_jail "${jail_path}/proc" || mount -t proc "proc-${jail_name}" "${jail_path}/proc"
|
||||||
|
|
||||||
|
ln -fs "${jail_path}/proc/self/fd" "${jail_path}/dev/fd"
|
||||||
|
ln -fs "${jail_path}/proc/self/fd/0" "${jail_path}/dev/stdin"
|
||||||
|
ln -fs "${jail_path}/proc/self/fd/1" "${jail_path}/dev/stdout"
|
||||||
|
ln -fs "${jail_path}/proc/self/fd/2" "${jail_path}/dev/stderr"
|
||||||
|
ln -fs "${jail_path}/proc/kcore" "${jail_path}/dev/core"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue