Merge branch 'master' into debian
This commit is contained in:
commit
de5c7ab5ea
64
bkctld
64
bkctld
|
@ -41,21 +41,17 @@ check_jail() {
|
||||||
|
|
||||||
check_jail_on() {
|
check_jail_on() {
|
||||||
jail=$1
|
jail=$1
|
||||||
|
return=1
|
||||||
if [ -f ${JAILDIR}/${jail}/${SSHD_PID} ]; then
|
if [ -f ${JAILDIR}/${jail}/${SSHD_PID} ]; then
|
||||||
pid=$(cat ${JAILDIR}/${jail}/${SSHD_PID})
|
pid=$(cat ${JAILDIR}/${jail}/${SSHD_PID})
|
||||||
ps -p $pid > /dev/null
|
ps -p $pid > /dev/null && return=0
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
rm ${JAILDIR}/${jail}/${SSHD_PID}
|
|
||||||
umount --lazy --recursive ${JAILDIR}/${jail}/dev
|
|
||||||
umount --lazy ${JAILDIR}/${jail}/proc/
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
else
|
if [ "$return" -eq 1 ]; then
|
||||||
exit 1
|
rm -f ${JAILDIR}/${jail}/${SSHD_PID}
|
||||||
|
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy ${JAILDIR}/${jail}/proc/
|
||||||
|
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive ${JAILDIR}/${jail}/dev
|
||||||
fi
|
fi
|
||||||
echo $status
|
exit "$return"
|
||||||
}
|
}
|
||||||
|
|
||||||
## get functions : get info on jail
|
## get functions : get info on jail
|
||||||
|
@ -110,7 +106,7 @@ set_port() {
|
||||||
set_key() {
|
set_key() {
|
||||||
jail=$1
|
jail=$1
|
||||||
keyfile=$2
|
keyfile=$2
|
||||||
if [ -f $keyfile ]; then
|
if [ -e $keyfile ]; then
|
||||||
cat $keyfile > ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
|
cat $keyfile > ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
|
||||||
chmod 600 ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
|
chmod 600 ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
|
||||||
else
|
else
|
||||||
|
@ -161,13 +157,16 @@ mk_jail() {
|
||||||
passwd="${TPLDIR}/passwd"
|
passwd="${TPLDIR}/passwd"
|
||||||
shadow="${TPLDIR}/shadow"
|
shadow="${TPLDIR}/shadow"
|
||||||
group="${TPLDIR}/group"
|
group="${TPLDIR}/group"
|
||||||
|
sshrc="${TPLDIR}/sshrc"
|
||||||
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
||||||
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
||||||
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
||||||
|
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
echo "1 - Creating the chroot"
|
echo "1 - Creating the chroot"
|
||||||
cd "${JAILDIR}/${jail}"
|
cd "${JAILDIR}/${jail}"
|
||||||
|
rm -rf bin lib lib64 run usr var/run etc/ssh/*key
|
||||||
mkdir -p dev proc
|
mkdir -p dev proc
|
||||||
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
||||||
mkdir -p etc/ssh var/log run/sshd
|
mkdir -p etc/ssh var/log run/sshd
|
||||||
|
@ -175,7 +174,7 @@ mk_jail() {
|
||||||
ln -s usr/bin bin
|
ln -s usr/bin bin
|
||||||
ln -s usr/lib lib
|
ln -s usr/lib lib
|
||||||
ln -s usr/lib64 lib64
|
ln -s usr/lib64 lib64
|
||||||
ln -s run var/run
|
ln -st var ../run
|
||||||
touch var/log/lastlog var/log/wtmp run/utmp
|
touch var/log/lastlog var/log/wtmp run/utmp
|
||||||
|
|
||||||
echo "2 - Copying essential files"
|
echo "2 - Copying essential files"
|
||||||
|
@ -185,12 +184,13 @@ mk_jail() {
|
||||||
cp "$passwd" etc
|
cp "$passwd" etc
|
||||||
cp "$shadow" etc
|
cp "$shadow" etc
|
||||||
cp "$group" etc
|
cp "$group" etc
|
||||||
|
cp "$sshrc" etc/ssh
|
||||||
|
|
||||||
echo "3 - Copying binaries"
|
echo "3 - Copying binaries"
|
||||||
cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
|
cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
|
||||||
cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
|
cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
|
||||||
|
|
||||||
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
||||||
cp -f $dbin ${JAILDIR}/${jail}/$dbin;
|
cp -f $dbin ${JAILDIR}/${jail}/$dbin;
|
||||||
for lib in $(ldd $dbin | grep -Eo "/.*so.[0-9\.]+"); do
|
for lib in $(ldd $dbin | grep -Eo "/.*so.[0-9\.]+"); do
|
||||||
cp -p $lib ${JAILDIR}/${jail}/$lib
|
cp -p $lib ${JAILDIR}/${jail}/$lib
|
||||||
|
@ -293,25 +293,25 @@ sub_start() {
|
||||||
|
|
||||||
echo "Start jail $jail"
|
echo "Start jail $jail"
|
||||||
cd "${JAILDIR}/${jail}"
|
cd "${JAILDIR}/${jail}"
|
||||||
mount -t proc "proc-${jail}" proc
|
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
|
||||||
mount -nt tmpfs "dev-${jail}" dev
|
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
|
||||||
mknod -m 622 dev/console c 5 1
|
[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
|
||||||
mknod -m 666 dev/null c 1 3
|
[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
|
||||||
mknod -m 666 dev/zero c 1 5
|
[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
|
||||||
mknod -m 666 dev/ptmx c 5 2
|
[ -e "dev/ptmx" ] || mknod -m 666 dev/ptmx c 5 2
|
||||||
mknod -m 666 dev/tty c 5 0
|
[ -e "dev/tty" ] || mknod -m 666 dev/tty c 5 0
|
||||||
mknod -m 444 dev/random c 1 8
|
[ -e "dev/random" ] || mknod -m 444 dev/random c 1 8
|
||||||
mknod -m 444 dev/urandom c 1 9
|
[ -e "dev/urandom" ] || mknod -m 444 dev/urandom c 1 9
|
||||||
chown root:tty dev/console dev/ptmx dev/tty
|
chown root:tty dev/console dev/ptmx dev/tty
|
||||||
ln -s proc/self/fd dev/fd
|
ln -fs proc/self/fd dev/fd
|
||||||
ln -s proc/self/fd/0 dev/stdin
|
ln -fs proc/self/fd/0 dev/stdin
|
||||||
ln -s proc/self/fd/1 dev/stdout
|
ln -fs proc/self/fd/1 dev/stdout
|
||||||
ln -s proc/self/fd/2 dev/stderr
|
ln -fs proc/self/fd/2 dev/stderr
|
||||||
ln -s proc/kcore dev/core
|
ln -fs proc/kcore dev/core
|
||||||
mkdir dev/pts
|
mkdir -p dev/pts
|
||||||
mkdir dev/shm
|
mkdir -p dev/shm
|
||||||
mount -t devpts -o gid=4,mode=620 none dev/pts
|
grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
||||||
mount -t tmpfs none dev/shm
|
grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
||||||
chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog
|
chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue