Commit 7578ec0b authored by Heinz N. Gies's avatar Heinz N. Gies

Add some first lx brand stuff:

parent ed1e80fd
Pipeline #12342120 failed with stage
in 2 minutes and 32 seconds
......@@ -21,4 +21,4 @@ jail -c persist \
sysvsem=new \
sysvshm=new \
allow.raw_sockets \
exec.start='/bin/sh /etc/rc'
exec.start='/etc/init.d/rc 3'
......@@ -15,6 +15,6 @@ then
fi
# outer jail
mount -t devfs devfs ${jail_root}/root/dev
umount ${jail_root}/root/dev
# inner jail
mount -t devfs devfs ${jail_root}/root/jail/dev
umount ${jail_root}/root/jail/dev
#!/bin/sh
# Note this gets executed INSIDE the outer jail not on the host!
# include shared utility functions
. ../shared/utils.sh
uuid="$1"
hostname="$2"
# create
jail -c persist \
"name=${uuid}" \
"host.hostname=${hostname}" \
path=/jail \
ip4=inherit \
devfs_ruleset=4 \
securelevel=2 \
sysvmsg=new \
sysvsem=new \
sysvshm=new \
allow.raw_sockets \
exec.start='/bin/sh /etc/rc'
# Jail brand configuration
# All strings act as templates, possbile parameters
# are:
#
# {inner_id} - the jid of the inner jail (only halt, login)
# {ounter_id} - the jid of the outer jail (only halt, login)
# {jail_uuid} - uuid if the jail
# {jail_root} - root of the jail
# {brand_root} - root of this brand
# {hostname} - hostname of the jail
modname="jail"
# install is executed after cloning
[install]
cmd="{brand_root}/install"
args=["{jail_root}", "{brand_root}"]
# installed before booting (on the host)
[init]
cmd="{brand_root}/init"
args=["{jail_root}", "{brand_root}"]
# executed after booting the outer zone to
# boot the inner zone
[boot]
cmd="{brand_root}/boot"
args=["{jail_uuid}", "{hostname}"]
# Halt the jail executed on the host before
# rctl and interfaces are torn down, the outer
# jail is then shut down
[halt]
cmd="{brand_root}/halt"
args=["{jail_root}", "{inner_id}"]
[login]
cmd="/usr/sbin/jexec"
args=["{jail_id}", "/bin/sh"]
\ No newline at end of file
#!/bin/sh
# include shared utility functions
. ../shared/utils.sh
jail_root="$1"
inner_id="$2"
validate_root "${jail_root}"
# cleanly shut down the inner jail (should this be run inside the outer jail?)
if [ ! -z "${inner_id}" ]
then
jexec ${inner_id} /bin/sh /etc/rc.shutdown
fi
# outer jail
umount ${jail_root}/root/dev
# inner jail
umount ${jail_root}/root/jail/dev
umount ${jail_root}/root/jail/proc
umount ${jail_root}/root/jail/sys
#!/bin/sh
# include shared utility functions
. ../shared/utils.sh
jail_root="$1"
brand_root="$2"
validate_root "${jail_root}"
# delete the old brand
echo rm -r ${jail_root}/root$(dirname ${brand_root})
# create a new folder for the brand
echo mkdir -p ${jail_root}/root$(dirname ${brand_root})
# copy over our brand
echo cp -r ${brand_root} ${jail_root}/root$(dirname ${brand_root})
# mount devfs (not sure about this)
# outer jail
mount -t devfs devfs ${jail_root}/root/dev
# inner jail
mount -t devfs devfs ${jail_root}/root/jail/dev
# mount linux specific fs's
mount -t linprocfs linprocfs ${jail_root}/root/jail/proc
mount -t linsysfs linsysfs ${jail_root}/root/jail/sys
#!/bin/sh
# include shared utility functions
. ../shared/utils.sh
jail_root="$1"
brand_root="$2"
validate_root "${jail_root}"
## Find files that do not beling in the jail root, which is everything but
## jail, the rest will be populated by us
find x/${jail_root}/root \
-not -path "${jail_root}/root/jail" \
-not -path "${jail_root}/root/jail/*" \
-not -path "${jail_root}/root"
# -delete
# create bas
dirs="bin dev mnt proc tmp etc/defaults"
for dir in ${dirs}
do
echo mkdir -p ${jail_root}/root/${dir}
echo chown root:wheel ${jail_root}/root/${dir}
echo chmod 775 ${jail_root}/root/${dir}
done
## required files:
execs='/libexec/ld-elf.so.1 /bin/sh /sbin/ifconfig /sbin/route /usr/sbin/jail'
files=""
## inlcude libraries that are needed
for e in ${execs}
do
files="${files} $(ldd -a $e 2> /dev/null | awk '/=>/{print $(NF-1)}')"
files="${files} ${e}"
done
## copy the files in the zone root
for file in ${files}
do
echo mkdir -p ${jail_root}/root$(dirname ${file})
echo cp ${file} ${jail_root}/root${file}
done
# install the branch information
echo mkdir -p ${jail_root}/root$(dirname ${brand_root})
echo cp -r ${brand_root} ${jail_root}/root$(dirname ${brand_root})
#TODO: network config:
# * get resolvers and set them resolvers
# * routs? (do we need to set them?)
#TODO: get rood autorized keys set set them
......@@ -124,7 +124,7 @@ impl<'a> Jail<'a> {
crit!("failed to mount devfs in inner jail"; "vm" => self.idx.uuid.hyphenated().to_string());
}
}
fn umount_lxfs(&self) {
let mut linprocfs = String::from("/");
linprocfs.push_str(self.idx.root.as_str());
......@@ -170,11 +170,11 @@ impl<'a> Jail<'a> {
}
let _ = self.umount_devfs();
if self.config.brand == "lx-jail" {
let _ = self.umount_lxfs();
}
let _ = self.remove_rctl();
match self.outer {
Some(outer) => {
......@@ -249,7 +249,7 @@ impl<'a> Jail<'a> {
Ok(0)
}
fn mount_lxfs(&self) -> Result<i32, Box<Error>> {
let mut linprocfs = String::from("/");
linprocfs.push_str(self.idx.root.as_str());
linprocfs.push_str("/root/jail/proc");
......@@ -263,7 +263,7 @@ impl<'a> Jail<'a> {
crit!("failed to mount inner linprocfs"; "vm" => self.idx.uuid.hyphenated().to_string());
return Err(GenericError::bx("Could not remove resource limits"));
}
let mut linsysfs = String::from("/");
linsysfs.push_str(self.idx.root.as_str());
linsysfs.push_str("/root/jail/sys");
......@@ -277,7 +277,7 @@ impl<'a> Jail<'a> {
crit!("failed to mount inner linsysfs"; "vm" => self.idx.uuid.hyphenated().to_string());
return Err(GenericError::bx("Could not remove resource limits"));
}
Ok(0)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment