Last active
August 29, 2015 14:02
-
-
Save dreamcat4/a9314076cba936ccaeea to your computer and use it in GitHub Desktop.
qjail-3.3.patch: 9.2 + sysvipc + devfs_ruleset (For Finch)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -rupN qjail-3.3/usr/local/bin/qjail qjail-3.3-92-sysvipc-devfs_ruleset/usr/local/bin/qjail | |
--- qjail-3.3/usr/local/bin/qjail 2014-05-09 15:13:46.000000000 +0100 | |
+++ qjail-3.3-92-sysvipc-devfs_ruleset/usr/local/bin/qjail 2014-06-21 14:53:43.000000000 +0100 | |
@@ -59,7 +59,7 @@ syntax_archive="Syntax: qjail archive [- | |
syntax_delete="Syntax: qjail delete [-z zone] [-A] [jailname...]" | |
syntax_restore="Syntax: qjail restore [-z zone] [-s] [jailname...]" | |
syntax_config="Syntax: qjail config [-z zone] [-c newnic] [-f value]\n\ | |
- [-A -d -h -k -K -l -L -m -M -q -Q -r -R -v -V -x -X]\n\ | |
+ [-A -d -h -k -K -b -B -y -Y -l -L -m -M -q -Q -r -R -v -V -x -X]\n\ | |
[-n newname] [-p value] [-s value] [-w value]\n\ | |
[-4 newIPv4...] [-6 newIPv6...] jailname" | |
syntax_update="Syntax: qjail update [-z zone] [-b] [-p] [-l on|off]" | |
@@ -341,6 +341,8 @@ passed_deffile=$1 | |
echo "vnet=\"${vnet}\"" | |
echo "vinterface=\"${vnet_interface}\"" | |
echo "rsockets=\"${allow_raw_sockets}\"" | |
+ echo "devfs_ruleset=\"${devfs_ruleset}\"" | |
+ echo "sysvipc=\"${allow_sysvipc}\"" | |
echo "quotas=\"${allow_quotas}\"" | |
echo "nullfs=\"${allow_mount_nullfs}\"" | |
echo "zfs=\"${allow_mount_zfs}\"" | |
@@ -383,6 +385,7 @@ read-definition () { | |
unset nic_devicename fstab securelevel cpuset_id | |
unset exec_fib vnet vnet_interface allow_raw_sockets | |
unset allow_quotas allow_mount_nullfs allow_mount_zfs | |
+ unset allow_sysvipc devfs_ruleset | |
unset devicelink device device_md_number | |
unset deffile poststart_ssh | |
unset image imagetype | |
@@ -410,6 +413,8 @@ read-definition () { | |
eval vnet=\"\${vnet}\" | |
eval vnet_interface=\"\${vinterface}\" | |
eval allow_raw_sockets=\"\${rsockets}\" | |
+ eval devfs_ruleset=\"\${devfs_ruleset}\" | |
+ eval allow_sysvipc=\"\${sysvipc}\" | |
eval allow_quotas=\"\${quotas}\" | |
eval allow_mount_nullfs=\"\${nullfs}\" | |
eval allow_mount_zfs=\"\${zfs}\" | |
@@ -477,6 +482,12 @@ build_config_def () { | |
[ ${allow_raw_sockets} ] && \ | |
echo "allow.raw_sockets;" | |
+ [ ${devfs_ruleset} ] && \ | |
+ echo "devfs_ruleset = \"${devfs_ruleset}\";" | |
+ | |
+ [ ${allow_sysvipc} ] && \ | |
+ echo "allow.sysvipc;" | |
+ | |
[ ${allow_quotas} ] && \ | |
echo "allow.quotas;" | |
@@ -1801,7 +1812,7 @@ install () { | |
number=`echo "${release_number}" | awk '{print $1}'` | |
number=${number}`echo "${release_number}" | awk '{print $2}'` | |
- if [ ${number} -ge 100 ]; then | |
+ if [ ${number} -ge 92 ]; then | |
installarch=`uname -p` | |
installarch="${installarch}/${installarch}" | |
else | |
@@ -2848,7 +2859,7 @@ config () { | |
flag_count=0 | |
- shift; while getopts c:f:4:6:n:p:s:w:z:AdhkKlLmMrRqQvVxX arg; \ | |
+ shift; while getopts c:f:4:6:n:p:s:w:z:AdhkKb:ByYlLmMrRqQvVxX arg; \ | |
do case ${arg} in | |
c) new_nic=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
f) fib=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
@@ -2864,6 +2875,10 @@ config () { | |
h) create_ssh="YES"; flag_count=$(( $flag_count + 1 ));; | |
k) rawsockets="YES"; flag_count=$(( $flag_count + 1 ));; | |
K) rawsockets="NO"; flag_count=$(( $flag_count + 1 ));; | |
+ b) devfsruleset=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
+ B) devfsruleset="NO"; flag_count=$(( $flag_count + 1 ));; | |
+ y) sysv="YES"; flag_count=$(( $flag_count + 1 ));; | |
+ Y) sysv="NO"; flag_count=$(( $flag_count + 1 ));; | |
l) nullfs="YES"; flag_count=$(( $flag_count + 1 ));; | |
L) nullfs="NO"; flag_count=$(( $flag_count + 1 ));; | |
m) man_start="YES"; flag_count=$(( $flag_count + 1 ));; | |
@@ -3458,6 +3473,48 @@ config () { | |
post_msg "Successful disabled allow.raw_sockets for ${jailname}" | |
continue | |
fi | |
+ | |
+ if [ -n "${devfsruleset}" ]; then | |
+ if [ "${devfsruleset}" = "NO" ]; then | |
+ unset devfs_ruleset | |
+ write-definition "${deffile}" | |
+ post_msg "Successfully disabled devfs_ruleset for ${jailname}" | |
+ continue | |
+ else | |
+ # Check that the value is a positive integer | |
+ if [ "${devfsruleset}" -ge 0 2> /dev/null ]; then | |
+ if [ "${devfsruleset}" -gt 0 ]; then | |
+ if [ ! "$(devfs rule showsets | grep ${devfsruleset})" ]; then | |
+ post_msg "Error: devfs_rulset # ${devfsrulset} does not exist." | |
+ post_msg "It should first be defined in: /etc/defaults/devfs.rules or /etc/devfs.rules." | |
+ kill "Type 'man devfs.rules' for more information." | |
+ fi | |
+ fi | |
+ devfs_ruleset="${devfsruleset}" | |
+ write-definition "${deffile}" | |
+ post_msg "Successfully set devfs_ruleset for ${jailname}" | |
+ continue | |
+ else | |
+ post_msg "Error: devfs_rulset should be a positive number e.g. 10, 20" | |
+ post_msg "and defined in: /etc/defaults/devfs.rules or /etc/devfs.rules." | |
+ kill "Type 'man devfs.rules' for more information." | |
+ fi | |
+ fi | |
+ fi | |
+ | |
+ if [ "${sysv}" = "YES" ]; then | |
+ allow_sysvipc="allow.sysvipc" | |
+ write-definition "${deffile}" | |
+ post_msg "Successfully enabled allow.sysvipc for ${jailname}" | |
+ continue | |
+ fi | |
+ | |
+ if [ "${sysv}" = "NO" ]; then | |
+ unset allow_sysvipc | |
+ write-definition "${deffile}" | |
+ post_msg "Successfully disabled allow.sysvipc for ${jailname}" | |
+ continue | |
+ fi | |
if [ "${quota}" = "YES" ]; then | |
allow_quotas="allow.quotas" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment