Created
June 15, 2014 11:54
-
-
Save dreamcat4/ff3309a3e7f130f6ee15 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -cr qjail-3.3/usr/local/bin/qjail qjail-3.3-freebsd-9.2+sysvipc+devfs_ruleset-patch/usr/local/bin/qjail | |
| *** qjail-3.3/usr/local/bin/qjail 2014-04-29 21:53:14.000000000 +0100 | |
| --- qjail-3.3-freebsd-9.2+sysvipc+devfs_ruleset-patch/usr/local/bin/qjail 2014-06-15 12:48:07.000000000 +0100 | |
| *************** | |
| *** 338,346 **** | |
| --- 338,348 ---- | |
| echo "securelevel=\"${securelevel}\"" | |
| echo "cpuset=\"${cpuset_id}\"" | |
| echo "fib=\"${exec_fib}\"" | |
| + echo "devfs_ruleset=\"${devfs_ruleset}\"" | |
| echo "vnet=\"${vnet}\"" | |
| echo "vinterface=\"${vnet_interface}\"" | |
| echo "rsockets=\"${allow_raw_sockets}\"" | |
| + echo "sysvipc=\"${allow_sysvipc}\"" | |
| echo "quotas=\"${allow_quotas}\"" | |
| echo "nullfs=\"${allow_mount_nullfs}\"" | |
| echo "zfs=\"${allow_mount_zfs}\"" | |
| *************** | |
| *** 383,388 **** | |
| --- 385,391 ---- | |
| unset nic_devicename fstab securelevel cpuset_id | |
| unset exec_fib vnet vnet_interface allow_raw_sockets | |
| unset allow_quotas allow_mount_nullfs allow_mount_zfs | |
| + unset allow_sysvipc devfs_ruleset | |
| unset devicelink device device_md_number | |
| unset deffile poststart_ssh | |
| unset image imagetype | |
| *************** | |
| *** 407,415 **** | |
| --- 410,420 ---- | |
| eval securelevel=\"\${securelevel}\" | |
| eval cpuset_id=\"\${cpuset}\" | |
| eval exec_fib=\"\${fib}\" | |
| + eval devfs_ruleset=\"\${devfs_ruleset}\" | |
| eval vnet=\"\${vnet}\" | |
| eval vnet_interface=\"\${vinterface}\" | |
| eval allow_raw_sockets=\"\${rsockets}\" | |
| + eval allow_sysvipc=\"\${sysvipc}\" | |
| eval allow_quotas=\"\${quotas}\" | |
| eval allow_mount_nullfs=\"\${nullfs}\" | |
| eval allow_mount_zfs=\"\${zfs}\" | |
| *************** | |
| *** 449,457 **** | |
| echo "exec.start = \"/bin/sh /etc/rc\";" | |
| echo "exec.stop = \"/bin/sh /etc/rc.shutdown\";" | |
| echo "exec.consolelog = \"/var/log/qjail.${jailname}.console.log\";" | |
| ! echo "devfs_ruleset = \"4\";" | |
| ! echo "allow.mount.devfs;" | |
| ! echo "mount.devfs = \"1\";" | |
| [ ${ip4} ] && \ | |
| echo "ip4.addr = ${ip4};" | |
| --- 454,461 ---- | |
| echo "exec.start = \"/bin/sh /etc/rc\";" | |
| echo "exec.stop = \"/bin/sh /etc/rc.shutdown\";" | |
| echo "exec.consolelog = \"/var/log/qjail.${jailname}.console.log\";" | |
| ! | |
| ! echo "mount.devfs;" | |
| [ ${ip4} ] && \ | |
| echo "ip4.addr = ${ip4};" | |
| *************** | |
| *** 475,483 **** | |
| --- 479,493 ---- | |
| [ ${exec_fib} ] && \ | |
| echo "exec.fib = \"${exec_fib}\";" | |
| + [ ${devfs_ruleset} ] && \ | |
| + echo "devfs_ruleset = \"${devfs_ruleset}\";" | |
| + | |
| [ ${allow_raw_sockets} ] && \ | |
| echo "allow.raw_sockets;" | |
| + [ ${allow_sysvipc} ] && \ | |
| + echo "allow.sysvipc;" | |
| + | |
| [ ${allow_quotas} ] && \ | |
| echo "allow.quotas;" | |
| *************** | |
| *** 562,573 **** | |
| duplicate_count=000 | |
| ! shift; while getopts f:a:A:n:d:i:z:4:6:c arg; do case ${arg} in | |
| f) flavor=${OPTARG};; | |
| A) fromarchivezone=${OPTARG};; | |
| a) fromarchive=${OPTARG};; | |
| n) nic_devicename=${OPTARG};; | |
| d) duplicate_times=${OPTARG};; | |
| i) imagesize=${OPTARG}; create_image="YES";; | |
| 4) ip4=${OPTARG};; | |
| 6) ip6=${OPTARG};; | |
| --- 572,584 ---- | |
| duplicate_count=000 | |
| ! shift; while getopts f:a:A:n:d:D:i:z:4:6:c arg; do case ${arg} in | |
| f) flavor=${OPTARG};; | |
| A) fromarchivezone=${OPTARG};; | |
| a) fromarchive=${OPTARG};; | |
| n) nic_devicename=${OPTARG};; | |
| d) duplicate_times=${OPTARG};; | |
| + D) devfs_ruleset=${OPTARG};; | |
| i) imagesize=${OPTARG}; create_image="YES";; | |
| 4) ip4=${OPTARG};; | |
| 6) ip6=${OPTARG};; | |
| *************** | |
| *** 607,624 **** | |
| # Determine if -4 IP address is prefixed with "<if_device>|" and/or | |
| # suffixed with "/<netmask>" values. jail(8) says this is valid | |
| ! # syntax, but its NOT allowed as valid syntax to qjail. So here we | |
| ! # check for it and issue error msg if found. | |
| # | |
| if [ "${ip4}" ]; then | |
| # strip off "|" and everything to the left of it. | |
| ! temp_ip4="${ip4#*|}" | |
| # strip off "/" and everything to the right of it. | |
| ! temp_ip4="${temp_ip4%/*}" | |
| # Check if wrong syntax was used. | |
| if [ "${temp_ip4}" != "${ip4}" ]; then | |
| post_msg "Error Invalid -4 syntax" | |
| ! kill "<if_device>|<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| # At this point we have an valid -4 IP address. If no -n value then | |
| --- 618,636 ---- | |
| # Determine if -4 IP address is prefixed with "<if_device>|" and/or | |
| # suffixed with "/<netmask>" values. jail(8) says this is valid | |
| ! # syntax, but "/<netmask>" values are NOT allowed as valid syntax to qjail. | |
| ! # So here we check for it and issue error msg if found. | |
| # | |
| if [ "${ip4}" ]; then | |
| # strip off "|" and everything to the left of it. | |
| ! #temp_ip4="${ip4#*|}" | |
| # strip off "/" and everything to the right of it. | |
| ! # temp_ip4="${temp_ip4%/*}" | |
| ! temp_ip4="${ip4%/*}" | |
| # Check if wrong syntax was used. | |
| if [ "${temp_ip4}" != "${ip4}" ]; then | |
| post_msg "Error Invalid -4 syntax" | |
| ! kill "<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| # At this point we have an valid -4 IP address. If no -n value then | |
| *************** | |
| *** 635,652 **** | |
| # Determine if -6 IP address is prefixed with "<if_device>|" and/or | |
| # suffixed with "/<netmask>" values. jail(8) says this is valid | |
| ! # syntax, but its NOT allowed as valid syntax to qjail. So here we | |
| ! # check for it and issue error msg if found. | |
| # | |
| if [ "${ip6}" ]; then | |
| # strip off "|" and everything to the left of it. | |
| ! temp_ip6="${ip6#*|}" | |
| # strip off "/" and everything to the right of it. | |
| ! temp_ip6="${temp_ip6%/*}" | |
| # Check if wrong syntax was used. | |
| if [ "${temp_ip6}" != "${ip6}" ]; then | |
| post_msg "Error Invalid -6 syntax" | |
| ! kill "<if_device>|<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| # At this point we have an valid -6 IP address. If no -n value then | |
| --- 647,665 ---- | |
| # Determine if -6 IP address is prefixed with "<if_device>|" and/or | |
| # suffixed with "/<netmask>" values. jail(8) says this is valid | |
| ! # syntax, but "/<netmask>" values are NOT allowed as valid syntax to qjail. | |
| ! # So here we check for it and issue error msg if found. | |
| # | |
| if [ "${ip6}" ]; then | |
| # strip off "|" and everything to the left of it. | |
| ! #temp_ip6="${ip6#*|}" | |
| # strip off "/" and everything to the right of it. | |
| ! # temp_ip6="${temp_ip6%/*}" | |
| ! temp_ip6="${ip6%/*}" | |
| # Check if wrong syntax was used. | |
| if [ "${temp_ip6}" != "${ip6}" ]; then | |
| post_msg "Error Invalid -6 syntax" | |
| ! kill "<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| # At this point we have an valid -6 IP address. If no -n value then | |
| *************** | |
| *** 782,787 **** | |
| --- 795,801 ---- | |
| new_ip6="${ip6}" | |
| new_nic_devicename="${nic_devicename}" | |
| new_imageblockcount="${imageblockcount}" | |
| + devfs_ruleset="${devfs_ruleset:-4}" | |
| # Has a qjail reserved directory name been coded on the command? | |
| *************** | |
| *** 887,893 **** | |
| mv "${temp_rootdir}" "${new_rootdir}" | |
| rm -rf "${temp_restore}" | |
| - | |
| # Prep the variables with the new content. | |
| rootdir="${new_rootdir}" | |
| jailname="${new_jailname}" | |
| --- 901,906 ---- | |
| *************** | |
| *** 1800,1806 **** | |
| number=`echo "${release_number}" | awk '{print $1}'` | |
| number=${number}`echo "${release_number}" | awk '{print $2}'` | |
| ! if [ ${number} -ge 100 ]; then | |
| installarch=`uname -p` | |
| installarch="${installarch}/${installarch}" | |
| else | |
| --- 1813,1819 ---- | |
| number=`echo "${release_number}" | awk '{print $1}'` | |
| number=${number}`echo "${release_number}" | awk '{print $2}'` | |
| ! if [ ${number} -ge 92 ]; then | |
| installarch=`uname -p` | |
| installarch="${installarch}/${installarch}" | |
| else | |
| *************** | |
| *** 2847,2856 **** | |
| flag_count=0 | |
| ! shift; while getopts c:f:4:6:n:p:s:w:z:AdhkKlLmMrRqQvVxX arg; \ | |
| do case ${arg} in | |
| c) new_nic=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| f) fib=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| 4) new_ip4=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| 6) new_ip6=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| n) new_name=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| --- 2860,2870 ---- | |
| flag_count=0 | |
| ! shift; while getopts c:f:D:4:6:n:p:s:w:z:AdhkKyYlLmMrRqQvVxX arg; \ | |
| do case ${arg} in | |
| c) new_nic=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| f) fib=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| + D) new_devfs_ruleset=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| 4) new_ip4=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| 6) new_ip6=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| n) new_name=${OPTARG}; flag_count=$(( $flag_count + 1 ));; | |
| *************** | |
| *** 2863,2868 **** | |
| --- 2877,2884 ---- | |
| h) create_ssh="YES"; flag_count=$(( $flag_count + 1 ));; | |
| k) rawsockets="YES"; flag_count=$(( $flag_count + 1 ));; | |
| K) rawsockets="NO"; flag_count=$(( $flag_count + 1 ));; | |
| + y) sysv="YES"; flag_count=$(( $flag_count + 1 ));; | |
| + Y) sysv="NO"; flag_count=$(( $flag_count + 1 ));; | |
| l) nullfs="YES"; flag_count=$(( $flag_count + 1 ));; | |
| L) nullfs="NO"; flag_count=$(( $flag_count + 1 ));; | |
| m) man_start="YES"; flag_count=$(( $flag_count + 1 ));; | |
| *************** | |
| *** 3096,3117 **** | |
| if [ "${new_ip4}" ]; then | |
| ip4="${new_ip4}" | |
| ! new_ip4="${new_ip4#*|}" | |
| new_ip4="${new_ip4%/*}" | |
| if [ "${new_ip4}" != "${ip4}" ]; then | |
| post_msg "Error Invalid -4 syntax" | |
| ! kill "<if_device>|<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| verify_ip4 | |
| fi | |
| if [ "${new_ip6}" ]; then | |
| ip6="${new_ip6}" | |
| ! new_ip6="${new_ip6#*|}" | |
| new_ip6="${new_ip6%/*}" | |
| if [ "${new_ip6}" != "${ip6}" ]; then | |
| post_msg "Error Invalid -6 syntax" | |
| ! kill "<if_device>|<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| verify_ip6 | |
| fi | |
| --- 3112,3133 ---- | |
| if [ "${new_ip4}" ]; then | |
| ip4="${new_ip4}" | |
| ! #new_ip4="${new_ip4#*|}" | |
| new_ip4="${new_ip4%/*}" | |
| if [ "${new_ip4}" != "${ip4}" ]; then | |
| post_msg "Error Invalid -4 syntax" | |
| ! kill "<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| verify_ip4 | |
| fi | |
| if [ "${new_ip6}" ]; then | |
| ip6="${new_ip6}" | |
| ! #new_ip6="${new_ip6#*|}" | |
| new_ip6="${new_ip6%/*}" | |
| if [ "${new_ip6}" != "${ip6}" ]; then | |
| post_msg "Error Invalid -6 syntax" | |
| ! kill "<ip_address>/<netmask> syntax is not allowed." | |
| fi | |
| verify_ip6 | |
| fi | |
| *************** | |
| *** 3458,3463 **** | |
| --- 3474,3493 ---- | |
| continue | |
| fi | |
| + if [ "${sysv}" = "YES" ]; then | |
| + allow_sysvipc="allow.sysvipc" | |
| + write-definition "${deffile}" | |
| + post_msg "Successful enabled allow.sysvipc for ${jailname}" | |
| + continue | |
| + fi | |
| + | |
| + if [ "${sysv}" = "NO" ]; then | |
| + unset allow_sysvipc | |
| + write-definition "${deffile}" | |
| + post_msg "Successful disabled allow.sysvipc for ${jailname}" | |
| + continue | |
| + fi | |
| + | |
| if [ "${quota}" = "YES" ]; then | |
| allow_quotas="allow.quotas" | |
| write-definition "${deffile}" | |
| *************** | |
| *** 3519,3526 **** | |
| fi | |
| fi | |
| if [ "${setcpu}" = "null" ]; then | |
| - unset cpuset_id | |
| write-definition "${deffile}" | |
| post_msg "Successfully disabled cpuset.id for ${jailname}" | |
| continue | |
| --- 3549,3562 ---- | |
| fi | |
| fi | |
| + if [ -n "${new_devfs_ruleset}" ]; then | |
| + devfs_ruleset="${new_devfs_ruleset}" | |
| + write-definition "${deffile}" | |
| + post_msg "Successfully set devfs_ruleset for ${jailname}" | |
| + continue | |
| + fi | |
| + | |
| if [ "${setcpu}" = "null" ]; then | |
| write-definition "${deffile}" | |
| post_msg "Successfully disabled cpuset.id for ${jailname}" | |
| continue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment