Date: Sun, 5 Dec 2010 22:20:07 GMT From: "joeb" <joeb@a1poweruser.com> To: freebsd-ports-bugs@FreeBSD.org Subject: RE: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly Message-ID: <201012052220.oB5MK7Fa036871@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/148777; it has been noted by GNATS.
From: "joeb" <joeb@a1poweruser.com>
To: <bug-followup@freebsd.org>
Cc:
Subject: RE: ports/148777: [New Port] sysutils/qjail: Utility to deploy large number of jails quickly
Date: Sun, 5 Dec 2010 17:16:17 -0500
This is a multi-part message in MIME format.
------=_NextPart_000_0008_01CB94A0.20C60E40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
The updated attached port shar file contains fixes to the port makefiles.
Please review and commit.
Thanks
------=_NextPart_000_0008_01CB94A0.20C60E40
Content-Type: application/octet-stream;
name="qjail.portMakefiles.shar"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="qjail.portMakefiles.shar"
# This is a shell archive. Save it in a file, remove anything before=0A=
# this line, and then unpack it by entering "sh file". Note, it may=0A=
# create directories; files and directories will be owned by you and=0A=
# have default permissions.=0A=
#=0A=
# This archive contains:=0A=
#=0A=
# qjail=0A=
# qjail/Makefile=0A=
# qjail/pkg-descr=0A=
# qjail/pkg-plist=0A=
# qjail/pkg-message=0A=
# qjail/work=0A=
# qjail/work/qjail-1.0=0A=
# qjail/work/qjail-1.0/examples=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/etc=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/usr=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/usr/local=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc=0A=
# =
qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=0A=
# =
qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=
/remotes=0A=
# qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor=0A=
# qjail/work/qjail-1.0/examples/default=0A=
# qjail/work/qjail-1.0/examples/default/etc=0A=
# qjail/work/qjail-1.0/examples/default/etc/make.conf=0A=
# qjail/work/qjail-1.0/examples/default/etc/periodic.conf=0A=
# qjail/work/qjail-1.0/examples/default/etc/rc.conf=0A=
# qjail/work/qjail-1.0/examples/default/usr=0A=
# qjail/work/qjail-1.0/examples/default/usr/local=0A=
# qjail/work/qjail-1.0/examples/default/usr/local/etc=0A=
# qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers=0A=
# qjail/work/qjail-1.0/examples/default/qjail.flavor=0A=
# qjail/work/qjail-1.0/jail2=0A=
# qjail/work/qjail-1.0/qjail.conf.sample=0A=
# qjail/work/qjail-1.0/qjail.conf.8=0A=
# qjail/work/qjail-1.0/qjail.8=0A=
# qjail/work/qjail-1.0/qjail-intro.8=0A=
# qjail/work/qjail-1.0/qjail=0A=
# qjail/work/qjail-1.0/qjail2=0A=
# qjail/work/qjail-1.0/pkg-plist=0A=
# qjail/work/qjail-1.0/pkg-message=0A=
# qjail/work/qjail-1.0/pkg-descr=0A=
# qjail/work/qjail-1.0/distinfo=0A=
# qjail/work/qjail-1.0/Makefile=0A=
# qjail/work/.extract_done.qjail._usr_local=0A=
# qjail/work/BSD=0A=
# qjail/work/.license-catalog.mk=0A=
# qjail/work/.license-report=0A=
# qjail/work/.license_done.qjail._usr_local=0A=
# qjail/work/.patch_done.qjail._usr_local=0A=
# qjail/work/.configure_done.qjail._usr_local=0A=
# qjail/work/.build_done.qjail._usr_local=0A=
# qjail/work/.PLIST.mktmp=0A=
# qjail/work/.PLIST.flattened=0A=
# qjail/work/.PLIST.setuid=0A=
# qjail/work/.PLIST.writable=0A=
# qjail/work/.PLIST.objdump=0A=
# qjail/work/.install_done.qjail._usr_local=0A=
# qjail/distinfo=0A=
#=0A=
echo c - qjail=0A=
mkdir -p qjail > /dev/null 2>&1=0A=
echo x - qjail/Makefile=0A=
sed 's/^X//' >qjail/Makefile << '7da10d06f45c8d9771da27572b9a6525'=0A=
X# New ports collection makefile for: qjail=0A=
X# Date created: July 22 2010=0A=
X# Whom: Joe Barbish=0A=
X#=0A=
X# $FreeBSD$=0A=
X=0A=
XPORTNAME=3D qjail=0A=
XPORTVERSION=3D 1.0=0A=
XCATEGORIES=3D sysutils=0A=
XMASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE}=0A=
XMASTER_SITE_SUBDIR=3D qjail=0A=
X#DISTFILES=3D qjail-1.0.tar.bz2=0A=
X=0A=
XMAINTAINER=3D qjail@a1poweruser.com=0A=
XCOMMENT=3D Utility to quickly deploy and manage large numbers of jails=0A=
X=0A=
XLICENSE=3D BSD=0A=
X=0A=
XUSE_BZIP2=3D yes=0A=
X=0A=
XMAN8=3D qjail.8 qjail-intro.8 qjail.conf.8=0A=
X=0A=
XNO_BUILD=3D yes=0A=
X=0A=
Xdo-install:=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin/=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d/=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/jail2 ${PREFIX}/etc/rc.d/=0A=
X ${CP} ${WRKSRC}/qjail.conf.sample ${PREFIX}/etc/=0A=
X ${CP} ${WRKSRC}/qjail.8 ${MANPREFIX}/man/man8/=0A=
X ${CP} ${WRKSRC}/qjail-intro.8 ${MANPREFIX}/man/man8/=0A=
X ${CP} ${WRKSRC}/qjail.conf.8 ${MANPREFIX}/man/man8/=0A=
X ${MKDIR} ${PREFIX}/share/examples/qjail=0A=
X ${CP} -rfp ${WRKSRC}/examples/ ${PREFIX}/share/examples/qjail/=0A=
X=0A=
Xpost-install:=0A=
X ${CAT} ${PKGMESSAGE}=0A=
X=0A=
X.include <bsd.port.mk>=0A=
7da10d06f45c8d9771da27572b9a6525=0A=
echo x - qjail/pkg-descr=0A=
sed 's/^X//' >qjail/pkg-descr << 'd05ede6e511e945409d9ec363b2f7453'=0A=
XQjail [ q =3D quick ] is a 4th generation wrapper for the basic chroot =
jail=0A=
Xsystem that includes security and performance enhancements. Plus a new =
level=0A=
Xof "user friendliness" enhancements dealing with deploying just a few =
jails or=0A=
Xlarge jail environments consisting of 100's of jails.=0A=
X=0A=
XQjail requires no knowledge of the jail command usage. It uses "nullfs" =
for=0A=
Xread-only system binaries, sharing one copy of them with all the jails.=0A=
X=0A=
XUses "mdconfig" to create sparse image jails. Sparse image jails =
provide a=0A=
Xmethod to limit the total disk space a jail can consume, while only =
occupying=0A=
Xthe physical disk space of the sum size of the files in the image jail.=0A=
X=0A=
XAbility to assign ip address with their network device name,=0A=
Xso aliases are auto created on jail start and auto removed on jail stop.=0A=
X=0A=
XAbility to create "ZONE"s of identical qjail systems, each with their =
own=0A=
Xgroup of jails.=0A=
X=0A=
XAbility to designate a portion of the jail name as a group prefix so =
the =0A=
Xcommand being executed will apply to only those jail names matching =
that prefix.=0A=
X=0A=
XQjail reduces the complexities of jail deployments to the novice level. =
It has=0A=
Xa fully documented manpage written for easy comprehension. Details are =
given=0A=
Xto facilitate the use of qjail's capabilities to the fullest extent =
possible.=0A=
X=0A=
XWWW: http://sourceforge.net/projects/qjail/=0A=
d05ede6e511e945409d9ec363b2f7453=0A=
echo x - qjail/pkg-plist=0A=
sed 's/^X//' >qjail/pkg-plist << '86541871219192287f62aed437005027'=0A=
Xetc/qjail.conf.sample=0A=
Xetc/rc.d/jail2=0A=
Xetc/rc.d/qjail2=0A=
Xbin/qjail=0A=
Xshare/examples/qjail/default/qjail.flavor=0A=
Xshare/examples/qjail/default/etc/make.conf=0A=
Xshare/examples/qjail/default/etc/periodic.conf=0A=
Xshare/examples/qjail/default/etc/rc.conf=0A=
Xshare/examples/qjail/default/usr/local/etc/sudoers=0A=
Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A=
Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A=
Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A=
Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A=
X=0A=
X@dirrm share/examples/qjail/default/usr/local/etc/=0A=
X@dirrm share/examples/qjail/default/usr/local/=0A=
X@dirrm share/examples/qjail/default/usr/=0A=
X@dirrm share/examples/qjail/default/etc/=0A=
X@dirrm share/examples/qjail/default/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/=0A=
X@dirrm share/examples/qjail/=0A=
86541871219192287f62aed437005027=0A=
echo x - qjail/pkg-message=0A=
sed 's/^X//' >qjail/pkg-message << '52855aef6c8b745fc2678a3da244739a'=0A=
X*=0A=
X*=0A=
X************************************************************************=
*******=0A=
X* =
*=0A=
X* Use the qjail utility to deploy small or large numbers of jails =
quickly. *=0A=
X* =
*=0A=
X* Issue this command on the console command line first "man =
qjail-intro" *=0A=
X* =
*=0A=
X* After reading that do "man qjail" for the usage details. =
*=0A=
X* =
*=0A=
X************************************************************************=
*******=0A=
X*=0A=
X*=0A=
52855aef6c8b745fc2678a3da244739a=0A=
echo c - qjail/work=0A=
mkdir -p qjail/work > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0=0A=
mkdir -p qjail/work/qjail-1.0 > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples=0A=
mkdir -p qjail/work/qjail-1.0/examples > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example > /dev/null =
2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example/etc=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/etc > =
/dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail > =
/dev/null 2>&1=0A=
echo x - =
qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf=0A=
sed 's/^X//' =
>qjail/work/qjail-1.0/examples/nullmailer-example/etc/mail/mailer.conf =
<< 'e59f3f30d2ee098b0e47a1b133bb77de'=0A=
X# replace sendmail with nullmailer=0A=
Xsendmail /usr/local/libexec/nullmailer/sendmail=0A=
Xsend-mail /usr/local/libexec/nullmailer/sendmail=0A=
Xmailq /usr/local/libexec/nullmailer/mailq=0A=
e59f3f30d2ee098b0e47a1b133bb77de=0A=
echo x - qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf=0A=
sed 's/^X//' =
>qjail/work/qjail-1.0/examples/nullmailer-example/etc/rc.conf << =
'20e7b9a2c95dfaee39ca477e454ef2c6'=0A=
X# Pretuned by American Freebsd Software Engineer=0A=
X=0A=
X# No network interfaces in jails=0A=
Xnetwork_interfaces=3D""=0A=
X=0A=
X# Prevent rpc=0A=
Xrpcbind_enable=3D"NO"=0A=
X=0A=
X# Prevent loads of jails doing their cron jobs at the same time=0A=
Xcron_flags=3D"$cron_flags -J 15"=0A=
X=0A=
X# Prevent syslog to open sockets=0A=
Xsyslogd_flags=3D"-ss"=0A=
X=0A=
X# Prevent sendmail to try to connect to localhost=0A=
Xsendmail_enable=3D"NO"=0A=
Xsendmail_submit_enable=3D"NO"=0A=
Xsendmail_outbound_enable=3D"NO"=0A=
Xsendmail_msp_queue_enable=3D"NO"=0A=
X=0A=
X# Bring up sshd, it takes some time and uses some entropy on first =
startup=0A=
X# sshd_enable=3D"YES"=0A=
X=0A=
X# Enable nullmailer for external mail delivery=0A=
Xnullmailer_enable=3D"YES"=0A=
X=0A=
20e7b9a2c95dfaee39ca477e454ef2c6=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr > =
/dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr/local=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr/local > =
/dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc=0A=
mkdir -p qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc =
> /dev/null 2>&1=0A=
echo c - =
qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=0A=
mkdir -p =
qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=
> /dev/null 2>&1=0A=
echo x - =
qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmailer=
/remotes=0A=
sed 's/^X//' =
>qjail/work/qjail-1.0/examples/nullmailer-example/usr/local/etc/nullmaile=
r/remotes << '4075f385d341ed87d46f76c6a8fe6d82'=0A=
X# example smtp route=0A=
X# 127.0.0.1 smtp=0A=
4075f385d341ed87d46f76c6a8fe6d82=0A=
echo x - qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor=0A=
sed 's/^X//' =
>qjail/work/qjail-1.0/examples/nullmailer-example/qjail.flavor << =
'4e7d16ce1e7cf2f7ce450ea31b42203d'=0A=
X#!/bin/sh=0A=
X#=0A=
X# BEFORE: DAEMON=0A=
X#=0A=
X# qjail flavour=0A=
X=0A=
X# install nullmailer port=0A=
Xcd /usr/ports/mail/nullmailer=0A=
Xyes | make install=0A=
Xhostname > /usr/local/etc/nullmailer/me=0A=
4e7d16ce1e7cf2f7ce450ea31b42203d=0A=
echo c - qjail/work/qjail-1.0/examples/default=0A=
mkdir -p qjail/work/qjail-1.0/examples/default > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/default/etc=0A=
mkdir -p qjail/work/qjail-1.0/examples/default/etc > /dev/null 2>&1=0A=
echo x - qjail/work/qjail-1.0/examples/default/etc/make.conf=0A=
sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/make.conf << =
'65e0948c5ac953a72ee072f1176dd2d3'=0A=
XWRKDIRPREFIX=3D /var/ports=0A=
XDISTDIR=3D /var/ports/distfiles=0A=
XPACKAGES=3D /var/ports/packages=0A=
XINDEXDIR=3D /var/ports=0A=
65e0948c5ac953a72ee072f1176dd2d3=0A=
echo x - qjail/work/qjail-1.0/examples/default/etc/periodic.conf=0A=
sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/periodic.conf << =
'39a3027f9d3cf6517548d06af3f4920b'=0A=
Xdaily_output=3D"/var/log/daily.log"=0A=
Xweekly_output=3D"/var/log/weekly.log"=0A=
Xmonthly_output=3D"/var/log/monthly.log"=0A=
Xdaily_status_security_output=3D"/var/log/daily_status_security.log"=0A=
Xdaily_status_network_enable=3D"NO"=0A=
Xdaily_status_security_ipfwlimit_enable=3D"NO"=0A=
Xdaily_status_security_ipfwdenied_enable=3D"NO"=0A=
Xweekly_whatis_enable=3D"NO" # our jails are read-only /usr=0A=
39a3027f9d3cf6517548d06af3f4920b=0A=
echo x - qjail/work/qjail-1.0/examples/default/etc/rc.conf=0A=
sed 's/^X//' >qjail/work/qjail-1.0/examples/default/etc/rc.conf << =
'e8a0ce16a779e5a80091b83d9e5a8263'=0A=
X# Pretuned by American Freebsd Software Engineer=0A=
X=0A=
X# No network interfaces in jails=0A=
Xnetwork_interfaces=3D""=0A=
X=0A=
X# Prevent rpc=0A=
Xrpcbind_enable=3D"NO"=0A=
X=0A=
X# Prevent loads of jails doing their cron jobs at the same time=0A=
Xcron_flags=3D"$cron_flags -J 60"=0A=
Xcron_flags=3D"$cron_flags -j 60"=0A=
X=0A=
X# Prevent syslog to open sockets=0A=
Xsyslogd_flags=3D"-ss"=0A=
X=0A=
X# Prevent sendmail to try to connect to localhost=0A=
Xsendmail_enable=3D"NO"=0A=
Xsendmail_submit_enable=3D"NO"=0A=
Xsendmail_outbound_enable=3D"NO"=0A=
Xsendmail_msp_queue_enable=3D"NO"=0A=
X=0A=
X# Bring up sshd, it takes some time and uses some entropy on first =
startup=0A=
X# sshd_enable=3D"YES"=0A=
e8a0ce16a779e5a80091b83d9e5a8263=0A=
echo c - qjail/work/qjail-1.0/examples/default/usr=0A=
mkdir -p qjail/work/qjail-1.0/examples/default/usr > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/default/usr/local=0A=
mkdir -p qjail/work/qjail-1.0/examples/default/usr/local > /dev/null 2>&1=0A=
echo c - qjail/work/qjail-1.0/examples/default/usr/local/etc=0A=
mkdir -p qjail/work/qjail-1.0/examples/default/usr/local/etc > /dev/null =
2>&1=0A=
echo x - qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers=0A=
sed 's/^X//' =
>qjail/work/qjail-1.0/examples/default/usr/local/etc/sudoers << =
'349feedf0669d917a3b5c5c625b244b2'=0A=
X# sudoers file.=0A=
X#=0A=
X# This file MUST be edited with the 'visudo' command as root.=0A=
X#=0A=
X# See the sudoers man page for the details on how to write a sudoers =
file.=0A=
X#=0A=
X=0A=
X# Host alias specification=0A=
X=0A=
X# User alias specification=0A=
X=0A=
X# Cmnd alias specification=0A=
X=0A=
X# Defaults specification=0A=
X=0A=
X# Runas alias specification=0A=
X=0A=
X# User privilege specification=0A=
Xroot ALL=3D(ALL) ALL=0A=
X=0A=
X# Uncomment to allow people in group wheel to run all commands=0A=
X%wheel ALL=3D(ALL) ALL=0A=
X=0A=
X# Same thing without a password=0A=
X# %wheel ALL=3D(ALL) NOPASSWD: ALL=0A=
X=0A=
X# Samples=0A=
X# %users ALL=3D/sbin/mount /cdrom,/sbin/umount /cdrom=0A=
X# %users localhost=3D/sbin/shutdown -h now=0A=
349feedf0669d917a3b5c5c625b244b2=0A=
echo x - qjail/work/qjail-1.0/examples/default/qjail.flavor=0A=
sed 's/^X//' >qjail/work/qjail-1.0/examples/default/qjail.flavor << =
'f2e13aba781a2f0481eda4e8d92724d1'=0A=
X#!/bin/sh=0A=
X#=0A=
X# BEFORE: DAEMON=0A=
X#=0A=
X# the is the qjail.flavor first time jail start configuration script.=0A=
X#=0A=
X# After creating the new jail and before starting it for the first time,=0A=
X# you can edit this script to customize the jail to your liking.=0A=
X#=0A=
X# This qjail.flavor script is part of the default flavor and=0A=
X# gets run on first start of the jail no mater if you make changes =0A=
X# to it or not.=0A=
X#=0A=
X# Groups=0A=
X#########=0A=
X#=0A=
X# You will probably start with some groups your users should be in=0A=
X=0A=
X# pw groupadd -q -n coders # -g 1004=0A=
X# pw groupadd -q -n sales # -g 1005=0A=
X=0A=
X# Users=0A=
X########=0A=
X#=0A=
X# You might want to add some users. The password is to be provided in =
the=0A=
X# encrypted form as found in /etc/master.passwd.=0A=
X# The example password here is "admin"=0A=
X# Refer to crypt(3) and pw(8) for more information=0A=
X=0A=
X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A=
X# pw useradd -n admin -u 1001 -s /bin/sh -m -d /home/admin -G wheel -c =
'Admin User' -H 0=0A=
X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A=
X# pw useradd -n saag -u 1002 -s /bin/sh -m -d /home/saag -G coders -c =
'Mutton Saag' -H 0=0A=
X# echo -n '$1$p75bbfK.$Kz3dwkoVlgZrfLZdAXQt91' |\=0A=
X# pw useradd -n mac -u 1002 -s /bin/sh -m -d /home/mac -G sales -c 'Big =
Mac' -H 0=0A=
X#=0A=
X# Example of having password assigned right in the script.=0A=
X#pw adduser test -g wheel -c "FBSD test" -d /home/test -h 0 << EOD=0A=
X#testpw=0A=
X#EOD=0A=
X=0A=
X=0A=
X# Files=0A=
X########=0A=
X#=0A=
X# You can give premission to files for users just created=0A=
X=0A=
X# chown -R admin:coders /usr/local/cvsroot=0A=
X# chown -R admin:sales /usr/local/nfs/sales=0A=
X=0A=
X=0A=
X# Postinstall=0A=
X##############=0A=
X#=0A=
X# Your own stuff here, for example set login shells that were only=0A=
X# installed just before.=0A=
X=0A=
X# Please note, that for all network related stuff like ports,=0A=
X# package remote fetching, etc. you need a sane /etc/resolv.conf=0A=
X# in you jailname directory tree. Here another method is shown for=0A=
X# installing packages=0A=
X=0A=
X# chpass -s /usr/local/bin/bash admin=0A=
X# pkg_add -r pico=0A=
X# cd /usr/ports/sysutils/screen && make install=0A=
f2e13aba781a2f0481eda4e8d92724d1=0A=
echo x - qjail/work/qjail-1.0/jail2=0A=
sed 's/^X//' >qjail/work/qjail-1.0/jail2 << =
'7de5d3d87e129c730a6d4f52cad6ec34'=0A=
X#!/bin/sh=0A=
X#=0A=
X# $FreeBSD: src/etc/rc.d/jail,v 1.43.2.1.2.1 2009/10/25 01:10:29 =
kensmith Exp $=0A=
X#=0A=
X=0A=
X# PROVIDE: jail=0A=
X# REQUIRE: LOGIN cleanvar=0A=
X# BEFORE: securelevel=0A=
X# KEYWORD: nojail shutdown=0A=
X=0A=
X# WARNING: This script deals with untrusted data (the data and=0A=
X# processes inside the jails) and care must be taken when changing the=0A=
X# code related to this! If you have any doubt whether a change is=0A=
X# correct and have security impact, please get the patch reviewed by=0A=
X# the FreeBSD Security Team prior to commit.=0A=
X=0A=
X. /etc/rc.subr=0A=
X=0A=
Xname=3D"jail"=0A=
Xrcvar=3D`set_rcvar`=0A=
Xstart_cmd=3D"jail_start"=0A=
Xstop_cmd=3D"jail_stop"=0A=
X=0A=
X# init_variables _j=0A=
X# Initialize the various jail variables for jail _j.=0A=
X#=0A=
Xinit_variables()=0A=
X{=0A=
X _j=3D"$1"=0A=
X=0A=
X if [ -z "$_j" ]; then=0A=
X warn "init_variables: you must specify a jail"=0A=
X return=0A=
X fi=0A=
X=0A=
X eval _rootdir=3D\"\$jail_${_j}_rootdir\"=0A=
X _devdir=3D"${_rootdir}/dev"=0A=
X _fdescdir=3D"${_devdir}/fd"=0A=
X _procdir=3D"${_rootdir}/proc"=0A=
X eval _hostname=3D\"\$jail_${_j}_hostname\"=0A=
X eval _ip=3D\"\$jail_${_j}_ip\"=0A=
X eval _interface=3D\"\${jail_${_j}_interface:-${jail_interface}}\"=0A=
X eval _exec=3D\"\$jail_${_j}_exec\"=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval =
_exec_prestart${i}=3D\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_pres=
tart${i}}}\"=0A=
X [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X eval _exec_start=3D\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"=0A=
X=0A=
X i=3D1=0A=
X while : ; do=0A=
X eval =
_exec_afterstart${i}=3D\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_=
afterstart${i}}}\"=0A=
X [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval =
_exec_poststart${i}=3D\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_po=
ststart${i}}}\"=0A=
X [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval =
_exec_prestop${i}=3D\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_presto=
p${i}}}\"=0A=
X [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X eval _exec_stop=3D\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval =
_exec_poststop${i}=3D\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_post=
stop${i}}}\"=0A=
X [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X if [ -n "${_exec}" ]; then=0A=
X # simple/backward-compatible execution=0A=
X _exec_start=3D"${_exec}"=0A=
X _exec_stop=3D""=0A=
X else=0A=
X # flexible execution=0A=
X if [ -z "${_exec_start}" ]; then=0A=
X _exec_start=3D"/bin/sh /etc/rc"=0A=
X if [ -z "${_exec_stop}" ]; then=0A=
X _exec_stop=3D"/bin/sh /etc/rc.shutdown"=0A=
X fi=0A=
X fi=0A=
X fi=0A=
X=0A=
X # The default jail ruleset will be used by rc.subr if none is =
specified.=0A=
X eval _ruleset=3D\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"=0A=
X eval _devfs=3D\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"=0A=
X [ -z "${_devfs}" ] && _devfs=3D"NO"=0A=
X eval =
_fdescfs=3D\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"=0A=
X [ -z "${_fdescfs}" ] && _fdescfs=3D"NO"=0A=
X eval _procfs=3D\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"=0A=
X [ -z "${_procfs}" ] && _procfs=3D"NO"=0A=
X=0A=
X eval _mount=3D\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"=0A=
X [ -z "${_mount}" ] && _mount=3D"NO"=0A=
X # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is =
specified.=0A=
X eval _fstab=3D\"\${jail_${_j}_fstab:-${jail_fstab}}\"=0A=
X [ -z "${_fstab}" ] && _fstab=3D"/etc/fstab.${_j}"=0A=
X eval _flags=3D\"\${jail_${_j}_flags:-${jail_flags}}\"=0A=
X [ -z "${_flags}" ] && _flags=3D"-l -U root"=0A=
X eval _consolelog=3D\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"=0A=
X [ -z "${_consolelog}" ] && =
_consolelog=3D"/var/log/jail_${_j}_console.log"=0A=
X eval _fib=3D\"\${jail_${_j}_fib:-${jail_fib}}\"=0A=
X=0A=
X # Debugging aid=0A=
X #=0A=
X debug "$_j devfs enable: $_devfs"=0A=
X debug "$_j fdescfs enable: $_fdescfs"=0A=
X debug "$_j procfs enable: $_procfs"=0A=
X debug "$_j mount enable: $_mount"=0A=
X debug "$_j hostname: $_hostname"=0A=
X debug "$_j ip: $_ip"=0A=
X jail_show_addresses ${_j}=0A=
X debug "$_j interface: $_interface"=0A=
X debug "$_j fib: $_fib"=0A=
X debug "$_j root: $_rootdir"=0A=
X debug "$_j devdir: $_devdir"=0A=
X debug "$_j fdescdir: $_fdescdir"=0A=
X debug "$_j procdir: $_procdir"=0A=
X debug "$_j ruleset: $_ruleset"=0A=
X debug "$_j fstab: $_fstab"=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_prestart${i}:-''}\"=0A=
X if [ -z "$out" ]; then=0A=
X break=0A=
X fi=0A=
X debug "$_j exec pre-start #${i}: ${out}"=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X debug "$_j exec start: $_exec_start"=0A=
X=0A=
X i=3D1=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_afterstart${i}:-''}\"=0A=
X=0A=
X if [ -z "$out" ]; then=0A=
X break;=0A=
X fi=0A=
X=0A=
X debug "$_j exec after start #${i}: ${out}"=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_poststart${i}:-''}\"=0A=
X if [ -z "$out" ]; then=0A=
X break=0A=
X fi=0A=
X debug "$_j exec post-start #${i}: ${out}"=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_prestop${i}:-''}\"=0A=
X if [ -z "$out" ]; then=0A=
X break=0A=
X fi=0A=
X debug "$_j exec pre-stop #${i}: ${out}"=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X debug "$_j exec stop: $_exec_stop"=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_poststop${i}:-''}\"=0A=
X if [ -z "$out" ]; then=0A=
X break=0A=
X fi=0A=
X debug "$_j exec post-stop #${i}: ${out}"=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X debug "$_j flags: $_flags"=0A=
X debug "$_j consolelog: $_consolelog"=0A=
X=0A=
X if [ -z "${_hostname}" ]; then=0A=
X err 3 "$name: No hostname has been defined for ${_j}"=0A=
X fi=0A=
X if [ -z "${_rootdir}" ]; then=0A=
X err 3 "$name: No root directory has been defined for ${_j}"=0A=
X fi=0A=
X}=0A=
X=0A=
X# set_sysctl rc_knob mib msg=0A=
X# If the mib sysctl is set according to what rc_knob=0A=
X# specifies, this function does nothing. However if=0A=
X# rc_knob is set differently than mib, then the mib=0A=
X# is set accordingly and msg is displayed followed by=0A=
X# an '=3D" sign and the word 'YES' or 'NO'.=0A=
X#=0A=
Xset_sysctl()=0A=
X{=0A=
X _knob=3D"$1"=0A=
X _mib=3D"$2"=0A=
X _msg=3D"$3"=0A=
X=0A=
X _current=3D`${SYSCTL} -n $_mib 2>/dev/null`=0A=
X if checkyesno $_knob ; then=0A=
X if [ "$_current" -ne 1 ]; then=0A=
X echo -n " ${_msg}=3DYES"=0A=
X ${SYSCTL_W} 1>/dev/null ${_mib}=3D1=0A=
X fi=0A=
X else=0A=
X if [ "$_current" -ne 0 ]; then=0A=
X echo -n " ${_msg}=3DNO"=0A=
X ${SYSCTL_W} 1>/dev/null ${_mib}=3D0=0A=
X fi=0A=
X fi=0A=
X}=0A=
X=0A=
X# is_current_mountpoint()=0A=
X# Is the directory mount point for a currently mounted file=0A=
X# system?=0A=
X#=0A=
Xis_current_mountpoint()=0A=
X{=0A=
X local _dir _dir2=0A=
X=0A=
X _dir=3D$1=0A=
X=0A=
X _dir=3D`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`=0A=
X [ ! -d "${_dir}" ] && return 1=0A=
X _dir2=3D`df ${_dir} | tail +2 | awk '{ print $6 }'`=0A=
X [ "${_dir}" =3D "${_dir2}" ]=0A=
X return $?=0A=
X}=0A=
X=0A=
X# is_symlinked_mountpoint()=0A=
X# Is a mount point, or any of its parent directories, a symlink?=0A=
X#=0A=
Xis_symlinked_mountpoint()=0A=
X{=0A=
X local _dir=0A=
X=0A=
X _dir=3D$1=0A=
X=0A=
X [ -L "$_dir" ] && return 0=0A=
X [ "$_dir" =3D "/" ] && return 1=0A=
X is_symlinked_mountpoint `dirname $_dir`=0A=
X return $?=0A=
X}=0A=
X=0A=
X# secure_umount=0A=
X# Try to unmount a mount point without being vulnerable to=0A=
X# symlink attacks.=0A=
X#=0A=
Xsecure_umount()=0A=
X{=0A=
X local _dir=0A=
X=0A=
X _dir=3D$1=0A=
X=0A=
X if is_current_mountpoint ${_dir}; then=0A=
X umount -f ${_dir} >/dev/null 2>&1=0A=
X else=0A=
X debug "Nothing mounted on ${_dir} - not unmounting"=0A=
X fi=0A=
X}=0A=
X=0A=
X=0A=
X# jail_umount_fs=0A=
X# This function unmounts certain special filesystems in the=0A=
X# currently selected jail. The caller must call the init_variables()=0A=
X# routine before calling this one.=0A=
X#=0A=
Xjail_umount_fs()=0A=
X{=0A=
X local _device _mountpt _rest=0A=
X=0A=
X if checkyesno _fdescfs; then=0A=
X if [ -d "${_fdescdir}" ] ; then=0A=
X secure_umount ${_fdescdir}=0A=
X fi=0A=
X fi=0A=
X if checkyesno _devfs; then=0A=
X if [ -d "${_devdir}" ] ; then=0A=
X secure_umount ${_devdir}=0A=
X fi=0A=
X fi=0A=
X if checkyesno _procfs; then=0A=
X if [ -d "${_procdir}" ] ; then=0A=
X secure_umount ${_procdir}=0A=
X fi=0A=
X fi=0A=
X if checkyesno _mount; then=0A=
X [ -f "${_fstab}" ] || warn "${_fstab} does not exist"=0A=
X tail -r ${_fstab} | while read _device _mountpt _rest; do=0A=
X case ":${_device}" in=0A=
X :#* | :)=0A=
X continue=0A=
X ;;=0A=
X esac=0A=
X secure_umount ${_mountpt}=0A=
X done=0A=
X fi=0A=
X}=0A=
X=0A=
X# jail_mount_fstab()=0A=
X# Mount file systems from a per jail fstab while trying to=0A=
X# secure against symlink attacks at the mount points.=0A=
X#=0A=
X# If we are certain we cannot secure against symlink attacks we=0A=
X# do not mount all of the file systems (since we cannot just not=0A=
X# mount the file system with the problematic mount point).=0A=
X#=0A=
X# The caller must call the init_variables() routine before=0A=
X# calling this one.=0A=
X#=0A=
Xjail_mount_fstab()=0A=
X{=0A=
X local _device _mountpt _rest=0A=
X=0A=
X while read _device _mountpt _rest; do=0A=
X case ":${_device}" in=0A=
X :#* | :)=0A=
X continue=0A=
X ;;=0A=
X esac=0A=
X if is_symlinked_mountpoint ${_mountpt}; then=0A=
X warn "${_mountpt} has symlink as parent - not mounting from =
${_fstab}"=0A=
X return=0A=
X fi=0A=
X done <${_fstab}=0A=
X mount -a -F "${_fstab}"=0A=
X}=0A=
X=0A=
X# jail_show_addresses jail=0A=
X# Debug print the input for the given _multi aliases=0A=
X# for a jail for init_variables().=0A=
X#=0A=
Xjail_show_addresses()=0A=
X{=0A=
X local _j _type alias=0A=
X _j=3D"$1"=0A=
X alias=3D0=0A=
X=0A=
X if [ -z "${_j}" ]; then=0A=
X warn "jail_show_addresses: you must specify a jail"=0A=
X return=0A=
X fi=0A=
X=0A=
X while : ; do=0A=
X eval _addr=3D\"\$jail_${_j}_ip_multi${alias}\"=0A=
X if [ -n "${_addr}" ]; then=0A=
X debug "${_j} ip_multi${alias}: $_addr"=0A=
X alias=3D$((${alias} + 1))=0A=
X else=0A=
X break=0A=
X fi=0A=
X done=0A=
X}=0A=
X=0A=
X# jail_extract_address argument=0A=
X# The second argument is the string from one of the _ip=0A=
X# or the _multi variables. In case of a comma separated list=0A=
X# only one argument must be passed in at a time.=0A=
X# The function alters the _type, _iface, _addr and _mask variables.=0A=
X#=0A=
Xjail_extract_address()=0A=
X{=0A=
X local _i=0A=
X _i=3D$1=0A=
X=0A=
X if [ -z "${_i}" ]; then=0A=
X warn "jail_extract_address: called without input"=0A=
X return=0A=
X fi=0A=
X=0A=
X # Check if we have an interface prefix given and split into=0A=
X # iFace and rest.=0A=
X case "${_i}" in=0A=
X *\|*) # ifN|.. prefix there=0A=
X _iface=3D${_i%%|*}=0A=
X _r=3D${_i##*|}=0A=
X ;;=0A=
X *) _iface=3D""=0A=
X _r=3D${_i}=0A=
X ;;=0A=
X esac=0A=
X=0A=
X # In case the IP has no interface given, check if we have a global one.=0A=
X _iface=3D${_iface:-${_interface}}=0A=
X=0A=
X # Set address, cut off any prefix/netmask/prefixlen.=0A=
X _addr=3D${_r}=0A=
X _addr=3D${_addr%%[/ ]*}=0A=
X=0A=
X # Theoretically we can return here if interface is not set,=0A=
X # as we only care about the _mask if we call ifconfig.=0A=
X # This is not done because we may want to santize IP addresses=0A=
X # based on _type later, and optionally change the type as well.=0A=
X=0A=
X # Extract the prefix/netmask/prefixlen part by cutting off the address.=0A=
X _mask=3D${_r}=0A=
X _mask=3D`expr "${_mask}" : "${_addr}\(.*\)"`=0A=
X=0A=
X # Identify type {inet,inet6}.=0A=
X case "${_addr}" in=0A=
X *\.*\.*\.*) _type=3D"inet" ;;=0A=
X *:*) _type=3D"inet6" ;;=0A=
X *) warn "jail_extract_address: type not identified"=0A=
X ;;=0A=
X esac=0A=
X=0A=
X # Handle the special /netmask instead of /prefix or=0A=
X # "netmask xxx" case for legacy IP.=0A=
X # We do NOT support shortend class-full netmasks.=0A=
X if [ "${_type}" =3D "inet" ]; then=0A=
X case "${_mask}" in=0A=
X /*\.*\.*\.*) _mask=3D" netmask ${_mask#/}" ;;=0A=
X *) ;;=0A=
X esac=0A=
X=0A=
X # In case _mask is still not set use /32.=0A=
X _mask=3D${_mask:-/32}=0A=
X=0A=
X elif [ "${_type}" =3D "inet6" ]; then=0A=
X # In case _maske is not set for IPv6, use /128.=0A=
X _mask=3D${_mask:-/128}=0A=
X fi=0A=
X}=0A=
X=0A=
X# jail_handle_ips_option {add,del} input=0A=
X# Handle a single argument imput which can be a comma separated=0A=
X# list of addresses (theoretically with an option interface and=0A=
X# prefix/netmask/prefixlen).=0A=
X#=0A=
Xjail_handle_ips_option()=0A=
X{=0A=
X local _x _action _type _i=0A=
X _action=3D$1=0A=
X _x=3D$2=0A=
X=0A=
X if [ -z "${_x}" ]; then=0A=
X # No IP given. This can happen for the primary address=0A=
X # of each address family.=0A=
X return=0A=
X fi=0A=
X=0A=
X # Loop, in case we find a comma separated list, we need to handle=0A=
X # each argument on its own.=0A=
X while [ ${#_x} -gt 0 ]; do=0A=
X case "${_x}" in=0A=
X *,*) # Extract the first argument and strip it off the list.=0A=
X _i=3D`expr "${_x}" : '^\([^,]*\)'`=0A=
X _x=3D`expr "${_x}" : "^[^,]*,\(.*\)"`=0A=
X ;;=0A=
X *) _i=3D${_x}=0A=
X _x=3D""=0A=
X ;;=0A=
X esac=0A=
X=0A=
X _type=3D""=0A=
X _iface=3D""=0A=
X _addr=3D""=0A=
X _mask=3D""=0A=
X jail_extract_address "${_i}"=0A=
X=0A=
X # make sure we got an address.=0A=
X case "${_addr}" in=0A=
X "") continue ;;=0A=
X *) ;;=0A=
X esac=0A=
X=0A=
X # Append address to list of addresses for the jail command.=0A=
X case "${_addrl}" in=0A=
X "") _addrl=3D"${_addr}" ;;=0A=
X *) _addrl=3D"${_addrl},${_addr}" ;;=0A=
X esac=0A=
X=0A=
X # Configure interface alias if requested by a given interface=0A=
X # and if we could correctly parse everything.=0A=
X case "${_iface}" in=0A=
X "") continue ;;=0A=
X esac=0A=
X case "${_type}" in=0A=
X inet) ;;=0A=
X inet6) ;;=0A=
X *) warn "Could not determine address family. Not going" \=0A=
X "to ${_action} address '${_addr}' for ${_jail}."=0A=
X continue=0A=
X ;;=0A=
X esac=0A=
X case "${_action}" in=0A=
X add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias=0A=
X ;;=0A=
X del) # When removing the IP, ignore the _mask.=0A=
X ifconfig ${_iface} ${_type} ${_addr} -alias=0A=
X ;;=0A=
X esac=0A=
X done=0A=
X}=0A=
X=0A=
X# jail_ips {add,del}=0A=
X# Extract the comma separated list of addresses and return them=0A=
X# for the jail command.=0A=
X# Handle more than one address via the _multi option as well.=0A=
X# If an interface is given also add/remove an alias for the=0A=
X# address with an optional netmask.=0A=
X#=0A=
Xjail_ips()=0A=
X{=0A=
X local _action=0A=
X _action=3D$1=0A=
X=0A=
X case "${_action}" in=0A=
X add) ;;=0A=
X del) ;;=0A=
X *) warn "jail_ips: invalid action '${_action}'"=0A=
X return=0A=
X ;;=0A=
X esac=0A=
X=0A=
X # Handle addresses.=0A=
X jail_handle_ips_option ${_action} "${_ip}"=0A=
X # Handle jail_xxx_ip_multi<N>=0A=
X alias=3D0=0A=
X while : ; do=0A=
X eval _x=3D\"\$jail_${_jail}_ip_multi${alias}\"=0A=
X case "${_x}" in=0A=
X "") break ;;=0A=
X *) jail_handle_ips_option ${_action} "${_x}"=0A=
X alias=3D$((${alias} + 1))=0A=
X ;;=0A=
X esac=0A=
X done=0A=
X}=0A=
X=0A=
Xjail_start()=0A=
X{=0A=
X# echo -n 'Configuring jails:'=0A=
X# echo -e 'Configuring jails:'=0A=
X set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \=0A=
X set_hostname_allow=0A=
X set_sysctl jail_socket_unixiproute_only \=0A=
X security.jail.socket_unixiproute_only unixiproute_only=0A=
X set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \=0A=
X sysvipc_allow=0A=
X# echo '.'=0A=
X=0A=
X# echo -n 'Starting jails:'=0A=
X# echo -e 'Starting jails:'=0A=
X _tmp_dir=3D`mktemp -d /tmp/jail.XXXXXXXX` || \=0A=
X err 3 "$name: Can't create temp dir, exiting..."=0A=
X for _jail in ${jail_list}=0A=
X do=0A=
X init_variables $_jail=0A=
X if [ -f /var/run/jail_${_jail}.id ]; then=0A=
X# echo -n " [${_hostname} already running =
(/var/run/jail_${_jail}.id exists)]"=0A=
X echo -e "Already running. ${_hostname}"=0A=
X=0A=
X continue;=0A=
X fi=0A=
X _addrl=3D""=0A=
X jail_ips "add"=0A=
X if [ -n "${_fib}" ]; then=0A=
X _setfib=3D"setfib -F '${_fib}'"=0A=
X else=0A=
X _setfib=3D""=0A=
X fi=0A=
X if checkyesno _mount; then=0A=
X info "Mounting fstab for jail ${_jail} (${_fstab})"=0A=
X if [ ! -f "${_fstab}" ]; then=0A=
X err 3 "$name: ${_fstab} does not exist"=0A=
X fi=0A=
X jail_mount_fstab=0A=
X fi=0A=
X if checkyesno _devfs; then=0A=
X # If devfs is already mounted here, skip it.=0A=
X df -t devfs "${_devdir}" >/dev/null=0A=
X if [ $? -ne 0 ]; then=0A=
X if is_symlinked_mountpoint ${_devdir}; then=0A=
X warn "${_devdir} has symlink as parent - not starting jail =
${_jail}"=0A=
X continue=0A=
X fi=0A=
X info "Mounting devfs on ${_devdir}"=0A=
X devfs_mount_jail "${_devdir}" ${_ruleset}=0A=
X # Transitional symlink for old binaries=0A=
X if [ ! -L "${_devdir}/log" ]; then=0A=
X __pwd=3D"`pwd`"=0A=
X cd "${_devdir}"=0A=
X ln -sf ../var/run/log log=0A=
X cd "$__pwd"=0A=
X fi=0A=
X fi=0A=
X=0A=
X # XXX - It seems symlinks don't work when there=0A=
X # is a devfs(5) device of the same name.=0A=
X # Jail console output=0A=
X # __pwd=3D"`pwd`"=0A=
X # cd "${_devdir}"=0A=
X # ln -sf ../var/log/console console=0A=
X # cd "$__pwd"=0A=
X fi=0A=
X if checkyesno _fdescfs; then=0A=
X if is_symlinked_mountpoint ${_fdescdir}; then=0A=
X warn "${_fdescdir} has symlink as parent, not mounting"=0A=
X else=0A=
X info "Mounting fdescfs on ${_fdescdir}"=0A=
X mount -t fdescfs fdesc "${_fdescdir}"=0A=
X fi=0A=
X fi=0A=
X if checkyesno _procfs; then=0A=
X if is_symlinked_mountpoint ${_procdir}; then=0A=
X warn "${_procdir} has symlink as parent, not mounting"=0A=
X else=0A=
X info "Mounting procfs onto ${_procdir}"=0A=
X if [ -d "${_procdir}" ] ; then=0A=
X mount -t procfs proc "${_procdir}"=0A=
X fi=0A=
X fi=0A=
X fi=0A=
X _tmp_jail=3D${_tmp_dir}/jail.$$=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_prestart${i}:-''}\"=0A=
X [ -z "$out" ] && break=0A=
X ${out}=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \=0A=
X \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1=0A=
X=0A=
X if [ "$?" -eq 0 ] ; then=0A=
X _jail_id=3D$(head -1 ${_tmp_jail})=0A=
X i=3D1=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_afterstart${i}:-''}\"=0A=
X=0A=
X if [ -z "$out" ]; then=0A=
X break;=0A=
X fi=0A=
X=0A=
X jexec "${_jail_id}" ${out}=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X# echo -n " $_hostname"=0A=
X echo -e "Started successfully. $_hostname"=0A=
X tail +2 ${_tmp_jail} >${_consolelog}=0A=
X echo ${_jail_id} > /var/run/jail_${_jail}.id=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_poststart${i}:-''}\"=0A=
X [ -z "$out" ] && break=0A=
X ${out}=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X else=0A=
X jail_umount_fs=0A=
X jail_ips "del"=0A=
X# echo " cannot start jail \"${_jail}\": "=0A=
X echo " cannot start jail \"${_jail}\": " echo =
" cannot start jail \"${_jail}\": "=0A=
X tail +2 ${_tmp_jail}=0A=
X fi=0A=
X rm -f ${_tmp_jail}=0A=
X done=0A=
X rmdir ${_tmp_dir}=0A=
X# echo '.'=0A=
X}=0A=
X=0A=
Xjail_stop()=0A=
X{=0A=
X# echo -n 'Stopping jails:'=0A=
X# echo -e 'Stopping jails:'=0A=
X for _jail in ${jail_list}=0A=
X do=0A=
X if [ -f "/var/run/jail_${_jail}.id" ]; then=0A=
X _jail_id=3D$(cat /var/run/jail_${_jail}.id)=0A=
X if [ ! -z "${_jail_id}" ]; then=0A=
X init_variables $_jail=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_prestop${i}:-''}\"=0A=
X [ -z "$out" ] && break=0A=
X ${out}=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X=0A=
X if [ -n "${_exec_stop}" ]; then=0A=
X eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \=0A=
X >> ${_consolelog} 2>&1=0A=
X fi=0A=
X killall -j ${_jail_id} -TERM > /dev/null 2>&1=0A=
X sleep 1=0A=
X killall -j ${_jail_id} -KILL > /dev/null 2>&1=0A=
X jail_umount_fs=0A=
X# echo -n " $_hostname"=0A=
X echo -e "Stopped successfully. $_hostname"=0A=
X=0A=
X=0A=
X i=3D0=0A=
X while : ; do=0A=
X eval out=3D\"\${_exec_poststop${i}:-''}\"=0A=
X [ -z "$out" ] && break=0A=
X ${out}=0A=
X i=3D$((i + 1))=0A=
X done=0A=
X fi=0A=
X jail_ips "del"=0A=
X rm /var/run/jail_${_jail}.id=0A=
X else=0A=
X# echo " cannot stop jail ${_jail}. No jail id in =
/var/run"=0A=
X echo -e "Already stopped. ${_jail}"=0A=
X fi=0A=
X done=0A=
X# echo '.'=0A=
X}=0A=
X=0A=
Xload_rc_config $name=0A=
Xcmd=3D"$1"=0A=
Xif [ $# -gt 0 ]; then=0A=
X shift=0A=
Xfi=0A=
Xif [ -n "$*" ]; then=0A=
X jail_list=3D"$*"=0A=
Xfi=0A=
Xrun_rc_command "${cmd}"=0A=
7de5d3d87e129c730a6d4f52cad6ec34=0A=
echo x - qjail/work/qjail-1.0/qjail.conf.sample=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail.conf.sample << =
'e9185b94f97dded71dadcec18ce87551'=0A=
X#=0A=
X# qjail.conf.sample file=0A=
X#=0A=
X# All these configuration options are hard coded in the qjail script.=0A=
X# To permanently override any of the hard coded defaults, =0A=
X# this qjail.conf.sample file has to be renamed qjail.conf and the =
selected=0A=
X# option statement un-commented. =0A=
X#=0A=
X#=0A=
X# Note: If you want to alter the "jaildir" variable after =0A=
X# running "qjail install" you will have to delete all your jails=0A=
X# using "qjail delete" command and them "rm -rf /usr/jails/"=0A=
X# before un-commenting it and running the "qjail install" command again.=0A=
X#=0A=
X# Location of jail root directories=0A=
X# qjail_jaildir=3D/usr/jails=0A=
X=0A=
X#=0A=
X# Note: If you want to alter the "archivedir" variable after running =0A=
X# "qjail install" command you will have to create the directory at the =0A=
X# new path and copy any archive files from the old location to the new =0A=
X# or they will be un-accessable.=0A=
X#=0A=
X# This is the default location where ezjail archives its jails to=0A=
X# qjail_archivedir=3D/usr/jails/archive=0A=
X#=0A=
X#=0A=
X# Note: Altering the following variables take effect immediately.=0A=
X#=0A=
X# This is the flavor used by default when creating a new jail=0A=
X# qjail_default_flavor=3D"default"=0A=
X#=0A=
X# Location of your copy of FreeBSD's source tree=0A=
X# qjail_sourcetree=3D/usr/src=0A=
X#=0A=
X# Remote server the "qjail install" command uses to fetch its RELEASE =
from =0A=
X# distribution files from=0A=
X# qjail_ftphost=3Dftp2.freebsd.org=0A=
X#=0A=
X##=0A=
X# Logon command used by "qjail console" command=0A=
X# qjail_default_execute=3D"/usr/bin/login -f root"=0A=
X=0A=
e9185b94f97dded71dadcec18ce87551=0A=
echo x - qjail/work/qjail-1.0/qjail.conf.8=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail.conf.8 << =
'4f18ae94e7a5df5b3be0e3ae7e24e062'=0A=
X.Dd July 22, 2010=0A=
X.Dt qjail.conf 8 =0A=
X.Os=0A=
X.Sh NAME=0A=
X.Nm qjail.conf=0A=
X.Nd The qjail default configuration file.=0A=
X.Sh DESCRIPTION=0A=
X\fBqjail.conf\fR contains the qjail environment defaults. In most=0A=
Xcases the defaults do not need changing. It's recommended to use the=0A=
Xdefaults. The defaults are hard coded in the qjail script. The =
\fBqjail.conf\fR=0A=
Xfile as delivered is located at \fB/usr/local/etc/qjail.conf.sample\fR =
and is=0A=
Xnot required for the qjail system to run. To make a permanent override=0A=
Xto the defaults, you first must remove the .sample suffix.=0A=
X.Sh PATH OPTIONS=0A=
XIf you want to alter the "jaildir" variable after running "qjail =
install" =0A=
Xyou will have to delete all your jails using the "qjail delete" command =0A=
Xand them "rm -rf /usr/jails/" before un-commenting it and running =0A=
Xthe "qjail install" command again.=0A=
X.Pp=0A=
X qjail_jaildir =0A=
X Location of qjail environment root directory=0A=
X default: /usr/jails=0A=
X.Pp=0A=
XIf you want to alter the "archivedir" variable after running "qjail =
install"=0A=
Xyou will have to create the directory at the new path and copy any =
archive=0A=
Xfiles from the old location to the new or they will be un-accessable.=0A=
X.Pp=0A=
X qjail_archivedir =0A=
X Archive location used by subcommands=0A=
X archive, restore, and create.=0A=
X default: /usr/jails/archive=0A=
X.Pp=0A=
XAltering the following variables take effect immediately. =0A=
X.Pp=0A=
X qjail_default_flavor =0A=
X This is the flavor name used by default when creating=0A=
X a new jail.=0A=
X default: default=0A=
X.Pp=0A=
X qjail_sourcetree =0A=
X Location of FreeBSD's source tree "qjail install" =0A=
X command uses.=0A=
X default: /usr/src=0A=
X.Pp=0A=
X qjail_ftphost=0A=
X Remote server the "qjail install" command uses to fetch its =0A=
X RELEASE distribution files from=0A=
X default: ftp2.freebsd.org=0A=
X.Pp=0A=
X qjail_default_execute =0A=
X Logon command used by "qjail console" command =0A=
X default: /usr/bin/login -f root=0A=
X=0A=
X=0A=
4f18ae94e7a5df5b3be0e3ae7e24e062=0A=
echo x - qjail/work/qjail-1.0/qjail.8=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail.8 << =
'9fb8cfec62881def0155bbd4d72a9aa6'=0A=
X.Dd July 22, 2010=0A=
X.Dt qjail 8=0A=
X.Os=0A=
X.Sh NAME=0A=
X.Nm qjail=0A=
X.Nd Utility for deployment of large jail environments =0A=
X.Sh SYNOPSIS=0A=
X.Nm=0A=
Xinstall [-z zone] [-mMsS] [-h host] [-r release] =0A=
X.Nm=0A=
Xcreate [-z zone] [-a archive] [-f flavor] [-i -s size] =0A=
X [-D duplicate# -I ] [-n interface] jailname jailip=0A=
X.Nm=0A=
Xlist [-z zone] [jailname...]=0A=
X.Nm=0A=
Xstart [-z zone] [jailname...]=0A=
X.Nm=0A=
Xstop [-z zone] [jailname...]=0A=
X.Nm=0A=
Xrestart [-z zone] [jailname...]=0A=
X.Nm=0A=
Xconsole [-z zone] [-e] jailname=0A=
X.Nm=0A=
Xarchive [-z zone] [-A] [jailname...]=0A=
X.Nm=0A=
Xdelete [-z zone] [-A] [jailname...]=0A=
X.Nm=0A=
Xrestore [-z zone] [-f] [jailname...]=0A=
X.Nm=0A=
Xconfig [-z zone] [-r run|norun -A] [-n newname] =0A=
X [-i newip] [-c newnic] [jailname...]=0A=
X.Nm=0A=
Xupdate [-z zone] [-b] [-p] =0A=
X.Nm=0A=
Xhelp [manual]=0A=
X.Sh DESCRIPTION=0A=
X.hy 0=0A=
XThe \fBqjail\fR utility is used to manage the qjail environment=0A=
Xand all the jails inside the qjail scope. Qjail's administration ease=0A=
Xdoes not evaporate as jails deployed grow beyond 15 jails. For the =0A=
Xdeployment of a large number of jails, qjail provides two facilities=0A=
Xdesigned to make their management easy. The First facility is the group =0A=
Xprefix selection ability, which is advantageous in managing both small=0A=
Xand large jail deployments. The group prefix equal sign "=3D" wildcard =0A=
Xused on the jailname allows for management of jails based on common =0A=
Xjailname group prefixes. The second facility is qjail's ability to =0A=
Xcreate multiple unique jail environments, thus providing another=0A=
Xmethod to group common jails together for easier management. A large =0A=
Xdeployment of hundreds of jails is possible if your host system =0A=
Xresources are adequate and a jail naming convention is used to =0A=
Xsegregate jails into manageable groups. =0A=
X.Pp=0A=
XThis utility deploys two different jail types. The first type is based =0A=
Xon a Directory tree. This type has unlimited disk space growth =
potential,=0A=
Xit shares the host's disk space. The jail will never run out of space =0A=
Xuntil the host does. The second type is based on a sparse image file.=0A=
XA sparse file is one that occupies only the sum size of its contents,=0A=
Xnot it's allocation size. IE; a sparse file allocated size of 5M, but =0A=
Xonly having 7 files, each 1k in size, only occupies 7k of physical disk=0A=
Xspace. As content is added, additional physical disk space is occupied=0A=
Xup to the 5M allocation ceiling. The sparse file is mounted as a memory =
disk =0A=
Xusing the mdconfig command and populated with the directory tree content=0A=
Xof a jail. This configuration is called a sparse image jail. It's major=0A=
Xbenefits is it provides a way to put a hard limit on the maximum amount=0A=
Xof disk space a jail can consume. This provides an addition level of =0A=
Xprotection to the host from intentional or unintentional run-a-way=0A=
Xprocesses inside of a jail consuming disk space until the host system =
dies.=0A=
X.Pp=0A=
XFollowing the command "qjail" is the function sub-command. Each =0A=
Xfunction sub-command has its own list of unique options. It's executed =0A=
Xfrom /usr/local/bin/ and is a command interpreter Bourne type (shell) =0A=
Xscript. =0A=
X.Sh qjail install=0A=
X.hy 0=0A=
XThis function sub-command allocates the directory structure used by =
qjail=0A=
Xand populates the basejail with a pristine copy of the running binaries=0A=
Xmatching the FreeBSD RELEASE version running on the host system. By =0A=
Xdefault it will fetch the RELEASE distribution files from a pool of=0A=
XFreeBSD FTP servers. This behavior may be overridden through the use of=0A=
Xthe -h file:// option. Installing with out any options selected is the=0A=
Xequivalent of selecting the \fBminimal system\fR distribution set from=0A=
Xsysinstall. =0A=
X.Pp=0A=
XAs part of the install process the /usr/jails/flavors directory is=0A=
Xallocated. The /usr/local/share/example/qjail/default file that's=0A=
Xdistributed with the qjail port is copied to the /usr/jails/flavors=0A=
Xdirectory. These customized host files are copied to=0A=
X/usr/jails/flavor/default to facilitate usage. /etc/resolv.conf =0A=
X/etc/localtime =0A=
X.Pp=0A=
XThis command can be run any time to add the sources, or man pages, if =
not=0A=
Xdone on the initial run. It can also be used to rebuild the basejail and=0A=
Xthe newjail template from scratch while not disturbing the existing=0A=
Xjails. If rebuilding using a newer major RELEASE, IE: 7.2 to 8.0, then =0A=
Xremember, all existing jails that have ports or packages in them will =0A=
Xneed them updated to versions compatible with the new marjor RELEASE =0A=
Xversion. If going from a subversion to a newer subversion within the =
same=0A=
Xmarjor RELEASE, IE: 8.0 to 8.1, then there is no need to update your =0A=
Xinstalled ports/packages. =0A=
X =0A=
X.Pp=0A=
XThe default location for qjail's basejail is \fB/usr/jails\fR, so be =
sure you=0A=
Xhave enough space there, a FreeBSD base Release without man pages,=0A=
Xsources and ports is around 145MB.=0A=
X.Pp=0A=
XThe options are as follows:=0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode this option to create multiple unique jailed environments.=0A=
XThe coded zone value is appended to /usr/jail as /usr/jail.zone=0A=
Xand to /usr/local/etc/fstab.qjail.zone and =0A=
X/usr/local/etc/qjail.zone which uniquely segregates the qjail=0A=
Xenvironments. All ". - /" in the zone name are converted to "_"=0A=
Xunderscores to standardize zone names. All the other qjail =
sub-commands =0A=
X"MUST" code the same zone value to process against =0A=
Xthe zone created here. If absent /usr/jail and =
/usr/local/etc/fstab.qjail =0A=
Xand /usr/local/etc/qjail/ is used.=0A=
X.It Fl m=0A=
XThat's a lower case letter "m". Fetch and install the man pages=0A=
Xwhile installing the base system. (10MB)=0A=
X.It Fl s=0A=
XThat's a lower case letter "s". Fetch and install the sources=0A=
Xwhile installing the base system (510MB). The downloaded sources=0A=
Xare populated under the basejail directory tree location =0A=
X/usr/src. Note: Normally the sources are never installed. This=0A=
Xoption is intended for those rare cases where a jail is going to=0A=
Xbe used for FreeBSD education purposes. =0A=
X.It Fl M=0A=
XThat's a upper case letter "M". Behaves just like it's lower case =
pendants, =0A=
Xbut disables (re)installing the basejail, used to add man pages if not =0A=
Xselected on original install.=0A=
X.It Fl S=0A=
XThat's a upper case letter "S". Behaves just like it's lower case =
pendants, =0A=
Xbut disables (re)installing the basejail, used to add sources if not =0A=
Xselected on original install.=0A=
X.It Fl h=0A=
XThe remote host to fetch FreeBSD RELEASES from. If absent the =0A=
Xdefault host ftp2.freebsd.org is used. You may change the default using =0A=
Xthe -h ftp7.freebsd.org option or permanently changed by using the =0A=
X\fBqjail.conf\fR file.=0A=
XRead this for complete list of FTP servers to choose from.=0A=
Xwww.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html =0A=
X.Pp=0A=
XIf -h contains \fBfile://\fR you can target any of three RELEASE =
sources =0A=
Xas the source to populate the basejail from. That could be the mounted =0A=
Xdisc1 cdrom, or the downloaded disc1.iso file, or the downloaded =
RELEASE =0A=
Xdirectories. =0A=
X.It Fl r =0A=
XFreeBSD ftp-servers do NOT provide release candidates or CURRENT=0A=
Xbuilds, just "offical" RELEASES. You can use the -r option to =0A=
Xspecify a next newer "offical" RELEASE on the command line to build =0A=
Xbasejail with that RELEASE version. The -r value has to be coded =0A=
Xusing this format: X.X-RELEASE; where X.X would be the "offical" =0A=
Xrelease number. IE; 8.0-RELEASE. When the -r option is coded, the =0A=
XFTP server will be logged into a maximum of 5 times, each time =0A=
Xchecking a different path for the -r value you entered. These are =0A=
Xthe directory paths inspected for your -r value.=0A=
Xpub/FreeBSD/releases/i386/ pub/FreeBSD/snapshot/i386/ pub/FreeBSD/i386/=0A=
Xreleases/i386/ snapshots/i386/ if a match is not found, the -r value you=0A=
Xentered is not valid.=0A=
X.Pp=0A=
XIf the -r is absent from the command, the default OS version to be =
fetched=0A=
Xis what ever "uname -r" shows on the host system, if it matches the =0A=
XX.X-RELEASE format. On a non-match the FTP server is accessed for a =
list of=0A=
Xavailable X.X-RELEASE names you can select from.=0A=
X.El=0A=
X.Sh qjail install examples=0A=
X.hy 0=0A=
X1. qjail install (without any options)=0A=
X The RELEASE system binaries used to populate the basejail will=0A=
X be fetched from an FreeBSD FTP server and be the same RELEASE =0A=
X version as the host. No man pages or source files are =0A=
X downloaded. Some times at the publication of a new RELEASE =0A=
X version, the FTP server may become so busy that the download =0A=
X gets timed out or connection is refused because of too many =0A=
X current users. RE-issuing the command will start the FTP =0A=
X download from the beginning again.=0A=
X.Pp=0A=
X2. qjail install -r 8.1-RELEASE=0A=
X Same behavior as above, except the next newer RELEASE will be =0A=
X fetched from an FreeBSD FTP server and used to populate the =0A=
X basejail. No man pages or source files are downloaded. =0A=
X=0A=
X.Pp=0A=
X3. qjail install -m -s -h ftp6.freebsd.org=0A=
X Same behavior as above, except the "man pages" and sources =0A=
X used to populate the basejail will also be fetched from the =0A=
X FreeBSD ftp server specified in the -h option.=0A=
X.Pp=0A=
X4. mount /cdrom=0A=
X qjail install -z env1 -m -h file:///cdrom/8.0-RELEASE=0A=
X Use this option to target a mounted disc1 RELEASE cdrom =0A=
X as the source of the running binaries used to populate =0A=
X the basejail. In addition the "man pages" will be installed=0A=
X into the basejail. It's content also originating from the=0A=
X mounted disc1 RELEASE cdrom. Plus a uniquely named qjail=0A=
X zone is created named "env1". =0A=
X.Pp=0A=
X5. mdconfig -a -f /usr/8.0-RELEASE-i386-disc1.iso md0=0A=
X mount -v -t cd9660 /dev/md0 /mnt=0A=
X qjail install -m -s -h file:///mnt/8.0-RELEASE=0A=
X If you downloaded the disc1.iso to /usr.=0A=
X Use this option to target a mounted disc1.iso RELEASE file=0A=
X as the source of the running binaries used to populate=0A=
X the basejail. In addition the "man pages" and sources=0A=
X will be installed into the basejail. Their content also =0A=
X originating from the mounted disc1.iso RELEASE file.=0A=
X.Pp=0A=
X After the install completes, execute the following commands=0A=
X to release the disc1.iso md0 file.=0A=
X cd /usr=0A=
X umount /mnt=0A=
X mdconfig -d -u md0=0A=
X.Pp=0A=
X6. To fetch the RELEASE base files manually create the \fB.netrc\fR =
file =0A=
X in your user id's home directory (~/) and populate it with this. =0A=
X NOTE; If you plan not to install manpages or source then remove them=0A=
X from the $getdir statement.=0A=
X machine ftp2.FreeBSD.org=0A=
X login anonymous=0A=
X password FBSD@home.com=0A=
X macdef init=0A=
X prompt off=0A=
X cd /pub/FreeBSD/releases/i386/8.0-RELEASE=0A=
X epsv4 off=0A=
X $ getdir base kernels manpages src=0A=
X quit=0A=
X.Pp=0A=
X macdef getdir=0A=
X ! mkdir $i=0A=
X mreget $i/*=0A=
X.Pp=0A=
X.Pp=0A=
X Then issue these commands on the command line. If the FTP download =0A=
X times out re-issue the FTP command again to resume where it left =
off.=0A=
X mkdir /usr/8.0-RELEASE=0A=
X cd /usr/8.0-RELEASE=0A=
X ftp -v ftp2.FreeBSD.org=0A=
X.Pp=0A=
X qjail install -h file:///usr/8.0-RELEASE=0A=
X Use this option to target the 8.0-RELEASE files you FTP'ed=0A=
X as the source of the running binaries used to populate=0A=
X the basejail. =0A=
X.Sh qjail create=0A=
X.hy 0=0A=
XCreates a new jail inside qjail's scope. It has great flexibility in=0A=
Xcreating Directory Tree type jails and sparse file image type jails from=0A=
Xthe newjail template or from a previously made archive file. This =
coupled =0A=
Xwith the ability to auto duplicate jails makes a easy and simple task =0A=
Xto deploy a large number of jails quickly. During the =0A=
X\fBqjail install\fR process the "default" flavor was automatically =0A=
Xpopulated with the host files necessary for jail network access right =0A=
Xfrom its first start up. By default all jails are flavored by the =0A=
X"default" flavor, unless overridden with the -f option. Jailname and IP=0A=
Xaddress are mandatory parameters.=0A=
X.Pp=0A=
XDuring the creation process three administration files are created =
which are =0A=
Xnecessary to interface with the FreeBSD jail command. They are=0A=
X\fB/usr/local/etc/fstab.qjail.jailname\fR file and the=0A=
X\fB/usr/local/etc/qjail/jailname\fR that holds the properties =0A=
Xinformation describing the jail and the =0A=
X\fB/usr/local/etc/qjail.global/jailname\fR file used by =0A=
X\fB/etc/rc.d/qjail.sh\fR. =0A=
X.Pp=0A=
XThe options are as follows:=0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl a=0A=
XYou can use an archive file as the template to create your new =0A=
Xjail on. If just the archived jailname is coded, then the most =0A=
Xcurrent archive file matching that jailname will be used as the =0A=
Xsource. The full archive file name can also be coded. It's prefixed =0A=
Xwith the jailname and has the date & time the archive =0A=
Xwas created appended as a suffix. Coding the full archive file =0A=
Xname is how you select an archive file other than the most current =0A=
Xone. This option is normally used to clone multiple jails =0A=
Xwith the same status as the archived jail has. If the -a flag =0A=
Xis absent, the newjail template is used. Note: The -a and -f options=0A=
Xcannot be used together. By design jails created from a archive file =0A=
Xcannot be flavored. Use "ls /usr/jails/archive/" to list all archive =0A=
Xfile names. =0A=
X.Pp=0A=
XAn archive of a image jail can be used to create a new directory tree =0A=
Xjail or a new image jail with a larger sized sparse file image jail. =0A=
XAn archive of a directory tree jail can be used to create a new =0A=
Xdirectory tree jail or a new image jail. The -n interface nic name from =0A=
Xthe archive file is dropped. The -n option has to be coded if one is =0A=
Xdesired. =0A=
X.It Fl f=0A=
XUsing the \fBflavor\fR option you can apply an qjail flavor to your new =0A=
Xjailname. If the -f flavor option is coded, the flavor directory =0A=
Xtree is merged into the new jail's directory tree. If no flavor =0A=
Xoption is coded, the "default" flavor is merged into the new =0A=
Xjail's directory tree. Qjail has no function to delete unwanted =0A=
Xflavor directories. It's the users responsibility to delete =0A=
Xunwanted flavor's using the host's \fBrm -rf /user/jails/flavor/name\fR =0A=
Xcommand. Note: The -f and -a options cannot be used together. By =0A=
Xdesign jails created from a archive file cannot be flavored. The =0A=
Xdefault flavor name "default" can be permanently changed using the =0A=
X\fBqjail.conf\fR file. =0A=
X.Pp=0A=
XAs part of the "install" sub-command, a flavor base directory =0A=
Xwas created as \fB/usr/jails/flavors\fR and populated with an single =0A=
Xflavor named \fBdefault\fR. This "default" flavor contains 3 files =0A=
Xcustomized for running in a jail (make.conf, periodic.conf, rc.conf).=0A=
XOn inspection you will see that these files are in their normal =
directory =0A=
Xtree locations. When customizing your own flavors you have to manually =0A=
Xcreate your own flavor directory tree populating it with your =0A=
Xcustomized files in their correct paths for merging into the new jail.=0A=
X.Pp=0A=
XThe "default" flavor also contains the \fBqjail.flavor\fR script. This =0A=
Xscript runs the first time the jail is started no matter if you =0A=
Xmake changes to it or not and then deletes it's self. You may =0A=
Xcustomize this script to do such things as "add user groups, add =0A=
Xusers, chmod files, and do pkg_add's" with out internet access. =0A=
XRead the "GENERAL QJAIL USAGE TIPS" section below about "SEED" =0A=
Xjails for details on how to share a single copy of the package =0A=
Xfile with multiple jails. =0A=
X.Pp=0A=
XWhen creating your own flavor always use the "default" flavor as your =0A=
Xstarting base. =0A=
X.Pp=0A=
XA second sample flavor directory configuration resides under=0A=
X\fB/usr/local/share/examples/qjail/nullmailer-example\fR. Some =0A=
Xtypical jail initialization actions are demonstrated, and your=0A=
Xencouraged to use it as a template for your flavors.=0A=
X.It Fl D=0A=
XUpper case "D". Enter a numeric number representing the number of =0A=
Xtimes you want this jailname duplicated. A suffix number starting =0A=
Xat one and incremented by one for each duplication is appended to=0A=
Xeach newly created jailname. Any number greater than 100 is invalid.=0A=
X.It Fl I=0A=
XUpper case "I". Only valid when used with the -D option. This option =0A=
Xincrements the last octet of the ip address by 1 for each repetition=0A=
Xof the duplication cycle. If the last octet of the ip address coded=0A=
Xon the command was .72, then on the first iteration it would be .73.=0A=
XIf you wanted to start assigning ip address starting at 1, then code=0A=
Xthe last octet of the ip address on the command with .0. =0A=
X.It Fl i=0A=
XLower case "i". When coded means create a sparse file image type jail.=0A=
XWhen absent an directory tree type jail is created.=0A=
X.It Fl s=0A=
XLower case "s". Mandatory when the -i option is coded. This value=0A=
Xis the allocation ceiling size of the sparse file. Only suffixes=0A=
Xm|M for megabytes or g|G for gigabytes are valid entries. The sparse=0A=
Ximage file has a .img suffix and resides in the jailname =0A=
Xdirectory as a single file. When the image jail is stopped the =0A=
Xjailname.img file will be visible. Issuing ls -lh jailname.img =0A=
Xwill show you the allocated size, issuing du -h jailname.img =0A=
Xwill show you the amount of space used. A jail exiting the create=0A=
Xprocess without any packages being installed consumes 2.2M. If a=0A=
Ximage jail should consume all of its disk space allocation, you can =0A=
Xincrease it by following this procedure, archive it, delete it,=0A=
Xand create it using the -a option using the image archive as input =0A=
Xwith a larger -s value.=0A=
X.It Fl n=0A=
XThis is the "network interface name" servicing the jails ip address =0A=
Xrange. If this option is coded, then when qjail starts the jail it=0A=
Xwill pass this value to the FreeBSD jail script which automatically=0A=
Xcreates an alias for the jails ip address on that "network interface=0A=
Xname". When qjail stops the jail, the FreeBSD jail script will=0A=
Xautomatically remove the alias. The benefit is you don't have to code=0A=
Xall the possible jail ip address on the ifconfig command in =0A=
X/etc/rc.conf for that "network interface name" as aliases. =0A=
X.Pp=0A=
XVery important CAUTIONARY note: If you assign the same ip address =0A=
Xto more than a single jail and assign the same "network interface =0A=
Xname", only a single alias is created for that ip address. If you =0A=
Xshould stop one of the jails with that ip address, the alias is =0A=
Xremoved and the remaining running jails with that ip address lose =0A=
Xtheir network access instantly. Another thing to be aware of is =0A=
Xthe LAN ip address range your DHCP server is dynamically =
assigning.=0A=
XDo not assign those ip address to jails or your LAN users =0A=
Xwill instantly lose their network access when the jail is started=0A=
Xand it's alias gets created. =0A=
X.It \fBjailname\fR=0A=
XOnly a single jailname is valid when the -D option is coded. If the =0A=
X-D option is absent, then multiple jailnames separated by a space =0A=
Xare allowed on the command. To better manage large jail deployments=0A=
Xa jail naming convention that groups jails by common function or user=0A=
Xgroups is advised. The maximum jailname size is 55 characters. The =0A=
Xequal sign "=3D" is not valid in jailnames. Jailnames have to be unique=0A=
Xacross all the zones. Just remember that you will be typing in this=0A=
Xjailname or some prefix of it on all the sub-commands you use, so =0A=
Xtry to keep the jailname short but meaningful.=0A=
X.It \fBjailip\fR=0A=
XThis is either a static IP address or a private IP address.=0A=
XMore than a single IP address can be assigned to a jail. Multiple IP=0A=
Xaddress have to be a list of IP address separated by a comma ","=0A=
Xwithout spaces before or after. Example 10.0.0.2,10.0.0.3,10.0.0.4=0A=
X.Pp=0A=
XAccording to RFC 1918, you can use the following IP address ranges for=0A=
Xprivate nets which will never be connected to the Internet.=0A=
XThis is normally intended for Local Area Networks.=0A=
X #=0A=
X # 10.0.0.0 - 10.255.255.255=0A=
X # 172.16.0.0 - 172.31.255.255=0A=
X # 192.168.0.0 - 192.168.255.255=0A=
X #=0A=
X.Pp=0A=
XStatic IP address (permanent, never changes) public Internet =0A=
Xroutable IP addresses are assigned to you by your ISP. If you =0A=
Xpurchased a continuous block of static public internet routable =0A=
XIP address, then each jail could be assigned one of those individual =0A=
XIP address from the block.=0A=
X.Pp=0A=
XNormally cable providers and DSL providers assign dynamic IP address.=0A=
XThe assigned IP address may change when the lease time expires or you =0A=
Xreboot your system. Use at your own risk.=0A=
X.El=0A=
X.Sh qjail create examples=0A=
X.hy 0=0A=
X1. qjail create -n rl0 webserver 10.0.10.2=0A=
X This creates a new jail as \fB/usr/jails/webserver\fR=0A=
X from the newjail template. The jailname you use to =0A=
X reference it is \fBwebserver\fR. The auto alias function=0A=
X is enabled.=0A=
X.Pp=0A=
X2. qjail create -n rl0 -f myflavor bld21a-floorA-cell01 10.0.10.2=0A=
X This creates a new jail as =
\fBusr/jails/bld21a-floorA-cell01\fR=0A=
X from the newjail template and copies the myflavor =0A=
X directory tree onto the bld21a-floorA-cell01 directory tree.=0A=
X The auto alias function is enabled.=0A=
X.Pp=0A=
X3. qjail create -a cell-a prison-B 10.0.10.2=0A=
X This creates a new jail as \fB/usr/jails/prison-B\fR=0A=
X using the archive file named cell-a as the template directory =0A=
X tree for the new jailname.=0A=
X.Pp=0A=
X4. qjail create -a cell-a -D 15 room 10.0.10.2=0A=
X This creates a new jail as \fB/usr/jails/room-1\fR=0A=
X using the archive file named cell-a as the template directory=0A=
X tree for the new jailname, and then duplicates it 15=0A=
X times. Creating jailnames room-1 through room-15.=0A=
X.Pp=0A=
X5. qjail create -D 15 room 10.0.10.2=0A=
X This creates a new jail as \fB/usr/jails/room-1\fR=0A=
X using the newjail template directory tree for the new =
jailname, =0A=
X and then duplicates it 15 times creating jailnames=0A=
X room-1 through room-15.=0A=
X.Pp=0A=
X6. qjail create -n rl0 -D 15 -I room 10.0.10.20=0A=
X This creates a new jail as \fB/usr/jails/room-1\fR=0A=
X using the newjail template directory tree for the new =
jailname,=0A=
X and then duplicates it 15 times creating jailnames=0A=
X room-1 through room-15.=0A=
X At the same time the last octet of the ip address=0A=
X 10.0.10.20 is incremented by one.=0A=
X room-1 10.0.10.21 room-2 10.0.10.22 room-15 10.0.10.35 =0A=
X The auto alias function is enabled.=0A=
X.Pp=0A=
X7. qjail create -n rl0 -D 15 -I -i -s 5m classroom 10.0.10.20=0A=
X This creates a new sparse image jail as =
\fB/usr/jails/classroom-1\fR=0A=
X using the newjail template directory tree to populate the =
image =0A=
X jailname, and then duplicates it 15 times creating =0A=
X jailnames classroom-1 through classroom-15.=0A=
X At the same time the last octet of the ip address=0A=
X 10.0.10.20 is incremented by one.=0A=
X room-1 10.0.10.21 room-2 10.0.10.22 room-15 10.0.10.35=0A=
X The auto alias function is enabled.=0A=
X.Pp=0A=
X8. qjail create -i -s 5m barroom 10.0.10.20=0A=
X This creates a new sparse image jail as =
\fB/usr/jails/barroom-1\fR=0A=
X using the newjail template directory tree to populate the =
image=0A=
X jail with a maximum size of 10m.=0A=
X.Pp=0A=
X9. qjail create -a cell-a -i -s 5M room 10.0.10.2=0A=
X This creates a new sparse image jail as \fB/usr/jails/room\fR=0A=
X using the archive file named cell-a as the template directory=0A=
X tree for populating the image jail.=0A=
X.Pp =0A=
X10. qjail create -z env1 -a cell-a -i -s 5M room 10.0.10.2=0A=
X This does the same as the previous one except this jail is =0A=
X being created in the "env1" zone.=0A=
X.Sh qjail list=0A=
X.hy 0=0A=
XLists jails inside qjail's scope. They are shown by the order they=0A=
Xstart up, as defined by rcorder.=0A=
X.Pp=0A=
XThe format of the listing is straightforward. The left most column is=0A=
Xthe status flag consisting of 2 letter, the first letter can be a =
\fB(D)\fR=0A=
Xfor Directory tree based jail, or \fB(I)\fR for image file based jail, =
the=0A=
Xsecond letter can be a \fB(R)\fR meaning the jail is currently running,=0A=
Xor a \fB(S)\fR meaning the jail is stopped. An optional third letter =0A=
X\fB(N)\fR means the jail is in norun status. You use the =0A=
X\fBqjail config\fR sub-command -r option to enable and disable the=0A=
Xnorun setting.=0A=
X.Pp=0A=
XThe rest of the columns in the row is the jail's jid (only available if =
the=0A=
Xjail is started), the network interface device name, (You use the=0A=
X\fBqjail config\fR sub-command -c option to change this setting), the=0A=
Xjails IP address, and the jails jailname.=0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone. When this option=0A=
Xis coded an addition heading "Jails in zone xxxx" displays right =0A=
Xabove the normal heading. "xxxx" is the zone name.=0A=
X.It \fBjailname\fR=0A=
XIf absent all the jails are listed. Multiple jailnames separated =0A=
Xby a space are allowed on the command. The group prefix option is =0A=
Xenabled. xxxx=3D will cause only those jailnames matching the xxxx =0A=
Xcharacters to be selected for processing. The equal sign "=3D" is =0A=
Xthe wildcard symbol that signifies all the characters to its left=0A=
Xare to be used to match on jailname to create a list of jailnames=0A=
Xto be processed.=0A=
X.El=0A=
X.Sh qjail [start | stop | restart] jailname.....=0A=
X.hy 0=0A=
XWhen start, stop, or restart command is issued WITHOUT jailnames, all =0A=
Xthe jails under qjail control are processed. When start, stop, or =0A=
Xrestart command is issued WITH jailnames, only those jailnames are=0A=
Xprocessed. A single line informational message is issued as each =
jailname=0A=
Xis processed saying \fBStarted successfully jailname\fR or =0A=
X\fBAlready running jailname\fR or \fBStopped successfully jailname\fR =0A=
Xor \fBAlready stopped jailname\fR or \fBBypassed norun status =
jailname\fR.=0A=
X.Pp=0A=
X.Pp=0A=
XThe options are as follows:=0A=
X.Pp=0A=
X \fBstart\fR Start all jails at once if jailname is absent.=0A=
X.Pp=0A=
X \fBstop\fR Stop all jails at once if jailname is absent.=0A=
X.Pp=0A=
X \fBrestart\fR Restart all jails at once if jailname is absent.=0A=
X.Bl -tag -width indent=0A=
X.It \fBjailname\fR=0A=
XIf absent all the jails are listed. Multiple jailnames separated =0A=
Xby a space are allowed on the command. The group prefix option is =0A=
Xenabled for these sub-commands. xxxx=3D will cause only those =0A=
Xjailnames matching the "xxxx" to be selected for processing. The =0A=
Xequal sign "=3D" is the wildcard symbol that signifies all the =0A=
Xcharacters to its left are to be used to match on jailname to =0A=
Xcreate a list of jailnames to be processed. Use the qjail "list" =0A=
Xsub-command to list all the jails under qjail's scope.=0A=
X.El=0A=
X.Sh qjail console=0A=
X.hy 0=0A=
XAttaches your \fBhost\fR console to the selected jail. You are logged =
in as =0A=
Xroot by default. The command line prompt shows the name of the jail and =0A=
Xthe path. Entering \fBexit\fR will terminate the console. You can =0A=
Xnot activate the jails console if the jail is not currently running. =
This is=0A=
Xintended for administration use only. Normally used to install ports or=0A=
Xpackages and do other system customization. =0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl e=0A=
XIf this is absent, the \fB/usr/bin/login -f root\fR command is executed =0A=
Xlogging you in as root. A one time change to use the standard login =
prompt=0A=
Xto enter the user id and password of some user account all ready=0A=
Xcreated in the jail can be accomplished by using this =0A=
X\fB-e /usr/bin/login\fR option on the "console" command =0A=
X(or) permanently changed using the \fBqjail.conf\fR file. =0A=
X.It \fBjailname\fR=0A=
XJailname is a mandatory parameter. Only a single jailname is valid. Use =0A=
Xthe sub-command list to display list of all jailnames.=0A=
X.El=0A=
X.Sh qjail archive=0A=
X.hy 0=0A=
XCreates a backup of one, or all jails. The specified jails =0A=
Xdirectory tree is backed up as a tar gzip file. The jails to be =0A=
Xarchived are required to be in stopped mode before this "archive" =0A=
Xcommand executes. The basejail and the newjail can also be archived, =0A=
Xbut only when specified as the only jailname on the "archive" command. =0A=
XThe archive file name is derived from jailname, with the date and time=0A=
Xof the archive appended to the file name. The default archive directory=0A=
Xis \fB/usr/jails/archive\fR. The name and location can be permanently =0A=
Xchanged using the \fB/qjail.conf\fR file. =0A=
X.Pp=0A=
XThere is no qjail function to delete archive files. It's the users =0A=
Xresponsibility to delete un-wanted archives using the host's \fBrm\fR =
command.=0A=
XIt's also the user responsibility to keep a log of archive file names =0A=
Xwith a description of why the archive was created, so the correct =0A=
Xarchive can be restored if desired. =0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl A=0A=
XWhen used with no other parameters all jails are archived. Any other =0A=
Xparameter coded with -A is an syntax error.=0A=
X.It \fBjailname\fR=0A=
XMultiple jailnames separated by a space are allowed on this command.=0A=
XThe group prefix option is enabled. xxxx=3D will cause only those=0A=
Xjailnames matching the xxxx character to be selected for processing.=0A=
XThe equal sign "=3D" is the wildcard symbol that signifies all the=0A=
Xcharacters to its left are to be used to match on jailname to=0A=
Xcreate a list of jailnames to be processed. Jailname is a mandatory=0A=
Xparameter. Jails in "norun" status are also candidates for archiving.=0A=
X.Pp=0A=
XIf jailname is \fBbasejail\fR or \fBnewjail\fR and it's the only =0A=
Xjailname on the command, it will be archived. A basejail containing=0A=
Xonly the minimum system install, takes less than one minute elapse =0A=
Xtime to complete. A basejail containing manpages, sources and portsnap =0A=
Xdownloaded ports tree may take up to 7 minutes elapse time to =0A=
Xcomplete. newjail and all other jails with out any "desktop" =0A=
Xinstalled takes less than 15 seconds elapse time to complete.=0A=
XUse the sub-command list to display list of all jailnames. =0A=
X.Pp=0A=
XUse qjail restore to restore an archive.=0A=
X.El=0A=
X.Sh qjail delete=0A=
X.hy 0=0A=
XThis sub-function command totally removes the jailnames directory=0A=
X\fB/usr/jails/jailname\fR, and its three administration control files=0A=
X\fB/usr/local/etc/fstab.qjail.jailname\fR and =
\fB/usr/local/etc/qjail/jailname\fR.=0A=
Xand \fB/usr/local/etc/qjail.global.jailname\fR. The jailnames to be =0A=
Xdeleted are required to be in stopped mode before=0A=
Xthis "delete" command executes. =0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl A=0A=
XThis option will delete all the jails under qjail's control. You=0A=
Xare advised to archive all your jails before doing this.=0A=
X.It \fBjailname\fR=0A=
XMultiple jailnames separated by a space are allowed on this command.=0A=
XThe group prefix option is enabled. xxxx=3D will cause only those =0A=
Xjailnames matching the xxxx character to be selected for processing. =0A=
XThe equal sign "=3D" is the wildcard symbol that signifies all the =0A=
Xcharacters to its left are to be used to match on jailname to =0A=
Xcreate a list of jailnames to be processed. Jailname is a mandatory =0A=
Xparameter. Jails in "norun" status are NOT excluded from being deleted.=0A=
X.El=0A=
X.Sh qjail restore=0A=
X.hy 0=0A=
XCreates new jails from archive files. The default archive directory is=0A=
X\fB/usr/jails/archive\fR. If a jail exists with the same jailname as the=0A=
Xarchive being restored, the restore is terminated. You have to delete =
the=0A=
Xexisting matching jailname before you can restore it. Archived jails =0A=
Xthat have "norun" status will be restored with "norun" status intact.=0A=
XThe name and location of the archive directory can be permanently =0A=
Xchanged using the \fBqjail.conf\fR file. =0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl f=0A=
XBy design restore refuses to restore a archive file created on a =
different =0A=
Xhost system than the one the restore is running on. This means the =
selected =0A=
Xarchive file and the current basejail are of different RELEASE =
versions. =0A=
XUse the -f flag to force the restore of this archive file.=0A=
X.It \fBjailname\fR =0A=
XThe most current archive file matching the jailname will =0A=
Xbe restored. To restore an older file you have to specify the full =0A=
Xarchive file name with the date and time of the archive appended=0A=
Xto it. Multiple jailnames separated by a space are allowed on the=0A=
Xcommand. The group prefix option is enabled for this sub-command.=0A=
Xxxxx=3D will cause only those jailnames matching the xxxx character=0A=
Xto be selected for processing. The equal sign "=3D" is the wildcard=0A=
Xsymbol that signifies all the characters to its left are to be =0A=
Xused to match on jailname to create a list of jailnames to be =0A=
Xprocessed. Jailname is a mandatory parameter. Use this command to=0A=
X\fBls /usr/jails/archive/\fR to view all the full archive file names.=0A=
X.Pp=0A=
XIf jailname is \fBbasejail\fR or \fBnewjail\fR and it's the only =
jailname on =0A=
Xthe command, it will be restored. A basejail containing only the =0A=
Xminimum system install, takes less than one minute elapse time to =0A=
Xcomplete. A basejail with manpages, sources and full ports tree =0A=
Xmay take up to 7 minutes elapse time to complete. The existing=0A=
Xbasejail or newjail will be renamed before restoring begins to =0A=
Xprevious.basejail and previous.newjail. =0A=
X.El=0A=
X.Sh qjail config=0A=
X.hy 0=0A=
XManage parameters of specific jails.=0A=
X.Pp=0A=
XThe options are as follows:=0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl r=0A=
XIf qjail_enable=3D"YES" is present in the "host's" /etc/rc.conf =0A=
Xfile, then all jails will be started when the system is booted.=0A=
XYou can prevent this behavior by using the -r norun option on the =0A=
Xjailnames you don't want auto started at boot time and re-enable =0A=
Xboot auto start by using the -r run option on those jailnames.=0A=
X.It Fl A=0A=
XThis option is only valid when coded with option -r. When coded, =0A=
Xjailnames are invalid. This -A option means to set "ALL" the =0A=
Xjailnames to the "norun" status or the "run" status. =0A=
X.It Fl n=0A=
XThe new jailname you want to replace the selected jailname with. This =0A=
Xchanges the jailname and the jails directory name that the jail is =
known by.=0A=
X.It Fl i=0A=
XThe new IP address you want to replace the selected jailname IP address =
with.=0A=
X.It Fl c=0A=
XThe new network interface device name you want to replace the =0A=
Xselected jailname "NIC" network interface device name with. Coding =
\fB-c null\fR will disable=0A=
Xthe auto alias feature. Review the create sub-command -n option for =
details.=0A=
X.It \fBjailname\fR=0A=
XFor the -c -r and -i options multiple jailnames separated by a =0A=
Xspace are allowed on the command. The group prefix option is =0A=
Xenabled. xxxx=3D will cause only those jailnames matching the xxxx =0A=
Xcharacter to be selected for processing. The equal sign "=3D" is =0A=
Xthe wildcard symbol that signifies all the characters to its left =0A=
Xare to be used to match on jailname to create a list of jailnames =0A=
Xto be processed. For the -n option only a single jailname is =0A=
Xvalid. Jailname is a mandatory parameter. Use sub-command "list" =0A=
Xto show a list of all jailnames.=0A=
X.El=0A=
X.Sh qjail update=0A=
X.hy 0=0A=
XThis update function provides the ability to add or update the ports=0A=
Xcollection on basejail, and a method for synchronizing the host's=0A=
Xsystem binaries and those of the \fBbasejail\fR.=0A=
X.Bl -tag -width indent=0A=
X.It Fl z=0A=
XCode the same zone value used with the "install" sub-command to=0A=
Xhave this sub-command process against that zone.=0A=
X.It Fl b=0A=
XThe basic requirement of FreeBSD jails is the jail environment=0A=
Xand the host run the same version of the systems binaries. Since=0A=
Xthe FreeBSD-update utility only inspects the host system to=0A=
Xdetermine the systems RELEASE level it's not applicable in a=0A=
Xjailed environment. Performing a make buildworld/installworld on=0A=
Xbasejail's source is such a waste of effort and resources after=0A=
Xhaving done this already for the host system. This option makes=0A=
Xthe buildworld/installworld obsolete for the qjail environment.=0A=
X.Pp=0A=
XThis option deletes all the system binaries from the basejail and=0A=
Xthem copies the host's system binaries to basejail. It's intended=0A=
Xto be used after running the FreeBSD-update utility on the host=0A=
Xto apply security updates or to upgrade the GENERIC host from one=0A=
XRELEASE to another newer RELEASE, or after performing a make =0A=
Xbuildworld/installworld on the host updating its system binaries. =0A=
XBasically update the host and copy your work to the basejail getting =0A=
Xboth environments synchronized.=0A=
X.It Fl p=0A=
XThis option Invokes the portsnap utility to fetch and =0A=
Xextract a FreeBSD ports tree from portsnap.FreeBSD.org (475MB).=0A=
X.Pp=0A=
XPortsnap will initially download a compressed file containing the =0A=
Xcomplete ports tree. Elapse download time greater than 15 minutes=0A=
Xis normal. On it's initial execution, an extract is performed=0A=
Xcreating the /usr/ports directory and populating it. Subsequent=0A=
Xexecutions, the /usr/ports directory exists, so an update is done=0A=
Xpopulating the /usr/ports directory tree with only things that=0A=
Xhave been changed or added. This is portsnap's default behavior.=0A=
XThis behavior can be somewhat modified by changing the content of=0A=
Xthe hosts /etc/portsnap.conf file. Add REFUSE statements to =0A=
Xselect the ports categories you don't want populated to your =0A=
X/usr/ports directory tree. Ideal candidates are the non-English=0A=
Xlanguages, astro, biology, cad, finance, games, math, mbone, and =0A=
Xscience. From there you can select additional categories based on=0A=
Xyour normal port usage. In the FreeBSD Handbook, See Appendix =0A=
XA.6-Using Portsnap and Chapter 24.3 Portsnap: "A Ports Collection=0A=
Xupdate tool" for more details or man portsnap.=0A=
X.El=0A=
X.Sh qjail help=0A=
X.hy 0=0A=
XThe "help" function displays the syntax of all the sub-commands.=0A=
X.Bl -tag -width indent=0A=
X.It \fBmanual\fR=0A=
XThis Launches the man 8 qjail command to display the full manual.=0A=
X.El=0A=
X.Sh GENERAL QJAIL USAGE TIPS=0A=
X.hy 0=0A=
X.Pp=0A=
X* After qjail is installed, a one-time boot is necessary to =0A=
X synchronize FreeBSD's \fB/etc/rc.d/jail\fR script and qjail's =0A=
X \fB/usr/local/etc/rc.d/qjail.sh\fR script together. =0A=
X.Pp=0A=
X* In environments where a large number of jails are deployed, it's =0A=
X common for a few SEED jails to be used as the source to clone =0A=
X all of the other jails from. Create your basic SEED jail using the=0A=
X newjail template. You may wish to customize a flavor to contain any=0A=
X desired /etc config files unique to that seed, and or pre-stage =0A=
X pkg_add distribution files in the hosts /usr/packages/ directory so=0A=
X they can be shared with any jail you want that package installed in=0A=
X without that jail needing to wait for the download to complete.=0A=
X Along with the parent package be sure to also include any dependant =0A=
X packages the parent may auto fetch during its install. You have to=0A=
X manually create the hosts /usr/packages/ directory. Then issue the=0A=
X setenv PKGDIR "/usr/packages/" to create the pkg_add environment =0A=
X variable, followed by pkg_add -nrK packageName to populate the=0A=
X /usr/packages/ directory with the downloaded package files. Then=0A=
X your pkg_add commands in the qjail.flavor script will not need =0A=
X internet access to download the pkg_add distribution files, thus=0A=
X drastically shorting the elapse time during it's one time =0A=
X execution on the first time the SEED jail is started. This pkg_add=0A=
X technique is also applicable to normal jails that all share the same=0A=
X package usage. The pkg_add environment variable PKGDIR is not =
carried=0A=
X forward across "reboots" so adding it to you rc.conf is recommended.=0A=
X Additionally you can start the SEED jails console and perform any=0A=
X other customization if so desired. When you are satisfied with the =0A=
X SEED's jail's configuration, archive it. Then use the SEED's =
archive =0A=
X file jailname in the -a option of the create sub-command so it's =0A=
X used as the source template to create the other jails from. =0A=
X Optionally you could use the -D and or -I options with the -a option=0A=
X for mass duplication of jails based on that SEED configuration. =0A=
X.Pp=0A=
X* In the situation where you want "all" the jails that you EVER create=0A=
X to have the same ports included as a standard, follow these steps. =0A=
X After running the "qjail install" sub-command and before you start =0A=
X creating all your production jails. Create a single directory tree =0A=
X type "standard" jail and populate it with your selection of =
standard =0A=
X ports. When your satisfied with the "standard" jail, delete the =0A=
X /usr/jails/newjail directory and copy the "standard" jail to create =0A=
X a new /usr/jails/newjail directory. =0A=
X \fBcp -rf /usr/jails/standard /usr/jails/newjail\fR=0A=
X From that point on, all new jails created using the newjail template=0A=
X will contain your standard ports.=0A=
X.Pp=0A=
X* The /etc/rc.conf in the default flavor has this statement;=0A=
X \fBcron_flags=3D"$cron_flags -J 60"\fR This enables time jitter=0A=
X for all /etc/crontab jobs run by the superuser, which on a =0A=
X pristine jail environmemt is everything in the crontab file.=0A=
X Time jitter works this way: Prior to executing commands in the=0A=
X /etc/crontab file, cron will sleep a random number of seconds=0A=
X in the range from 1 to 60 seconds. This option greatly helps =0A=
X to reduce host system load spikes during moments when a =0A=
X lot of cron jobs are likely to start at once, IE, at the =0A=
X beginning of the first minute of each hour. Without this =0A=
X statement in every deployed jail to randomly spread the =0A=
X starting of cron tasks over the first minute, most likely=0A=
X the host system would come to a darn near halt. The default=0A=
X flavor has another customized configuration file just for=0A=
X jails. The /etc/periodic.conf overrides the normal emailing =0A=
X of reports and instead creates daily, weekly, and monthly =0A=
X logs within each jails /var/log directory. These logs get =0A=
X rotated and deleted as specified in the jails =0A=
X /etc/newsyslog.conf. =0A=
X.Pp=0A=
X* Its a mandatory requirement of the FreeBSD "jail" system that the=0A=
X host and the jails are both running the same version of the =
operating=0A=
X system binaries. First you have to get your host system running at =0A=
X the newer RELEASE version. You can do the fresh install from scratch=0A=
X method, or update your host's current RELEASE version by using the =0A=
X Freebsd-update utility or cvs update your system source and make =0A=
X buildworld/installworld. After the host is running the new RELEASE =0A=
X version and before starting any qjail's. You can run the "install" =0A=
X sub-command again and re-install with the newer RELEASE version=0A=
X matching what is on the host, without disturbing the existing =0A=
X installed jails, or run the "update" sub-command with the -b option =0A=
X to copy the hosts operating system binaries to the basejail.=0A=
X If going to a newer major RELEASE, IE: 6.4 to 7.1; 7.2 to 8.0;=0A=
X then remember, all existing jails that have ports or packages in =0A=
X them will need them updated to versions compatible with the new =0A=
X major RELEASE version. On the other hand, if going from a =0A=
X subversion to a newer subversion within the same major RELEASE, =0A=
X IE: 7.1 to 7.2; 8.0 to 8.1, then there is no need to update your=0A=
X installed ports/packages.=0A=
X.Pp=0A=
X* Each jail has a console log located in the host's /var/log/=0A=
X directory named jail_*_console.log. Where "*" =3D jailname.=0A=
X These logs don't grow much but if the jails are going to be =0A=
X used long term, their names should be added to the hosts=0A=
X /etc/newsyslog.conf so they get auto rotated and deleted.=0A=
X You don't want some jail user to cause console messages and=0A=
X flood the jails log until all the host's disk space is =0A=
X consumed bring the host to a abrupt stop. =0A=
X.Pp=0A=
X* If you have qjail start a image jail, then the contents of its =0A=
X sparse image file are accessible by the host system. From the host =0A=
X you can "cd" into the image jails jailname directory and access =0A=
X the directory tree there just like any other directory tree.=0A=
X.Pp=0A=
X* ICMP is disallowed by default for all jails. This is not a qjail=0A=
X restriction, but a design default of the FreeBSD jail command. This =0A=
X means the ping command will get "Operation not permitted." error =0A=
X when issued from inside of a jail. =0A=
X Read the manual for jail(8) for details.=0A=
X.Pp=0A=
X* Once your jail has public network access, (test with whois or dig) =0A=
X then all your normal application install functions are available,=0A=
X (ports tree update, cvs update, ports and package installs) right =0A=
X from the jails console.=0A=
X.Pp=0A=
X* Jails in their current form (RELEASE-8.0) do not have a network =
stack=0A=
X of their own, so they can't have a firewall. The host's firewall and=0A=
X network is in control. =0A=
X.Pp=0A=
X* If you want absolute control over starting your Jails. (IE. no boot =0A=
X time auto-start of the jails), then don't put the =
qjail_enable=3D"YES"=0A=
X statement in the hosts rc.conf file.=0A=
X.Pp=0A=
X* If for whatever reason you want to completely delete the qjail=0A=
X jail environment so you can start over with the install=0A=
X sub-command from scratch, execute these commands;=0A=
X \fBrm -rf /usr/jails\fR=0A=
X \fBrm -rf /usr/local/etc/qjail\fR=0A=
X \fBrm -rf /usr/local/etc/qjail.global\fR=0A=
X \fBrm /usr/local/etc/fstab.*\fR=0A=
X \fBrm /var/log/jail_*\fR=0A=
X.Sh FILES=0A=
X/usr/local/bin/qjail The main work horse =0A=
X.br=0A=
X/usr/local/etc/rc.d/qjail.sh start/stop/restart + boot time start =0A=
X.br=0A=
X/etc/rc.d/jail FreeBSD jail start/stopper=0A=
X.br=0A=
X/usr/local/etc/qjail.conf Changes defaults permanently=0A=
X.br=0A=
X/usr/local/etc/qjail/* Property record for each jail=0A=
X.br=0A=
X/usr/local/etc/qjail.global/* Property records for all zones=0A=
X.br=0A=
X/usr/local/etc/fstab.* basejail null mount record for each =
jail=0A=
X.br=0A=
X/var/run/* Run id record for each started jail=0A=
X.br=0A=
X/var/log/jail_*_console.log * =3D jailname=0A=
X.br=0A=
X/usr/local/share/examples/qjail Example flavors=0A=
X.br=0A=
X/usr/jails/archive Location of qjail's archives=0A=
X.br=0A=
X/usr/jails/flavors Location of qjail's flavors=0A=
X.Sh "SEE ALSO"=0A=
Xqjail-intro(8), qjail.conf(8), jail(8), chroot(8), mount_nullfs(8),=0A=
X.br=0A=
Xmdconfig(8), devfs(5), fdescfs(5), procfs(5),=0A=
X.br=0A=
Xportsnap(8) freebsd-update(8)=0A=
X.Sh AUTHOR=0A=
X.An Joe Barbish=0A=
X.Aq qjail@a1poweruser.com=0A=
X=0A=
9fb8cfec62881def0155bbd4d72a9aa6=0A=
echo x - qjail/work/qjail-1.0/qjail-intro.8=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail-intro.8 << =
'f36d28df9565f8c7591d42357c05b1dc'=0A=
X.Dd July 22, 2010=0A=
X.Dt quail-intro 8 USD=0A=
X.Os=0A=
X.Sh NAME=0A=
X.Nm qjail-intro=0A=
X.Nd Introduction to chroot directory tree, jails, and qjail.=0A=
X.Sh DESCRIPTION=0A=
X.hy 0=0A=
XQjail [ q =3D quick ] is a \fB4th generation\fR wrapper for the basic =
chroot jail =0A=
Xsystem that includes security and performance enhancements. Plus a new =0A=
Xlevel of \fB"user friendliness"\fR enhancements dealing with deploying =
large =0A=
Xjail environments, 100's of jails. Qjail requires no knowledge of the =0A=
Xjail command usage. =0A=
X.Sh OVERVIEW=0A=
X.hy 0=0A=
XThe original developers felt the need for a method to restrict a =0A=
Xprocesses access to the host system resources so if it becomes =0A=
Xcompromised the host system is protected from also being compromised. =0A=
XThey achieved this goal with the "chroot" command which was in the =0A=
Xoriginal 4.4BSD system, from which the current FreeBSD RELEASE is a =
direct =0A=
Xdescendant. This \fBfirst generation\fR "chroot" environment, made it =
look =0A=
Xlike the named directory was the "root" IE starting point; of a system =0A=
Xdirectory tree. Just like "/" is to FreeBSD. In this basic incarnation, =0A=
Xthe directory tree would just have the binaries necessary to form a =0A=
Xenvironment for a single application such as apache web server. You =
could =0A=
Xhave multiple such "chroot" environments. They all shared the hosts =0A=
Xnetwork and disk space. This trait continues into today's jail systems.=0A=
XAs you can imagine, occupants of these basic "chroot's" influenced =
users =0A=
Xto stay at the RELEASE they were at because of the size of the task to =0A=
Xredevelop them under a new RELEASE mixture of binaries. Jail =
deployments =0A=
Xof two were uncommon.=0A=
X.Pp=0A=
XThe jail utility appeared in FreeBSD 4.0. With this \fBsecond =
generation\fR =0A=
X"chroot" enhancement came the renaming of a "chroot" environment to a =0A=
X"jail', the ability to assign ip address to a jail, auto starting jails=0A=
Xat boot time, and a general shift in thought about the occupant of the =0A=
Xjail. The customized streamline apache web server jail that had no way =
too =0A=
Xbe easily configured, progressed into a complete clone of the operating =0A=
Xsystem with all the customizing options one is familiar with on the =
host. =0A=
XThe major shortcoming of this type jail system is each jail has it's =
own =0A=
Xcopy of the running system binaries. FreeBSD reserves a limited number =
of =0A=
Xcontrol structures for storing files and directories, called =
\fBinodes\fR. =0A=
XCreating a few jails consumes many of those valuable inodes, eventually =0A=
Xpreventing the creation of new jails. Worse yet is each jail loads it's =0A=
Xown copy of the running binaries into memory, which causes thrashing on =0A=
Xthe swap device as memory pages are swapped in and out as the limited =0A=
Xmemory is shared between the host and the jails. Besides consuming =0A=
Xresources and creating performance degradation, this also causes a major=0A=
Xadministration headache when wanting to update the host running system, =0A=
Xbecause the host and the jails have to be running the same version of =0A=
Xthe binaries. Jail deployments of four were uncommon.=0A=
X.Pp=0A=
XThen about RELEASE 5.4 the creative use of the nullfs command added the =0A=
Xability for jails to share a single set of the running binaries between =0A=
Xall the jails. This \fBthird generation\fR solution solved the =
performance =0A=
Xproblems of the second generation, but had it's own problems. Setting up=0A=
Xa nullfs running binaries environment to support multiple jails was a =0A=
Xundocumented manual one. Plus a second type of jail became available=0A=
Xcalled an "image". The image jail introduced the ability to predefine =
the =0A=
Xamount of disk space a jail could consume. This was accomplished with =
the =0A=
Xmdconfig command, which mounts a flat file as a directory tree. Jail =0A=
Xdeployments of 10 or more were uncommon. The administration of this =
jail =0A=
Xsystem type became increasing difficult with each newly added jail. =0A=
X.Pp=0A=
XDuring FreeBSD RELEASE 8.0, "qjail" was introduced which is a wrapper =0A=
Xthat camouflages the underlying "jail" commands and automates those =0A=
Xmanual setup steps into a single command. The nullfs mounted running =0A=
Xbinaries as read-only files became the method forming the basic design =0A=
Xof the "qjail" jail system. The functions necessary to manage jails =
were =0A=
Xcondensed into the following commands, "install" for installing an =0A=
Xpristine copy of the RELEASE version of FreeBSD, the "create" command =
to =0A=
Xcreate both directory tree type jails and sparse image type jails. This =0A=
Xincludes the ability to assign ip address with their network device =
name, =0A=
Xso aliases are auto created on jail start and auto removed on jail =
stop. =0A=
XAn archived seed jail pre-configured with ports can be used as the =0A=
Xtemplate to form new jails. To make the deployment of many jails with =0A=
Xthe same configuration, jails can be auto duplicated while at the same =0A=
Xtime incrementing the last octet of the ip address. The archive, =
restore =0A=
Xand delete commands are commonly understood functions. The "update" =0A=
Xcommand for using the portsnap command to populate a complete ports =
tree, =0A=
Xand the ability to copy the host's running binaries after a host =
RELEASE =0A=
Xupgrade. A "list" command to display the qjail jail status. The =
"config" =0A=
Xcommand can flag a jail as "norun" to exclude it from being auto =
started =0A=
Xat boot time. The norun / run status can be toggled back and forth on a =0A=
Xsingle jail or all jails at once. Jails can be renamed and their ip =0A=
Xaddress changed.=0A=
X.Pp=0A=
XQjail deploys two different jail types. The first type is based=0A=
Xon a Directory tree. This type has unlimited disk space growth =
potential,=0A=
Xit shares the host's disk space. The jail will never run out of space=0A=
Xuntil the host does. The second type is based on a sparse image file.=0A=
XA sparse file is one that occupies only the sum size of its contents,=0A=
Xnot it's allocation size. IE; a sparse file allocated size of 5M, but=0A=
Xonly having 7 files, each 1k in size, only occupies 7k of physical disk=0A=
Xspace. As content is added, additional physical disk space is occupied=0A=
Xup to the 5M allocation ceiling. The sparse file is mounted as a memory =
disk=0A=
Xusing the mdconfig command and populated with the directory tree content=0A=
Xof a jail. This configuration is called a sparse image jail. It's major=0A=
Xbenefits is it provides a way to put a hard limit on the maximum amount=0A=
Xof disk space a jail can consume. This provides an addition level of=0A=
Xprotection to the host from intentional or unintentional run-a-way=0A=
Xprocesses inside of a jail consuming disk space until the host system =
dies.=0A=
X.Pp=0A=
XBut by far "qjail" greatest achievement to the advancement of jailed =0A=
Xsystems, is the addition of "user-friendliness" that simplifies the =0A=
Xmanagement of large deployments of hundreds of jails. This enhancement =0A=
Xadds the ability to designate a portion of the jail name as a group =0A=
Xprefix so the command being executed will apply to only those jail =
names =0A=
Xmatching that prefix. A simple jail naming convention allows the =0A=
Xgrouping of like function jails together. The other advancement is the =0A=
Xability to create different "zones" consisting of identical jail =
systems =0A=
Xeach with their own groups of jails.=0A=
X.Pp=0A=
XQjail reduces the complexities of large jail deployments to the novice =0A=
Xlevel. Qjail has a fully documented manpage, which is a rarity in the =0A=
XFreeBSD world. Details are given to facilitate the use of qjail's =0A=
Xcapabilities to the fullest extent possible.=0A=
X.Sh "QJAIL SYSTEM" =0A=
X.hy 0=0A=
XThe qjail system is comprised of three components, qjail, qjail.conf, =
and =0A=
Xthe qjail.sh boot time script.=0A=
X.Pp=0A=
X\fBqjail\fR is the main workhorse utility. It can install the qjail=0A=
Xenvironment, create new jails, archive, restore, delete and update =
jails, =0A=
Xopen a jail console, and list the status of all the jails. See qjail(8) =0A=
Xfor complete usage details.=0A=
X.Pp=0A=
X\fBqjail.conf\fR contains qjail environment defaults. In most cases the =0A=
Xdefaults do not need changing. It's recommended to use the defaults. =
The =0A=
Xdefaults are hard coded in the qjail code. The \fBqjail.conf\fR file as =0A=
Xdelivered is located at \fB/usr/local/etc/qjail.conf.sample\fR and is =
not =0A=
Xrequired for the qjail system to run. To make a permanent override to =
the =0A=
Xdefaults, you first must remove the .sample suffix. =0A=
X.Pp=0A=
X\fBqjail.sh\fR script is located at /usr/local/etc/rc.d/qjail.sh. It's =
main =0A=
Xpurpose is to start and stop jails when called by qjail. In addition it =0A=
Xcan auto start all the jails at boot time. Adding =
\fBqjail_enable=3D"YES"\fR =0A=
Xto \fB/etc/rc.conf\fR will activate it.=0A=
X.Pp=0A=
X.Sh "SEE ALSO"=0A=
Xqjail(8), qjail.conf(8), chroot(8), jail(8), mount_nullfs(8), =
mdconfig(8) =0A=
X.Sh AUTHOR=0A=
X.An Joe Barbish =0A=
X.Aq qjail@a1poweruser.com=0A=
X=0A=
f36d28df9565f8c7591d42357c05b1dc=0A=
echo x - qjail/work/qjail-1.0/qjail=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail << =
'433526c77a92f103ae7efdcc8d87ebf7'=0A=
X#!/bin/sh=0A=
X#=0A=
X# Copyright 2010, Qjail project. All rights reserved.=0A=
X#=0A=
X# Redistribution and use in source and binary forms, with or without=0A=
X# modification, are permitted provided that the following conditions=0A=
X# are met:=0A=
X# 1. Redistributions of source code must retain the above copyright=0A=
X# notice, this list of conditions and the following disclaimer.=0A=
X# 2. Redistributions in binary form must reproduce the above copyright=0A=
X# notice, this list of conditions and the following disclaimer in the=0A=
X# documentation and/or other materials provided with the =
distribution.=0A=
X#=0A=
X# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' =
AND=0A=
X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE=0A=
X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR =
PURPOSE=0A=
X# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE =
LIABLE=0A=
X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR =
CONSEQUENTIAL=0A=
X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE =
GOODS=0A=
X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)=0A=
X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, =
STRICT=0A=
X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY =
WAY=0A=
X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF=0A=
X# SUCH DAMAGE.=0A=
X#=0A=
X =0A=
X################################=0A=
X# Start of variable initialization.=0A=
X# =0A=
Xqjail_prefix=3D/usr/local=0A=
Xqjail_cmd=3D`basename -- $0`=0A=
Xqjail_etc=3D"${qjail_prefix}/etc"=0A=
Xqjail_share=3D"${qjail_prefix}/share/qjail"=0A=
Xqjail_examples=3D"${qjail_prefix}/share/examples/qjail"=0A=
Xqjail_jailprops=3D"${qjail_etc}/qjail"=0A=
Xqjail_jailprops_global=3D"${qjail_etc}/qjail.global"=0A=
Xqjail_fstab=3D"${qjail_etc}/fstab.qjail"=0A=
Xqjail_uglyperlhack=3D"YES"=0A=
Xqjail_mount_enable=3D"YES"=0A=
Xqjail_devfs_enable=3D"YES"=0A=
Xqjail_devfs_ruleset=3D"devfsrules_jail"=0A=
Xqjail_procfs_enable=3D"YES"=0A=
Xqjail_fdescfs_enable=3D"YES"=0A=
Xqjail_exec_start=3D"/bin/sh /etc/rc"=0A=
X =0A=
X# Read user customized qjail.conf file if there is one.=0A=
X[ -f "${qjail_etc}/qjail.conf" ] && . "${qjail_etc}/qjail.conf"=0A=
X =0A=
X# Set these variables defaults to this if qjail.conf not found or=0A=
X# override with "qjail.conf" values that are un-commented.=0A=
X: ${qjail_jaildir=3D"/usr/jails"}=0A=
X: ${qjail_archivedir=3D"${qjail_jaildir}/archive"}=0A=
X: ${qjail_default_flavor=3D"default"}=0A=
X: ${qjail_sourcetree=3D"/usr/src"}=0A=
X: ${qjail_ftphost=3D"ftp2.freebsd.org"}=0A=
X: ${qjail_default_execute=3D"/usr/bin/login -f root"}=0A=
X =0A=
Xqjail_newjail=3D"${qjail_jaildir}/newjail"=0A=
Xqjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
Xqjail_fulljail=3D"${qjail_jaildir}/fulljail"=0A=
Xqjail_tempjail=3D"${qjail_jaildir}/tempjail"=0A=
Xqjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A=
X =0A=
Xqjail_dirlist=3D"bin boot lib libexec sbin usr/bin usr/include usr/lib =
usr/src "=0A=
Xqjail_dirlist=3D"${qjail_dirlist}usr/libdata usr/libexec usr/sbin =
usr/share"=0A=
X =0A=
Xqjail_basesystem=3D"base"=0A=
X =0A=
X# amd64 needs some extra libs=0A=
Xcase `uname -p` in amd64) qjail_dirlist=3D"${qjail_dirlist} usr/lib32"; =
qjail_basesystem=3D"${qjail_basesystem} lib32";; esac=0A=
X =0A=
X# Usage command options messages.=0A=
Xqjail_usage_commands=3D"${qjail_cmd} v1.0\n\=0A=
XUsage: ${qjail_cmd} =
[install|create|list|start|stop|restart|console|archive|\n\=0A=
Xdelete|restore|config|update|help] {parameters}"=0A=
Xqjail_usage_install=3D"Usage: ${qjail_cmd} install [-z zone] [-mMsS] =
[-h host] [-r release]"=0A=
Xqjail_usage_create=3D"Usage: ${qjail_cmd} create [-z zone] [-a =
archive] [-f flavor] [-D duplicate# -I]\n\=0A=
X [-n] [-i -s size] jailname jailip"=0A=
Xqjail_usage_list=3D"Usage: ${qjail_cmd} list [-z zone] [jailname...]"=0A=
Xqjail_usage_console=3D"Usage: ${qjail_cmd} console [-z zone] [-e] =
jailname"=0A=
Xqjail_usage_archive=3D"Usage: ${qjail_cmd} archive [-z zone] [-A] =
[jailname...]"=0A=
Xqjail_usage_delete=3D"Usage: ${qjail_cmd} delete [-z zone] [-A] =
[jailname...]"=0A=
Xqjail_usage_restore=3D"Usage: ${qjail_cmd} restore [-z zone] [-f] =
[jailname...]"=0A=
Xqjail_usage_config=3D"Usage: ${qjail_cmd} config [-z zone] [-r =
run|norun -A] [-n newname] [-i newip]\n\=0A=
X [-c newnic] jailname"=0A=
Xqjail_usage_update=3D"Usage: ${qjail_cmd} update [-z zone] [-b] [-p]"=0A=
Xqjail_usage_start=3D"Usage: ${qjail_cmd} start [-z zone] =
[jailname...]"=0A=
Xqjail_usage_stop=3D"Usage: ${qjail_cmd} stop [-z zone] [jailname...]"=0A=
Xqjail_usage_restart=3D"Usage: ${qjail_cmd} restart [-z zone] =
[jailname...]"=0A=
Xqjail_usage_help=3D"Usage: ${qjail_cmd} help manual"=0A=
X =0A=
X# End of variable initialization.=0A=
X################################=0A=
X#=0A=
X# Start of function definitions.=0A=
X#=0A=
X =0A=
X# Define the bail out shortcut=0A=
Xexerr () { echo -e "$*" >&2 ; exit 1; }=0A=
X=0A=
Xgroup-prefixing () {=0A=
X =0A=
X # Save the command line list of jailnames if any=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X if [ "${qjail_cmdlist}" ]; then=0A=
X =0A=
X # Check for group prefix.=0A=
X qjail_group=3D$1=0A=
X qjail_jailname=3D$1=0A=
X =0A=
X # Remove the =3D sign from the i/p value which designates this=0A=
X # as a "group prefix", if its there.=0A=
X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A=
X =0A=
X # Determine if this is a prefix request.=0A=
X if [ "${qjail_jailname}" !=3D "${qjail_group}" ]; then=0A=
X =0A=
X # covert all - to _ in the prefix if there are any=0A=
X qjail_group=3D`echo -n "${qjail_group}" | tr -c '[:alnum:]' _`=0A=
X =0A=
X =0A=
X # The list, start/stop/restart, delete, archive and config =
commands=0A=
X # look in /usr/local/etc/qjail directory for matching jailnames. =0A=
X =0A=
X unset qjail_list=0A=
X =0A=
X for qjail in "${qjail_jailprops}/${qjail_group}"*; do=0A=
X =0A=
X test "${qjail}" =3D "${qjail_jailprops}/${qjail_group}*" \=0A=
X && exerr "Error: No match for group prefix. ${qjail_group}" =
=0A=
X =0A=
X # Strip off the path from in front of the file name=0A=
X qjail_filename=3D${qjail##*/}=0A=
X =0A=
X # Accumulate file names into a list.=0A=
X # qjail_filename variable has .norun suffix if present=0A=
X qjail_list=3D"${qjail_list} ${qjail_filename}"=0A=
X =0A=
X done=0A=
X =0A=
X else=0A=
X =0A=
X # Process the jailnames on the command line, building a list of=0A=
X # file names and check they are all valid.=0A=
X =0A=
X # Roll through the command line.=0A=
X for qjail in $qjail_cmdlist; do=0A=
X shift=0A=
X =0A=
X # Read the jails property record populating the environment =
variables =0A=
X # with the jails values.=0A=
X fetch-property-info ${qjail}=0A=
X =0A=
X # Check for existence of jail in our records.=0A=
X [ "${qjail_config}" ] || \=0A=
X exerr "Error: Jail don't exist. ${qjail}"=0A=
X =0A=
X # Remove the directory path prefix.=0A=
X qjail=3D${qjail_config##*/}=0A=
X =0A=
X # Accumulate file names into a list.=0A=
X # qjail variable has .norun suffix if present.=0A=
X qjail_list=3D"${qjail_list} ${qjail}"=0A=
X =0A=
X done=0A=
X fi=0A=
X else=0A=
X # No jailnames on the command line, so Accumulate all the file =
jailnames,=0A=
X # jailnames will include the .norun suffix if present.=0A=
X =0A=
X [ -d "${qjail_jailprops}/" ] && \=0A=
X cd "${qjail_jailprops}/" && qjail_list=3D`ls | xargs rcorder`=0A=
X fi=0A=
X}=0A=
X =0A=
Xwrite-property-info () {=0A=
X =0A=
X# Write everything we know about an qjail to config=0A=
X =0A=
X qjail_destconf=3D$1=0A=
X qjail_sourceconf=3D$2=0A=
X=0A=
X (=0A=
X if [ "${qjail_sourceconf}" ]; then=0A=
X grep -E ^\# ${qjail_sourceconf}; echo=0A=
X else=0A=
X echo -e "# To specify the start up order of your qjails, use these =
lines"=0A=
X echo -e "# to create a Jail dependency tree. See rcorder(8) for =
details."=0A=
X echo -e "#\n# PROVIDE: standard_qjail\n# REQUIRE: \n# BEFORE: \n#\n"=0A=
X fi=0A=
X =0A=
X# The _hostname , _ip, _rootdir ECT can not be changed. Those are =
handles=0A=
X# used by the /etc/rc.d/jail script, This script does not belong to =
qjail.=0A=
X# Its provided ar part of the official FreeBSD RELEASE. =0A=
X# =0A=
X echo export jail_${qjail_safename}_hostname=3D\"${qjail_jailname}\"=0A=
X echo export jail_${qjail_safename}_ip=3D\"${qjail_ips}\"=0A=
X echo export jail_${qjail_safename}_rootdir=3D\"${qjail_rootdir}\"=0A=
X echo export =
jail_${qjail_safename}_exec_start=3D\"${qjail_exec_start}\"=0A=
X echo export jail_${qjail_safename}_exec_stop=3D\"${qjail_exec_stop}\"=0A=
X echo export =
jail_${qjail_safename}_mount_enable=3D\"${qjail_mount_enable}\"=0A=
X echo export =
jail_${qjail_safename}_devfs_enable=3D\"${qjail_devfs_enable}\"=0A=
X echo export =
jail_${qjail_safename}_devfs_ruleset=3D\"${qjail_devfs_ruleset}\"=0A=
X echo export =
jail_${qjail_safename}_procfs_enable=3D\"${qjail_procfs_enable}\"=0A=
X echo export =
jail_${qjail_safename}_fdescfs_enable=3D\"${qjail_fdescfs_enable}\"=0A=
X echo export jail_${qjail_safename}_image=3D\"${qjail_image}\"=0A=
X echo export jail_${qjail_safename}_imagetype=3D\"${qjail_imagetype}\"=0A=
X echo export =
jail_${qjail_safename}_interface=3D\"${qjail_nic_devicename}\"=0A=
X echo export jail_${qjail_safename}_fstab=3D\"${qjail_fstab}\"=0A=
X =0A=
X ) > "${qjail_destconf}"=0A=
X global_jailname=3D${qjail_destconf##*/}=0A=
X cp "${qjail_destconf}" "${qjail_jailprops_global}/${global_jailname}"=0A=
X} =0A=
X =0A=
X =0A=
Xfetch-property-info () {=0A=
X =0A=
X# Read the jails property record /usr/local/etc/qjail/jailname =0A=
X# populating the environment variables with the jails values. =0A=
X =0A=
X qjail_name=3D$1=0A=
X =0A=
X # Clean variables, prevent pollution.=0A=
X unset qjail_jailname qjail_ips qjail_rootdir qjail_nic_devicename=0A=
X unset qjail_exec_start qjail_exec_stop qjail_exec qjail_mount_enable=0A=
X unset qjail_devfs_enable qjail_devfs_ruleset qjail_procfs_enable =0A=
X unset qjail_fdescfs_enable qjail_id qjail_config qjail_fstab =0A=
X =0A=
X unset qjail_image qjail_imagetype =0A=
X =0A=
X qjail_safename=3D`echo -n "${qjail_name}" | tr -c '[:alnum:]' _`=0A=
X =0A=
X if [ -z "$2" ]; then=0A=
X [ -e "${qjail_jailprops}/${qjail_safename}" ] && \=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}" =0A=
X [ -e "${qjail_jailprops}/${qjail_safename}.norun" ] && \=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}.norun"=0A=
X else=0A=
X qjail_config=3D$2=0A=
X fi=0A=
X=0A=
X [ "${qjail_config}" ] || return 0=0A=
X =0A=
X . "${qjail_config}"=0A=
X eval qjail_jailname=3D\"\$jail_${qjail_safename}_hostname\"=0A=
X eval qjail_ips=3D\"\$jail_${qjail_safename}_ip\"=0A=
X eval qjail_rootdir=3D\"\$jail_${qjail_safename}_rootdir\"=0A=
X =0A=
X eval qjail_exec_start=3D\"\$jail_${qjail_safename}_exec_start\"=0A=
X eval qjail_exec_stop=3D\"\$jail_${qjail_safename}_exec_stop\"=0A=
X # fix backward compatibility issue=0A=
X eval qjail_exec=3D\"\$jail_${qjail_safename}_exec\"=0A=
X [ "${qjail_exec}" -a -z "${qjail_exec_start}" ] && =
qjail_exec_start=3D${qjail_exec}=0A=
X =0A=
X eval qjail_mount_enable=3D\"\$jail_${qjail_safename}_mount_enable\"=0A=
X eval qjail_devfs_enable=3D\"\$jail_${qjail_safename}_devfs_enable\"=0A=
X eval qjail_devfs_ruleset=3D\"\$jail_${qjail_safename}_devfs_ruleset\"=0A=
X eval qjail_procfs_enable=3D\"\$jail_${qjail_safename}_procfs_enable\"=0A=
X eval =
qjail_fdescfs_enable=3D\"\$jail_${qjail_safename}_fdescfs_enable\"=0A=
X eval qjail_image=3D\"\$jail_${qjail_safename}_image\"=0A=
X eval qjail_imagetype=3D\"\$jail_${qjail_safename}_imagetype\"=0A=
X eval qjail_nic_devicename=3D\"\$jail_${qjail_safename}_interface\"=0A=
X eval qjail_fstab=3D\"\$jail_${qjail_safename}_fstab\"=0A=
X=0A=
X=0A=
X qjail_softlink=3D${qjail_jaildir}/`basename -- "${qjail_rootdir}"`=0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X =0A=
X if [ "${qjail_image}" -a -L "${qjail_devicelink}" ]; then=0A=
X # Fetch destination of soft link=0A=
X qjail_device=3D`stat -f "%Y" ${qjail_devicelink}`=0A=
X qjail_device_geom=3D${qjail_device#/dev/}=0A=
X =0A=
X # Add this device to the list of devices to be unmounted.=0A=
X qjail_imagedevice=3D${qjail_device_geom}=0A=
X =0A=
X mount -p -v | grep -q -E =
"^${qjail_devicelink}[[:space:]]+${qjail_rootdir}" && =
qjail_attached=3D"YES"=0A=
X mount -p -v | grep -q -E =
"^${qjail_device}[[:space:]]+${qjail_rootdir}" && qjail_attached=3D"YES"=0A=
X =0A=
X # Stale device link detected. Remove and clean.=0A=
X [ -z "${qjail_attached}" ] && unset qjail_device && rm -f =
"${qjail_devicelink}"=0A=
X fi=0A=
X =0A=
X [ -f "/var/run/jail_${qjail_safename}.id" ] && \=0A=
X qjail_id=3D`cat /var/run/jail_${qjail_safename}.id` || return=0A=
X jls | grep -q -E "^ +${qjail_id} " || unset qjail_id=0A=
X} =0A=
X =0A=
Xdetach_images () {=0A=
X =0A=
X# Generic detach routine for image jails.=0A=
X =0A=
X # Avoid ending up inside mount point.=0A=
X cd /=0A=
X =0A=
X # unmount and detach memory disc.=0A=
X if [ "${qjail_imagedevice}" ]; then=0A=
X umount "${qjail_rootdir}" > /dev/null 2> /dev/null=0A=
X mdconfig -d -u "${qjail_imagedevice}" > /dev/null=0A=
X [ "$1" =3D "keep" ] || rm -f "${qjail_image}"=0A=
X fi=0A=
X =0A=
X # Remove soft link (which acts as a lock).=0A=
X [ -e "/dev/${qjail_imagedevice}" ] || rm -f "${qjail_devicelink}"=0A=
X =0A=
X # This function is being called in case of error. Keep $? bad.=0A=
X return 1=0A=
X} =0A=
X =0A=
X#############################=0A=
X# End of function definitions.=0A=
X# "=0A=
X =0A=
X# This is the beginning of the script processing.=0A=
X# Check that the first word after "qjail" is a sub-command.=0A=
X =0A=
X[ $# -gt 0 ] || exerr ${qjail_usage_commands}=0A=
X =0A=
Xcase "$1" in=0A=
X =0A=
X####jjbc#################### qjail CREATE ########################=0A=
Xcreate)=0A=
X =0A=
X # Clean variables, prevent pollution.=0A=
X unset qjail_rootdir qjail_fromarchive qjail_flavor qjail_config =0A=
X unset qjail_bump_ip qjail_zone qjail_duplicate_times=0A=
X =0A=
X qjail_duplicate_count=3D000=0A=
X =0A=
X shift; while getopts f:a:n:D:s:z:Ii arg; do case ${arg} in=0A=
X f) qjail_flavor=3D${OPTARG};;=0A=
X a) qjail_fromarchive=3D${OPTARG};;=0A=
X n) qjail_nic_devicename=3D${OPTARG};;=0A=
X D) qjail_duplicate_times=3D${OPTARG};;=0A=
X I) qjail_bump_ip=3D"YES";;=0A=
X i) qjail_create_image=3D"YES";;=0A=
X s) qjail_imagesize=3D${OPTARG};;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_create};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A=
X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
X qjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A=
X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A=
X fi =0A=
X =0A=
X qjail_name=3D$1; qjail_ips=3D$2=0A=
X =0A=
X # Need at least a name and an ip for new jail.=0A=
X [ "${qjail_name}" -a "${qjail_ips}" -a $# -eq 2 ] || \=0A=
X exerr ${qjail_usage_create}=0A=
X =0A=
X # Check that -i also has -s.=0A=
X [ -n "${qjail_create_image}" -a -z "${qjail_imagesize}" ] \=0A=
X && exerr "Error: Option -i requires option -s."=0A=
X =0A=
X # Check that -s was not coded without -i.=0A=
X [ -z "${qjail_create_image}" -a -n "${qjail_imagesize}" ] \=0A=
X && exerr "Error: Option -s requires option -i."=0A=
X =0A=
X # Check that -D value was entered and it's numeric.=0A=
X if [ -n "${qjail_duplicate_times}" ]; then=0A=
X if expr "${qjail_duplicate_times}" : "[0-9]*$" > /dev/null=0A=
X then=0A=
X # numeric let fall through =0A=
X else=0A=
X exerr "Error: Option -D requires a numeric value."=0A=
X fi=0A=
X =0A=
X # Check that duplicate_times is not over limit.=0A=
X [ "${qjail_duplicate_times}" -gt "100" ] \=0A=
X && exerr "Error: -D value greater than the maximum of 100."=0A=
X else=0A=
X qjail_duplicate_times=3D0=0A=
X fi=0A=
X =0A=
X ##### Start of check for valid image size value. #########=0A=
X # =0A=
X if [ "${qjail_imagesize}" ]; then=0A=
X =0A=
X # Check if entered value is alpha, IE missing numbers.=0A=
X echo "${qjail_imagesize}" | grep "^[0-9]" > /dev/null=0A=
X [ $? -ne 0 ] && exerr "Error: -s value missing numbers."=0A=
X =0A=
X # Only suffix of G|g or M|m are valid. g for gigabyte, m for =
megabyte.=0A=
X # Translate upper case characters to lower case.=0A=
X qjail_imagesize=3D`echo "${qjail_imagesize}"| tr GM gm`=0A=
X =0A=
X # Only populate Timagesize if begins with digits and ends with g or =
m omly.=0A=
X unset qjail_Timagesize=0A=
X qjail_Timagesize=3D`echo "${qjail_imagesize}" | sed -n =
's/^\([0-9]\{1,\}[gm]\)$/\1/p'`=0A=
X [ -z "${qjail_Timagesize}" ] && \=0A=
X exerr "Error: Invalid -s value. Only G|g or M|m suffix is =
valid."=0A=
X =0A=
X # Calculate blocks. =0A=
X value=3D`echo "${qjail_imagesize}"| \=0A=
X sed -Ees:g:km:g -es:m:kk:g -es:k:"*2b":g -es:b:"*128w":g -es:w:"*4 =
":g -e"s:(^|[^0-9])0x:\1\0X:g" -ey:x:"*":|bc`=0A=
X [ $? -eq 0 -a ${value} -gt 0 ] || \=0A=
X exerr "Error: The image size you specified is invalid. =
${qjail_imagesize}"=0A=
X =0A=
X qjail_imageblockcount=3D`echo ${value} / 1048576 | bc`=0A=
X =0A=
X fi =0A=
X =0A=
X # Check, whether qjail has been set up correctly. Existence of=0A=
X # qjail_basejail is the indicator.=0A=
X # =0A=
X [ -d "${qjail_basejail}" ] || exerr "Error: basejail does not exist."=0A=
X =0A=
X [ "${qjail_flavor}" -a "${qjail_fromarchive}" ] && \=0A=
X exerr "Error: -a and -f invalid together."=0A=
X =0A=
X # The =3D sign in the jailname is reserved for group prefix processing=0A=
X # so it can not be used as part of a jailname. Remove it if there. =0A=
X =0A=
X qjail_tjailname=3D`echo -n "${qjail_name}" | sed 's/=3D.*$//'`=0A=
X =0A=
X # Check for existence of =3D sign in jailname.=0A=
X if [ "${qjail_tjailname}" !=3D "${qjail_name}" ]; then=0A=
X exerr "Error: Equal sign is not valid in jailname. ${qjail_name}"=0A=
X fi =0A=
X =0A=
X # Standardize jail names.=0A=
X qjail_new_jailname=3D`echo -n "${qjail_name}" | tr '/~' '__'`=0A=
X qjail_new_safename=3D`echo -n "${qjail_name}" | tr -c '[:alnum:]' _`=0A=
X qjail_new_rootdir=3D"${qjail_jaildir}/${qjail_new_jailname}"=0A=
X qjail_new_config=3D"${qjail_jailprops}/${qjail_new_safename}"=0A=
X qjail_new_ips=3D"${qjail_ips}"=0A=
X qjail_new_nic_devicename=3D"${qjail_nic_devicename}"=0A=
X =0A=
X # Has a qjail reserved directory name been coded on the command?=0A=
X # =0A=
X case ${qjail_new_jailname} in =
basejail|newjail|fulljail|flavors|tempjail|archive) \=0A=
X exerr "Error: This name is unavailable. ${qjail_new_jailname}";; esac=0A=
X =0A=
X # Check if new jailname is used already across any zones.=0A=
X qjail_test_config=3D"${qjail_jailprops_global}/${qjail_new_safename}"=0A=
X [ -e "${qjail_test_config}" -o -e "${qjail_test_config}.norun" ] && \=0A=
X exerr "Error: Jailname already exists. ${qjail_new_jailname}"=0A=
X =0A=
X =0A=
X###jjbcc#### Start of creating jail routine. ################=0A=
X# =0A=
X# By this point in the create sub-command logic, all the command input=0A=
X# has been validated and sanity checks passed ok. The following "if"=0A=
X# statement will create a directory tree type jail using a archive as =0A=
X# the template. The "else" condition will create a directory tree type =0A=
X# jail using the newjail template and be flavorized by the default =
flavor=0A=
X# or a custom flavor if -f is coded on the command. =0A=
X# =0A=
X =0A=
X if [ "${qjail_fromarchive}" ]; then=0A=
X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A=
X qjail_archive_safename=3D`echo -n "${qjail_fromarchive}" | sed =
's/-.*$//'`=0A=
X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A=
X else=0A=
X # Use qjail_fromarchive jailname to locate most current archive=0A=
X # Convert all - or . in jailname to _=0A=
X qjail_archive_jailname=3D`echo -n "${qjail_fromarchive}" | tr =
'/~' '__'`=0A=
X qjail_archive_safename=3D`echo -n "${qjail_fromarchive}" | tr -c =
'[:alnum:]' _`=0A=
X unset qjail_fromarchive=0A=
X =0A=
X # Roll through the archive directory looking for the last =
occurrence=0A=
X # to match the jailname being the most current archive.=0A=
X # IE: Most current archive for the jallname has higher number date=0A=
X # so physically follows the older dated archive files in the=0A=
X # archive directory.=0A=
X #=0A=
X for qjail_archive in =
"${qjail_archivedir}/${qjail_archive_safename}"*; do=0A=
X qjail_fromarchive=3D${qjail_archive}=0A=
X done=0A=
X =0A=
X [ -f "${qjail_fromarchive}" ] || \=0A=
X exerr "No archive found. ${qjail_archive_safename}"=0A=
X fi=0A=
X =0A=
X # Get the property record file name from the archive file.=0A=
X qjail_nameprop=3D`pax -zn -f ${qjail_fromarchive} prop.qjail-\*`=0A=
X [ $? -eq 0 -a "${qjail_nameprop}" ] || exerr \=0A=
X "Error: File is not an qjail archive. ${qjail_fromarchive}"=0A=
X =0A=
X # Create /tmp file to save restored porperty info to.=0A=
X qjail_config=3D`mktemp /tmp/qjail.prop.XXXXXXXX`=0A=
X [ $? -ne 0 ] && exerr "Error: Couldn't create temporary properties =
file."=0A=
X =0A=
X # Get the property data from the archive file & put it in =
qjail_config.=0A=
X pax -rzn -s:${qjail_nameprop}:${qjail_config}: -f =
${qjail_fromarchive} ${qjail_nameprop}=0A=
X =0A=
X # Export the variables from the archive file.=0A=
X fetch-property-info ${qjail_archive_safename} ${qjail_config}=0A=
X =0A=
X # Prep the variables.=0A=
X qjail_archive_jailname=3D"${qjail_jailname}"=0A=
X qjail_rootdir=3D"${qjail_new_rootdir}"=0A=
X qjail_jailname=3D"${qjail_new_jailname}"=0A=
X qjail_safename=3D"${qjail_new_safename}"=0A=
X qjail_fromarchive_config=3D${qjail_config}=0A=
X qjail_archive_opt=3D"-f ${qjail_fromarchive}"=0A=
X qjail_config=3D"${qjail_new_config}"=0A=
X qjail_fstab=3D"${qjail_etc}/fstab.qjail.${qjail_new_safename}"=0A=
X qjail_ips=3D"${qjail_new_ips}"=0A=
X qjail_nic_devicename=3D"${qjail_new_nic_devicename}"=0A=
X =0A=
X =0A=
X # Restore the archive file,=0A=
X mkdir -p "${qjail_rootdir}" && cd "${qjail_rootdir}" && \=0A=
X pax -rz -pe ${qjail_archive_opt} -s:^qjail:.: qjail/*=0A=
X [ $? -eq 0 ] || \=0A=
X exerr "Error: Couldn't extract archive from. =
${qjail_fromarchive}"=0A=
X =0A=
X # Remove the /tmp work file created above.=0A=
X rm -f "${qjail_fromarchive_config}"=0A=
X =0A=
X # If the jail just restored is a image jail, then it has to be =
mdconfig=0A=
X # and it's directory tree copied to a non-image directory tree for =
passing=0A=
X # to the jail create logic below.=0A=
X # =0A=
X if [ -n "${qjail_imagetype}" ]; then =0A=
X =0A=
X # If the temporary directory named tempjail exists, then delete it=0A=
X # and create it a new.=0A=
X [ -d "${qjail_tempjail}" ] && rm -rf "${qjail_tempjail}"=0A=
X mkdir -p "${qjail_tempjail}" || exerr \=0A=
X "Error: Failed to create tempjail directory for create =
command."=0A=
X =0A=
X # Copy just the flat image file to tempjail.=0A=
X qjail_image=3D"${qjail_new_rootdir}/${qjail_archive_jailname}.img"=0A=
X cp "${qjail_image}" "${qjail_tempjail}"=0A=
X =0A=
X # Create full path to flat image file location.=0A=
X =
qjail_tempjail_image=3D"${qjail_tempjail}/${qjail_archive_jailname}.img"=0A=
X =0A=
X # Delete the flat image from it's original location.=0A=
X rm "${qjail_image}" =0A=
X =0A=
X # Attach the .img file as a memory disk.=0A=
X qjail_imagedevice=3D`mdconfig -a -t vnode -f =
"${qjail_tempjail_image}"`=0A=
X [ $? -eq 0 ] || rm -rf "${qjail_tempjail}" || exerr \=0A=
X "Error: Failed to 'mdconfig' the image file. =
${qjail_tempjail_image}"=0A=
X =0A=
X # Mount the memory disk image.=0A=
X mount "/dev/${qjail_imagedevice}" "${qjail_tempjail}" || \=0A=
X exerr "Error: Couldn't mount memory disk for create command. =
${qjail_imagedevice}"=0A=
X =0A=
X # Copy the contents of the image directory tree.=0A=
X cd "${qjail_tempjail}" \=0A=
X && find . | cpio -p -v "${qjail_rootdir}" 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || cd / \ =0A=
X umount "${qjail_tempjail}" > /dev/null 2> =
/dev/null \=0A=
X mdconfig -d -u "${qjail_imagedevice}" > /dev/null =
\=0A=
X exerr "Error: Couldn't copy image directory tree to =
${qjail_rootdir}"=0A=
X =0A=
X # Detach memory disk.=0A=
X cd / =0A=
X umount "${qjail_tempjail}" > /dev/null 2> /dev/null=0A=
X mdconfig -d -u "${qjail_imagedevice}" > /dev/null=0A=
X =0A=
X rm -rf "${qjail_tempjail}"=0A=
X unset qjail_image qjail_imagetype=0A=
X =0A=
X fi =0A=
X =0A=
X # Write the jails properties file.=0A=
X write-property-info "${qjail_config}"=0A=
X =0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X =0A=
X [ "${qjail_duplicate_times}" -eq "0" -a -z "${qjail_create_image}" =
] \=0A=
X && echo "Successfully created ${qjail_jailname}"=0A=
X =0A=
X else=0A=
X =0A=
X # This is the start of create jail without using an archive as a =
template.=0A=
X # Using the newjail template.=0A=
X # =0A=
X =0A=
X # Prep the variables.=0A=
X qjail_rootdir=3D"${qjail_new_rootdir}"=0A=
X qjail_jailname=3D"${qjail_new_jailname}"=0A=
X qjail_safename=3D"${qjail_new_safename}"=0A=
X qjail_config=3D"${qjail_new_config}"=0A=
X qjail_fstab=3D"${qjail_etc}/fstab.qjail.${qjail_new_safename}"=0A=
X qjail_ips=3D"${qjail_new_ips}"=0A=
X qjail_nic_devicename=3D"${qjail_new_nic_devicename}"=0A=
X =0A=
X # If no -f option then everyone gets the default flavor=0A=
X # named "default".=0A=
X # =0A=
X [ ${qjail_flavor} ] || qjail_flavor=3D${qjail_default_flavor}=0A=
X =0A=
X # Does the flavor exist?=0A=
X [ -e "${qjail_flavors_dir}/${qjail_flavor}" ] || \=0A=
X exerr "Error: Flavor not found. ${qjail_flavor}"=0A=
X =0A=
X =0A=
X # Create the new jailname directory and copy the newjail template =
to it.=0A=
X mkdir -p "${qjail_rootdir}" && cd "${qjail_newjail}" && \=0A=
X find . | cpio -p "${qjail_rootdir}" 1> /dev/null 2>&1 =0A=
X [ $? -eq 0 ] || exerr "Error: Couldn't copy newjail template."=0A=
X =0A=
X # Merge the flavor files into the newly created jailname directory =
tree.=0A=
X # Doing it under a "for" so the "default" directory is not copied, =
just=0A=
X # it's contents. =0A=
X # =0A=
X installed_flavors=3D0=0A=
X for flavor in ${qjail_flavor}; do=0A=
X =0A=
X cd "${qjail_flavors_dir}/${flavor}" && find . | \=0A=
X cpio -p -u "${qjail_rootdir}" 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || =0A=
X echo "Warning: Could not fully install flavor ${qjail_flavor}."=0A=
X done=0A=
X =0A=
X =0A=
X # If the flavor user customizable script is found, make it auto run =
on =0A=
X # jails first startup. User has to rename it from =
qjail.flavor.sample=0A=
X # to qjail.flavor to enable it.=0A=
X # =0A=
X installed_flavors=3D0=0A=
X if [ -f "${qjail_rootdir}/qjail.flavor" ]; then=0A=
X chmod 0755 "${qjail_rootdir}/qjail.flavor"=0A=
X mv "${qjail_rootdir}/qjail.flavor" =
"${qjail_rootdir}/qjail.flavor".`printf %04d $(( installed_flavors+=3D1 =
))`=0A=
X =0A=
X # Post the trigger script that makes the user customized =
qjail.flavor =0A=
X # script get executed at jails first start up. =0A=
X cat > "${qjail_rootdir}/etc/rc.d/qjail-config" <<"EOF"=0A=
X#!/bin/sh=0A=
X# =0A=
X# BEFORE: DAEMON=0A=
X# PROVIDES: qjail-config=0A=
X# =0A=
X# This launches the qjail.flavor script located in the selected flavor =0A=
X# directory name on first time the new jail is started and deletes it =
self.=0A=
X# =0A=
Xcase "$1" in=0A=
X *start)=0A=
X rm -f "/etc/rc.d/qjail-config"=0A=
X for qjail_flavor in /qjail.flavor.*; do=0A=
X [ -x "${qjail_flavor}" ] && "${qjail_flavor}"=0A=
X rm -f "${qjail_flavor}"=0A=
X done=0A=
X ;; =0A=
X *) =0A=
X ;; =0A=
Xesac=0A=
XEOF=0A=
X =0A=
X # Give the trigger script permission to execute.=0A=
X chmod 0755 "${qjail_rootdir}/etc/rc.d/qjail-config"=0A=
X =0A=
X fi=0A=
X =0A=
X # Create the fstab entry for the new jailname, it is used at boot =
time and=0A=
X # jail start time.=0A=
X # =0A=
X # Create the jails fstab file.=0A=
X echo -n > "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> =
\=0A=
X "${qjail_fstab}"=0A=
X =0A=
X # Create the property record for the newjail.=0A=
X write-property-info "${qjail_config}"=0A=
X =0A=
X [ "${qjail_duplicate_times}" -eq "0" -a -z "${qjail_create_image}" =
] \=0A=
X && echo "Successfully created ${qjail_jailname}"=0A=
X =0A=
X fi # end of if [ "${qjail_fromarchive}" ]; then=0A=
X =0A=
X =0A=
X####jjbi####### Start of image jail processing ###############=0A=
X# =0A=
X# By this point in the create sub-command logic, a directory tree type =
jail =0A=
X# has already been created for the jailname, either using an archive =
file =0A=
X# as the template or using the newjail as the template and being =
flavorized=0A=
X# by the default flavor or a custom flavor by the above logic. =0A=
X# =0A=
X# If the image jail type was coded, -i on the create command then this =
following=0A=
X# logic is executed which creates a empty sparse image file, copies the =0A=
X# directory tree jail into the sparse jail, deletes the directory tree =
jail =0A=
X# and renames the image jail with the directory tree jail names, builds =
the =0A=
X# fstab and property files.=0A=
X# =0A=
X =0A=
X if [ -n "${qjail_create_image}" ]; then=0A=
X =0A=
X # Prep work variables.=0A=
X qjail_saved_rootdir=3D"${qjail_rootdir}"=0A=
X =0A=
X # Create the build directory; the .img file is going to be located =
in.=0A=
X # This will also be it's mount point.=0A=
X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}-img"=0A=
X mkdir -p "${qjail_rootdir}" || \=0A=
X exerr "Error: Couldn't create jail mount point. ${qjail_rootdir}"=0A=
X =0A=
X # The sparse image is located inside it's mount point directory.=0A=
X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A=
X =0A=
X # Create the empty .img file.=0A=
X touch "${qjail_image}"=0A=
X =0A=
X # Create the sparse image file.=0A=
X if [ "${qjail_imageblockcount}" -gt 0 ]; then=0A=
X dd if=3D"/dev/zero" of=3D"${qjail_image}" bs=3D1m count=3D0 \=0A=
X seek=3D${qjail_imageblockcount} 1> /dev/null 2>&1 || \=0A=
X exerr "Error: Couldn't create the sparse image file. =
${qjail_image}"=0A=
X else=0A=
X exerr "Error: Invalid image block count for image file. =
${qjail_image}"=0A=
X fi=0A=
X =0A=
X # Attach the .img file as a memory disk.=0A=
X qjail_imagedevice=3D`mdconfig -a -t vnode -f "${qjail_image}"`=0A=
X [ $? -eq 0 ] || detach_images || exerr \=0A=
X "Error: Failed to 'mdconfig' the sparse image. ${qjail_image}"=0A=
X =0A=
X qjail_device=3D${qjail_imagedevice}=0A=
X =0A=
X # Format memory disk image.=0A=
X newfs -U "/dev/${qjail_imagedevice}" 1> /dev/null 2>&1 || =
detach_images \=0A=
X || exerr "Error: Couldn't newfs the memory disk. =
${qjail_imagedevice}"=0A=
X =0A=
X # Mount the memory disk image.=0A=
X mount "/dev/${qjail_imagedevice}" "${qjail_rootdir}" || =
detach_images || \=0A=
X exerr "Error: Couldn't mount memory disk. ${qjail_device}"=0A=
X =0A=
X # Copy the contents of the previously built directory tree jail. =0A=
X cd "${qjail_saved_rootdir}" \=0A=
X && find . | cpio -p -v "${qjail_rootdir}" 1> /dev/null 2>&1 =0A=
X [ $? -eq 0 ] || detach_images || \=0A=
X exerr "Error: Couldn't copy directory tree to image jail. =
${qjail_rootdir}"=0A=
X =0A=
X # Detach memory disks.=0A=
X detach_images keep=0A=
X =0A=
X # Scratch the directory tree jail and it's admin files.=0A=
X # freeing up it's jailname.=0A=
X rm -rf "${qjail_saved_rootdir}"=0A=
X rm -rf "${qjail_jailprops_global}/${qjail_safename}"=0A=
X rm -f "${qjail_config}"=0A=
X rm -f "${qjail_fstab}" =0A=
X =0A=
X # Rename the image build directory using the =0A=
X # directory tree jailname.=0A=
X mv "${qjail_rootdir}" "${qjail_saved_rootdir}"=0A=
X =0A=
X # Re-populate the variables with correct content so every thing that=0A=
X # follows will have the correct info.=0A=
X qjail_rootdir=3D"${qjail_saved_rootdir}"=0A=
X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A=
X qjail_imagetype=3D"simple"=0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X =0A=
X echo -n > "${qjail_fstab}"=0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X =0A=
X write-property-info "${qjail_config}"=0A=
X =0A=
X [ "${qjail_duplicate_times}" -ne "${qjail_duplicate_count}" ] || \=0A=
X echo "Successfully created ${qjail_jailname}"=0A=
X =0A=
X fi =0A=
X =0A=
X =0A=
X############ Start of duplication routine. ################ =0A=
X# =0A=
X# By this point in the create sub-command logic, there is either a=0A=
X# directory tree type jail or a sparse image jail present.=0A=
X# The following logic will duplicate this jail this number of times=0A=
X# appending the count to the jail name.=0A=
X# =0A=
X =0A=
X if [ "${qjail_duplicate_times}" -ne "${qjail_duplicate_count}" ]; then=0A=
X =0A=
X # Prep some work variables. =0A=
X qjail_saved_jailname=3D"${qjail_jailname}"=0A=
X qjail_saved_safename=3D"${qjail_safename}"=0A=
X qjail_saved_rootdir=3D"${qjail_rootdir}"=0A=
X qjail_saved_config=3D"${qjail_config}"=0A=
X qjail_saved_fstab=3D"${qjail_fstab}"=0A=
X =0A=
X while [ "${qjail_duplicate_count}" -ne "${qjail_duplicate_times}" =
]; do=0A=
X qjail_duplicate_count=3D$(( $qjail_duplicate_count + 1 ))=0A=
X =0A=
X =
qjail_safename=3D"${qjail_saved_safename}_${qjail_duplicate_count}"=0A=
X =
qjail_jailname=3D"${qjail_saved_jailname}-${qjail_duplicate_count}"=0A=
X =0A=
X # Check if new dup jailname is created already=0A=
X qjail_tmp_config=3D"${qjail_jailprops}/${qjail_safename}"=0A=
X =0A=
X if [ -e "${qjail_tmp_config}" -o -e "${qjail_tmp_config}.norun" =
]; then=0A=
X echo "Bypassed existing jail ${qjail_jailname}"=0A=
X continue=0A=
X fi =0A=
X =0A=
X # Create the dup jailname directory and populate it.=0A=
X qjail_rootdir=3D"${qjail_saved_rootdir}-${qjail_duplicate_count}"=0A=
X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A=
X =0A=
X if [ "${qjail_create_image}" ]; then=0A=
X mkdir -p "${qjail_rootdir}"=0A=
X dd if=3D"${qjail_saved_rootdir}/${qjail_saved_jailname}.img" \=0A=
X of=3D"${qjail_image}" conv=3Dsparse 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || exerr \=0A=
X "Error: Couldn't dd jails img file. ${qjail_image}"=0A=
X else =0A=
X unset qjail_image=0A=
X mkdir -p "${qjail_rootdir}" && \=0A=
X cd "${qjail_saved_rootdir}" && \=0A=
X find . | cpio -p "${qjail_rootdir}" 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || exerr "Error: Couldn't copy template jail."=0A=
X fi =0A=
X =0A=
X # Create the jails fstab file.=0A=
X qjail_fstab=3D"${qjail_saved_fstab}_${qjail_duplicate_count}"=0A=
X if [ "${qjail_create_image}" ]; then=0A=
X echo -n > "${qjail_fstab}"=0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X else=0A=
X echo -n > "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X fi =0A=
X =0A=
X if [ "${qjail_bump_ip}" =3D "YES" ]; then=0A=
X qjail_short_ip=3D"${qjail_ips%.*}"=0A=
X qjail_ip_suffix=3D"${qjail_ips##*.}"=0A=
X qjail_ip_suffix=3D$(( ${qjail_ip_suffix} + 1 ))=0A=
X qjail_ips=3D"${qjail_short_ip}.${qjail_ip_suffix}"=0A=
X fi =0A=
X =0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A=
X =0A=
X # Create the property record for the newjail.=0A=
X write-property-info "${qjail_config}" =0A=
X echo "Successfully created ${qjail_jailname}"=0A=
X =0A=
X done =0A=
X =0A=
X rm -rf "${qjail_saved_rootdir}"=0A=
X rm -rf "${qjail_saved_config}"=0A=
X rm -rf "${qjail_jailprops_global}/${qjail_saved_safename}"=0A=
X rm -rf "${qjail_saved_fstab}"=0A=
X fi =0A=
X####### End of duplication routine. #########################=0A=
X =0A=
X ;;=0A=
X =0A=
X =0A=
X###jjbd##################### qjail DELETE ########################=0A=
Xdelete)=0A=
X=0A=
X shift; while getopts Az: arg; do case ${arg} in=0A=
X A) qjail_deletealljails=3D"YES";;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_delete};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X fi=0A=
X =0A=
X # Specifying no jailsnames is only acceptable if deleting all jails.=0A=
X [ $# -lt 1 -a -z "${qjail_deletealljails}" ] && \=0A=
X exerr ${qjail_usage_archive}=0A=
X =0A=
X # -A flag to delete all the jails cannot have jailnames on it=0A=
X [ $# -gt 0 -a "${qjail_deletealljails}" ] && \=0A=
X exerr "Syntax Error: Must not specify jailnames on delete -A."=0A=
X =0A=
X # Save the command line list of jailnames if any=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Perform the group-prefixing function.=0A=
X group-prefixing ${qjail_cmdlist}=0A=
X =0A=
X # Process the qjail_list built by group-prefixing.=0A=
X for qjail in ${qjail_list}; do=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X # If jail is still running, bypass deleting it.=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "Bypassed running jail ${qjail_jailname}"=0A=
X continue=0A=
X fi=0A=
X =0A=
X # Now we have everything needed to delete the jail. Delete the=0A=
X # jailname property record and it's fstab.qjail.jailname record,=0A=
X # plus the global property record.=0A=
X #=0A=
X # Strip off the path from in front of the file name so we can=0A=
X # get the jailname with .norun if it be there.=0A=
X qjail_filename=3D${qjail_config##*/}=0A=
X rm -f "${qjail_config}" =0A=
X rm -f "${qjail_jailprops_global}/${qjail_filename}"=0A=
X rm -f "${qjail_fstab}"=0A=
X =0A=
X # Delete the jail directory=0A=
X rm -rf "${qjail_rootdir}"=0A=
X =0A=
X echo "Successfully deleted ${qjail_jailname}"=0A=
X =0A=
X done=0A=
X ;;=0A=
X =0A=
X#######jjbl################# qjail LIST ########################=0A=
Xlist)=0A=
X =0A=
X # Clean variables, prevent pollution.=0A=
X unset qjail_cmdlist qjail_group qjail_jailname qjail_filename=0A=
X unset qjail qjail_list qjail_state qjail_zone=0A=
X =0A=
X # no flags allowed, error out, but still shift over var line.=0A=
X shift; while getopts z: arg; do case ${arg} in=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_list};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_zone_msg=3D"Jails in zone ${qjail_zone}"=0A=
X fi=0A=
X =0A=
X # Save the command line list of jailnames if any.=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Perform the group-prefixing function.=0A=
X group-prefixing ${qjail_cmdlist}=0A=
X =0A=
X =0A=
X echo " "=0A=
X echo "${qjail_zone_msg}"=0A=
X printf "%-3s %-4s %-3s %-15s %s\\n" STA JID NIC IP Jailname =0A=
X echo "--- ---- --- --------------- =
---------------------------------------------------"=0A=
X =0A=
X # Process the qjail_list built by group-prefixing and list the =
jailname info.=0A=
X for qjail in ${qjail_list}; do=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X if [ "${qjail_imagetype}" ]; then=0A=
X qjail_state=3D"I"=0A=
X else=0A=
X qjail_state=3D"D"=0A=
X fi=0A=
X =0A=
X if [ "${qjail_id}" ]; then=0A=
X qjail_state=3D"${qjail_state}R"=0A=
X else=0A=
X qjail_state=3D"${qjail_state}S"=0A=
X fi=0A=
X =0A=
X # Check to see if jailname has .norun suffix. =0A=
X [ "${qjail_safename}" !=3D "${qjail}" ] && =
qjail_state=3D"${qjail_state}N"=0A=
X =0A=
X TIFS=3D${IFS}; IFS=3D,; unset _multiline=0A=
X for qjail_ip in ${qjail_ips:=3D"-"}; do=0A=
X if [ -z "${_multiline}" ]; then=0A=
X printf "%-3s %-4s %-3s %-15s %s\\n" "${qjail_state}" =
"${qjail_id:-N/A}" "${qjail_nic_devicename}" "${qjail_ip}" =
"${qjail_jailname}"=0A=
X =0A=
X _multiline=3Dyes=0A=
X else=0A=
X printf " %-4s %s\\n" "${qjail_id:-N/A}" "${qjail_ip}"=0A=
X fi=0A=
X done=0A=
X IFS=3D${TIFS}=0A=
X qjail_state=3D""=0A=
X done=0A=
X echo " "=0A=
X echo " "=0A=
X ;;=0A=
X =0A=
X =0A=
X###jjbu##################### qjail UPDATE ########################=0A=
Xupdate)=0A=
X =0A=
X # Clean variables, prevent pollution.=0A=
X unset qjail_action_b qjail_action_p =0A=
X =0A=
X flag_count=3D0=0A=
X =0A=
X shift; while getopts bpz: arg; do case ${arg} in=0A=
X b) qjail_action_b=3D"binary-update"; flag_count=3D$(( $flag_count =
+ 1 ));;=0A=
X p) qjail_action_p=3D"portsnap"; flag_count=3D$(( $flag_count + 1 =
));;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_update};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
X fi=0A=
X =0A=
X # Check for no flags set.=0A=
X [ $flag_count -eq 0 ] && exerr \=0A=
X "Error: NO options coded.\n ${qjail_usage_update}"=0A=
X [ $flag_count -gt 1 ] && exerr \=0A=
X "Error: To many options coded.\n ${qjail_usage_update}"=0A=
X =0A=
X # Run portsnap option? =0A=
X if [ "${qjail_action_p}" ]; then=0A=
X qjail_action_p=3D"fetch"=0A=
X echo " "=0A=
X date=0A=
X echo " "=0A=
X echo "The elapse download time of the portsnap compressed ports =
file"=0A=
X echo "is estimated at 25 minutes for the initial fetch."=0A=
X echo "Subsequent fetches will generally take less than a minute."=0A=
X echo " "=0A=
X portsnap ${qjail_action_p}=0A=
X [ $? -eq 0 ] || exerr "Error: Portsnap fetch failed." \=0A=
X && echo "Portsnap fetch completed successfully"=0A=
X echo " " =0A=
X date=0A=
X echo " "=0A=
X qjail_action_p=3D"extract"=0A=
X =0A=
X [ -d "${qjail_basejail}/usr/ports" ] && qjail_action_p=3D"update"=0A=
X =0A=
X if [ "${qjail_action_p}" =3D "extract" ]; then=0A=
X echo "The ports are being extracted to basejail/usr/ports =
directory tree."=0A=
X echo "The elapse time for this to complete is estimated at 20 =
minutes"=0A=
X echo "for the initial extract."=0A=
X fi =0A=
X =0A=
X if [ "${qjail_action_p}" =3D "update" ]; then=0A=
X echo "The ports basejail/usr/ports directory tree is being =
updated."=0A=
X echo "The elapse time for this to complete is estimated at 1 =
minute"=0A=
X echo "to 10 minutes depending on how current your ports system =
is."=0A=
X fi =0A=
X echo " "=0A=
X portsnap -p "${qjail_basejail}/usr/ports" ${qjail_action_p} 1> =
/dev/null 2>&1=0A=
X [ $? -eq 0 ] || exerr "Error: Portsnap extract/update failed." \=0A=
X && echo "Portsnap ${qjail_action_p} completed =
successfully"=0A=
X fi =0A=
X =0A=
X # Run basejail system binaries update? =0A=
X if [ "${qjail_action_b}" ]; then=0A=
X =0A=
X # =0A=
X [ -d "${qjail_basejail}" ] || exerr "Error: basejail does not =
exist."=0A=
X =0A=
X [ "`sysctl -n kern.securelevel`" -gt 0 ] && exerr \=0A=
X "Error: The host is running in a secure level higher than 0.\n\=0A=
X Reboot the host into a lower secure level."=0A=
X =0A=
X # Check to see if any jails are running.=0A=
X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && =
qjail_list=3D`ls | xargs rcorder`=0A=
X for qjail in ${qjail_list}; do=0A=
X # Strip off the .norun suffix if present & read the jails =
property=0A=
X # record populating the environment variables with the jails =
values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X if [ "${qjail_id}" ]; then=0A=
X exerr "Error: All jails have to be stopped. This jail is =
running. ${qjail_name}"=0A=
X fi=0A=
X done=0A=
X # No jails running so ok to create basejail from source.=0A=
X =0A=
X qjail_b_dirlist=3D"bin boot lib libexec sbin usr/bin usr/include =
usr/lib "=0A=
X qjail_b_dirlist=3D"${qjail_b_dirlist}usr/libdata usr/libexec =
usr/sbin"=0A=
X =0A=
X # amd64 needs some extra libs=0A=
X case `uname -p` in amd64) qjail_b_dirlist=3D"${qjail_b_dirlist} =
usr/lib32";; esac=0A=
X =0A=
X echo " "=0A=
X cd "${qjail_basejail}"=0A=
X for dir in ${qjail_b_dirlist}; do=0A=
X rm -r ${dir} || \=0A=
X exerr "Error: Delete of basejail binaries for ${dir} failed." \=0A=
X && echo "Deletion of basejail binaries successful for ${dir}."=0A=
X done=0A=
X =0A=
X echo " " =0A=
X =0A=
X cd /=0A=
X for dir in ${qjail_b_dirlist}; do=0A=
X find ${dir} | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 || =
\=0A=
X exerr "Error: Copying host's binaries for ${dir} failed." \=0A=
X && echo "Copied host's binaries to basejail successfully for =
${dir}."=0A=
X done=0A=
X =0A=
X echo " " =0A=
X echo "Host to basejail binaries update completed successfully."=0A=
X =0A=
X fi =0A=
X =0A=
X ;;=0A=
X =0A=
X =0A=
X#####jjbin################### qjail INSTALL ########################=0A=
Xinstall)=0A=
X =0A=
X # Clean variables, prevent pollution.=0A=
X unset qjail_release qjail_installmanpages qjail_installports =0A=
X unset qjail_installsources qjail_dir qjail_reldir =0A=
X unset qjail_ftpserverqueried qjail_zone=0A=
X =0A=
X shift; while getopts mMsSh:r:z: arg; do case ${arg} in=0A=
X m) qjail_installmanpages=3D" manpages";;=0A=
X M) qjail_installmanpages=3D" manpages"; unset qjail_basesystem;;=0A=
X s) qjail_installsources=3D" src";;=0A=
X S) qjail_installsources=3D" src"; unset qjail_basesystem;;=0A=
X h) qjail_ftphost=3D${OPTARG};;=0A=
X r) qjail_release=3D${OPTARG};;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_install};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X # NO positional parameters allowed on this sub-command.=0A=
X [ $# -eq 0 ] || exerr ${qjail_usage_install}=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_safezone=3D`echo -n "${qjail_zone}" | tr -c '[:alnum:]' _`=0A=
X echo "This is the zone name used ${qjail_safezone}"=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_safezone}"=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_safezone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_safezone}"=0A=
X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A=
X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
X qjail_fulljail=3D"${qjail_jaildir}/fulljail"=0A=
X qjail_tempjail=3D"${qjail_jaildir}/tempjail"=0A=
X qjail_flavors_dir=3D"${qjail_jaildir}/flavors"=0A=
X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A=
X fi =0A=
X =0A=
X qjail_installarch=3D`uname -p`=0A=
X qjail_dir=3D${qjail_ftphost#file://}=0A=
X [ "${qjail_dir%%[!/]*}" ] || qjail_reldir=3D`pwd -P`=0A=
X =0A=
X [ "`sysctl -n kern.securelevel`" -gt 0 ] && \=0A=
X exerr "Error: The host is running in a secure level higher than 0.\n\=0A=
X Reboot the host into a lower secure level."=0A=
X =0A=
X # Check for basejail when not installing base jail.=0A=
X [ "${qjail_basesystem}" -o -d "${qjail_basejail}" ] || \=0A=
X exerr "Error: The basejail does not exist.\n\=0A=
X Coding -M or -S is invalid, use -m or -s instead."=0A=
X =0A=
X # Build correct path for the ftp server based on your cpu type and =
RELEASE=0A=
X # ftp servers normally wont provide non-RELEASE-builds=0A=
X =0A=
X if [ -z "${qjail_release}" -a "${qjail_dir}" =3D "${qjail_ftphost}" =
]; then=0A=
X qjail_release=3D`uname -r`=0A=
X case ${qjail_release} in *-STABLE) =
qjail_release=3D"${qjail_release%-STABLE}-RELEASE";; esac=0A=
X if [ "${qjail_release%-RELEASE}" =3D "${qjail_release}" ]; then=0A=
X echo -e "\nYour system is ${qjail_release}."=0A=
X echo -e "\nNormally FTP-servers don't provide non-RELEASE-builds."=0A=
X =0A=
X # Try to fetch the list of releases the server provides.=0A=
X echo -e "\nQuerying your ftp-server... "=0A=
X TIFS=3D${IFS}; IFS=3D=0A=
X for qjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot =
pub/FreeBSD releases snapshots NO; do=0A=
X if [ ${qjail_path} =3D "NO" ]; then=0A=
X echo " "=0A=
X exerr "Error: No distribution sources found at. =
${qjail_ftphost}"=0A=
X fi=0A=
X qjail_ftpresponse=3D`echo ls -1 | ftp =
"${qjail_ftphost}:${qjail_path}/${qjail_installarch}/" 2> /dev/null` 2> =
/dev/null=0A=
X if [ $? -eq 0 ]; then=0A=
X echo " "=0A=
X echo -e "The ftp server you specified =
(${qjail_ftphost})\nprovides the following RELEASE =
distributions:...Select one.\n\n${qjail_ftpresponse}"=0A=
X break=0A=
X fi=0A=
X done=0A=
X IFS=3D${TIFS}=0A=
X =0A=
X echo -n "Release [ ${qjail_release} ]: "=0A=
X read qjail_releasetmp=0A=
X [ "${qjail_releasetmp}" ] && qjail_release=3D${qjail_releasetmp}=0A=
X fi =0A=
X fi =0A=
X =0A=
X # New we have a Know FTP server path to the distribution sources.=0A=
X # Now the rest of the logic is fall through. =0A=
X # =0A=
X # If the tempjail or fulljail directories exist, then delete them.=0A=
X # The tempjail gets populated with RELEASE distribution files from the=0A=
X # FTP download. Then the RELEASE distribution install script is run=0A=
X # populating the fulljail with the system directory tree content.=0A=
X # This includes the -m manpages and -s sources options if coded at =0A=
X # the same time same as the base system is being created. Selected =
content=0A=
X # from the fulljail is populated into the basejail and the fulljail is=0A=
X # renamed to newjail. The newjail is the template from which all =
created=0A=
X # jails are populated from. =0A=
X # =0A=
X =0A=
X [ -d "${qjail_fulljail}" ] \=0A=
X && chflags -R noschg "${qjail_fulljail}" && rm -rf =
"${qjail_fulljail}"=0A=
X =0A=
X mkdir -p "${qjail_fulljail}" || exerr \=0A=
X "Error: Couldn't create fulljail directory."=0A=
X =0A=
X DESTDIR=3D${qjail_fulljail}=0A=
X =0A=
X # If the temporary directory named tempjail exists, then delete it.=0A=
X [ -d "${qjail_tempjail}" ] && rm -rf "${qjail_tempjail}" =0A=
X =0A=
X # Start loop to process the different RELEASE distributions. =0A=
X for pkg in ${qjail_basesystem} ${qjail_installmanpages} =
${qjail_installsources}; do=0A=
X =0A=
X # Do remote fetch of RELEASE source files populating tempjail with =
then=0A=
X # followed by installing them to fulljail directory tree. =0A=
X # =0A=
X =0A=
X if [ "${qjail_dir}" =3D "${qjail_ftphost}" ]; then=0A=
X # Create tempjail directory. Its used as the target=0A=
X # for the remote FTP download of RELEASE distribution files.=0A=
X #=0A=
X mkdir -p "${qjail_tempjail}" || exerr \=0A=
X "Error: Failed to create tempjail directory."=0A=
X cd "${qjail_tempjail}" || exerr \=0A=
X "Error: Could not cd to ${qjail_tempjail}."=0A=
X # Try all paths as stolen from sysinstall, break on success.=0A=
X =0A=
X for qjail_path in pub/FreeBSD/releases pub/FreeBSD/snapshot =
pub/FreeBSD releases snapshots NO; do=0A=
X if [ "${qjail_path}" =3D "NO" ]; then=0A=
X exerr "\nCould not fetch ${pkg} from ${qjail_ftphost}.\n\=0A=
XMaybe your release (${qjail_release}) is specified incorrectly or\n\=0A=
Xthe host ${qjail_ftphost} does not provide that release build.\n\=0A=
XUse the -r option to specify an existing release or the -h option to\n\=0A=
Xspecify an alternative ftp server." =0A=
X fi=0A=
X =
qjail_path=3D"${qjail_path}/${qjail_installarch}/${qjail_release}"=0A=
X ftp "${qjail_ftphost}:${qjail_path}/${pkg}/*" && break=0A=
X done=0A=
X # =0A=
X # By this point the tempjail directory has successfully been =
populated=0A=
X # with the FTP downloaded source files. The following code =
executes the=0A=
X # RELEASE install script, which populated the fulljail directory =
with=0A=
X # a full running system directory tree.=0A=
X # =0A=
X # =0A=
X # These sources want $1 to contain the set=0A=
X # of sources to install, base asks the user if he is sure, hence =
the=0A=
X # yes and the set -- all=0A=
X =0A=
X if [ "${pkg}" =3D "base" ]; then =0A=
X echo -e "\nThe base RELEASE distribution files are populating =
the tempjail."=0A=
X fi =0A=
X =0A=
X if [ "${pkg}" =3D "src" ]; then=0A=
X mkdir -p "${qjail_fulljail}/usr/src"=0A=
X echo -e "\nThe source RELEASE distribution files are =
populating the tempjail."=0A=
X fi =0A=
X =0A=
X if [ "${pkg}" =3D "manpages" ]; then=0A=
X echo -e "\nThe manpages RELEASE distribution files are =
populating the tempjail."=0A=
X fi =0A=
X =0A=
X set -- all=0A=
X [ -f install.sh ] && yes | . install.sh 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || exerr "Error: RELEASE distribution install script =
for ${pkg} failed."=0A=
X =0A=
X rm -rf "${qjail_tempjail}"=0A=
X =0A=
X else =0A=
X =0A=
X # Process the -h file:\\ option=0A=
X # The RELEASE files from the mounted disc1 RELEASE cdrom or =0A=
X # from a mounted disc1.iso RELEASE file may be used as the source=0A=
X # of the FreeBSD system binaries used to populate the =0A=
X # /usr/jails/fulljail directory.=0A=
X # =0A=
X cd "${qjail_reldir}/${qjail_dir}/${pkg}" || exerr \=0A=
X "Error: Couldn't cd to ${qjail_reldir}/${qjail_dir}/${pkg}."=0A=
X =0A=
X if [ "${pkg}" =3D "base" ]; then=0A=
X echo -e "\nThe base RELEASE distribution files are populating =
the tempjail."=0A=
X fi =0A=
X =0A=
X if [ "${pkg}" =3D "src" ]; then=0A=
X mkdir -p "${qjail_fulljail}/usr/src"=0A=
X echo -e "\nThe source RELEASE distribution files are =
populating the tempjail."=0A=
X fi =0A=
X =0A=
X if [ "${pkg}" =3D "manpages" ]; then=0A=
X echo -e "\nThe manpages RELEASE distribution files are =
populating the tempjail."=0A=
X fi =0A=
X =0A=
X set -- all=0A=
X [ -f install.sh ] && yes | . install.sh 1> /dev/null 2>&1=0A=
X [ $? -eq 0 ] || exerr "Error: RELEASE distribution install script =
for ${pkg} failed."=0A=
X =0A=
X fi =0A=
X done =0A=
X =0A=
X # End of the fulljail RELEASE install population process.=0A=
X =0A=
X # If installing the complete qjail system,=0A=
X # then selectively populate the basejail & newjail from the =0A=
X # just created fulljail.=0A=
X # =0A=
X =0A=
X if [ "${qjail_basesystem}" ]; then=0A=
X =0A=
X # Verify that fulljail exists.=0A=
X cd "${qjail_fulljail}" || exerr \=0A=
X "Error: Couldn't cd into fulljail directory."=0A=
X =0A=
X # basejail directory does not exist yet. The following code =
allocates the=0A=
X # basejail directory with /usr all at one time.=0A=
X # =0A=
X mkdir -p "${qjail_basejail}/usr"=0A=
X =0A=
X echo -e " "=0A=
X echo -e "Basejail & newjail are being populated."=0A=
X echo -e "Est LT 1 minute elapse time for this to complete."=0A=
X =0A=
X # Using the dirlist the desired directories are copied to the=0A=
X # basejail directory tree and deleted from the fulljail directory =
tree.=0A=
X # Then the remaining contents of the fulljail constitutes the =
newjail.=0A=
X # fulljail gets renamed to newjail.=0A=
X # =0A=
X for dir in ${qjail_dirlist}; do=0A=
X find ${dir} | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 || =
\=0A=
X exerr "Error: Installation of ${dir} failed." \=0A=
X && chflags -R noschg ${dir}; rm -r ${dir}; ln -s =
/basejail/${dir} ${dir}=0A=
X done =0A=
X =0A=
X # If newjail happens to exist then delete it.=0A=
X [ -d "${qjail_newjail}" ] && rm -rf "${qjail_newjail}"=0A=
X mv "${qjail_fulljail}" "${qjail_newjail}"=0A=
X rm -rf "${qjail_newjail}"/rescue=0A=
X mkdir "${qjail_newjail}"/basejail=0A=
X chflags -R noschg "${qjail_newjail}"=0A=
X =0A=
X # Populate default flavor from qjail release example.=0A=
X # If the default flavor named default has not yet been copied, do =
it now.=0A=
X [ -d "${qjail_flavors_dir}" ] || mkdir -p "${qjail_flavors_dir}"\=0A=
X && cp -p -R "${qjail_examples}/default" "${qjail_flavors_dir}"=0A=
X =0A=
X # If the default archive directory is not allocated yet, do it now.=0A=
X [ -d "${qjail_jaildir}/archive" ] || mkdir -p "${qjail_archivedir}"=0A=
X =0A=
X # qjail has 2 property directories, The jailprops_global one has a=0A=
X # duplicate copy of every jail's property record from all zones.=0A=
X # This directory is used by the /usr/local/etc/rc.d/qjail2=0A=
X # script when called at boot time to start all the qjail jails, =0A=
X # and when called by this script to start, stop, and restart =0A=
X # qjail zone jails.=0A=
X #=0A=
X # The jailprops directories are suffixed with the zone and are only =
used=0A=
X # in this script to segregate the jail's property records by zone. =
=0A=
X #=0A=
X # If the global properties directory is not allocated yet, do it =
now.=0A=
X [ -d "${qjail_jailprops_global}" ] || mkdir -p =
"${qjail_jailprops_global}"=0A=
X =0A=
X # If the properties directory is not allocated yet, do it now.=0A=
X [ -d "${qjail_jailprops}" ] || mkdir -p "${qjail_jailprops}"=0A=
X =0A=
X # Link to /basejail/usr/ports=0A=
X [ -e "${qjail_newjail}/usr/ports" ] || \=0A=
X ln -s /basejail/usr/ports "${qjail_newjail}/usr/ports"=0A=
X =0A=
X # Populate the default flavor named "default" with files from the =
host=0A=
X # necessary for a network accessible jail.=0A=
X =
qjail_default_flavor=3D"${qjail_jaildir}/flavors/${qjail_default_flavor}"=0A=
X mkdir -p "${qjail_default_flavor}/root/"=0A=
X =0A=
X cp "${qjail_newjail}/root/.cshrc" "${qjail_default_flavor}/root/"=0A=
X echo 'set prompt =3D "`/bin/hostname -s` %/ >"' >> \=0A=
X "${qjail_default_flavor}/root/.cshrc"=0A=
X =0A=
X echo "Welcome to your FreeBSD jail" > =
"${qjail_default_flavor}/etc/motd"=0A=
X cp /etc/localtime "${qjail_default_flavor}/etc/"=0A=
X cp /etc/resolv.conf "${qjail_default_flavor}/etc/"=0A=
X =0A=
X # The ugly perl hack[tm]. This is in the qjail config file.=0A=
X [ "${qjail_uglyperlhack}" -a ! -L "${qjail_basejail}/usr/bin/perl" =
] && \=0A=
X ln -s /usr/local/bin/perl "${qjail_basejail}/usr/bin/perl"=0A=
X =0A=
X # Replace the FBSD jail script with my version that has the bugs =
fixed.=0A=
X # The bugs deal with how the strat/stop jail msgs are displayed.=0A=
X # Had to install fixed version this way because not allowed in port =
to=0A=
X # replace FBSD system modules. New jail script comming out in 9.0 =
maybe.=0A=
X cp /usr/local/etc/rc.d/jail2 /etc/rc.d/jail=0A=
X =0A=
X echo "Successfully installed qjail system."=0A=
X =0A=
X fi =0A=
X =0A=
X # Install system sources on existing basejail option -S=0A=
X if [ "${qjail_installsources}" -a ! "${qjail_basesystem}" ]; then=0A=
X cd "${qjail_fulljail}" || exerr \=0A=
X "Error: Couldn't cd into the fulljail directory."=0A=
X echo "Starting to populate basejail with the source."=0A=
X echo "Relax, take a break, this is going that 10 plus minutes."=0A=
X find usr/src | cpio -d -p "${qjail_basejail}" 1> /dev/null 2>&1 \=0A=
X || exerr "Error: Installation of sources failed."=0A=
X cd ${qjail_jaildir}=0A=
X rm -r "${qjail_fulljail}"=0A=
X echo "Successfully installed the sources"=0A=
X =0A=
X fi =0A=
X =0A=
X # Install system manpages on existing basejail option -M=0A=
X if [ "${qjail_installmanpages}" -a ! "${qjail_basesystem}" ]; then=0A=
X cd "${qjail_fulljail}" || exerr \=0A=
X "Error: Couldn't cd into the fulljail directory."=0A=
X find usr/share/man | cpio -d -p "${qjail_basejail}" 1> /dev/null =
2>&1 \=0A=
X || exerr "Error: Installing manpages failed."=0A=
X cd ${qjail_jaildir}=0A=
X rm -r "${qjail_fulljail}"=0A=
X echo "Successfully installed the manpages"=0A=
X fi =0A=
X =0A=
X ;; =0A=
X =0A=
X =0A=
X######jjbs######### qjail START / STOP / RESTART =
########################=0A=
X*start|*stop|*restart)=0A=
X=0A=
X # Clean variables, prevent pollution=0A=
X unset qjail_cmdlist qjail qjail_list qjail_zone=0A=
X =0A=
X # Action is first variable in command list.=0A=
X # Can only be start, stop, restart=0A=
X # force the use of one prefix all the time=0A=
X qjail_action=3D"one"=0A=
X=0A=
X # Append the i/p command from the i/p command line=0A=
X qjail_action=3D"${qjail_action}$1"=0A=
X =0A=
X shift; while getopts z: arg; do case ${arg} in=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_console};;=0A=
X esac; done; shift $(( $OPTIND - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X fi=0A=
X=0A=
X # Save the command line list of jailnames if any=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Perform the group-prefixing function. =0A=
X group-prefixing ${qjail_cmdlist}=0A=
X =0A=
X # Beginning here the start/stop/restart processing starts=0A=
X =0A=
X [ -x "${qjail_prefix}/etc/rc.d/qjail2" ] || \=0A=
X exerr "Error: Couldn't find ${qjail_prefix}/etc/rc.d/qjail2\n\=0A=
X or its not marked as executable."=0A=
X =0A=
X # Process the qjail_list built by group-prefixing =0A=
X for qjail in ${qjail_list}; do=0A=
X =0A=
X # drop all "norun" jails in list.=0A=
X # =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X =0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A=
X echo "Bypassed norun status ${qjail_jailname}"=0A=
X continue=0A=
X fi =0A=
X =0A=
X =0A=
X # if jail is running and trying to start it, skip it.=0A=
X if [ "${qjail_id}" -a "${qjail_action}" =3D "onestart" ]; then=0A=
X echo "Already running. ${qjail_jailname}"=0A=
X continue=0A=
X fi=0A=
X =0A=
X # if jail is not running and trying to stop it, skip it.=0A=
X if [ -z "${qjail_id}" -a "${qjail_action}" =3D "onestop" ]; then=0A=
X echo "Already stopped. ${qjail_jailname}"=0A=
X continue=0A=
X fi=0A=
X =0A=
X [ -x "${qjail_prefix}/etc/rc.d/qjail2" ] && \=0A=
X (exec "${qjail_prefix}/etc/rc.d/qjail2" ${qjail_action} \=0A=
X ${qjail_jailname})=0A=
X [ $? -eq 0 ] || exerr "Error: ${qjail_prefix}/etc/rc.d/qjail2 =
failed."=0A=
X done =0A=
X ;; =0A=
X =0A=
X =0A=
X###########jjbc############# qjail CONSOLE ########################=0A=
Xconsole)=0A=
X =0A=
X # Clean variables, prevent pollution=0A=
X unset qjail_execute_override =0A=
X =0A=
X shift; while getopts e:z: arg; do case ${arg} in=0A=
X e) qjail_execute_override=3D${OPTARG};;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_console};;=0A=
X esac; done; shift $(( $OPTIND - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X fi=0A=
X =0A=
X qjail=3D$1=0A=
X =0A=
X # Need name of jail to open console for =0A=
X [ "${qjail}" ] || exerr ${qjail_usage_console}=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X # check for existence of jail in our records=0A=
X [ "${qjail_config}" ] || exerr \=0A=
X "Error: Nothing known about this jail. ${qjail_name}"=0A=
X =0A=
X # if jail is not running, terminate.=0A=
X [ "${qjail_id}" ] || exerr \=0A=
X "Error: Jail not running. ${qjail_name}"=0A=
X =0A=
X # Start console using override login user name=0A=
X [ "${qjail_execute_override}" ] && \=0A=
X exec jexec ${qjail_id} ${qjail_execute_override} =0A=
X =0A=
X # Start console using default root login.=0A=
X [ "${qjail_execute_override}" ] || \=0A=
X exec jexec ${qjail_id} ${qjail_default_execute}=0A=
X =0A=
X ;; =0A=
X =0A=
X =0A=
X##jjba###################### qjail ARCHIVE ########################=0A=
Xarchive)=0A=
X =0A=
X # Clean variables, prevent pollution=0A=
X unset qjail_archive qjail_archive_tag qjail_addfiles =
qjail_running_jails =0A=
X unset qjail_archivealljails qjail_archive_from qjail_archive_to=0A=
X =0A=
X shift; while getopts Az: arg; do case ${arg} in=0A=
X A) qjail_archivealljails=3D"YES";;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_archive};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A=
X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A=
X fi =0A=
X =0A=
X# Specifying no jailsnames is only acceptable if archiving all jails=0A=
X [ $# -lt 1 -a -z "${qjail_archivealljails}" ] && \=0A=
X exerr ${qjail_usage_archive}=0A=
X =0A=
X # -A flag to archive all the jails can not have jailnames on it =0A=
X [ $# -gt 0 -a "${qjail_archivealljails}" ] && \=0A=
X exerr "Syntax Error: Must not specify jailnames on archive -A."=0A=
X =0A=
X =0A=
X################ Special routine to archive basejail =0A=
X#=0A=
X# Create a simple tar archive of the basejail=0A=
X =0A=
X if [ "$1" =3D "basejail" -o "$1" =3D "newjail" ]; then=0A=
X qjail_archive_from=3D$1=0A=
X qjail_archive_to=3D$1=0A=
X =0A=
X # Check to see if any jails are running=0A=
X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && =
qjail_list=3D`ls | xargs rcorder`=0A=
X for qjail in ${qjail_list}; do=0A=
X # Strip off the .norun suffix if present & read the jails =
property=0A=
X # record populating the environment variables with the jails =
values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "This jail is running. ${qjail_jailname}"=0A=
X qjail_running_jails=3D"YES" =0A=
X continue=0A=
X fi=0A=
X done=0A=
X =0A=
X [ ${qjail_running_jails} ] && \=0A=
X exerr "Error: All jails have to be stopped to archive $1."=0A=
X =0A=
X # No jails running so ok to archive basejail or newjail.=0A=
X =0A=
X # Append archive date and time to jailname as archive =
identification.=0A=
X qjail_archive_to=3D"${qjail_archive_to}-`date +%Y%m%d%H%M.%S`"=0A=
X qjail_archive_to=3D"${qjail_archive_to}.tar.gz"=0A=
X qjail_archive=3D"${qjail_archive_to}"=0A=
X =0A=
X # Prepend archive directory to archive file name.=0A=
X qjail_archive_from=3D${qjail_jaildir}/${qjail_archive_from}=0A=
X qjail_archive_to=3D${qjail_archivedir}/${qjail_archive_to}=0A=
X =0A=
X =0A=
X if [ "$1" =3D "basejail" ]; then=0A=
X echo "Tar has started archiving basejail."=0A=
X echo "Est LT 1 minute elapse time for basejail minimum system =
install."=0A=
X echo "basejail with sources and manpages and full ports system =
may"=0A=
X echo "take up to 7 minutes."=0A=
X tar czPf $qjail_archive_to $qjail_archive_from || \=0A=
X exerr "Error: Archive of basejail had RC gt zero" \=0A=
X && echo "Successfully archived basejail"=0A=
X =0A=
X fi=0A=
X =0A=
X if [ "$1" =3D "newjail" ]; then=0A=
X echo "Tar has started archiving newjail."=0A=
X echo "Est LT 1 minute elapse time for newjail."=0A=
X tar czPf $qjail_archive_to $qjail_archive_from || \=0A=
X exerr "Error: Archive of newjail had RC gt zero" \=0A=
X && echo "Successfully archived newjail"=0A=
X fi=0A=
X=0A=
X else=0A=
X =0A=
X######## Archive ALL and Archive jailnames are handled here =
############=0A=
X =0A=
X # Save the command line list of jailnames if any=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Perform the group-prefixing function.=0A=
X group-prefixing ${qjail_cmdlist}=0A=
X =0A=
X # Process the qjail_list built by group-prefixing=0A=
X for qjail in ${qjail_list}; do=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X # If jail is still running, bypass archiving it=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "Bypassed running jail ${qjail_jailname}" =0A=
X continue=0A=
X fi =0A=
X =0A=
X # Append archive date and time to jailname as archive =
identification.=0A=
X qjail_archive_tag=3D"${qjail_safename}-`date +%Y%m%d%H%M.%S`"=0A=
X =0A=
X # Add correct file type suffix to new archive file name=0A=
X [ "${qjail_archive}" ] || =
qjail_archive=3D"${qjail_archive_tag}.tar.gz"=0A=
X =0A=
X # Restore by default only re-installs jails on the same pc/system =
as the=0A=
X # archive file was created on. To accomplish this. This archive =
routine=0A=
X # conceals the hostname, cpu type, and RELEASE version as a file =
name=0A=
X # in the archive. =0A=
X # =0A=
X # The jails property record is also concealed as a file =0A=
X # in the archive file. =0A=
X =0A=
X qjail_hostsystem_name=3D$( echo -n `uname -n` | tr -c '[:alnum:].' =
_ )=0A=
X qjail_hostsystem_version=3D$( echo -n `uname -r` | tr -c =
'[:alnum:].' _ )=0A=
X qjail_hostsystem_cpu=3D$( echo -n `uname -p` | tr -c '[:alnum:].' _ =
)=0A=
X =0A=
X =
qjail_archive_tag=3D"${qjail_archive_tag}-${qjail_hostsystem_name}-${qjai=
l_hostsystem_version}-${qjail_hostsystem_cpu}"=0A=
X =0A=
X # Prepend archive directory to archive file name.=0A=
X qjail_archive=3D${qjail_archivedir}/${qjail_archive}=0A=
X =0A=
X # For stdout don't specify anything=0A=
X [ "${qjail_archive}" =3D "-" ] && unset qjail_archive_opt || \=0A=
X qjail_archive_opt=3D"-f ${qjail_archive}"=0A=
X =0A=
X # Obtain the fstab record for jailname to be inserted into the =
archive file=0A=
X [ -f "${qjail_fstab}.${qjail_safename}" ] && \=0A=
X qjail_addfiles=3D"${qjail_fstab}.${qjail_safename}"=0A=
X =0A=
X # The pax command is really creating the tar archive file and =0A=
X # concealing the property record as the first file of the archive.=0A=
X # The property record is named like this....=0A=
X # prop.qjail-Jailname-201006021741.41-hostname-8.0_RELEASE-i386=0A=
X # Inside this record is a copy of the archived jail's =0A=
X # /usr/local/etc/qjail/jailname data.=0A=
X # After the archive file has been created you can list the archive =
files=0A=
X # tar -tf org1-201006011803.26.tar.gz > org1.tarlist and then look =
at it,=0A=
X # or do a manual restore tar -xf org1-201006011803.26.tar.gz =0A=
X # using your full archive file name instead of the one shown here.=0A=
X =0A=
X cd "${qjail_rootdir}" || exerr "Error: Couldn't cd to =
${qjail_root}."=0A=
X pax -wzXt -x cpio ${qjail_archive_opt} \=0A=
X =
-s:"^[^\\.].*/${qjail_safename}\$":prop.qjail-${qjail_archive_tag}: \=0A=
X =
-s:"^[^\\.].*/${qjail_safename}.norun\$":prop.qjail-${qjail_archive_tag}-=
.norun: \=0A=
X -s:"etc/fstab.${qjail_safename}\$":fstab.qjail: \=0A=
X -s:"^\\.":qjail: \=0A=
X "${qjail_config}" ${qjail_addfiles} .=0A=
X =0A=
X qjail_paxresult=3D$?=0A=
X =0A=
X # An error on a jail not running is bad=0A=
X [ ${qjail_paxresult} -eq 0 ] || exerr \=0A=
X "Warning: Archiving jail ${qjail_name} was not successful."=0A=
X =0A=
X echo "Successfully archived ${qjail_jailname}"=0A=
X =0A=
X unset qjail_archive qjail_addfiles qjail_archive_opt =
qjail_archive_tag=0A=
X =0A=
X done =0A=
X fi =0A=
X ;; =0A=
X =0A=
X =0A=
X##jjbr##################### qjail RESTORE ########################=0A=
Xrestore)=0A=
X =0A=
X # Clean variables, prevent pollution=0A=
X unset qjail_safename qjail_forcerestore qjail_flavor=0A=
X =0A=
X # forcerestore means when basejail release version is different then=0A=
X # the release version of the jailname being restored.=0A=
X =0A=
X shift; while getopts fz: arg; do case ${arg} in=0A=
X f) qjail_forcerestore=3D"YES";;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_restore};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X qjail_newjail=3D"${qjail_jaildir}/newjail"=0A=
X qjail_basejail=3D"${qjail_jaildir}/basejail"=0A=
X qjail_archivedir=3D"${qjail_jaildir}/archive"=0A=
X fi=0A=
X =0A=
X [ $# -eq 0 ] && exerr ${qjail_usage_restore}=0A=
X =0A=
X # Check for group prefix=0A=
X qjail_group=3D$1=0A=
X qjail_jailname=3D$1=0A=
X =0A=
X # Remove the =3D sign from the i/p value which designates this=0A=
X # as a group prefix if its there=0A=
X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A=
X =0A=
X # Determine if this is a prefix request=0A=
X [ "${qjail_jailname}" !=3D "${qjail_group}" ] && \=0A=
X exerr "Error: Group prefix equal sign is invalid in restore =
processing\n\=0A=
X Code multiple jailnames on the restore command."=0A=
X =0A=
X =0A=
X################ Special routine to restore basejail=0A=
X =0A=
X qjail_fromarchive=3D$1=0A=
X =0A=
X # i/p value may be full file name=0A=
X # Strip off the everything to the right of the jailname=0A=
X # IE: the -date time suffix=0A=
X qjail_safenamet=3D`echo -n "${qjail_fromarchive}" | sed 's/-.*$//'`=0A=
X =0A=
X if [ "${qjail_safenamet}" =3D "basejail" -o "${qjail_safenamet}" =3D =
"newjail" ]; then=0A=
X if [ "${qjail_safenamet}" =3D "basejail" ]; then=0A=
X =0A=
X # Check to see if any jails are running=0A=
X [ -d "${qjail_jailprops}/" ] && cd "${qjail_jailprops}/" && =
qjail_list=3D`ls | xargs rcorder`=0A=
X for qjail in ${qjail_list}; do=0A=
X # Strip off the .norun suffix if present & read the jails =
property=0A=
X # record populating the environment variables with the jails =
values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "This jail is running. ${qjail_jailname}"=0A=
X qjail_running_jails=3D"YES"=0A=
X continue=0A=
X fi=0A=
X done=0A=
X =0A=
X [ ${qjail_running_jails} ] && \=0A=
X exerr "Error: All jails have to be stopped to restore =
basejail"=0A=
X =0A=
X # No jails running so ok to restore basejail=0A=
X =0A=
X # Verify basejail exists.=0A=
X [ -d "${qjail_basejail}" ] || exerr \=0A=
X "Error: basejail does not exist.\n\=0A=
X Run install command first."=0A=
X fi=0A=
X =0A=
X # This is common for both basejail and newjail. =0A=
X # Go hunt for the most current basejail archive file =0A=
X unset qjail_safename qjail_nameprop=0A=
X =0A=
X # This "search the archive" code is copied from below where=0A=
X # the normal restore logic is located. See that code for=0A=
X # comments describing how this works.=0A=
X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A=
X qjail_safename=3D`echo -n "${qjail_fromarchive}" | sed 's/-.*$//'`=0A=
X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A=
X else =0A=
X qjail_safename=3D`echo -n "${qjail_fromarchive}" | tr -c =
'[:alnum:]' _`=0A=
X unset qjail_fromarchive=0A=
X for qjail_archive in "${qjail_archivedir}/${qjail_safename}"*; do=0A=
X qjail_fromarchive=3D${qjail_archive}=0A=
X done =0A=
X [ -f "${qjail_fromarchive}" ] || \=0A=
X exerr "No archive found for ${qjail_safename}"=0A=
X fi=0A=
X =0A=
X if [ "${qjail_safenamet}" =3D "basejail" ]; then=0A=
X # If previous saved old basejail exists, remove it.=0A=
X [ -d "${qjail_jaildir}"/previous.basejail ] && \=0A=
X echo "Deleting the previous.basejail directory tree, this may =
take a few minutes.";=0A=
X rm -rf "${qjail_jaildir}"/previous.basejail =0A=
X =0A=
X # Save current basejail by renaming it previous.basejail.=0A=
X mv "${qjail_basejail}" "${qjail_jaildir}"/previous.basejail || \=0A=
X exerr "Error: Rename "${qjail_basejail}" to =
"${qjail_jaildir}"/previous.basejail failed."=0A=
X =0A=
X echo "Tar has started restoring basejail."=0A=
X echo "Est LT 1 minute elapse time for basejail minimum system =
install."=0A=
X echo "basejail with sources and manpages and full ports system =
may"=0A=
X echo "take up to 7 minutes."=0A=
X =0A=
X cd / =0A=
X tar xPf ${qjail_fromarchive} || \=0A=
X exerr "Error: Restore of basejail had RC gt zero." \=0A=
X && echo "Successfully restored basejail."=0A=
X fi =0A=
X =0A=
X if [ "${qjail_safenamet}" =3D "newjail" ]; then=0A=
X # If previous saved old newjail exists, remove it.=0A=
X [ -d "${qjail_jaildir}"/previous.newjail ] && \=0A=
X rm -rf "${qjail_jaildir}"/previous.newjail=0A=
X =0A=
X # Save current basejail by renaming it previous.basejail.=0A=
X mv "${qjail_newjail}" "${qjail_jaildir}"/previous.newjail || \=0A=
X exerr "Error: Rename "${qjail_newjail}" to =
"${qjail_jaildir}"/previous.newjail failed."=0A=
X =0A=
X echo "Tar has started restoring newjail."=0A=
X echo "Est LT 1 minute elapse time for newjail restore."=0A=
X =0A=
X cd /=0A=
X tar xPf ${qjail_fromarchive} || \=0A=
X exerr "Error: Restore of newjail had RC gt zero." \=0A=
X && echo "Successfully restored newjail."=0A=
X fi =0A=
X =0A=
X else =0A=
X =0A=
X # This is start of normal restore jailname logic.=0A=
X =0A=
X # Save the command line list of jailnames=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Process the command line list =0A=
X for qjail_fromarchive in ${qjail_cmdlist}; do=0A=
X =0A=
X unset qjail_safename qjail_nameprop qjail_nameprop_norun=0A=
X =0A=
X # The fromarchive value can be the complete archive file name, =0A=
X # IE: jailname plus the date and time the archive was made, =0A=
X # or just the jailname.=0A=
X # jailname only will select the most current archive for that =
jailname.=0A=
X # Using the full archive file name is how an older archive of =
many for the =0A=
X # jailname is selected.=0A=
X =0A=
X # At this point we don't know if the input value is just jailname =
or the=0A=
X # full archive file name and if it's correct.=0A=
X =0A=
X if [ -r "${qjail_archivedir}/${qjail_fromarchive}" ]; then=0A=
X # i/p value is full file name and its found=0A=
X # Strip off the everything to the right of the jailname=0A=
X # IE: the -date time suffix =0A=
X qjail_safename=3D`echo -n "${qjail_fromarchive}" | sed =
's/-.*$//'`=0A=
X qjail_fromarchive=3D"${qjail_archivedir}/${qjail_fromarchive}"=0A=
X else =0A=
X # Use jailname to locate most current archive=0A=
X # Convert all - or . in jailname to _ =0A=
X qjail_safename=3D`echo -n "${qjail_fromarchive}" | tr -c =
'[:alnum:]' _`=0A=
X unset qjail_fromarchive=0A=
X =0A=
X # Roll through the archive directory looking for the last =
occurrence=0A=
X # to match the jailname being the most current archive. =0A=
X # IE: Most current archive for the jallname has higher number =
date =0A=
X # so physically follows the older dated archive files in the =0A=
X # archive directory. =0A=
X # =0A=
X for qjail_archive in "${qjail_archivedir}/${qjail_safename}"*; =
do=0A=
X qjail_fromarchive=3D${qjail_archive} =0A=
X done=0A=
X =0A=
X [ -f "${qjail_fromarchive}" ] || \=0A=
X exerr "Error: No archive found for ${qjail_safename}"=0A=
X =0A=
X # Strip off the everything to the right of the jailname=0A=
X # IE: the -date time suffix=0A=
X qjail_archive=3D`echo -n "${qjail_fromarchive}" | sed =
's/-.*$//'`=0A=
X # Strip off the path from in front of the file name=0A=
X qjail_archive=3D${qjail_archive##*/}=0A=
X =0A=
X [ "${qjail_safename}" =3D "${qjail_archive}" ] || \=0A=
X exerr "Error: Found archive name ${qjail_archive}\n\=0A=
X it does not match requested archive ${qjail_safename}\n\=0A=
X Use the full archive file name you want restored."=0A=
X =0A=
X fi =0A=
X =0A=
X # Check if jailname is used already=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A=
X [ -e "${qjail_config}" -o -e "${qjail_config}.norun" ] && \=0A=
X exerr "Error: Jail exists. ${qjail_safename}" =0A=
X =0A=
X # Check out some content from archive. In order to reduce=0A=
X # security implication this may have, check owner and permission.=0A=
X # =0A=
X [ `stat -f %u "${qjail_fromarchive}"` -eq 0 ] || \=0A=
X exerr "Error: Insecure ownership of archive =
${qjail_fromarchive}.\n\=0A=
X Check the file and chown it to root if you trust its source."=0A=
X =0A=
X [ $(( `stat -f %OLp "${qjail_fromarchive}"` & 0022 )) -eq 0 ] || \=0A=
X exerr "Error: Insecure permissions for archive =
${qjail_fromarchive}.\n\=0A=
X Check the file and fix permission (chmod og-w) if you trust its =
source."=0A=
X =0A=
X # Get the property record file name from the archive file.=0A=
X qjail_nameprop=3D`pax -zn -f ${qjail_fromarchive} prop.qjail-\*`=0A=
X [ $? -eq 0 -a "${qjail_nameprop}" ] || exerr \=0A=
X "Error: This File is not an qjail archive. ${qjail_fromarchive}"=0A=
X =0A=
X # Figure out, what jail and jail environment the archive contains.=0A=
X TIFS=3D${IFS}; IFS=3D-; set - ${qjail_nameprop}=0A=
X qjail_nameprop_safename=3D$2 qjail_nameprop_hsname=3D$4 \=0A=
X qjail_nameprop_hsversion=3D$5 qjail_nameprop_hscpu=3D$6 \=0A=
X qjail_nameprop_norun=3D$7=0A=
X IFS=3D${TIFS}=0A=
X =0A=
X =0A=
X # Figure out current system environment=0A=
X qjail_hsname=3D$( echo -n `uname -n` | tr -c '[:alnum:].' _ )=0A=
X qjail_hsversion=3D$( echo -n `uname -r` | tr -c '[:alnum:].' _ )=0A=
X qjail_hscpu=3D$( echo -n `uname -p` | tr -c '[:alnum:].' _ )=0A=
X =0A=
X # Check that the archive was made on same environment as =
restoring on.=0A=
X # =0A=
X [ "${qjail_safename}" -a "${qjail_safename}" !=3D =
"${qjail_nameprop_safename}" ] && \=0A=
X exerr "Error: Archive name ${qjail_fromarchive}\n\=0A=
X does not match archived jail ${qjail_nameprop_safename}."=0A=
X =0A=
X [ "${qjail_hsname}" !=3D "${qjail_nameprop_hsname}" \=0A=
X -a -z "${qjail_forcerestore}" ] && \=0A=
X exerr "Error: Archive was created on different host named =
${qjail_nameprop_hsname}.\n\=0A=
X Use restore -f ${qjail_fromarchive} to force the restore."=0A=
X =0A=
X [ "${qjail_hscpu}" !=3D "${qjail_nameprop_hscpu}" -a -z =
"${qjail_forcerestore}" ] && \=0A=
X exerr "Error: Archive was created on a different CPU.\n\=0A=
X Use restore -f ${qjail_fromarchive} to force the restore."=0A=
X =0A=
X # Save config to tempfile and source it=0A=
X qjail_config=3D`mktemp /tmp/qjail.prop.XXXXXXXX`=0A=
X [ $? -ne 0 ] && exerr "Error: Couldn't create temporary config =
file."=0A=
X =0A=
X # Get the property data from the archive file.=0A=
X pax -rzn -s:${qjail_nameprop}:${qjail_config}: -f =
${qjail_fromarchive} ${qjail_nameprop}=0A=
X =0A=
X fetch-property-info ${qjail_safename} ${qjail_config}=0A=
X =0A=
X =0A=
X # Check that all the variables have values.=0A=
X [ "${qjail_rootdir}" -a "${qjail_ips}" -a "${qjail_jailname}" ] =
|| \=0A=
X exerr "Error: Archive does not contain a valid qjail properties =
file.\n\=0A=
X Some jails properties are missing."=0A=
X =0A=
X # Prep the variables.=0A=
X qjail_fromarchive_config=3D${qjail_config}=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A=
X qjail_archive_opt=3D"-f ${qjail_fromarchive}"=0A=
X =0A=
X # Restore the archive file=0A=
X mkdir -p "${qjail_rootdir}" && cd "${qjail_rootdir}" && \=0A=
X pax -rz -pe ${qjail_archive_opt} -s:^qjail:.: qjail/*=0A=
X [ $? -eq 0 ] || \=0A=
X exerr "Error: Couldn't extract archive from =
${qjail_fromarchive}."=0A=
X =0A=
X # Create the jails fstab file.=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_safename}"=0A=
X if [ "${qjail_imagetype}" ]; then=0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X echo -n > "${qjail_fstab}"=0A=
X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X else =0A=
X echo -n > "${qjail_fstab}"=0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X fi =0A=
X =0A=
X # Create the restored jails properties file and tag it with =
"norun",=0A=
X # if that is what the archive file says it was at archive time.=0A=
X =0A=
X if [ "${qjail_nameprop_norun}" =3D ".norun" ]; then=0A=
X write-property-info "${qjail_config}${qjail_nameprop_norun}" =
"${qjail_fromarchive_config}"=0A=
X else =0A=
X write-property-info "${qjail_config}" =
"${qjail_fromarchive_config}"=0A=
X fi =0A=
X =0A=
X =0A=
X # Remove the /tmp work file created above.=0A=
X rm -f "${qjail_fromarchive_config}"=0A=
X =0A=
X echo "Successfully restored ${qjail_jailname}"=0A=
X =0A=
X done =0A=
X fi =0A=
X ;; =0A=
X =0A=
X =0A=
X##jjbf###################### qjail CONFIG ########################=0A=
Xconfig)=0A=
X =0A=
X # Clean variables, prevent pollution=0A=
X unset qjail_setrunnable qjail_new_name qjail_setrunAll =0A=
X unset qjail_old_config qjail_new_ip =0A=
X =0A=
X flag_count=3D0=0A=
X =0A=
X shift; while getopts r:i:c:n:z:A arg; do case ${arg} in=0A=
X r) qjail_setrunnable=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 =
));;=0A=
X A) qjail_setrunAll=3D"YES";;=0A=
X i) qjail_new_ip=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 ));;=0A=
X n) qjail_new_name=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 =
));;=0A=
X c) qjail_new_nic=3D${OPTARG}; flag_count=3D$(( $flag_count + 1 ));;=0A=
X z) qjail_zone=3D${OPTARG};;=0A=
X ?) exerr ${qjail_usage_config};;=0A=
X esac; done; shift $(( ${OPTIND} - 1 ))=0A=
X =0A=
X if [ "${qjail_zone}" ]; then=0A=
X qjail_jaildir=3D"${qjail_jaildir}.${qjail_zone}"=0A=
X [ -d "${qjail_jaildir}" ] || exerr "Error: Un-known zone."=0A=
X qjail_jailprops=3D"${qjail_jailprops}.${qjail_zone}"=0A=
X qjail_fstab=3D"${qjail_fstab}.${qjail_zone}"=0A=
X fi =0A=
X =0A=
X # Check for no flags set.=0A=
X [ $flag_count -eq 0 ] && exerr \=0A=
X "Error: No options coded.\n${qjail_usage_config}" =0A=
X =0A=
X # No parameters and -r and -A=0A=
X [ $# -eq 0 -a -z "${qjail_setrunAll}" ] && \=0A=
X exerr "Error: Only with options -r and -A together is no jailname =
valid."=0A=
X =0A=
X # -A can only be coded with -r=0A=
X [ "${qjail_setrunAll}" -a -z "${qjail_setrunnable}" ] && \=0A=
X exerr "Error: Option -A is only valid when coded with option -r."=0A=
X =0A=
X [ $flag_count -gt 1 ] && \=0A=
X exerr "Error: Only 1 option allowed at a time.\n${qjail_usage_config}"=0A=
X =0A=
X # Has the -n newjailname option been selected?=0A=
X if [ -n "${qjail_new_name}" ]; then=0A=
X =0A=
X # Check for group prefix=0A=
X qjail_group=3D$1=0A=
X qjail_jailname=3D$1=0A=
X =0A=
X # Remove the =3D sign from the i/p value which designates this=0A=
X # as a "group prefix", if its there=0A=
X qjail_group=3D`echo -n "${qjail_group}" | sed 's/=3D.*$//'`=0A=
X =0A=
X # Determine if this is a prefix request=0A=
X [ "${qjail_jailname}" !=3D "${qjail_group}" ] && \=0A=
X exerr "Error: Group prefix '=3D'invalid on -n option."=0A=
X =0A=
X # Check is new_name & jailname are same=0A=
X [ "${qjail_new_name}" =3D "${qjail_jailname}" ] && \=0A=
X exerr "Error: -n newname and jailname are the same."=0A=
X =0A=
X # Is newname a reserved name?=0A=
X case ${qjail_new_name} in =
basejail|newjail|archive|flavors|fulljail|tempjail) \=0A=
X exerr "Error: Cannot name the jail ${qjail_new_name}.\n\=0A=
X The ${qjail_new_name} directory name is reserved.\n\=0A=
X Please select an unique jailname.";; esac=0A=
X =0A=
X # Check to see if newname exists. =0A=
X [ -e "${qjail_jailprops}/${qjail_new_name}" ] && \=0A=
X exerr "Error: New name already exists. ${qjail_new_name}"=0A=
X =0A=
X # $1 holds the old jailname from the command.=0A=
X qjail=3D$1=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X # Check for existence of jailname in our records=0A=
X [ "${qjail_config}" ] || \=0A=
X exerr "Error: Nothing known about jail. ${qjail_name}"=0A=
X =0A=
X # If jail is running, stop jail first=0A=
X [ -n "${qjail_id}" ] && \=0A=
X exerr "Error: Jail is running. ${qjail_name}"=0A=
X =0A=
X # Save some old values=0A=
X qjail_old_rootdir=3D"${qjail_rootdir}"=0A=
X qjail_old_image=3D"${qjail_image}"=0A=
X qjail_old_imagetype=3D"${qjail_imagetype}"=0A=
X qjail_old_interface=3D"${qjail_interface}"=0A=
X qjail_old_fstab=3D"${qjail_fstab}"=0A=
X qjail_old_config=3D"${qjail_config}"=0A=
X qjail_old_jailname=3D"${qjail_jailname}"=0A=
X qjail_old_safename=3D"${qjail_safename}"=0A=
X =
qjail_old_jailprops_global=3D"${qjail_jailprops_global}/${qjail_safename}=
" =0A=
X =0A=
X # The new values for the jail=0A=
X qjail_jailname=3D`echo -n ${qjail_new_name} | tr '/~' '__'`=0A=
X qjail_safename=3D`echo -n "${qjail_new_name}" | tr -c '[:alnum:]' _`=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail_safename}"=0A=
X =0A=
X # Is the old jail a image jail?=0A=
X if [ "${qjail_old_image}" ]; then=0A=
X =0A=
X # Prep the new locations.=0A=
X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}"=0A=
X qjail_image=3D"${qjail_rootdir}/${qjail_jailname}.img"=0A=
X =0A=
X # Rename the flat image file in it's old location=0A=
X mv "${qjail_old_image}" =
"${qjail_old_rootdir}/${qjail_jailname}.img"=0A=
X =0A=
X # Rename the old directory to new directory name=0A=
X mv "${qjail_old_rootdir}" "${qjail_rootdir}"=0A=
X =0A=
X # Refresh fstab with new directory paths and jailnames.=0A=
X qjail_fstab_old_path=3D"${qjail_fstab%.*}"=0A=
X qjail_fstab=3D"${qjail_fstab_old_path}.${qjail_safename}"=0A=
X =0A=
X echo -n > "${qjail_fstab}"=0A=
X =0A=
X qjail_devicelink=3D"${qjail_rootdir}.device"=0A=
X echo ${qjail_devicelink} ${qjail_rootdir} ufs rw 0 0 >> \=0A=
X "${qjail_fstab}"=0A=
X =0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X =0A=
X rm -f "${qjail_old_fstab}"=0A=
X else =0A=
X =0A=
X # This is regular directory tree jail=0A=
X =0A=
X # Rename old jail to new jailname. =0A=
X qjail_rootdir=3D"${qjail_jaildir}/${qjail_jailname}"=0A=
X mv "${qjail_old_rootdir}" "${qjail_rootdir}"=0A=
X =0A=
X # Refresh fstab with new directory paths and jailnames.=0A=
X qjail_fstab_old_path=3D"${qjail_fstab%.*}"=0A=
X qjail_fstab=3D"${qjail_fstab_old_path}.${qjail_safename}"=0A=
X =0A=
X echo -n > "${qjail_fstab}"=0A=
X =0A=
X echo ${qjail_basejail} ${qjail_rootdir}/basejail nullfs ro 0 0 =
>> \=0A=
X "${qjail_fstab}"=0A=
X =0A=
X rm -f "${qjail_old_fstab}"=0A=
X =0A=
X fi =0A=
X =0A=
X # Both jail types use same property config update logic.=0A=
X # =0A=
X write-property-info "${qjail_config}" =0A=
X =0A=
X # Delete old property record from zone directory and global zone.=0A=
X rm -f "${qjail_old_config}"=0A=
X rm -f "${qjail_old_jailprops_global}"=0A=
X =0A=
X echo "Successfully renamed ${qjail_jailname}"=0A=
X =0A=
X else =0A=
X =0A=
X # Start of group prefix processing for -i and -r and -c options.=0A=
X # =0A=
X =0A=
X # Save the command line list of jailnames if any=0A=
X qjail_cmdlist=3D$@=0A=
X =0A=
X # Perform the group-prefixing function.=0A=
X group-prefixing ${qjail_cmdlist}=0A=
X =0A=
X # Process the qjail_list built by group-prefixing=0A=
X for qjail in ${qjail_list}; do=0A=
X =0A=
X # Strip off the .norun suffix if present & read the jails property=0A=
X # record populating the environment variables with the jails =
values.=0A=
X fetch-property-info ${qjail%.norun}=0A=
X =0A=
X # Check for existence of jail in our records=0A=
X [ "${qjail_config}" ] || \=0A=
X exerr "Error: Nothing known about jail. ${qjail_name}"=0A=
X =0A=
X # Check if -i option, newip =0A=
X if [ -n "${qjail_new_ip}" ]; then =0A=
X =0A=
X # if jail is running, stop jail first=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "Bypassed running jail ${qjail_jailname}"=0A=
X continue=0A=
X fi=0A=
X =0A=
X # Replace old ip with new ip=0A=
X qjail_ips=3D"${qjail_new_ip}"=0A=
X =0A=
X # Write new property config file from old one=0A=
X write-property-info "${qjail_config}" =0A=
X =0A=
X echo "Successfull ip change ${qjail_jailname}"=0A=
X =0A=
X fi =0A=
X =0A=
X # Check if -c option, newnic.=0A=
X if [ -n "${qjail_new_nic}" ]; then=0A=
X =0A=
X [ "${qjail_new_nic}" =3D "null" ] \=0A=
X && unset qjail_nic \=0A=
X || qjail_nic=3D"${qjail_new_nic}" =0A=
X =0A=
X # if jail is running, stop jail first=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "Bypassed running jail ${qjail_jailname}"=0A=
X continue=0A=
X fi=0A=
X =0A=
X # Replace old nic with new nic=0A=
X qjail_nic_devicename=3D"${qjail_nic}"=0A=
X =0A=
X # Write new property config file from old one=0A=
X write-property-info "${qjail_config}" =0A=
X =0A=
X echo "Successfull nic change ${qjail_jailname}"=0A=
X =0A=
X fi =0A=
X =0A=
X if [ -n "${qjail_setrunnable}" ]; then=0A=
X =0A=
X [ "${qjail_setrunnable}" =3D "run" -o "${qjail_setrunnable}" =
=3D "norun" ] ||=0A=
X exerr "Error: Invalid value in -r option =3D =
${qjail_setrunnable}" =0A=
X =0A=
X # If jail is still running, bypass it=0A=
X if [ "${qjail_id}" ]; then=0A=
X echo "Bypassed running jail ${qjail_jailname}"=0A=
X continue=0A=
X fi =0A=
X =0A=
X if [ "${qjail_setrunnable}" =3D "run" ]; then=0A=
X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A=
X mv "${qjail_jailprops}/${qjail_safename}.norun" \=0A=
X "${qjail_jailprops}/${qjail_safename}" =0A=
X mv "${qjail_jailprops_global}/${qjail_safename}.norun" \=0A=
X "${qjail_jailprops_global}/${qjail_safename}"=0A=
X echo "Successfull set run ${qjail_jailname}"=0A=
X else =0A=
X echo "Already set to run ${qjail_jailname}"=0A=
X fi=0A=
X fi =0A=
X =0A=
X if [ "${qjail_setrunnable}" =3D "norun" ]; then=0A=
X if [ -e "${qjail_jailprops}/${qjail_safename}.norun" ]; then=0A=
X echo "Already set to norun ${qjail_jailname}"=0A=
X else=0A=
X mv "${qjail_jailprops}/${qjail_safename}" \=0A=
X "${qjail_jailprops}/${qjail_safename}.norun"=0A=
X mv "${qjail_jailprops_global}/${qjail_safename}" \=0A=
X "${qjail_jailprops_global}/${qjail_safename}.norun"=0A=
X echo "Successfull set norun ${qjail_jailname}"=0A=
X fi =0A=
X fi =0A=
X fi =0A=
X done =0A=
X fi =0A=
X;; =0A=
X =0A=
X########jjbh################ qjail HELP ########################=0A=
Xhelp) =0A=
X =0A=
X qjail_manpage=3D$2=0A=
X [ ${qjail_manpage} ] && exec man 8 qjail=0A=
X =0A=
X echo -e "${qjail_usage_commands}"=0A=
X echo " "=0A=
X echo -e "${qjail_usage_install}"=0A=
X echo -e "${qjail_usage_create}"=0A=
X echo -e "${qjail_usage_list}"=0A=
X echo -e "${qjail_usage_console}"=0A=
X echo -e "${qjail_usage_archive}" =0A=
X echo -e "${qjail_usage_delete}"=0A=
X echo -e "${qjail_usage_restore}"=0A=
X echo -e "${qjail_usage_config}"=0A=
X echo -e "${qjail_usage_update}"=0A=
X echo -e "${qjail_usage_start}"=0A=
X echo -e "${qjail_usage_stop}"=0A=
X echo -e "${qjail_usage_restart}"=0A=
X echo -e "${qjail_usage_help}"=0A=
X =0A=
X ;;=0A=
X=0A=
X################ End of Sub-command logic #########=0A=
X*)=0A=
X exerr "${qjail_usage_commands}"=0A=
X ;;=0A=
Xesac=0A=
Xexit 0=0A=
X=0A=
433526c77a92f103ae7efdcc8d87ebf7=0A=
echo x - qjail/work/qjail-1.0/qjail2=0A=
sed 's/^X//' >qjail/work/qjail-1.0/qjail2 << =
'21f145fbb6b17e9ede06d75ac3884a51'=0A=
X#!/bin/sh=0A=
X# =0A=
X# $FreeBSD$=0A=
X# =0A=
X# PROVIDE: qjail=0A=
X# REQUIRE: LOGIN cleanvar sshd=0A=
X# BEFORE: securelevel=0A=
X# KEYWORD: nojail shutdown=0A=
X# =0A=
X# Add qjail_enable=3D"YES" /etc/rc.conf to enable boot time jail starts=0A=
X# =0A=
X# Please do not change this file, configure in /usr/local/etc/qjail.conf=0A=
X =0A=
X# qjail_prefix=3D/usr/local=0A=
X =0A=
X. /etc/rc.subr=0A=
X =0A=
Xname=3Dqjail=0A=
Xrcvar=3D`set_rcvar`=0A=
Xload_rc_config ${name}=0A=
X =0A=
Xqjail_enable=3D${qjail_enable:-"NO"}=0A=
X =0A=
Xrestart_cmd=3D"do_cmd restart _"=0A=
Xstart_cmd=3D"do_cmd start '_ qjail'"=0A=
Xstop_cmd=3D"do_cmd stop '_ qjail'"=0A=
X =0A=
Xdo_cmd()=0A=
X{ =0A=
X=0A=
X unset qjail_list qjail_pass qjail_mds qjail_stop=0A=
X=0A=
X action=3D$1; message=3D$2; shift 2;=0A=
X qjail_prefix=3D/usr/local=0A=
X qjail_jailprops=3D${qjail_prefix}/etc/qjail.global=0A=
X=0A=
X qjail_fromrc=3D"YES"=0A=
X =0A=
X case "${action}" in *stop) qjail_stop=3D"YES";; esac=0A=
X =0A=
X # If a jail list is given on command line, process it=0A=
X # If not, fetch it from our config directory=0A=
X =0A=
X if [ "$*" ]; then=0A=
X qjail_list=3D`echo -n $* | tr -c '[:alnum:] ' '_'` =0A=
X unset qjail_fromrc=0A=
X else=0A=
X [ "${qjail_stop}" ] && reverse_command=3D"tail -r" || =
reverse_command=3D"cat"=0A=
X [ -d "${qjail_jailprops}" ] && cd "${qjail_jailprops}" && \=0A=
X qjail_list=3D`ls | xargs rcorder | ${reverse_command}`=0A=
X [ "${message}" =3D "_ qjail" ] && unset message=0A=
X echo -n "${message##_}"=0A=
X fi=0A=
X =0A=
X for qjail in ${qjail_list}; do=0A=
X unset qjail_config qjail_norun=0A=
X =0A=
X [ -e "${qjail_jailprops}/${qjail}" ] && \=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail}"=0A=
X =0A=
X [ -e "${qjail_jailprops}/${qjail}.norun" ] && \=0A=
X qjail_config=3D"${qjail_jailprops}/${qjail}.norun" && =
qjail_norun=3D"YES"=0A=
X =0A=
X # Check for jails config=0A=
X [ ! -f "${qjail_config}" ] && \=0A=
X# echo " Warning: Jail ${qjail} not found." && continue=0A=
X echo " Warning: Jail ${qjail} not found." && continue=0A=
X =0A=
X # If jail is temporary disabled (dot in name), skip it for starts=0A=
X # Meaning config name with .norun suffix.=0A=
X [ "${qjail_stop}" ] && qjail=3D"${qjail%%.*}"=0A=
X [ "${qjail%.*}" !=3D "${qjail}" -o "${qjail_norun}" ] && \=0A=
X# echo -n " skipping ${qjail}" && continue=0A=
X echo -e " Skipping ${qjail}" && continue=0A=
X =0A=
X # Read config file=0A=
X . ${qjail_config}=0A=
X =0A=
X eval qjail_rootdir=3D\"\$jail_${qjail}_rootdir\"=0A=
X eval qjail_image=3D\"\$jail_${qjail}_image\"=0A=
X eval qjail_imagetype=3D\"\$jail_${qjail}_imagetype\"=0A=
X =0A=
X # Fix backward compatibility issue=0A=
X eval qjail_exec_start=3D\"\$jail_${qjail}_exec_start\"=0A=
X eval qjail_exec=3D\"\$jail_${qjail}_exec\"=0A=
X eval =
jail_${qjail}_exec_start=3D\"\${qjail_exec_start:-${qjail_exec}}\"=0A=
X eval unset jail_${qjail}_exec=0A=
X =0A=
X # Do we still have a root to run in?=0A=
X [ ! -d "${qjail_rootdir}" ] && \=0A=
X# echo " Warning: root directory ${qjail_rootdir} of ${qjail}\n\=0A=
X echo " Warning: root directory ${qjail_rootdir} of ${qjail}\n\=0A=
X does not exist." && continue=0A=
X =0A=
X # Try to attach memory disk devices=0A=
X if [ "${qjail_image}" ]; then=0A=
X attach_detach_pre || continue=0A=
X fi=0A=
X =0A=
X qjail_pass=3D"${qjail_pass} ${qjail}"=0A=
X done=0A=
X =0A=
X # Pass control to jail script which does the actual work=0A=
X [ "${qjail_pass}" ] && sh /etc/rc.d/jail one${action} ${qjail_pass}=0A=
X =0A=
X # Configure settings that need to be done after the jail has been =
started=0A=
X if [ "${action}" =3D "start" ]; then=0A=
X for qjail in ${qjail_list}; do=0A=
X qjail_safename=3D`echo -n "${qjail}" | tr -c '[:alnum:]' _`=0A=
X # Get the JID of the jail=0A=
X [ -f "/var/run/jail_${qjail_safename}.id" ] && \=0A=
X qjail_id=3D`cat /var/run/jail_${qjail_safename}.id` || return=0A=
X =0A=
X done=0A=
X fi =0A=
X =0A=
X # Can only detach after unmounting (from fstab.JAILNAME in =
/etc/rc.d/jail)=0A=
X attach_detach_post=0A=
X} =0A=
X =0A=
Xattach_detach_pre ()=0A=
X{ =0A=
X case "${action}" in=0A=
X start|restart)=0A=
X # If jail is running, do not mount devices, this is the same check =
as=0A=
X # /etc/rc.d/jail does=0A=
X [ -e "/var/run/jail_${qjail}.id" ] && return 0=0A=
X =0A=
X if [ -L "${qjail_rootdir}.device" ]; then=0A=
X # Fetch destination of soft link=0A=
X qjail_device=3D`stat -f "%Y" ${qjail_rootdir}.device`=0A=
X =0A=
X mount -p -v | grep -E "^${qjail_rootdir}.device.${qjail_rootdir}" =
&& \=0A=
X echo "Warning: Skipping jail. Jail image file ${qjail} already\n\=0A=
X attached as ${qjail_device}." \=0A=
X && return 1=0A=
X =0A=
X mount -p -v | grep -E "^${qjail_device}.${qjail_rootdir}" && \=0A=
X echo "Warning: Skipping jail. Jail image file ${qjail} already\n\=0A=
X attached as ${qjail_device}." \=0A=
X && return 1=0A=
X =0A=
X # Remove stale device link=0A=
X rm -f "${qjail_rootdir}.device"=0A=
X fi =0A=
X =0A=
X # Create a memory disc from jail image=0A=
X qjail_device=3D`mdconfig -a -t vnode -f ${qjail_image}` || return 1=0A=
X =0A=
X # Clean image=0A=
X fsck -t ufs -p -B "/dev/${qjail_device}"=0A=
X =0A=
X # relink image device=0A=
X rm -f "${qjail_rootdir}.device"=0A=
X ln -s "/dev/${qjail_device}" "${qjail_rootdir}.device"=0A=
X ;; =0A=
X stop) =0A=
X # If jail is not running, do not unmount devices, this is the same =
check=0A=
X # as /etc/rc.d/jail does=0A=
X [ -e "/var/run/jail_${qjail}.id" ] || return 1=0A=
X =0A=
X # If soft link to device is not set, we cannot unmount=0A=
X [ -e "${qjail_rootdir}.device" ] || return=0A=
X =0A=
X # Fetch destination of soft link=0A=
X qjail_device=3D`stat -f "%Y" "${qjail_rootdir}.device"`=0A=
X =0A=
X # Add this device to the list of devices to be unmounted=0A=
X qjail_mds=3D"${qjail_mds} ${qjail_device}"=0A=
X =0A=
X # Remove soft link (which acts as a lock)=0A=
X rm -f "${qjail_rootdir}.device"=0A=
X ;; =0A=
X esac =0A=
X} =0A=
X =0A=
Xattach_detach_post () {=0A=
X # In case of a stop, unmount image devices after stopping jails=0A=
X for md in ${qjail_mds}; do=0A=
X mdconfig -d -u "${md#/dev/}"=0A=
X done=0A=
X} =0A=
X =0A=
Xrun_rc_command $*=0A=
X=0A=
21f145fbb6b17e9ede06d75ac3884a51=0A=
echo x - qjail/work/qjail-1.0/pkg-plist=0A=
sed 's/^X//' >qjail/work/qjail-1.0/pkg-plist << =
'b304f8fa53205d4f0577c5294a4d11a9'=0A=
Xetc/qjail.conf.sample=0A=
Xetc/rc.d/jail2=0A=
Xetc/rc.d/qjail2=0A=
Xbin/qjail=0A=
Xshare/examples/qjail/default/qjail.flavor=0A=
Xshare/examples/qjail/default/etc/make.conf=0A=
Xshare/examples/qjail/default/etc/periodic.conf=0A=
Xshare/examples/qjail/default/etc/rc.conf=0A=
Xshare/examples/qjail/default/usr/local/etc/sudoers=0A=
Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A=
Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A=
Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A=
Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A=
X=0A=
X@dirrm share/examples/qjail/default/usr/local/etc/=0A=
X@dirrm share/examples/qjail/default/usr/local/=0A=
X@dirrm share/examples/qjail/default/usr/=0A=
X@dirrm share/examples/qjail/default/etc/=0A=
X@dirrm share/examples/qjail/default/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/=0A=
X@dirrm share/examples/qjail/=0A=
b304f8fa53205d4f0577c5294a4d11a9=0A=
echo x - qjail/work/qjail-1.0/pkg-message=0A=
sed 's/^X//' >qjail/work/qjail-1.0/pkg-message << =
'15c899f864e4b659f98bb968b6b52d5a'=0A=
X*=0A=
X*=0A=
X************************************************************************=
*******=0A=
X* =
*=0A=
X* Use the qjail utility to deploy small or large numbers of jails =
quickly. *=0A=
X* =
*=0A=
X* Issue this command on the console command line first "man =
qjail-intro" *=0A=
X* =
*=0A=
X* After reading that do "man qjail" for the usage details. =
*=0A=
X* =
*=0A=
X************************************************************************=
*******=0A=
X*=0A=
X*=0A=
15c899f864e4b659f98bb968b6b52d5a=0A=
echo x - qjail/work/qjail-1.0/pkg-descr=0A=
sed 's/^X//' >qjail/work/qjail-1.0/pkg-descr << =
'c105fd184d4d0e29714d10373a2eb9fc'=0A=
XQjail [ q =3D quick ] is a 4th generation wrapper for the basic chroot =
jail=0A=
Xsystem that includes security and performance enhancements. Plus a new =
level=0A=
Xof "user friendliness" enhancements dealing with deploying just a few =
jails or=0A=
Xlarge jail environments consisting of 100's of jails.=0A=
X=0A=
XQjail requires no knowledge of the jail command usage. It uses "nullfs" =
for=0A=
Xread-only system binaries, sharing one copy of them with all the jails.=0A=
X=0A=
XUses "mdconfig" to create sparse image jails. Sparse image jails =
provide a=0A=
Xmethod to limit the total disk space a jail can consume, while only =
occupying=0A=
Xthe physical disk space of the sum size of the files in the image jail.=0A=
X=0A=
XAbility to assign ip address with their network device name,=0A=
Xso aliases are auto created on jail start and auto removed on jail stop.=0A=
X=0A=
XAbility to create "ZONE"s of identical qjail systems, each with their =
own=0A=
Xgroup of jails.=0A=
X=0A=
XAbility to designate a portion of the jail name as a group prefix so =
the =0A=
Xcommand being executed will apply to only those jail names matching =
that prefix.=0A=
X=0A=
XQjail reduces the complexities of jail deployments to the novice level. =
It has=0A=
Xa fully documented manpage written for easy comprehension. Details are =
given=0A=
Xto facilitate the use of qjail's capabilities to the fullest extent =
possible.=0A=
X=0A=
XWWW: http://sourceforge.net/projects/qjail/=0A=
c105fd184d4d0e29714d10373a2eb9fc=0A=
echo x - qjail/work/qjail-1.0/distinfo=0A=
sed 's/^X//' >qjail/work/qjail-1.0/distinfo << =
'f1039f42e40af84e76531f5abff4a63d'=0A=
XSHA256 (qjail-1.0.tar.bz2) =3D =
ce797b47cc7839be3be39498e31a1f4d1105e69a917fc97434aa6255345c74c6=0A=
XSIZE (qjail-1.0.tar.bz2) =3D 40738=0A=
f1039f42e40af84e76531f5abff4a63d=0A=
echo x - qjail/work/qjail-1.0/Makefile=0A=
sed 's/^X//' >qjail/work/qjail-1.0/Makefile << =
'1cc0024aa776af52d46a3b7f48a77e8e'=0A=
X# New ports collection makefile for: qjail=0A=
X# Date created: July 22 2010=0A=
X# Whom: Joe Barbish=0A=
X#=0A=
X# $FreeBSD$=0A=
X=0A=
XPORTNAME=3D qjail=0A=
XPORTVERSION=3D 1.0=0A=
XCATEGORIES=3D sysutils=0A=
XMASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE}=0A=
XMASTER_SITE_SUBDIR=3D qjail=0A=
X#DISTFILES=3D qjail-1.0.tar.bz2=0A=
X=0A=
XMAINTAINER=3D qjail@a1poweruser.com=0A=
XCOMMENT=3D Utility to quickly deploy and manage large numbers of jails=0A=
X=0A=
XLICENSE=3D BSD=0A=
X=0A=
XUSE_BZIP2=3D yes=0A=
X=0A=
XMAN8=3D qjail.8 qjail-intro.8 qjail.conf.8=0A=
X=0A=
XNO_BUILD=3D yes=0A=
X=0A=
Xdo-install:=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/qjail ${PREFIX}/bin/=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/qjail2 ${PREFIX}/etc/rc.d/=0A=
X ${INSTALL_SCRIPT} ${WRKSRC}/jail2 ${PREFIX}/etc/rc.d/=0A=
X ${CP} ${WRKSRC}/qjail.conf.sample ${PREFIX}/etc/=0A=
X ${CP} ${WRKSRC}/qjail.8 ${MANPREFIX}/man/man8/=0A=
X ${CP} ${WRKSRC}/qjail-intro.8 ${MANPREFIX}/man/man8/=0A=
X ${CP} ${WRKSRC}/qjail.conf.8 ${MANPREFIX}/man/man8/=0A=
X ${MKDIR} ${PREFIX}/share/examples/qjail=0A=
X ${CP} -rfp ${WRKSRC}/examples/ ${PREFIX}/share/examples/qjail/=0A=
X=0A=
Xpost-install:=0A=
X ${CAT} ${PKGMESSAGE}=0A=
X=0A=
X.include <bsd.port.mk>=0A=
1cc0024aa776af52d46a3b7f48a77e8e=0A=
echo x - qjail/work/.extract_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.extract_done.qjail._usr_local << =
'f00edc49e1f452003650e64abee89669'=0A=
f00edc49e1f452003650e64abee89669=0A=
echo x - qjail/work/BSD=0A=
sed 's/^X//' >qjail/work/BSD << '1c9355fb09677f60171f5b55f6566a9d'=0A=
XThe license: BSD (BSD license) is standard, please read from the=0A=
Xweb.=0A=
1c9355fb09677f60171f5b55f6566a9d=0A=
echo x - qjail/work/.license-catalog.mk=0A=
sed 's/^X//' >qjail/work/.license-catalog.mk << =
'f50301072c05dd3b3a81ed5f5531ddd4'=0A=
X_LICENSE=3DBSD=0A=
X_LICENSE_NAME=3DBSD license=0A=
X_LICENSE_PERMS=3Ddist-mirror dist-sell pkg-mirror pkg-sell auto-accept=0A=
X_LICENSE_GROUPS=3DFSF OSI=0A=
X_LICENSE_DISTFILES=3Dqjail-1.0.tar.bz2=0A=
f50301072c05dd3b3a81ed5f5531ddd4=0A=
echo x - qjail/work/.license-report=0A=
sed 's/^X//' >qjail/work/.license-report << =
'd9bfc2eba895a21607808a9786ba170b'=0A=
XThis package has a single license: BSD (BSD license).=0A=
d9bfc2eba895a21607808a9786ba170b=0A=
echo x - qjail/work/.license_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.license_done.qjail._usr_local << =
'55abb982edff2968e51c971ef5d48c9b'=0A=
55abb982edff2968e51c971ef5d48c9b=0A=
echo x - qjail/work/.patch_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.patch_done.qjail._usr_local << =
'6151fa3bb5c08954a39bed54c601f9eb'=0A=
6151fa3bb5c08954a39bed54c601f9eb=0A=
echo x - qjail/work/.configure_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.configure_done.qjail._usr_local << =
'e45babfc1c08d7d7c900e6e7987e84ad'=0A=
e45babfc1c08d7d7c900e6e7987e84ad=0A=
echo x - qjail/work/.build_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.build_done.qjail._usr_local << =
'65fd8faa3f2753c0376c76f3860d9189'=0A=
65fd8faa3f2753c0376c76f3860d9189=0A=
echo x - qjail/work/.PLIST.mktmp=0A=
sed 's/^X//' >qjail/work/.PLIST.mktmp << =
'50ae80252c64b699d7fb7cfc50041e59'=0A=
Xshare/licenses/qjail-1.0/catalog.mk=0A=
Xshare/licenses/qjail-1.0/LICENSE=0A=
Xshare/licenses/qjail-1.0/BSD=0A=
Xman/man8/qjail.8.gz=0A=
Xman/man8/qjail-intro.8.gz=0A=
Xman/man8/qjail.conf.8.gz=0A=
X@unexec rm -f %D/man/cat8/qjail.8.gz %D/man/cat8/qjail.8 =
%D/man/cat8/qjail.8.gz %D/man/cat8/qjail.8.gz.gz =
%D/man/cat8/qjail.8.gz.bz2=0A=
X@unexec rm -f %D/man/cat8/qjail-intro.8.gz %D/man/cat8/qjail-intro.8 =
%D/man/cat8/qjail-intro.8.gz %D/man/cat8/qjail-intro.8.gz.gz =
%D/man/cat8/qjail-intro.8.gz.bz2=0A=
X@unexec rm -f %D/man/cat8/qjail.conf.8.gz %D/man/cat8/qjail.conf.8 =
%D/man/cat8/qjail.conf.8.gz %D/man/cat8/qjail.conf.8.gz.gz =
%D/man/cat8/qjail.conf.8.gz.bz2=0A=
Xetc/qjail.conf.sample=0A=
Xetc/rc.d/jail2=0A=
Xetc/rc.d/qjail2=0A=
Xbin/qjail=0A=
Xshare/examples/qjail/default/qjail.flavor=0A=
Xshare/examples/qjail/default/etc/make.conf=0A=
Xshare/examples/qjail/default/etc/periodic.conf=0A=
Xshare/examples/qjail/default/etc/rc.conf=0A=
Xshare/examples/qjail/default/usr/local/etc/sudoers=0A=
Xshare/examples/qjail/nullmailer-example/qjail.flavor=0A=
Xshare/examples/qjail/nullmailer-example/etc/rc.conf=0A=
Xshare/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A=
Xshare/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/remotes=0A=
X=0A=
X@dirrm share/examples/qjail/default/usr/local/etc/=0A=
X@dirrm share/examples/qjail/default/usr/local/=0A=
X@dirrm share/examples/qjail/default/usr/=0A=
X@dirrm share/examples/qjail/default/etc/=0A=
X@dirrm share/examples/qjail/default/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/nullmailer/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/local/=0A=
X@dirrm share/examples/qjail/nullmailer-example/usr/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/mail/=0A=
X@dirrm share/examples/qjail/nullmailer-example/etc/=0A=
X@dirrm share/examples/qjail/nullmailer-example/=0A=
X@dirrm share/examples/qjail/=0A=
X@cwd /usr/local=0A=
X@dirrm share/licenses/qjail-1.0=0A=
X@unexec rmdir %D/share/licenses 2>/dev/null || true=0A=
50ae80252c64b699d7fb7cfc50041e59=0A=
echo x - qjail/work/.PLIST.flattened=0A=
sed 's/^X//' >qjail/work/.PLIST.flattened << =
'a6435676d92da9555e850d87f6b15048'=0A=
X/usr/local/share/licenses/qjail-1.0/catalog.mk=0A=
X/usr/local/share/licenses/qjail-1.0/LICENSE=0A=
X/usr/local/share/licenses/qjail-1.0/BSD=0A=
X/usr/local/man/man8/qjail.8.gz=0A=
X/usr/local/man/man8/qjail-intro.8.gz=0A=
X/usr/local/man/man8/qjail.conf.8.gz=0A=
X/usr/local/etc/qjail.conf.sample=0A=
X/usr/local/etc/rc.d/jail2=0A=
X/usr/local/etc/rc.d/qjail2=0A=
X/usr/local/bin/qjail=0A=
X/usr/local/share/examples/qjail/default/qjail.flavor=0A=
X/usr/local/share/examples/qjail/default/etc/make.conf=0A=
X/usr/local/share/examples/qjail/default/etc/periodic.conf=0A=
X/usr/local/share/examples/qjail/default/etc/rc.conf=0A=
X/usr/local/share/examples/qjail/default/usr/local/etc/sudoers=0A=
X/usr/local/share/examples/qjail/nullmailer-example/qjail.flavor=0A=
X/usr/local/share/examples/qjail/nullmailer-example/etc/rc.conf=0A=
X/usr/local/share/examples/qjail/nullmailer-example/etc/mail/mailer.conf=0A=
X/usr/local/share/examples/qjail/nullmailer-example/usr/local/etc/nullmai=
ler/remotes=0A=
X/usr/local/=0A=
a6435676d92da9555e850d87f6b15048=0A=
echo x - qjail/work/.PLIST.setuid=0A=
sed 's/^X//' >qjail/work/.PLIST.setuid << =
'39f5f53d8236297edbb5b94bcb1c9dad'=0A=
39f5f53d8236297edbb5b94bcb1c9dad=0A=
echo x - qjail/work/.PLIST.writable=0A=
sed 's/^X//' >qjail/work/.PLIST.writable << =
'ca5da2c93546689b73fc0703c9ad18dd'=0A=
ca5da2c93546689b73fc0703c9ad18dd=0A=
echo x - qjail/work/.PLIST.objdump=0A=
sed 's/^X//' >qjail/work/.PLIST.objdump << =
'46c3012526c3c712724071e90d0fb2c2'=0A=
46c3012526c3c712724071e90d0fb2c2=0A=
echo x - qjail/work/.install_done.qjail._usr_local=0A=
sed 's/^X//' >qjail/work/.install_done.qjail._usr_local << =
'290191260a4c486e75f8bcd4e34cd198'=0A=
290191260a4c486e75f8bcd4e34cd198=0A=
echo x - qjail/distinfo=0A=
sed 's/^X//' >qjail/distinfo << 'd40ad96dbaed37de64038921d4ac07b1'=0A=
XSHA256 (qjail-1.0.tar.bz2) =3D =
d3f787490d80ee9ed5129ba7f55287a1267497472b177afac6a35aa5585029c7=0A=
XSIZE (qjail-1.0.tar.bz2) =3D 41800=0A=
d40ad96dbaed37de64038921d4ac07b1=0A=
exit=0A=
=0A=
------=_NextPart_000_0008_01CB94A0.20C60E40--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012052220.oB5MK7Fa036871>