Date: Tue, 20 Jul 2004 16:44:34 +0200 From: Jeremie Le Hen <jeremie.le-hen@epita.fr> To: freebsd-current@freebsd.org Subject: mount(8) and /etc/rc.d/jail Message-ID: <20040720144434.GT9548@sitadelle.com>
next in thread | raw e-mail | index | archive | help
--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello -current,
I have a jail running Postfix whose filesystem is mirrored from the host
using mount_nullfs(8). The problem is that when I upgrade the Postfix,
the port removes /usr/local/libexec/postfix/, which is mount_nullfs'ed
on /jail/postfix/usr/local/libexec/postfix/, then recreates it, but the
vnode is obsviously not the same and thus the nullfs mount is not valid
any longer. Of course, I can simply install Postfix in the jail
filesystem and not on the host, but I consider this as a workaround and
furthermore I want to run Postfix from the host itself.
I was fed up with typing
for fs in `mount | awk '/postfix/ {print $3}'` ; do umount $i ; done
each time I don't forget to do it.
I decided to make the rc(8) jail script manage the mounts for each jail.
There was two ways to do it :
* either use a tiny awk script to parse fstab(5) file and some
magic shell gymnatic to mount/umount when starting/stopping the
jail,
* or make a new mount(8)/umount(8) option to act only on mount
points which match a given prefix.
I implemented the second solution, but if someone has a good argument
to use the first one instead, I'm ready to listen to him.
Two patches are attached. I didn't make a PR since I would like to
see what people think before sending it. The first patch adds a `-c'
flags to mount(8) and umount(8) whose argument is the prefix to match
for (`c' for `cmp', since `p' is already used in mount(8)). I tested
it against my system and it seems to work quite well. Nevertheless a
friend of mine pointed me that matching against a pathname could be
delicate because of symlinks. I don't really know how to overcome this,
except I can put some king of warning or advice in the manpage.
Suggestions are very welcome. The second patch simply modifies the
rc(8) jail script to take advantage of the first one. It works well
either.
Regards,
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr
ttz@epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="mount-c.patch"
Index: sbin/mount/mount.8
===================================================================
RCS file: /home/ncvs/src/sbin/mount/mount.8,v
retrieving revision 1.68
diff -u -p -r1.68 mount.8
--- sbin/mount/mount.8 17 May 2004 08:35:42 -0000 1.68
+++ sbin/mount/mount.8 20 Jul 2004 13:00:16 -0000
@@ -37,6 +37,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl adfpruvw
+.Op Fl c Ar prefix
.Op Fl F Ar fstab
.Op Fl o Ar options
.Op Fl t Ar ufs | external_type
@@ -80,9 +81,18 @@ Exceptions are those marked as
.Dq noauto ,
excluded by the
.Fl t
+flag (see below), restricted by the
+.Fl c
flag (see below), or if they are already mounted (except the
root file system which is always remounted to preserve
traditional single user mode behavior).
+.It Fl c
+This flag can be used to indicate that the action should only occur
+when the mount point matches
+.Pa prefix .
+Note that this does only make sense with the
+.Fl a
+flag.
.It Fl d
Causes everything to be done except for the actual system call.
This option is useful in conjunction with the
Index: sbin/mount/mount.c
===================================================================
RCS file: /home/ncvs/src/sbin/mount/mount.c,v
retrieving revision 1.66
diff -u -p -r1.66 mount.c
--- sbin/mount/mount.c 26 Apr 2004 15:13:45 -0000 1.66
+++ sbin/mount/mount.c 20 Jul 2004 13:00:16 -0000
@@ -132,17 +132,21 @@ main(argc, argv)
FILE *mountdfp;
pid_t pid;
int all, ch, i, init_flags, mntsize, rval, have_fstab;
- char *cp, *ep, *options;
+ char *cmp, *cp, *ep, *options;
all = init_flags = 0;
+ cmp = NULL;
options = NULL;
vfslist = NULL;
vfstype = "ufs";
- while ((ch = getopt(argc, argv, "adF:fo:prwt:uv")) != -1)
+ while ((ch = getopt(argc, argv, "ac:dF:fo:prwt:uv")) != -1)
switch (ch) {
case 'a':
all = 1;
break;
+ case 'c':
+ cmp = optarg;
+ break;
case 'd':
debug = 1;
break;
@@ -186,6 +190,9 @@ main(argc, argv)
argc -= optind;
argv += optind;
+ if (all == 0 && cmp != NULL)
+ warnx("Warning: use of -c without -a");
+
#define BADTYPE(type) \
(strcmp(type, FSTAB_RO) && \
strcmp(type, FSTAB_RW) && strcmp(type, FSTAB_RQ))
@@ -200,6 +207,9 @@ main(argc, argv)
if (BADTYPE(fs->fs_type))
continue;
if (checkvfsname(fs->fs_vfstype, vfslist))
+ continue;
+ if (cmp != NULL &&
+ strncmp(fs->fs_file, cmp, strlen(cmp)))
continue;
if (hasopt(fs->fs_mntops, "noauto"))
continue;
Index: sbin/umount/umount.8
===================================================================
RCS file: /home/ncvs/src/sbin/umount/umount.8,v
retrieving revision 1.20
diff -u -p -r1.20 umount.8
--- sbin/umount/umount.8 9 Apr 2004 19:58:40 -0000 1.20
+++ sbin/umount/umount.8 20 Jul 2004 13:00:17 -0000
@@ -40,6 +40,7 @@
.Ar special | node | fsid
.Nm
.Fl a | A
+.Op Fl c Ar prefix
.Op Fl F Ar fstab
.Op Fl fv
.Op Fl h Ar host
@@ -68,6 +69,15 @@ are unmounted.
.It Fl A
All the currently mounted file systems except
the root are unmounted.
+.It Fl c
+This flag can be used to indicate that the action should only occur
+when the mount point matches
+.Pa prefix .
+Note that this does only make sens with the
+.Fl a
+or
+.Fl A
+flags.
.It Fl F Ar fstab
Specify the
.Pa fstab
Index: sbin/umount/umount.c
===================================================================
RCS file: /home/ncvs/src/sbin/umount/umount.c,v
retrieving revision 1.44
diff -u -p -r1.44 umount.c
--- sbin/umount/umount.c 9 Apr 2004 19:58:40 -0000 1.44
+++ sbin/umount/umount.c 20 Jul 2004 13:00:17 -0000
@@ -66,6 +66,7 @@ typedef enum { FIND, REMOVE, CHECKUNIQUE
struct addrinfo *nfshost_ai = NULL;
int fflag, vflag;
char *nfshost;
+char *cmp = NULL;
struct statfs *checkmntlist(char *);
int checkvfsname (const char *, char **);
@@ -94,7 +95,7 @@ main(int argc, char *argv[])
sync();
all = errs = 0;
- while ((ch = getopt(argc, argv, "AaF:fh:t:v")) != -1)
+ while ((ch = getopt(argc, argv, "Aac:F:fh:t:v")) != -1)
switch (ch) {
case 'A':
all = 2;
@@ -102,6 +103,9 @@ main(int argc, char *argv[])
case 'a':
all = 1;
break;
+ case 'c':
+ cmp = optarg;
+ break;
case 'F':
setfstab(optarg);
break;
@@ -153,6 +157,9 @@ main(int argc, char *argv[])
sfs = &mntbuf[mntsize];
if (checkvfsname(sfs->f_fstypename, typelist))
continue;
+ if (cmp != NULL &&
+ strncmp(sfs->f_mntonname, cmp, strlen(cmp)))
+ continue;
if (umountfs(sfs) != 0)
errs = 1;
}
@@ -164,6 +171,8 @@ main(int argc, char *argv[])
errs = umountall(typelist);
break;
case 0:
+ if (cmp != NULL)
+ warnx("Warning: use of -c without -a nor -A");
for (errs = 0; *argv != NULL; ++argv)
if (checkname(*argv, typelist) != 0)
errs = 1;
@@ -203,6 +212,8 @@ umountall(char **typelist)
if (getvfsbyname(fs->fs_vfstype, &vfc) == -1)
continue;
if (checkvfsname(fs->fs_vfstype, typelist))
+ continue;
+ if (cmp != NULL && strncmp(fs->fs_file, cmp, strlen(cmp)))
continue;
/*
--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="jail_mount.patch"
Index: etc/defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.210
diff -u -p -r1.210 rc.conf
--- etc/defaults/rc.conf 30 Jun 2004 15:58:46 -0000 1.210
+++ etc/defaults/rc.conf 20 Jul 2004 12:59:37 -0000
@@ -489,6 +489,7 @@ jail_sysvipc_allow="NO" # Allow SystemV
#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail
#jail_example_procfs_enable="NO" # mount procfs in jail
#jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail
+#jail_example_mount_enable="NO" # mount jail's fstab entries
##############################################################
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
Index: etc/rc.d/jail
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/jail,v
retrieving revision 1.14
diff -u -p -r1.14 jail
--- etc/rc.d/jail 8 Mar 2004 12:25:05 -0000 1.14
+++ etc/rc.d/jail 20 Jul 2004 12:59:37 -0000
@@ -44,12 +44,15 @@ init_variables()
[ -z "${jail_fdescfs}" ] && jail_fdescfs="NO"
eval jail_procfs=\"\$jail_${_j}_procfs_enable\"
[ -z "${jail_procfs}" ] && jail_procfs="NO"
+ eval jail_mount=\"\$jail_${_j}_mount_enable\"
+ [ -z "${jail_mount}" ] && jail_mount="NO"
# Debugging aid
#
debug "$_j devfs enable: $jail_devfs"
debug "$_j fdescfs enable: $jail_fdescfs"
debug "$_j procfs enable: $jail_procfs"
+ debug "$_j mount enable: $jail_mount"
debug "$_j hostname: $jail_hostname"
debug "$_j ip: $jail_ip"
debug "$_j root: $jail_rootdir"
@@ -108,6 +111,10 @@ jail_umount_fs()
umount -f ${jail_procdir} >/dev/null 2>&1
fi
fi
+
+ if checkyesno jail_mount; then
+ umount -A -c ${jail_rootdir} >/dev/null 2>&1
+ fi
}
jail_start()
@@ -125,6 +132,10 @@ jail_start()
for _jail in ${jail_list}
do
init_variables $_jail
+ if checkyesno jail_mount; then
+ info "Mounting jail's fstab entries"
+ mount -a -c ${jail_rootdir}
+ fi
if checkyesno jail_devfs; then
info "Mounting devfs on ${jail_devdir}"
devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
--h31gzZEtNLTqOjlF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040720144434.GT9548>