From owner-freebsd-rc@FreeBSD.ORG Thu Oct 21 06:46:26 2010 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A54D1065670; Thu, 21 Oct 2010 06:46:26 +0000 (UTC) (envelope-from dteske@vicor.com) Received: from postoffice.vicor.com (postoffice.vicor.com [69.26.56.53]) by mx1.freebsd.org (Postfix) with ESMTP id E0C588FC13; Thu, 21 Oct 2010 06:46:25 +0000 (UTC) Received: from [173.241.24.124] (port=51102 helo=[10.0.0.109]) by postoffice.vicor.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.71) (envelope-from ) id 1P8our-0004aF-Bj; Wed, 20 Oct 2010 23:46:25 -0700 Mime-Version: 1.0 (Apple Message framework v1081) From: Devin Teske In-Reply-To: <1287510629.25599.2.camel@localhost.localdomain> Date: Wed, 20 Oct 2010 23:46:20 -0700 Message-Id: References: <1286925182.32724.18.camel@localhost.localdomain> <1286996709.32724.60.camel@localhost.localdomain> <1287448781.5713.3.camel@localhost.localdomain> <1287510629.25599.2.camel@localhost.localdomain> To: Devin Teske X-Mailer: Apple Mail (2.1081) X-Scan-Signature: b36ebcecae68c541cee255cd563fabe7 X-Scan-Host: postoffice.vicor.com Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Julian Elischer , freebsd-rc@freebsd.org Subject: Re: sysrc(8) -- a sysctl(8)-like utility for managing rc.conf(5) X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2010 06:46:26 -0000 On Oct 19, 2010, at 10:50 AM, Devin Teske wrote: > On Mon, 2010-10-18 at 17:39 -0700, Devin Teske wrote: >> On Wed, 2010-10-13 at 12:05 -0700, Devin Teske wrote:=20 >>> On Tue, 2010-10-12 at 16:13 -0700, Devin Teske wrote: >>>> Hey all, >>>>=20 >>>> [...] >>>>=20 >>>> Behold... sysrc(8) v2.0 >>>>=20 >>>> #!/bin/sh >>>> [...] >>>=20 >>> Version 2.1 is available here: http://druidbsd.sf.net/ >>=20 >> Version 2.2 now. >> Same links. >>=20 >> I added `-R dir' for specifying an alternate root (other than `/') >> directory (mostly for handling jails). >=20 > Version 2.3 now. > Same links. >=20 Version 2.4 now. Same links. >=20 >>=20 >>>=20 >>> Direct links: >>> http://druidbsd.sf.net/download/sysrc.gz (download gzipped) >>> http://druidbsd.sf.net/download/sysrc.txt (view as text) >>>=20 >>> Here's the changes: >>>=20 >>=20 >=20 --- sysrc.2_3 2010-10-19 10:49:52.000000000 -0700 +++ sysrc 2010-10-20 20:21:37.000000000 -0700 @@ -2,8 +2,8 @@ # -*- tab-width: 4 -*- ;; Emacs # vi: set tabstop=3D4 :: Vi/ViM # -# Revision: 2.3 -# Last Modified: October 19th, 2010 +# Revision: 2.4 +# Last Modified: October 20th, 2010 ############################################################ COPYRIGHT # # (c)2010. Devin Teske. All Rights Reserved. @@ -30,7 +30,8 @@ # SUCH DAMAGE. # # AUTHOR DATE DESCRIPTION -# dteske 2010.10.19 Add `-j jail' for operating within jails (see = jls(8)). +# dteske 2010.10.20 Make `-j jail' and `-R dir' more secure +# dteske 2010.10.19 Add `-j jail' for operating on jails (see = jexec(8)). # dteske 2010.10.18 Add `-R dir' for operating in different = root-dir. # dteske 2010.10.13 Allow `-f file' multiple times. # dteske 2010.10.12 Updates per freebsd-hackers thread. @@ -58,7 +59,7 @@ # -N Show only variable names, not their values. # -R dir Operate within the root directory `dir' rather than = `/'. # -j jail The jid or name of the jail to operate within = (overrides -# `-R dir'; requires jls(8)). +# `-R dir'; requires jexec(8)). #=20 # ENVIRONMENT: # RC_DEFAULTS Location of `/etc/defaults/rc.conf' file. @@ -182,7 +183,7 @@ usage() eprintf "$optfmt" "-j jail" \ "The jid or name of the jail to operate within = (overrides" eprintf "$optfmt" "" \ - "\`-R dir'; requires jls(8))." + "\`-R dir'; requires jexec(8))." eprintf "\n" =20 eprintf "ENVIRONMENT:\n" @@ -302,7 +303,8 @@ sysrc_get() # source_rc_confs the value has not changed, then we = should # restore the value to the one inherited from = RC_DEFAULTS # before performing the final query (preventing us from - # returning RC_CONFS which may be relative to ROOTDIR). + # returning what was passed in via `-f' when the intent = was + # instead to query the value from the file(s) = specified). # if [ "$1" =3D "rc_conf_files" -a \ "$RC_CONFS" !=3D "" -a \ @@ -372,7 +374,7 @@ sysrc_find() for file in $conf_files; do [ -f "$file" -a -r "$file" ] || continue if grep -q "^[[:space:]]*$varname=3D" $file; then - echo ${file#$ROOTDIR} + echo $file return $SUCCESS fi done @@ -443,7 +445,7 @@ sysrc_set() # local not_found=3D local file=3D"$( sysrc_find "$varname" )" - if [ "$file" =3D "${RC_DEFAULTS#$ROOTDIR}" -o ! "$file" ]; then + if [ "$file" =3D "$RC_DEFAULTS" -o ! "$file" ]; then # # We either got a null response (not found) or the = variable # was only found in the rc.conf(5) defaults. In either = case, @@ -631,43 +633,49 @@ if [ ! "$SHOW_VALUE" ]; then fi =20 # -# Process `-j jail' command-line option +# Process `-j jail' and `-R dir' command-line options # -if [ "$JAIL" ]; then - ROOTDIR=3D"$( jls -j "$JAIL" path )" || die -fi - -# -# Process `-R dir' command-line option -# -if [ "$ROOTDIR" ]; then - # - # Sanity checks - # - [ -e "$ROOTDIR" ] || die "%s: %s: No such file or directory" \ - "$progname" "$ROOTDIR" - [ -d "$( eval realpath "$ROOTDIR" )" ] || die \ - "%s: %s: Not a directory" "$progname" "$ROOTDIR" - - # - # When ROOTDIR is set, we need to: +if [ "$JAIL" -o "$ROOTDIR" ]; then # - # a. Prefix RC_DEFAULTS with ROOTDIR + # Reconstruct the arguments that we want to carry-over # - RC_DEFAULTS=3D"$ROOTDIR$RC_DEFAULTS" + args=3D" + ${SYSRC_VERBOSE:+-v} + ${RC_CONFS:+-f'$RC_CONFS'} + $( [ "$SHOW_ALL" =3D "1" ] && echo \ -a ) + $( [ "$SHOW_ALL" =3D "2" ] && echo \ -A ) + ${DESCRIBE:+-d} + ${SHOW_EQUALS:+-e} + ${IGNORE_UNKNOWNS:+-i} + $( [ "$SHOW_NAME" ] || echo \ -n ) + $( [ "$SHOW_VALUE" ] || echo \ -N ) + " + for arg in "$@"; do + args=3D"$args '$arg'" + done =20 - # b. Override the use of rc_conf_files from RC_DEFAULTS - # by setting RC_CONFS # - [ "$RC_CONFS" ] || RC_CONFS=3D"$( sysrc_get rc_conf_files )" - - # c. Prefix RC_CONFS with ROOTDIR + # If both are supplied, `-j jail' supercedes `-R dir' # - r=3D - for file in $RC_CONFS; do - r=3D"$r${r:+ }$ROOTDIR$file" - done - RC_CONFS=3D"$r" + if [ "$JAIL" ]; then + # + # Re-execute ourselves with sh(1) via jexec(8) + # + ( echo set -- $args + cat $0 + ) | env - RC_DEFAULTS=3D"$RC_DEFAULTS" \ + /usr/sbin/jexec "$JAIL" /bin/sh + exit $? + elif [ "$ROOTDIR" ]; then + # + # Re-execute ourselves with sh(1) via chroot(8) + # + ( echo set -- $args + cat $0 + ) | env - RC_DEFAULTS=3D"$RC_DEFAULTS" \ + /usr/sbin/chroot "$ROOTDIR" /bin/sh + exit $? + fi fi =20 # @@ -692,7 +700,7 @@ if [ "$SHOW_ALL" ]; then IFS=3D"$IFS|" EXCEPT=3D"IFS|EXCEPT|PATH|RC_DEFAULTS|OPTIND|DESCRIBE|SEP"= = EXCEPT=3D"$EXCEPT|SHOW_ALL|SHOW_EQUALS|SHOW_NAME|SHOW_VALUE" - EXCEPT=3D"$EXCEPT|SYSRC_VERBOSE|RC_CONFS|ROOTDIR" + EXCEPT=3D"$EXCEPT|SYSRC_VERBOSE|RC_CONFS" =20 # # Clean the environment (except for our required = variables) @@ -724,8 +732,7 @@ if [ "$SHOW_ALL" ]; then # other than rc.conf(5) defaults. # [ "$SHOW_ALL" =3D "1" -a \ - "$( sysrc_find rc_conf_files )" =3D \ - "${RC_DEFAULTS#$ROOTDIR}" \ + "$( sysrc_find rc_conf_files )" =3D = "$RC_DEFAULTS" \ ] \ && unset rc_conf_files fi @@ -782,11 +789,8 @@ while [ $# -gt 0 ]; do =20 if [ "$SYSRC_VERBOSE" ]; then file=3D"$( sysrc_find "$NAME" )" - if [ "$file" =3D "${RC_DEFAULTS#$ROOTDIR}" \ - -o ! "$file" ]; then + [ "$file" =3D "$RC_DEFAULTS" -o ! "$file" ] && \ file=3D"$( sysrc_get = "rc_conf_files%%[$IFS]*" )" - file=3D"${file#$ROOTDIR}" - fi echo -n "$file: " fi =20 -- Cheers, Devin Teske -> CONTACT INFORMATION <- Business Solutions Consultant II FIS - fisglobal.com 510-735-5650 Mobile 510-621-2038 Office 510-621-2020 Office Fax 909-477-4578 Home/Fax devin.teske@fisglobal.com -> LEGAL DISCLAIMER <- This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy. -> FUN STUFF <- -----BEGIN GEEK CODE BLOCK----- Version 3.1 GAT/CS d(+) s: a- C++(++++) UB++++$ P++(++++) L++(++++) !E--- W++ N? o? = K- w O M+ V- PS+ PE Y+ PGP- t(+) 5? X+(++) R>++ tv(+) b+(++) DI+(++) D(+) G+>++ = e>+ h r>++ y+=20 ------END GEEK CODE BLOCK------ http://www.geekcode.com/ -> END TRANSMISSION <-