7 # REQUIRE: LOGIN cleanvar
9 # KEYWORD: nojail shutdown
15 start_cmd="jail_start"
19 # Initialize the various jail variables for jail _j.
26 warn "init_variables: you must specify a jail"
30 eval _rootdir=\"\$jail_${_j}_rootdir\"
31 _devdir="${_rootdir}/dev"
32 _fdescdir="${_devdir}/fd"
33 _procdir="${_rootdir}/proc"
34 eval _hostname=\"\$jail_${_j}_hostname\"
35 eval _ip=\"\$jail_${_j}_ip\"
36 eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
37 eval _exec=\"\$jail_${_j}_exec\"
38 eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
42 eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\"
43 [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break
47 eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
48 if [ -n "${_exec}" ]; then
49 # simple/backward-compatible execution
50 _exec_start="${_exec}"
54 if [ -z "${_exec_start}" ]; then
55 _exec_start="/bin/sh /etc/rc"
56 if [ -z "${_exec_stop}" ]; then
57 _exec_stop="/bin/sh /etc/rc.shutdown"
62 # The default jail ruleset will be used by rc.subr if none is specified.
63 eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
64 eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
65 [ -z "${_devfs}" ] && _devfs="NO"
66 eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
67 [ -z "${_fdescfs}" ] && _fdescfs="NO"
68 eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
69 [ -z "${_procfs}" ] && _procfs="NO"
71 eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
72 [ -z "${_mount}" ] && _mount="NO"
73 # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
74 eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
75 [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
76 eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
77 [ -z "${_flags}" ] && _flags="-l -U root"
81 debug "$_j devfs enable: $_devfs"
82 debug "$_j fdescfs enable: $_fdescfs"
83 debug "$_j procfs enable: $_procfs"
84 debug "$_j mount enable: $_mount"
85 debug "$_j hostname: $_hostname"
87 debug "$_j interface: $_interface"
88 debug "$_j root: $_rootdir"
89 debug "$_j devdir: $_devdir"
90 debug "$_j fdescdir: $_fdescdir"
91 debug "$_j procdir: $_procdir"
92 debug "$_j ruleset: $_ruleset"
93 debug "$_j fstab: $_fstab"
94 debug "$_j exec start: $_exec_start"
98 eval out=\"\${_exec_afterstart${i}:-''}\"
100 if [ -z "$out" ]; then
104 debug "$_j exec after start #${i}: ${out}"
108 debug "$_j exec stop: $_exec_stop"
109 debug "$_j flags: $_flags"
111 if [ -z "${_hostname}" ]; then
112 err 3 "$name: No hostname has been defined for ${_j}"
114 if [ -z "${_rootdir}" ]; then
115 err 3 "$name: No root directory has been defined for ${_j}"
117 if [ -z "${_ip}" ]; then
118 err 3 "$name: No IP address has been defined for ${_j}"
123 # set_sysctl rc_knob mib msg
124 # If the mib sysctl is set according to what rc_knob
125 # specifies, this function does nothing. However if
126 # rc_knob is set differently than mib, then the mib
127 # is set accordingly and msg is displayed followed by
128 # an '=" sign and the word 'YES' or 'NO'.
136 _current=`${SYSCTL} -n $_mib 2>/dev/null`
137 if checkyesno $_knob ; then
138 if [ "$_current" -ne 1 ]; then
139 echo -n " ${_msg}=YES"
140 ${SYSCTL_W} 1>/dev/null ${_mib}=1
143 if [ "$_current" -ne 0 ]; then
144 echo -n " ${_msg}=NO"
145 ${SYSCTL_W} 1>/dev/null ${_mib}=0
151 # This function unmounts certain special filesystems in the
152 # currently selected jail. The caller must call the init_variables()
153 # routine before calling this one.
157 if checkyesno _fdescfs; then
158 if [ -d "${_fdescdir}" ] ; then
159 umount -f ${_fdescdir} >/dev/null 2>&1
162 if checkyesno _devfs; then
163 if [ -d "${_devdir}" ] ; then
164 umount -f ${_devdir} >/dev/null 2>&1
167 if checkyesno _procfs; then
168 if [ -d "${_procdir}" ] ; then
169 umount -f ${_procdir} >/dev/null 2>&1
172 if checkyesno _mount; then
173 [ -f "${_fstab}" ] || warn "${_fstab} does not exist"
174 umount -a -F "${_fstab}" >/dev/null 2>&1
180 echo -n 'Configuring jails:'
181 set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \
183 set_sysctl jail_socket_unixiproute_only \
184 security.jail.socket_unixiproute_only unixiproute_only
185 set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \
189 echo -n 'Starting jails:'
190 _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \
191 err 3 "$name: Can't create temp dir, exiting..."
192 for _jail in ${jail_list}
194 init_variables $_jail
195 if [ -f /var/run/jail_${_jail}.id ]; then
196 echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
199 if [ -n "${_interface}" ]; then
200 ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
202 if checkyesno _mount; then
203 info "Mounting fstab for jail ${_jail} (${_fstab})"
204 if [ ! -f "${_fstab}" ]; then
205 err 3 "$name: ${_fstab} does not exist"
207 mount -a -F "${_fstab}"
209 if checkyesno _devfs; then
210 # If devfs is already mounted here, skip it.
211 df -t devfs "${_devdir}" >/dev/null
212 if [ $? -ne 0 ]; then
213 info "Mounting devfs on ${_devdir}"
214 devfs_mount_jail "${_devdir}" ${_ruleset}
215 # Transitional symlink for old binaries
216 if [ ! -L "${_devdir}/log" ]; then
219 ln -sf ../var/run/log log
224 # XXX - It seems symlinks don't work when there
225 # is a devfs(5) device of the same name.
226 # Jail console output
229 # ln -sf ../var/log/console console
232 if checkyesno _fdescfs; then
233 info "Mounting fdescfs on ${_fdescdir}"
234 mount -t fdescfs fdesc "${_fdescdir}"
236 if checkyesno _procfs; then
237 info "Mounting procfs onto ${_procdir}"
238 if [ -d "${_procdir}" ] ; then
239 mount -t procfs proc "${_procdir}"
242 _tmp_jail=${_tmp_dir}/jail.$$
243 eval jail ${_flags} -i ${_rootdir} ${_hostname} \
244 ${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
246 if [ "$?" -eq 0 ] ; then
247 _jail_id=$(head -1 ${_tmp_jail})
250 eval out=\"\${_exec_afterstart${i}:-''}\"
252 if [ -z "$out" ]; then
256 jexec "${_jail_id}" ${out}
260 echo -n " $_hostname"
261 tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
262 echo ${_jail_id} > /var/run/jail_${_jail}.id
265 if [ -n "${jail_interface}" ]; then
266 ifconfig ${jail_interface} -alias ${jail_ip}
268 echo " cannot start jail \"${_jail}\": "
279 echo -n 'Stopping jails:'
280 for _jail in ${jail_list}
282 if [ -f "/var/run/jail_${_jail}.id" ]; then
283 _jail_id=$(cat /var/run/jail_${_jail}.id)
284 if [ ! -z "${_jail_id}" ]; then
285 init_variables $_jail
286 if [ -n "${_exec_stop}" ]; then
287 eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
288 >> ${_rootdir}/var/log/console.log 2>&1
290 killall -j ${_jail_id} -TERM > /dev/null 2>&1
292 killall -j ${_jail_id} -KILL > /dev/null 2>&1
294 echo -n " $_hostname"
296 if [ -n "${_interface}" ]; then
297 ifconfig ${_interface} -alias ${_ip}
299 rm /var/run/jail_${_jail}.id
301 echo " cannot stop jail ${_jail}. No jail id in /var/run"
309 if [ $# -gt 0 ]; then
315 run_rc_command "${cmd}"