OpenSDE
/
opensde-nopast
3
0
Fork 0
Code Issues 6 Releases Activity
OpenSDE Framework (without history before r20070)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
518 Commits
26 Branches
0 Tags
4.1 MiB
Tree: 5f2790dd0c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5f2790dd0c'
${ noResults }
opensde-nopast/lib/jailing/jail-functions

189 lines
4.8 KiB
Raw Normal View History

* moved our trunk into the framework subproject git-svn-id: svn://svn.opensde.net/opensde/opensde/trunk@20073 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago
  1. jail_lib_needed() {
  2. ### $1 dirtree to search for +x files (usually $jail)
  3. ### $2 lib list file to add needed libs to
  5. tmplib=`mktemp`
  6. cp $2 $tmplib
  8. # Using ldd is not perfect (as I learned from Clifford) but
  9. # it's simple, usually works and extra libs and bins can be
  10. # hand added in specific_postmake
  11. find $1 -perm +111 -type f -exec ldd {} \; | grep -v 'not' | \
  12. grep -v "$1" | cut -d' ' -f3 >> $tmplib
  14. # Always needed
  15. echo /lib/libnss_files.so.2 >> $tmplib
  16. echo /lib/libnss_dns.so.2 >> $tmplib
  18. # Sorting to remove duplications (very high)
  19. sort -u $tmplib > $2
  21. rm -f $tmplib
  22. unset tmplib
  23. }
  26. jail_create() {
  27. ### Pseudo 00-dirtree
  29. # Path for external binaries
  30. [ -a $root/$jail/bin ] || mkdir -p $root/$jail/bin
  31. # Path for external libraries
  32. [ -a $root/$jail/lib ] || mkdir -p $root/$jail/lib
  33. [ -a $root/$jail/etc ] || mkdir -p $root/$jail/etc
  34. [ -a $root/$jail/var ] || mkdir -p $root/$jail/var
  35. [ -a $root/$jail/tmp ] || mkdir -p $root/$jail/tmp
  36. chmod 1777 $root/$jail/tmp
  37. [ -a $root/$jail/dev ] || mkdir -p $root/$jail/dev
  38. [ -a $root/$jail/dev/null ] || mknod -m 666 $root/$jail/dev/null c 1 3
  39. [ -a $root/$jail/dev/random ] || mknod -m 444 $root/$jail/dev/random c 1 8
  40. [ -a $root/$jail/dev/urandom ] || mknod -m 444 $root/$jail/dev/urandom c 1 9
  41. [ -a $root/$docdir ] || mkdir -p $root/$docdir
  43. ### END Pseudo 00-dirtree
  45. ### Make some base etc configuration if not already present
  47. if [ ! -f $root/$jail/etc/ld.so.conf ] ; then
  48. cat <<- EOT > $root/$jail/etc/ld.so.conf
  49. /lib
  50. /usr/lib
  51. EOT
  52. fi
  53. if [ ! -f $root/$jail/etc/nsswitch.conf ] ; then
  54. cat <<- EOT > $root/$jail/etc/nsswitch.conf
  55. passwd: files
  56. group: files
  57. shadow: files
  58. hosts: files dns
  59. EOT
  60. fi
  62. ### END Make some base etc configuration
  63. }
  65. jail_copy_needed_libs() {
  66. ### Copy needed libs in $root/$jail/lib if not already present
  68. tmp=`mktemp`
  69. jail_lib_needed $root/$jail $tmp
  70. if [ "$SDECFG_JAILING_LIBSAFE" = 1 -a \
  71. "$pkg_libsafe_support" = 1 ] ; then
  72. echo "/lib/libsafe.so.2" >> $tmp
  73. grep "/lib/libsafe.so.2" $root/$jail/etc/ld.so.preload > \
  74. /dev/null 2>&1 || echo "/lib/libsafe.so.2" >> \
  75. $root/$jail/etc/ld.so.preload
  76. fi
  77. for x in `grep -v $jail $tmp` ; do
  78. [ -f $root/$jail/lib/${x##*/} ] || cp -vf $x $root/$jail/lib
  79. done
  80. rm -f $tmp
  81. unset tmp x
  83. ldconfig -r $root/$jail
  85. ### END Copy needed libs
  86. }
  89. # Ensure given users are present in jail and if not add them
  90. # needed groups are added too.
  91. jail_ensure_users() {
  92. if [ "$jail" ] ; then
  93. for user_name in "$@" ; do
  94. if ! grep "^$user_name:" $root/$jail/etc/passwd \
  95. > /dev/null 2>&1 ; then
  96. # Add group to jail
  97. grep "^$user_name:" /etc/passwd >> \
  98. $root/$jail/etc/passwd || true
  99. jail_ensure_gids `grep "^$user_name:" /etc/passwd | cut -d":" -f4`
  100. fi
  101. done
  102. fi
  103. unset user_name
  104. }
  107. # Ensure given groups gid are present in jail and if not add them.
  108. jail_ensure_groups() {
  109. if [ "$jail" ] ; then
  110. for group_name in "$@" ; do
  111. if ! grep "^$group_name:" $root/$jail/etc/group \
  112. > /dev/null 2>&1 ; then
  113. # Add group to jail
  114. grep "^$group_name:" /etc/group >> \
  115. $root/$jail/etc/group || true
  116. fi
  117. done
  118. fi
  119. unset group_name
  120. }
  123. # Ensure given groups gid are present in jail and if not add them.
  124. jail_ensure_gids() {
  125. if [ "$jail" ] ; then
  126. for gid in "$@" ; do
  127. if ! grep ":$gid:" $root/$jail/etc/group \
  128. > /dev/null 2>&1 ; then
  129. # Add group to jail
  130. grep ":$gid:" /etc/group >> \
  131. $root/$jail/etc/group || true
  132. fi
  133. done
  134. fi
  135. unset gid
  136. }
  139. # This function sets the 'confopt' and some other variables.
  140. #
  141. jail_set_confopt() {
  142. if [ "$destvar" ] ; then
  143. prefix=$root/usr
  144. sysconfdir="$root/etc"
  145. localstatedir="$root/var"
  146. else
  147. prefix="$root/$jail/usr"
  148. sysconfdir="$root/$jail/etc"
  149. localstatedir="$root/$jail/var"
  150. fi
  152. bindir="$prefix/bin"
  153. sbindir="$prefix/sbin"
  154. libdir="$prefix/lib"
  155. docdir="$prefix/doc/$pkg"
  156. datadir="$prefix/share"
  157. infodir="$prefix/info"
  158. mandir="$prefix/man"
  159. includedir="$root/include"
  161. confopt="--prefix=$prefix"
  162. confopt="$confopt --bindir=\$bindir"
  163. confopt="$confopt --sbindir=\$sbindir"
  164. confopt="$confopt --libdir=\$libdir"
  165. confopt="$confopt --datadir=\$datadir"
  166. confopt="$confopt --infodir=\$infodir"
  167. confopt="$confopt --mandir=\$mandir"
  168. confopt="$confopt --sysconfdir=\$sysconfdir"
  169. confopt="$confopt --localstatedir=\$localstatedir"
  170. confopt="$confopt --includedir=\$includedir"
  172. if [ "$SDECFG_CONFIGURE_OPTS" ] ; then
  173. confopt="$confopt $SDECFG_CONFIGURE_OPTS"
  174. fi
  176. if [ "$SDECFG_DEBUG" = 0 ] ; then
  177. confopt="$confopt --disable-debug"
  178. else
  179. confopt="$confopt --enable-debug"
  180. fi
  182. if ! atstage native || [ "$SDECFG_DISABLE_NLS" = 1 ] ; then
  183. confopt="${confopt//--enable-nls/} --disable-nls"
  184. fi
  186. confopt="$confopt \$extraconfopt"
  187. confopt="$confopt --build=\$arch_build --host=\$arch_target"
  188. }