diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2009-03-24 03:05:41 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2009-03-24 03:05:41 +0000 |
| commit | df19d98434bb415fe852d9c79093d23f0a6ebbd9 (patch) | |
| tree | 3e28b852d2b8a98eeb6e6ef352ce5252707d2931 /etc | |
| parent | 2dac45d510afb33a4d825b5b56dd59d287ff019a (diff) | |
MFC r181114, make sure services and protocols are in the chroot /etc
MFC r188293, improve handling of chroot inside of a jail
Notes
Notes:
svn path=/stable/6/; revision=190365
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.d/named | 42 |
1 files changed, 32 insertions, 10 deletions
diff --git a/etc/rc.d/named b/etc/rc.d/named index 7466739abcbc..e40a464b3d99 100755 --- a/etc/rc.d/named +++ b/etc/rc.d/named @@ -32,6 +32,8 @@ stop_postcmd="named_poststop" # chroot_autoupdate() { + local file + # Create (or update) the chroot directory structure # if [ -r /etc/mtree/BIND.chroot.dist ]; then @@ -59,17 +61,32 @@ chroot_autoupdate() # Mount a devfs in the chroot directory if needed # - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from" \ + "within a jail. Thus a chrooted named cannot" \ + "be run from within a jail." \ + "To run named without chrooting it, set" \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi - # Copy local timezone information if it is not up to date. + # Copy and/or update key files to the chroot /etc # - if [ -r /etc/localtime ]; then - cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || - cp -p /etc/localtime "${named_chrootdir}/etc/localtime" - fi + for file in localtime protocols services; do + if [ -r /etc/$file ]; then + cmp -s /etc/$file "${named_chrootdir}/etc/$file" || + cp -p /etc/$file "${named_chrootdir}/etc/$file" + fi + done } # Make symlinks to the correct pid file @@ -109,7 +126,12 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi } |