-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathFreeBSDJail.cc
117 lines (98 loc) · 2.66 KB
/
FreeBSDJail.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
* Copyright (c) 2016 Mark Heily <[email protected]>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <iostream>
extern "C" {
#include <err.h>
#include <unistd.h>
}
#include "fileUtil.h"
#include "FreeBSDJail.hpp"
#include "jail_getid.h"
#include "logger.h"
#include "shell.h"
FreeBSDJail::FreeBSDJail()
{
}
bool FreeBSDJail::isRunning()
{
if (jail_getid(jailName.c_str()) < 0) {
return false;
} else {
return true;
}
}
void FreeBSDJail::enter()
{
int jid = jail_getid(jailName.c_str());
if (jid < 0) {
throw std::runtime_error("unable to get jail ID");
}
if (jail_attach(jid) < 0) {
log_errno("jail_attach(2) to jid %d", jid);
throw std::system_error(errno, std::system_category());
}
}
void FreeBSDJail::start()
{
int rv;
Shell::execute("/usr/sbin/jail", {
"-i",
"-c", "name=" + jailName,
"host.hostname=" + hostname,
"path=" + chrootDir,
"ip4=inherit",
"mount.devfs",
#if __FreeBSD__ >= 11
"sysvmsg=new",
"sysvsem=new",
"sysvshm=new",
#endif
"persist",
}, rv);
if (rv != 0) {
log_error("jail(1) failed; rv=%d", rv);
throw std::runtime_error("jail(1) failed");
}
}
void FreeBSDJail::stop()
{
}
void FreeBSDJail::unpack(const std::string& archivePath)
{
log_debug("unpacking %s", archivePath.c_str());
SetuidHelper::raisePrivileges();
Shell::execute("/usr/bin/tar", { "-C", chrootDir, "-xf", archivePath });
SetuidHelper::lowerPrivileges();
}
void FreeBSDJail::mountAll()
{
}
void FreeBSDJail::unmountAll()
{
// for now, mounted by jail(1)
#if 0
int unmount_flags = 0; // Future: might support MNT_FORCE
log_debug("unmounting /dev");
FileUtil::unmount(std::string(chrootDir + "/dev"), unmount_flags);
#endif
#if 0
//FIXME: roomOptions not known to Container class
if (roomOptions.kernelABI == "Linux") {
Shell::execute("/sbin/umount", { chrootDir + "/proc" });
Shell::execute("/sbin/umount", { chrootDir + "/sys" });
}
#endif
}