WIP on gocage start : dynamic devfs rulesets
This commit is contained in:
parent
203c4bff3b
commit
29e8736fbc
81
cmd/start.go
81
cmd/start.go
@ -449,6 +449,67 @@ func genNatIpv4(jail *Jail) ([]string, error) {
|
|||||||
return ippair, nil
|
return ippair, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WIP 06/06/2022
|
||||||
|
func getDevfsRuleSet(jail *Jail) error {
|
||||||
|
rulesets := []int{}
|
||||||
|
// TODO : Could be replaced by "add include $devfsrules_unhide_login" (see /etc/devfs.rules)
|
||||||
|
/*default_devs := [47]string {"hide", "null", "zero", "crypto", "random", "urandom", "ptyp*",
|
||||||
|
"ptyq*", "ptyr*", "ptys*", "ptyP*", "ptyQ*", "ptyR*", "ptyS*", "ptyl*",
|
||||||
|
"ptym*", "ptyn*", "ptyo*", "ptyL*", "ptyM*", "ptyN*", "pty0*", "ttyp*",
|
||||||
|
"ttyq*", "ttyr*", "ttys*", "ttyP*", "ttyQ*", "ttyR*", "ttyS*", "ttyl*",
|
||||||
|
"ttym*", "ttyn*", "ttyo*", "ttyL*", "ttyM*", "ttyN*", "tty0*", "ptmx",
|
||||||
|
"pts", "pts/*", "fd", "fd/*", "stdin", "stdout", "stderr", "zfs"}
|
||||||
|
*/
|
||||||
|
// Get known rulesets
|
||||||
|
out, err := executeCommand("devfs rule showsets")
|
||||||
|
if err != nil {
|
||||||
|
return errors.New(fmt.Sprintf("Error executing command \"devfs rule showsets\": %v; command returned: %s\n", err, out))
|
||||||
|
}
|
||||||
|
srs := strings.Split(out, "\n")
|
||||||
|
for _, i := range srs {
|
||||||
|
j, err := strconv.Atoi(i)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
rulesets = append(rulesets, j)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Build a dynamic ruleset
|
||||||
|
ruleset := MIN_DYN_DEVFS_RULESET
|
||||||
|
for _, r := range rulesets {
|
||||||
|
if ruleset == r {
|
||||||
|
ruleset++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// User configured devfs_ruleset. Clone it to a dynamic ruleset (TODO : why cant we use the ruleset as it?)
|
||||||
|
if jail.Config.Devfs_ruleset != string(DEVFS_DEFAULT_RULESET) {
|
||||||
|
if false == isStringInArray(srs, jail.Config.Devfs_ruleset) {
|
||||||
|
return errors.New(fmt.Sprintf("Unknown ruleset: %s", jail.Config.Devfs_ruleset))
|
||||||
|
}
|
||||||
|
|
||||||
|
cmd := fmt.Sprintf("devfs rule -s %d show", jail.Config.Devfs_ruleset)
|
||||||
|
out, err := executeCommand(cmd)
|
||||||
|
if err != nil {
|
||||||
|
return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out))
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, r := range strings.Split(out, "\n") {
|
||||||
|
rt := strings.Split(r, " ")
|
||||||
|
cmd = fmt.Sprintf("devfs rule -s %d add %s %s %s", ruleset, rt[1], rt[2], rt[3])
|
||||||
|
out, err := executeCommand(cmd)
|
||||||
|
if err != nil {
|
||||||
|
return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// WIP
|
||||||
|
// Create a default dynamic ruleset
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Start jail:
|
Start jail:
|
||||||
Check jail fstab?
|
Check jail fstab?
|
||||||
@ -671,8 +732,26 @@ func StartJail(args []string) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// CONTINUE HERE
|
|
||||||
// See https://github.com/iocage/iocage/blob/e94863d4c54f02523fb09e62e48be7db9ac92eda/iocage_lib/ioc_start.py:401
|
// See https://github.com/iocage/iocage/blob/e94863d4c54f02523fb09e62e48be7db9ac92eda/iocage_lib/ioc_start.py:401
|
||||||
|
if cj.Config.Vnet == 0 {
|
||||||
|
// Not supported
|
||||||
|
fmt.Printf("Only VNet jails supported\n")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
var net []string
|
||||||
|
if false == strings.EqualFold(cj.Config.Vnet_interfaces, "none") {
|
||||||
|
net = append(net, strings.Split(cj.Config.Vnet_interfaces, " ")...)
|
||||||
|
}
|
||||||
|
|
||||||
|
// WIP 06/06/2022
|
||||||
|
err = getDevfsRuleSet(cj)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Printf("%s\n", err.Error())
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// CONTINUE HERE
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
||||||
|
Loading…
Reference in New Issue
Block a user