WIP: checks before starting jail

This commit is contained in:
yo 2022-04-05 22:21:39 +02:00
parent e0f371693a
commit 4f85f2e6ac

View File

@ -277,6 +277,43 @@ func StartJail(args []string) {
continue continue
} }
if len(cj.hostid) > 0 && cj.Hostid_strict_check == true {
hostid, err := ioutil.ReadFile("/etc/hostid")
if err != nil {
return err
}
hostid = []byte(strings.Replace(string(hostid), "\n", "", -1))
if strings.EqualFold(hostid, cj.hostid) == false {
fmt.Printf("hostid is not matching and hostid_strict_check is on. Not starting jail.\n")
return
}
}
var props_missing []string
// DHCP can also be set with "DHCP" value in ip4_addr
if cj.Dhcp == true || strings.EqualFold(cj.Ip4_addr, "DHCP") == true {
if cj.Bpf == 0 {
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires bpf", cj.Name))
}
if cj.Vnet == 0 {
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires vnet", cj.Name))
}
}
// TODO : Check that this nat_forwards exemple is OK :
// tcp(80:8080),tcp(3300-3310:33060-33070)
// If OK, it should map jail port 80 to 8080 on the host
// and range 3300-3310 on jail to 33060-33070 on the host
if cj.Nat > 0 && strings.EqualFold(cj.Nat_forwards, "none") == false {
// If NAT && port forwarding is enabled, check that port does not conflict
// with another running jail
for _, j := range gJails {
if j.Running == false {
continue
}
// TODO : check!
}
}
fmt.Printf(" > Mount special filesystems:\n") fmt.Printf(" > Mount special filesystems:\n")
err := mountAllJailFsFromHost(cj) err := mountAllJailFsFromHost(cj)
if err != nil { if err != nil {