WIP: checks before starting jail
This commit is contained in:
parent
e0f371693a
commit
4f85f2e6ac
51
cmd/start.go
51
cmd/start.go
@ -256,10 +256,10 @@ func prepareJailedZfsDatasets(jail *Jail) error {
|
|||||||
func StartJail(args []string) {
|
func StartJail(args []string) {
|
||||||
// jail we have to start
|
// jail we have to start
|
||||||
var cj *Jail
|
var cj *Jail
|
||||||
|
|
||||||
for _, j := range args {
|
for _, j := range args {
|
||||||
fmt.Printf("> Starting jail %s\n", j)
|
fmt.Printf("> Starting jail %s\n", j)
|
||||||
|
|
||||||
for i, rj := range gJails {
|
for i, rj := range gJails {
|
||||||
if rj.Name == j {
|
if rj.Name == j {
|
||||||
// Get jail reference, not a copy of it; So we can modify attributes
|
// Get jail reference, not a copy of it; So we can modify attributes
|
||||||
@ -271,12 +271,49 @@ func StartJail(args []string) {
|
|||||||
fmt.Printf("Jail not found: %s\n", j)
|
fmt.Printf("Jail not found: %s\n", j)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if cj.Running == true {
|
if cj.Running == true {
|
||||||
fmt.Printf("Jail %s is already running!\n", cj.Name)
|
fmt.Printf("Jail %s is already running!\n", cj.Name)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(cj.hostid) > 0 && cj.Hostid_strict_check == true {
|
||||||
|
hostid, err := ioutil.ReadFile("/etc/hostid")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
hostid = []byte(strings.Replace(string(hostid), "\n", "", -1))
|
||||||
|
if strings.EqualFold(hostid, cj.hostid) == false {
|
||||||
|
fmt.Printf("hostid is not matching and hostid_strict_check is on. Not starting jail.\n")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var props_missing []string
|
||||||
|
// DHCP can also be set with "DHCP" value in ip4_addr
|
||||||
|
if cj.Dhcp == true || strings.EqualFold(cj.Ip4_addr, "DHCP") == true {
|
||||||
|
if cj.Bpf == 0 {
|
||||||
|
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires bpf", cj.Name))
|
||||||
|
}
|
||||||
|
if cj.Vnet == 0 {
|
||||||
|
props_missing = append(props_missing, fmt.Sprintf("%s: dhcp requires vnet", cj.Name))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// TODO : Check that this nat_forwards exemple is OK :
|
||||||
|
// tcp(80:8080),tcp(3300-3310:33060-33070)
|
||||||
|
// If OK, it should map jail port 80 to 8080 on the host
|
||||||
|
// and range 3300-3310 on jail to 33060-33070 on the host
|
||||||
|
if cj.Nat > 0 && strings.EqualFold(cj.Nat_forwards, "none") == false {
|
||||||
|
// If NAT && port forwarding is enabled, check that port does not conflict
|
||||||
|
// with another running jail
|
||||||
|
for _, j := range gJails {
|
||||||
|
if j.Running == false {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
// TODO : check!
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fmt.Printf(" > Mount special filesystems:\n")
|
fmt.Printf(" > Mount special filesystems:\n")
|
||||||
err := mountAllJailFsFromHost(cj)
|
err := mountAllJailFsFromHost(cj)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -284,7 +321,7 @@ func StartJail(args []string) {
|
|||||||
} else {
|
} else {
|
||||||
fmt.Printf(" > Mount special filesystems: OK\n")
|
fmt.Printf(" > Mount special filesystems: OK\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cj.Config.Jail_zfs > 0 {
|
if cj.Config.Jail_zfs > 0 {
|
||||||
fmt.Printf(" > Prepare ZFS Datasets:\n")
|
fmt.Printf(" > Prepare ZFS Datasets:\n")
|
||||||
err := prepareJailedZfsDatasets(cj)
|
err := prepareJailedZfsDatasets(cj)
|
||||||
@ -294,8 +331,8 @@ func StartJail(args []string) {
|
|||||||
fmt.Printf(" > Prepare ZFS Datasets: OK\n")
|
fmt.Printf(" > Prepare ZFS Datasets: OK\n")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
|
||||||
if err == nil && len(out) > 0 {
|
if err == nil && len(out) > 0 {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user