yo/gocage
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Delete dynamic ruleset, obtained from /var/run/jail.$InternalName.conf

Browse Source
This commit is contained in:
yo 2022-06-26 20:03:08 +02:00
parent 745811c39b
commit 92d8beb58f
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cmd/stop.go
View File

@ -9,6 +9,7 @@ import (
"regexp" "regexp"
// "reflect" // "reflect"
"strings" "strings"
"strconv"
) )
// TODO : Use SYS_RCTL_GET_RACCT syscall // TODO : Use SYS_RCTL_GET_RACCT syscall
@ -82,7 +83,8 @@ func destroyVNetInterfaces(jail *Jail) error {
for _, i := range strings.Split(jail.Config.Ip4_addr, ",") { for _, i := range strings.Split(jail.Config.Ip4_addr, ",") {
iname := fmt.Sprintf("%s.%d", strings.Split(i, "|")[0], jail.JID) iname := fmt.Sprintf("%s.%d", strings.Split(i, "|")[0], jail.JID)
fmt.Printf("%s: ", iname) fmt.Printf("%s: ", iname)
_, err := executeCommand(fmt.Sprintf("ifconfig %s destroy >/dev/null", iname)) _, err := executeCommand(fmt.Sprintf("ifconfig %s destroy", iname))
//_, err := executeScript(fmt.Sprintf("ifconfig %s destroy >/dev/null 2>&1", iname))
if err != nil { if err != nil {
return err return err
} else { } else {
@ -99,16 +101,17 @@ func destroyVNetInterfaces(jail *Jail) error {
// or else it will require a restart of "devfs" service. // or else it will require a restart of "devfs" service.
// But, stoppign the jail already removes this >1000 ID. // But, stoppign the jail already removes this >1000 ID.
// So no need to call this function. // So no need to call this function.
func deleteDevfsRuleset(jail *Jail) error { func deleteDevfsRuleset(ruleset int) error {
cmd := "devfs rule showsets" cmd := "devfs rule showsets"
out, err := executeCommand(cmd) out, err := executeCommand(cmd)
if err != nil { if err != nil {
return errors.New(fmt.Sprintf("ERROR listing rulesets: %s", err.Error())) return errors.New(fmt.Sprintf("ERROR listing rulesets: %s", err.Error()))
} }
rs := strconv.Itoa(ruleset)
for _, r := range strings.Split(out, "\n") { for _, r := range strings.Split(out, "\n") {
if r == jail.Config.Devfs_ruleset { if r == rs {
cmd := fmt.Sprintf("devfs rule -s %s delset", jail.Config.Devfs_ruleset) cmd := fmt.Sprintf("devfs rule -s %d delset", ruleset)
_, err := executeCommand(cmd) _, err := executeCommand(cmd)
return err return err
} }
@ -189,8 +192,6 @@ func StopJail(args []string) {
var cj *Jail var cj *Jail
for _, j := range args { for _, j := range args {
fmt.Printf("> Stopping jail %s\n", j)
for _, rj := range gJails { for _, rj := range gJails {
if rj.Name == j { if rj.Name == j {
cj = &rj cj = &rj
@ -205,7 +206,9 @@ func StopJail(args []string) {
fmt.Printf("Jail %s is not running!\n", cj.Name) fmt.Printf("Jail %s is not running!\n", cj.Name)
continue continue
} }
fmt.Printf("> Stopping jail %s\n", j)
out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName)) out, err := executeCommand(fmt.Sprintf("rctl jail:%s", cj.InternalName))
if err == nil && len(out) > 0 { if err == nil && len(out) > 0 {
fmt.Printf(" > Remove RCTL rules:\n") fmt.Printf(" > Remove RCTL rules:\n")
@ -256,14 +259,21 @@ func StopJail(args []string) {
fmt.Printf(" > Destroy VNet interfaces: OK\n") fmt.Printf(" > Destroy VNet interfaces: OK\n")
} }
} }
/*fmt.Printf(" > Remove devfsruleset %s:\n", cj.Config.Devfs_ruleset) // Get currently used ruleset from /var/run/jail.$internal_name.conf
err = deleteDevfsRuleset(cj) ruleset, err := getValueFromRunningConfig(cj.InternalName, "devfs_ruleset")
if err != nil {
fmt.Printf("ERROR getting current devfs ruleset: %s\n", err.Error())
return
}
rsi, _ := strconv.Atoi(ruleset)
fmt.Printf(" > Remove devfs ruleset %d: \n", rsi)
err = deleteDevfsRuleset(rsi)
if err != nil { if err != nil {
fmt.Printf("ERROR: %s\n", err.Error()) fmt.Printf("ERROR: %s\n", err.Error())
} else { } else {
fmt.Printf(" > Remove devfsruleset %s: OK\n", cj.Config.Devfs_ruleset) fmt.Printf(" > Remove devfsruleset %d: OK\n", rsi)
}*/ }
fmt.Printf(" > Stop jail %s:\n", cj.Name) fmt.Printf(" > Stop jail %s:\n", cj.Name)
err = stopJail(cj) err = stopJail(cj)