little progress on start/build devfs ruleset

This commit is contained in:
yo 2022-06-18 16:10:10 +02:00
parent d4f6b9ddc7
commit e84c43c759

View File

@ -14,7 +14,6 @@ import (
) )
// FIXME : Do not work?! // FIXME : Do not work?!
// We cant use internalName as the value exist only when jail is running
func setJailConfigUpdated(jail *Jail) error { func setJailConfigUpdated(jail *Jail) error {
if len(jail.ConfigPath) == 0 { if len(jail.ConfigPath) == 0 {
return errors.New(fmt.Sprintf("No config path for jail %s", jail.Name)) return errors.New(fmt.Sprintf("No config path for jail %s", jail.Name))
@ -450,7 +449,7 @@ func genNatIpv4(jail *Jail) ([]string, error) {
} }
// WIP 06/06/2022 // WIP 06/06/2022
func getDevfsRuleSet(jail *Jail) error { func getDevfsRuleSet(jail *Jail) (error, int) {
rulesets := []int{} rulesets := []int{}
// TODO : Could be replaced by "add include $devfsrules_unhide_login" (see /etc/devfs.rules) // TODO : Could be replaced by "add include $devfsrules_unhide_login" (see /etc/devfs.rules)
/*default_devs := [47]string {"hide", "null", "zero", "crypto", "random", "urandom", "ptyp*", /*default_devs := [47]string {"hide", "null", "zero", "crypto", "random", "urandom", "ptyp*",
@ -463,7 +462,7 @@ func getDevfsRuleSet(jail *Jail) error {
// Get known rulesets // Get known rulesets
out, err := executeCommand("devfs rule showsets") out, err := executeCommand("devfs rule showsets")
if err != nil { if err != nil {
return errors.New(fmt.Sprintf("Error executing command \"devfs rule showsets\": %v; command returned: %s\n", err, out)) return errors.New(fmt.Sprintf("Error executing command \"devfs rule showsets\": %v; command returned: %s\n", err, out)), 0
} }
srs := strings.Split(out, "\n") srs := strings.Split(out, "\n")
for _, i := range srs { for _, i := range srs {
@ -485,13 +484,13 @@ func getDevfsRuleSet(jail *Jail) error {
// User configured devfs_ruleset. Clone it to a dynamic ruleset (TODO : why cant we use the ruleset as it?) // User configured devfs_ruleset. Clone it to a dynamic ruleset (TODO : why cant we use the ruleset as it?)
if jail.Config.Devfs_ruleset != string(DEVFS_DEFAULT_RULESET) { if jail.Config.Devfs_ruleset != string(DEVFS_DEFAULT_RULESET) {
if false == isStringInArray(srs, jail.Config.Devfs_ruleset) { if false == isStringInArray(srs, jail.Config.Devfs_ruleset) {
return errors.New(fmt.Sprintf("Unknown ruleset: %s", jail.Config.Devfs_ruleset)) return errors.New(fmt.Sprintf("Unknown ruleset: %s", jail.Config.Devfs_ruleset)), 0
} }
cmd := fmt.Sprintf("devfs rule -s %d show", jail.Config.Devfs_ruleset) cmd := fmt.Sprintf("devfs rule -s %d show", jail.Config.Devfs_ruleset)
out, err := executeCommand(cmd) out, err := executeCommand(cmd)
if err != nil { if err != nil {
return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out)) return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out)), 0
} }
for _, r := range strings.Split(out, "\n") { for _, r := range strings.Split(out, "\n") {
@ -499,15 +498,21 @@ func getDevfsRuleSet(jail *Jail) error {
cmd = fmt.Sprintf("devfs rule -s %d add %s %s %s", ruleset, rt[1], rt[2], rt[3]) cmd = fmt.Sprintf("devfs rule -s %d add %s %s %s", ruleset, rt[1], rt[2], rt[3])
out, err := executeCommand(cmd) out, err := executeCommand(cmd)
if err != nil { if err != nil {
return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out)) return errors.New(fmt.Sprintf("Error executing command \"%s\": %v; command returned: %s\n", cmd, err, out)), 0
} }
} }
return nil, ruleset
} }
// WIP // WIP
// Create a default dynamic ruleset // Create a default dynamic ruleset from
return nil // TODO: Get default devfs_ruleset from gDefaultConfig[datastore]
//def_devfs_inc := []string{"devfsrules_hide_all", "devfsrules_unhide_basic", "devfsrules_unhide_login"}
// TODO : update ruleset return value
return nil, 0
} }
/* /*
@ -745,12 +750,13 @@ func StartJail(args []string) {
} }
// WIP 06/06/2022 // WIP 06/06/2022
err = getDevfsRuleSet(cj) err, rs := getDevfsRuleSet(cj)
if err != nil { if err != nil {
fmt.Printf("%s\n", err.Error()) fmt.Printf("%s\n", err.Error())
return return
} }
// CONTINUE HERE // CONTINUE HERE
fmt.Printf("Built ruleset: %d\n", rs)
/* /*