Changeset cea595b


Ignore:
Timestamp:
05/28/13 08:06:30 (19 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, 9.2-release, releng/10.0, releng/10.0.1, releng/10.0.2, releng/10.0.3, releng/10.1
Children:
0314e57
Parents:
27628ad
Message:

Make the "vnet" support in Warden optional now, can be enabled / disabled
per jail.

Location:
src-sh/warden
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • src-sh/warden/bin/warden

    rfda1ea4 rcea595b  
    119119Available options: 
    120120 
    121               ipv4: Lets you set the IPv4 address for this jail 
    122               ipv6: Lets you set the IPv6 address for this jail 
    123         alias-ipv4: Lets you set additional IPv4 addresses for this jail 
    124         alias-ipv6: Lets you set additional IPv6 addresses for this jail 
    125        bridge-ipv4: Lets you set the vnet bridge IPv4 address for this jail 
    126        bridge-ipv6: Lets you set the vnet bridge IPv6 address for this jail 
    127  alias-bridge-ipv4: Lets you set additional vnet bridge IPv4 addresses for this jail 
    128  alias-bridge-ipv6: Lets you set additional vnet bridge IPv6 addresses for this jail 
    129 defaultrouter-ipv4: Lets you set the default IPv4 router for this jail 
    130 defaultrouter-ipv6: Lets you set the default IPv6 router for this jail 
    131         flags: Lets you set additional flags to pass to the 'jail' command at startup 
     121              ipv4: Set the IPv4 address for this jail 
     122              ipv6: Set the IPv6 address for this jail 
     123        alias-ipv4: Set additional IPv4 addresses for this jail 
     124        alias-ipv6: Set additional IPv6 addresses for this jail 
     125       bridge-ipv4: Set the vnet bridge IPv4 address for this jail 
     126       bridge-ipv6: Set the vnet bridge IPv6 address for this jail 
     127 alias-bridge-ipv4: Set additional vnet bridge IPv4 for this jail 
     128 alias-bridge-ipv6: Set additional vnet bridge IPv6 for this jail 
     129defaultrouter-ipv4: Set the default vnet IPv4 router for this jail 
     130defaultrouter-ipv6: Set the default vnet IPv6 router for this jail 
     131             flags: Set additional flags to pass to the 'jail' command  
     132       vnet-enable: Enables vnet support for the jail 
     133      vnet-disable: Disables vnet support for this jail 
    132134 
    133135Usage: 
     
    144146 
    145147  warden set flags myjail allow.raw_sockets=true,allow.chflags=true 
     148 
     149  warden set vnet-enable myjail 
    146150" 
    147151}; 
     
    820824          flags) EXTRAFLAGS="${4}" 
    821825                 echo $EXTRAFLAGS | sed 's|,| |g' > "${JMETADIR}/jail-flags" 
    822                 ;; 
     826                 ;; 
     827    vnet-enable) touch "${JMETADIR}/vnet" ;; 
     828    vnet-disable) rm "${JMETADIR}/vnet" 2>/dev/null ;; 
    823829              *) exit_err "Invalid option!" ;; 
    824830           esac 
  • src-sh/warden/scripts/backend/listjails.sh

    ra68c384 rcea595b  
    8282  ID="`cat ${i}/id 2>/dev/null`" 
    8383  HOST="`cat ${i}/host 2>/dev/null`" 
     84  if [ -e "${i}/vnet" ] ; then 
     85    VNET="Enabled" 
     86  else 
     87    VNET="Disabled" 
     88  fi 
    8489 
    8590  # 
     
    171176defaultrouter-ipv6: ${GATEWAY6} 
    172177autostart: ${AUTO} 
     178vnet: ${VNET} 
    173179status: ${STATUS} 
    174180type: ${TYPE} 
  • src-sh/warden/scripts/backend/startjail.sh

    r96c50776 rcea595b  
    99# Source our variables 
    1010. ${PROGDIR}/scripts/backend/functions.sh 
     11 
     12start_jail_vimage() 
     13{ 
     14 
     15  BRIDGE= 
     16 
     17  # See if we need to create a new bridge, or use an existing one 
     18  _bridges=`get_bridge_interfaces` 
     19  if [ -n "${_bridges}" ] ; then 
     20     for _bridge in ${_bridges} 
     21     do 
     22        _members=`get_bridge_members ${_bridge}` 
     23        for _member in ${_members} 
     24        do  
     25           if [ "${_member}" = "${IFACE}" ] ; then 
     26              BRIDGE=${_bridge} 
     27              break 
     28           fi 
     29        done 
     30        if [ -n "${BRIDGE}" ] ; then 
     31           break 
     32        fi 
     33     done  
     34  fi 
     35 
     36  if [ -z "${BRIDGE}" ] ; then 
     37     BRIDGE=`ifconfig bridge create mtu ${MTU}` 
     38  fi  
     39  if [ -n "${IFACE}" ] ; then 
     40     if ! is_bridge_member "${BRIDGE}" "${IFACE}" ; then 
     41        ifconfig ${BRIDGE} addm ${IFACE} 
     42     fi 
     43  fi 
     44 
     45  # create epair for vimage jail 
     46  EPAIRA=`ifconfig epair create mtu ${MTU}` 
     47  ifconfig ${EPAIRA} up 
     48 
     49  EPAIRB=`echo ${EPAIRA}|sed -E "s/([0-9])a$/\1b/g"` 
     50  ifconfig ${BRIDGE} addm ${EPAIRA} up 
     51 
     52  # If no bridge specified, and IP4 is enabled, lets suggest one 
     53  if [ -z "$BRIDGEIP4" -a -n "$IP4" ] ; then 
     54     BRIDGEIP4="`echo $IP4 | cut -d '.' -f 1-3`.254" 
     55  fi 
     56 
     57  if [ -n "${BRIDGEIP4}" ] ; then 
     58     if ! ipv4_configured "${BRIDGE}" ; then 
     59        ifconfig ${BRIDGE} inet "${BRIDGEIP4}" 
     60 
     61     elif ! ipv4_address_configured "${BRIDGE}" "${BRIDGEIP4}" ; then 
     62        ifconfig ${BRIDGE} inet alias "${BRIDGEIP4}" 
     63     fi 
     64  fi 
     65  if [ -n "${BRIDGEIPS4}" ] ; then 
     66     for _ip in ${BRIDGEIPS4} 
     67     do 
     68        if ! ipv4_address_configured "${BRIDGE}" "${_ip}" ; then 
     69           ifconfig ${BRIDGE} inet alias "${_ip}" 
     70        fi  
     71     done 
     72  fi 
     73 
     74  if [ -n "${BRIDGEIP6}" ] ; then 
     75     if ! ipv6_configured "${BRIDGE}" ; then 
     76        ifconfig ${BRIDGE} inet6 "${BRIDGEIP6}" 
     77 
     78     elif ! ipv6_address_configured "${BRIDGE}" "${BRIDGEIP6}" ; then 
     79        ifconfig ${BRIDGE} inet6 alias "${BRIDGEIP6}" 
     80     fi 
     81  fi 
     82  if [ -n "${BRIDGEIPS6}" ] ; then 
     83     for _ip in ${BRIDGEIPS6} 
     84     do 
     85        if ! ipv6_address_configured "${BRIDGE}" "${_ip}" ; then 
     86           ifconfig ${BRIDGE} inet6 alias "${_ip}" 
     87        fi 
     88     done 
     89  fi 
     90 
     91  # Start the jail now 
     92  echo "jail -c path=${JAILDIR} host.hostname=${HOST} ${jFlags} persist vnet" 
     93  jail -c path=${JAILDIR} host.hostname=${HOST} ${jFlags} persist vnet 
     94  if [ $? -ne 0 ] ; then 
     95     echo "ERROR: Failed starting jail with above command..." 
     96     umountjailxfs "${JAILNAME}" 
     97     exit 1 
     98  fi 
     99 
     100  JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`" 
     101 
     102  # Move epairb into jail 
     103  ifconfig ${EPAIRB} vnet ${JID} 
     104 
     105  # Configure the IPv4 addresses 
     106  if [ -n "${IP4}" ] ; then 
     107     echo "Setting IP4 address: ${IP4}" 
     108     jexec ${JID} ifconfig ${EPAIRB} inet "${IP4}" 
     109  fi 
     110  for ip4 in ${IPS4} 
     111  do 
     112     ipv4_configured ${EPAIRB} ${JID} 
     113     if [ "$?" = "0" ] ; then 
     114        if ! ipv4_address_configured "${EPAIRB}" "${ip4}" "${JID}" ; then 
     115           jexec ${JID} ifconfig ${EPAIRB} inet alias ${ip4} 
     116        fi 
     117     else 
     118        jexec ${JID} ifconfig ${EPAIRB} inet ${ip4} 
     119     fi 
     120  done 
     121 
     122  # Configure the IPv6 addresses 
     123  if [ -n "${IP6}" ] ; then 
     124     echo "Setting IP6 address: ${IP6}" 
     125     jexec ${JID} ifconfig ${EPAIRB} inet6 "${IP4}" 
     126  fi 
     127  for ip6 in ${IPS6} 
     128  do 
     129     ipv6_configured ${EPAIRB} ${JID} 
     130     if [ "$?" = "0" ] ; then 
     131        if ! ipv6_address_configured "${EPAIRB}" "${ip6}" "${JID}" ; then 
     132           jexec ${JID} ifconfig ${EPAIRB} inet6 alias ${ip6} 
     133        fi 
     134     else 
     135        jexec ${JID} ifconfig ${EPAIRB} inet6 ${ip6} 
     136     fi 
     137  done 
     138 
     139  # 
     140  # Configure default IPv4 gateway  
     141  # 
     142  if [ -n "${GATEWAY4}" ] ; then 
     143     jexec ${JID} route add -inet default ${GATEWAY4} 
     144 
     145  # 
     146  # No defaultrouter configured for IPv4, so if bridge IP address was 
     147  # configured, we set the default router to that IP. 
     148  # 
     149  elif [ -n "${BRIDGEIP4}" ] ; then 
     150     get_ip_and_netmask "${BRIDGEIP4}" 
     151     jexec ${JID} route add -inet default ${JIP} 
     152  fi 
     153 
     154  # 
     155  # Configure default IPv6 gateway 
     156  # 
     157  if [ -n "${GATEWAY6}" ] ; then 
     158     jexec ${JID} route add -inet6 default ${GATEWAY6} 
     159 
     160  # 
     161  # No defaultrouter configured for IPv6, so if bridge IP address was 
     162  # configured, we set the default router to that IP. 
     163  # 
     164  elif [ -n "${BRIDGEIP6}" ] ; then 
     165     get_ip_and_netmask "${BRIDGEIP6}" 
     166     jexec ${JID} route add -inet6 default ${JIP} 
     167  fi 
     168 
     169  # 
     170  # Set ourself to be a jail router with NAT. Don't 
     171  # use PF since it will panic the box when used 
     172  # with VIMAGE. 
     173  # 
     174  ip_forwarding=`sysctl -n net.inet.ip.forwarding` 
     175  if [ "${ip_forwarding}" = "0" ] ; then 
     176     sysctl net.inet.ip.forwarding=1 
     177  fi 
     178 
     179  ip6_forwarding=`sysctl -n net.inet6.ip6.forwarding` 
     180  if [ "${ip6_forwarding}" = "0" ] ; then 
     181     sysctl net.inet6.ip6.forwarding=1 
     182  fi 
     183 
     184  firewall_enable=`egrep '^firewall_enable' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
     185  firewall_type=`egrep '^firewall_type' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
     186 
     187  if [ "${firewall_enable}" != "YES" -o "${firewall_type}" != "open" ] ; then 
     188     tmp_rcconf=`mktemp /tmp/.wdn.XXXXXX` 
     189     egrep -v '^firewall_(enable|type)' /etc/rc.conf >> "${tmp_rcconf}" 
     190 
     191     cat<<__EOF__>>"${tmp_rcconf}" 
     192firewall_enable="YES" 
     193firewall_type="open" 
     194__EOF__ 
     195 
     196     if [ -s "${tmp_rcconf}" ] ; then 
     197        cp /etc/rc.conf /var/tmp/rc.conf.bak 
     198        mv "${tmp_rcconf}" /etc/rc.conf 
     199        if [ "$?" != "0" ] ; then 
     200           mv /var/tmp/rc.conf.bak /etc/rc.conf 
     201        fi 
     202     fi 
     203     /etc/rc.d/ipfw forcerestart 
     204  fi 
     205 
     206  instance=`get_ipfw_nat_instance "${IFACE}"` 
     207  if [ -z "${instance}" ] ; then 
     208     priority=`get_ipfw_nat_priority` 
     209     instance=`get_ipfw_nat_instance` 
     210 
     211     ipfw "${priority}" add nat "${instance}" all from any to any 
     212     ipfw nat "${instance}" config if "${IFACE}" reset 
     213  fi 
     214# End of jail VIMAGE startup function 
     215} 
     216 
     217# Function to start a jail up the normal way 
     218start_jail_standard() 
     219{ 
     220  # Check for primary IPV4 / IPV6 
     221  if [ -n "$IP4" ] ; then 
     222    _ipflags="ip4.addr=${IP4}" 
     223    ifconfig $IFACE inet alias ${IP4} 
     224  fi 
     225  if [ -n "$IP6" ] ; then 
     226    _ipflags="${_ipflags} ip6.addr=${IP6}" 
     227    ifconfig $IFACE inet6 alias ${IP6} 
     228  fi 
     229 
     230  # Setup the extra IP4s for this jail 
     231  for _ip in $IPS4 
     232  do 
     233    ifconfig $IFACE inet alias ${_ip} 
     234    _ipflags="${_ipflags} ip4.addr=${_ip}" 
     235  done 
     236 
     237  # Setup the extra IP6s for this jail 
     238  for _ip in $IPS6 
     239  do 
     240    ifconfig $IFACE inet6 alias ${_ip} 
     241    _ipflags="${_ipflags} ip6.addr=${_ip}" 
     242  done 
     243 
     244  echo "jail -c path=${JAILDIR} ${_ipflags} host.hostname=${HOST} ${jFlags} persist" 
     245  jail -c path=${JAILDIR} ${_ipflags} host.hostname=${HOST} ${jFlags} persist 
     246  if [ $? -ne 0 ] ; then 
     247     echo "ERROR: Failed starting jail with above command..." 
     248     umountjailxfs "${JAILNAME}" 
     249     exit 1 
     250  fi 
     251 
     252  JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`" 
     253 
     254} 
    11255 
    12256JAILNAME="${1}" 
     
    91335    BRIDGEIPS6="${BRIDGEIPS6} $line"  
    92336  done < ${JMETADIR}/alias-bridge-ipv6 
     337fi 
     338 
     339# Check if we need to enable vnet 
     340VIMAGEENABLE="NO" 
     341if [ -e "${JMETADIR}/vnet" ] ; then 
     342  VIMAGEENABLE="YES" 
    93343fi 
    94344 
     
    188438fi 
    189439 
    190 BRIDGE= 
    191  
    192 # See if we need to create a new bridge, or use an existing one 
    193 _bridges=`get_bridge_interfaces` 
    194 if [ -n "${_bridges}" ] ; then 
    195    for _bridge in ${_bridges} 
    196    do 
    197       _members=`get_bridge_members ${_bridge}` 
    198       for _member in ${_members} 
    199       do  
    200          if [ "${_member}" = "${IFACE}" ] ; then 
    201             BRIDGE=${_bridge} 
    202             break 
    203          fi 
    204       done 
    205       if [ -n "${BRIDGE}" ] ; then 
    206          break 
    207       fi 
    208    done  
    209 fi 
    210  
    211 if [ -z "${BRIDGE}" ] ; then 
    212    BRIDGE=`ifconfig bridge create mtu ${MTU}` 
    213 fi 
    214 if [ -n "${IFACE}" ] ; then 
    215    if ! is_bridge_member "${BRIDGE}" "${IFACE}" ; then 
    216       ifconfig ${BRIDGE} addm ${IFACE} 
    217    fi 
    218 fi 
    219  
    220 # create epair for vimage jail 
    221 EPAIRA=`ifconfig epair create mtu ${MTU}` 
    222 ifconfig ${EPAIRA} up 
    223  
    224 EPAIRB=`echo ${EPAIRA}|sed -E "s/([0-9])a$/\1b/g"` 
    225 ifconfig ${BRIDGE} addm ${EPAIRA} up 
    226  
    227 # If no bridge specified, and IP4 is enabled, lets suggest one 
    228 if [ -z "$BRIDGEIP4" -a -n "$IP4" ] ; then 
    229    BRIDGEIP4="`echo $IP4 | cut -d '.' -f 1-3`.254" 
    230 fi  
    231  
    232 if [ -n "${BRIDGEIP4}" ] ; then 
    233    if ! ipv4_configured "${BRIDGE}" ; then 
    234       ifconfig ${BRIDGE} inet "${BRIDGEIP4}" 
    235  
    236    elif ! ipv4_address_configured "${BRIDGE}" "${BRIDGEIP4}" ; then 
    237       ifconfig ${BRIDGE} inet alias "${BRIDGEIP4}" 
    238    fi 
    239 fi 
    240 if [ -n "${BRIDGEIPS4}" ] ; then 
    241    for _ip in ${BRIDGEIPS4} 
    242    do 
    243       if ! ipv4_address_configured "${BRIDGE}" "${_ip}" ; then 
    244          ifconfig ${BRIDGE} inet alias "${_ip}" 
    245       fi  
    246    done 
    247 fi 
    248  
    249 if [ -n "${BRIDGEIP6}" ] ; then 
    250    if ! ipv6_configured "${BRIDGE}" ; then 
    251       ifconfig ${BRIDGE} inet6 "${BRIDGEIP6}" 
    252  
    253    elif ! ipv6_address_configured "${BRIDGE}" "${BRIDGEIP6}" ; then 
    254       ifconfig ${BRIDGE} inet6 alias "${BRIDGEIP6}" 
    255    fi 
    256 fi 
    257 if [ -n "${BRIDGEIPS6}" ] ; then 
    258    for _ip in ${BRIDGEIPS6} 
    259    do 
    260       if ! ipv6_address_configured "${BRIDGE}" "${_ip}" ; then 
    261          ifconfig ${BRIDGE} inet6 alias "${_ip}" 
    262       fi 
    263    done 
    264 fi 
    265  
    266440jFlags="" 
    267441# Grab any additional jail flags 
     
    270444fi 
    271445 
    272 # Start the jail now 
    273 echo "jail -c path=${JAILDIR} host.hostname=${HOST} ${jFlags} persist vnet" 
    274 jail -c path=${JAILDIR} host.hostname=${HOST} ${jFlags} persist vnet 
    275 if [ $? -ne 0 ] ; then 
    276    echo "ERROR: Failed starting jail with above command..." 
    277    umountjailxfs "${JAILNAME}" 
    278    exit 1 
    279 fi 
    280  
    281 JID="`jls | grep ${JAILDIR}$ | tr -s " " | cut -d " " -f 2`" 
    282  
    283 # Move epairb into jail 
    284 ifconfig ${EPAIRB} vnet ${JID} 
    285  
    286 # Configure the IPv4 addresses 
    287 if [ -n "${IP4}" ] ; then 
    288    echo "Setting IP4 address: ${IP4}" 
    289    jexec ${JID} ifconfig ${EPAIRB} inet "${IP4}" 
    290 fi 
    291 for ip4 in ${IPS4} 
    292 do 
    293    ipv4_configured ${EPAIRB} ${JID} 
    294    if [ "$?" = "0" ] ; then 
    295       if ! ipv4_address_configured "${EPAIRB}" "${ip4}" "${JID}" ; then 
    296          jexec ${JID} ifconfig ${EPAIRB} inet alias ${ip4} 
    297       fi 
    298    else 
    299       jexec ${JID} ifconfig ${EPAIRB} inet ${ip4} 
    300    fi 
    301 done 
    302  
    303 # Configure the IPv6 addresses 
    304 if [ -n "${IP6}" ] ; then 
    305    echo "Setting IP6 address: ${IP6}" 
    306    jexec ${JID} ifconfig ${EPAIRB} inet6 "${IP4}" 
    307 fi 
    308 for ip6 in ${IPS6} 
    309 do 
    310    ipv6_configured ${EPAIRB} ${JID} 
    311    if [ "$?" = "0" ] ; then 
    312       if ! ipv6_address_configured "${EPAIRB}" "${ip6}" "${JID}" ; then 
    313          jexec ${JID} ifconfig ${EPAIRB} inet6 alias ${ip6} 
    314       fi 
    315    else 
    316       jexec ${JID} ifconfig ${EPAIRB} inet6 ${ip6} 
    317    fi 
    318 done 
    319  
    320 # 
    321 # Configure default IPv4 gateway  
    322 # 
    323 if [ -n "${GATEWAY4}" ] ; then 
    324    jexec ${JID} route add -inet default ${GATEWAY4} 
    325  
    326 # 
    327 # No defaultrouter configured for IPv4, so if bridge IP address was 
    328 # configured, we set the default router to that IP. 
    329 # 
    330 elif [ -n "${BRIDGEIP4}" ] ; then 
    331    get_ip_and_netmask "${BRIDGEIP4}" 
    332    jexec ${JID} route add -inet default ${JIP} 
    333 fi 
    334  
    335 # 
    336 # Configure default IPv6 gateway 
    337 # 
    338 if [ -n "${GATEWAY6}" ] ; then 
    339    jexec ${JID} route add -inet6 default ${GATEWAY6} 
    340  
    341 # 
    342 # No defaultrouter configured for IPv6, so if bridge IP address was 
    343 # configured, we set the default router to that IP. 
    344 # 
    345 elif [ -n "${BRIDGEIP6}" ] ; then 
    346    get_ip_and_netmask "${BRIDGEIP6}" 
    347    jexec ${JID} route add -inet6 default ${JIP} 
    348 fi 
    349  
    350 # 
    351 # Set ourself to be a jail router with NAT. Don't 
    352 # use PF since it will panic the box when used 
    353 # with VIMAGE. 
    354 # 
    355 ip_forwarding=`sysctl -n net.inet.ip.forwarding` 
    356 if [ "${ip_forwarding}" = "0" ] ; then 
    357    sysctl net.inet.ip.forwarding=1 
    358 fi 
    359  
    360 ip6_forwarding=`sysctl -n net.inet6.ip6.forwarding` 
    361 if [ "${ip6_forwarding}" = "0" ] ; then 
    362    sysctl net.inet6.ip6.forwarding=1 
    363 fi 
    364  
    365 firewall_enable=`egrep '^firewall_enable' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
    366 firewall_type=`egrep '^firewall_type' /etc/rc.conf|cut -f2 -d'='|sed 's|"||g'` 
    367  
    368 if [ "${firewall_enable}" != "YES" -o "${firewall_type}" != "open" ] ; then 
    369    tmp_rcconf=`mktemp /tmp/.wdn.XXXXXX` 
    370    egrep -v '^firewall_(enable|type)' /etc/rc.conf >> "${tmp_rcconf}" 
    371  
    372    cat<<__EOF__>>"${tmp_rcconf}" 
    373 firewall_enable="YES" 
    374 firewall_type="open" 
    375 __EOF__ 
    376  
    377    if [ -s "${tmp_rcconf}" ] ; then 
    378       cp /etc/rc.conf /var/tmp/rc.conf.bak 
    379       mv "${tmp_rcconf}" /etc/rc.conf 
    380       if [ "$?" != "0" ] ; then 
    381          mv /var/tmp/rc.conf.bak /etc/rc.conf 
    382       fi 
    383    fi 
    384    /etc/rc.d/ipfw forcerestart 
    385 fi 
    386  
    387 instance=`get_ipfw_nat_instance "${IFACE}"` 
    388 if [ -z "${instance}" ] ; then 
    389    priority=`get_ipfw_nat_priority` 
    390    instance=`get_ipfw_nat_instance` 
    391  
    392    ipfw "${priority}" add nat "${instance}" all from any to any 
    393    ipfw nat "${instance}" config if "${IFACE}" reset 
     446# Are we using VIMAGE, if so start it up! 
     447if [ "$VIMAGEENABLE" = "YES" ] ; then 
     448  start_jail_vimage 
     449else 
     450  # Using a standard jail configuration 
     451  start_jail_standard 
    394452fi 
    395453 
     
    419477  fi 
    420478fi 
     479 
  • src-sh/warden/scripts/backend/stopjail.sh

    r738f740 rcea595b  
    3939HOST="`cat ${JMETADIR}/host`" 
    4040 
     41# Check if we need to enable vnet 
     42VIMAGEENABLE="NO" 
     43if [ -e "${JMETADIR}/vnet" ] ; then 
     44  VIMAGEENABLE="YES" 
     45fi 
     46 
     47IFACE= 
     48DEFAULT=0 
     49   
     50# Make sure jail uses special interface if specified 
     51if [ -e "${JMETADIR}/iface" ] ; then 
     52  IFACE=`cat "${JMETADIR}/iface"` 
     53fi 
     54if [ -z "${IFACE}" ] ; then 
     55   IFACE=`get_default_interface` 
     56   DEFAULT=1 
     57fi 
     58if [ -z "${IFACE}" ] ; then 
     59  echo "ERROR: no interface specified and a default doesn't exist!" 
     60  exit 6 
     61fi 
     62 
    4163# End of error checking, now shutdown this jail 
    4264################################################################## 
     
    5274if [ -e "${JMETADIR}/jail-portjail" ] ; then umountjailxfs ${JAILNAME} ; fi 
    5375 
    54 jail_interfaces_down "${JID}" 
     76if [ "$VIMAGEENABLE" = "YES" ] ; then 
     77  jail_interfaces_down "${JID}" 
     78else 
     79  # Get list of IP4s for this jail 
     80  if [ -e "${JMETADIR}/ipv4" ] ; then 
     81    IP4S="`cat ${JMETADIR}/ipv4 | cut -d '/' -f 1`" 
     82  fi 
     83  if [ -e "${JMETADIR}/alias-ipv4" ] ; then 
     84    while read line 
     85    do 
     86      IP4S="${IP4S} `echo $line | cut -d '/' -f 1`" 
     87    done < ${JMETADIR}/alias-ipv4 
     88  fi 
     89 
     90  # Get list of IP6s for this jail 
     91  if [ -e "${JMETADIR}/ipv6" ] ; then 
     92    IP6S="`cat ${JMETADIR}/ipv6 | cut -d '/' -f 1`" 
     93  fi 
     94  if [ -e "${JMETADIR}/alias-ipv6" ] ; then 
     95    while read line 
     96    do 
     97      IP6S="${IP6S} `echo $line | cut -d '/' -f 1`" 
     98    done < ${JMETADIR}/alias-ipv6 
     99  fi 
     100  
     101  
     102  # Check if we need to remove the IP aliases from this jail 
     103  for _ip in $IP4S 
     104  do  
     105    # See if active alias 
     106    ifconfig $IFACE | grep -q "${_ip}" 
     107    if [ $? -ne 0 ] ; then continue ; fi 
     108 
     109    ifconfig $IFACE inet -alias ${_ip} 
     110  done 
     111 
     112  for _ip in $IP6S 
     113  do  
     114    # See if active alias 
     115    ifconfig $IFACE | grep -q "${_ip}" 
     116    if [ $? -ne 0 ] ; then continue ; fi 
     117 
     118    ifconfig $IFACE inet6 ${_ip} delete 
     119  done 
     120fi 
    55121 
    56122if [ -e "${JMETADIR}/jail-linux" ] ; then LINUXJAIL="YES" ; fi 
Note: See TracChangeset for help on using the changeset viewer.