Index: Makefile =================================================================== RCS file: /home/ncvs/src/Makefile,v retrieving revision 1.319 diff -u -r1.319 Makefile --- Makefile 16 Jun 2005 18:16:12 -0000 1.319 +++ Makefile 10 Aug 2005 18:21:49 -0000 @@ -66,7 +66,7 @@ cleandepend cleandir depend distribute distributeworld \ distribution everything \ hierarchy install installcheck installkernel installkernel.debug\ - reinstallkernel reinstallkernel.debug installworld \ + reinstallkernel reinstallkernel.debug installskel installworld \ kernel-toolchain libraries lint maninstall \ obj objlink regress rerelease tags toolchain update \ _worldtmp _legacy _bootstrap-tools _cleanobj _obj \ @@ -80,6 +80,7 @@ .ORDER: buildworld installworld .ORDER: buildworld distributeworld .ORDER: buildworld buildkernel +.ORDER: buildworld installskel .ORDER: buildkernel installkernel .ORDER: buildkernel installkernel.debug .ORDER: buildkernel reinstallkernel Index: Makefile.inc1 =================================================================== RCS file: /home/ncvs/src/Makefile.inc1,v retrieving revision 1.499.2.3 diff -u -r1.499.2.3 Makefile.inc1 --- Makefile.inc1 30 Jul 2005 07:56:25 -0000 1.499.2.3 +++ Makefile.inc1 10 Aug 2005 18:21:49 -0000 @@ -529,6 +529,18 @@ rm -rf ${INSTALLTMP} # +# installskel +# +# Installs a minimum set of files that can support a mini-jail +# +installskel: + @echo "--------------------------------------------------------------" + @echo ">>> Making installskel" + @echo "--------------------------------------------------------------" + ${_+_}cd ${.CURDIR}; ${MAKE} hierarchy + ${_+_}cd ${.CURDIR}/etc; ${MAKE} distribution + +# # reinstall # # If you have a build server, you can NFS mount the source and obj directories Index: etc/rc.d/jail =================================================================== RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.23.2.2 diff -u -r1.23.2.2 jail --- etc/rc.d/jail 16 Aug 2005 08:43:06 -0000 1.23.2.2 +++ etc/rc.d/jail 17 Aug 2005 01:51:43 -0000 @@ -67,6 +67,16 @@ eval jail_flags=\"\$jail_${_j}_flags\" [ -z "${jail_flags}" ] && jail_flags="-l -U root" + # Default settings for skel jail + eval jail_skel_enable=\"\$jail_${_j}_skel_enable\" + [ -z "${jail_skel_enable}" ] && jail_skel_enable="NO" + eval jail_skel_root=\"\$jail_${_j}_skel_root\" + [ -z "${jail_skel_root}" ] && jail_skel_root="/" + eval jail_skel_romounts=\"\$jail_${_j}_skel_romounts\" + [ -z "${jail_skel_romounts}" ] && jail_skel_romounts="bin sbin lib libexec usr/bin usr/sbin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share" + eval jail_skel_rwmounts=\"\$jail_${_j}_skel_rwmounts\" + [ -z "${jail_skel_rwmounts}" ] && jail_skel_rwmounts="" + # Debugging aid # debug "$_j devfs enable: $jail_devfs" @@ -83,6 +93,10 @@ debug "$_j fstab: $jail_fstab" debug "$_j exec start: $jail_exec_start" debug "$_j exec stop: $jail_exec_stop" + debug "$_j skel enable: $jail_skel_enable" + debug "$_j skel mount-readonly: $jail_skel_romounts" + debug "$_j skel mount-readwrite: $jail_skel_rwmounts" + debug "$_j skel mount skeleton from: $jail_skel_root" debug "$_j flags: $jail_flags" } @@ -139,6 +153,20 @@ [ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist" umount -a -F "${jail_fstab}" >/dev/null 2>&1 fi + if checkyesno jail_skel_enable; then + for _mntpt in $jail_skel_romounts + do + if [ -d "${jail_rootdir}/${_mntpt}" ] ; then + umount -f ${jail_rootdir}/${_mntpt} > /dev/null 2>&1 + fi + done + for _mntpt in $jail_skel_rwmounts + do + if [ -d "${jail_rootdir}/${_mntpt}" ] ; then + umount -f ${jail_rootdir}/${_mntpt} > /dev/null 2>&1 + fi + done + fi } jail_start() @@ -169,6 +197,17 @@ fi mount -a -F "${jail_fstab}" fi + if checkyesno jail_skel_enable; then + info "Mounting skeleton for jail ${_jail} from ${jail_skel_root}" + for _mntpt in $jail_skel_romounts + do + mount_nullfs -ordonly ${jail_skel_root}/${_mntpt} ${jail_rootdir}/${_mntpt} > /dev/null 2>&1 + done + for _mntpt in $jail_skel_rwmounts + do + mount_nullfs ${jail_skel_root}/${_mntpt} ${jail_rootdir}/${_mntpt} > /dev/null 2>&1 + done + fi if checkyesno jail_devfs; then # If devfs is already mounted here, skip it. df -t devfs "${jail_devdir}" >/dev/null