Index: Makefile =================================================================== RCS file: /home/ncvs/src/Makefile,v retrieving revision 1.319.2.4 diff -u -r1.319.2.4 Makefile --- Makefile 6 Mar 2006 19:36:22 -0000 1.319.2.4 +++ Makefile 12 Apr 2006 08:25:44 -0000 @@ -71,7 +71,7 @@ clean cleandepend cleandir delete-old delete-old-libs depend \ distribute distributeworld distrib-dirs distribution everything \ hierarchy install installcheck installkernel installkernel.debug\ - reinstallkernel reinstallkernel.debug installworld \ + reinstallkernel reinstallkernel.debug installskel installworld \ kernel-toolchain libraries lint maninstall \ obj objlink regress rerelease tags toolchain update \ _worldtmp _legacy _bootstrap-tools _cleanobj _obj \ @@ -85,6 +85,7 @@ .ORDER: buildworld installworld .ORDER: buildworld distributeworld .ORDER: buildworld buildkernel +.ORDER: buildworld installskel .ORDER: buildkernel installkernel .ORDER: buildkernel installkernel.debug .ORDER: buildkernel reinstallkernel Index: Makefile.inc1 =================================================================== RCS file: /home/ncvs/src/Makefile.inc1,v retrieving revision 1.499.2.14 diff -u -r1.499.2.14 Makefile.inc1 --- Makefile.inc1 11 Oct 2006 09:36:31 -0000 1.499.2.14 +++ Makefile.inc1 18 Oct 2006 05:46:49 -0000 @@ -544,6 +544,18 @@ rm -rf ${INSTALLTMP} # +# installskel +# +# Installs a minimum set of files that can support a mini-jail +# +installskel: + @echo "--------------------------------------------------------------" + @echo ">>> Making installskel" + @echo "--------------------------------------------------------------" + ${_+_}cd ${.CURDIR}; ${MAKE} hierarchy + ${_+_}cd ${.CURDIR}/etc; ${MAKE} distribution + +# # reinstall # # If you have a build server, you can NFS mount the source and obj directories Index: etc/rc.d/jail =================================================================== RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.23.2.7 diff -u -r1.23.2.7 jail --- etc/rc.d/jail 6 Jun 2006 15:04:39 -0000 1.23.2.7 +++ etc/rc.d/jail 25 Oct 2006 06:01:58 -0000 @@ -68,6 +68,16 @@ eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" [ -z "${_flags}" ] && _flags="-l -U root" + # Default settings for skel jail + eval _skel_enable=\"\${jail_${_j}_skel_enable:-${jail_skel_enable}}\" + [ -z "${_skel_enable}" ] && _skel_enable="NO" + eval _skel_root=\"\${jail_${_j}_skel_root:-${jail_skel_root}}\" + [ -z "${_skel_root}" ] && _skel_root="/" + eval _skel_romounts=\"\${jail_${_j}_skel_romounts:-${jail_skel_romounts}}\" + [ -z "${_skel_romounts}" ] && _skel_romounts="bin sbin lib libexec usr/bin usr/sbin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share" + eval _skel_rwmounts=\"\${jail_${_j}_skel_rwmounts:-${jail_skel_rwmounts}}\" + [ -z "${_skel_rwmounts}" ] && _skel_rwmounts="usr/ports" + # Debugging aid # debug "$_j devfs enable: $_devfs" @@ -86,6 +96,10 @@ debug "$_j exec start: $_exec_start" debug "$_j exec stop: $_exec_stop" debug "$_j flags: $_flags" + debug "$_j skel enable: $_skel_enable" + debug "$_j skel mount-readonly: $_skel_romounts" + debug "$_j skel mount-readwrite: $_skel_rwmounts" + debug "$_j skel mount skeleton from: $_skel_root" if [ -z "${_hostname}" ]; then err 3 "$name: No hostname has been defined for ${_j}" @@ -152,6 +166,14 @@ [ -f "${_fstab}" ] || warn "${_fstab} does not exist" umount -a -F "${_fstab}" >/dev/null 2>&1 fi + if checkyesno _skel_enable; then + for _mntpt in ${_skel_romounts} ${_skel_rwmounts} + do + if [ -d "${_rootdir}/${_mntpt}" ] ; then + umount -f ${_rootdir}/${_mntpt} > /dev/null 2>&1 + fi + done + fi } jail_start() @@ -185,6 +207,17 @@ fi mount -a -F "${_fstab}" fi + if checkyesno _skel_enable; then + info "Mounting skeleton for jail ${_jail} from ${_skel_root}" + for _mntpt in $_skel_romounts + do + mount_nullfs -ordonly ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + for _mntpt in $_skel_rwmounts + do + mount_nullfs ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 + done + fi if checkyesno _devfs; then # If devfs is already mounted here, skip it. df -t devfs "${_devdir}" >/dev/null