# This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # delphijwarden # delphijwarden/Makefile # delphijwarden/files # delphijwarden/files/delphijwarden.in # delphijwarden/pkg-descr # echo c - delphijwarden mkdir -p delphijwarden > /dev/null 2>&1 echo x - delphijwarden/Makefile sed 's/^X//' >delphijwarden/Makefile << '698b204fe7aad05847a2e42a99d3ab66' X# New ports collection makefile for: delphijwarden X# Date created: 2009-02-19 X# Whom: Xin LI X# X# $FreeBSD$ X# X XPORTNAME= delphijwarden XPORTVERSION= 187708 XCATEGORIES= security sysutils XDISTFILES= X XMAINTAINER= delphij@FreeBSD.org XCOMMENT= A replacement for rc.d/jail with some enhancements X XNO_BUILD= XUSE_RC_SUBR= delphijwarden X Xdo-install: X @${DO_NADA} X X.include 698b204fe7aad05847a2e42a99d3ab66 echo c - delphijwarden/files mkdir -p delphijwarden/files > /dev/null 2>&1 echo x - delphijwarden/files/delphijwarden.in sed 's/^X//' >delphijwarden/files/delphijwarden.in << '49128ffcd73637ec98a5aa63c31b3ece' X#!/bin/sh X# X# From FreeBSD: head/etc/rc.d/jail 187708 2009-01-26 12:59:11Z bz X# X# This code is derived from FreeBSD's /etc/rc.d/jail script. X# Enhancements are licensed under the following license. X#- X# Copyright (c) 2009 Xin LI X# All rights reserved. X# X# Redistribution and use in source and binary forms, with or without X# modification, are permitted provided that the following conditions X# are met: X# 1. Redistributions of source code must retain the above copyright X# notice, this list of conditions and the following disclaimer. X# 2. Redistributions in binary form must reproduce the above copyright X# notice, this list of conditions and the following disclaimer in the X# documentation and/or other materials provided with the distribution. X# X# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X# SUCH DAMAGE. X#- X# The code is contributed to the FreeBSD Project which can decide X# to move these changes to the same license that accompanied with X# its jail rc.d script. X# X# $FreeBSD$ X# X X# PROVIDE: delphijwarden X# REQUIRE: LOGIN cleanvar X# BEFORE: securelevel X# KEYWORD: nojail shutdown X X# WARNING: This script deals with untrusted data (the data and X# processes inside the jails) and care must be taken when changing the X# code related to this! If you have any doubt whether a change is X# correct and have security impact, please get the patch reviewed by X# the FreeBSD Security Team prior to commit. X X. /etc/rc.subr X Xname="delphijwarden" Xrcvar=`set_rcvar` Xstart_cmd="jail_start" Xstop_cmd="jail_stop" Xstart_precmd="delphijwarden_prestart" X X# init_variables _j X# Initialize the various jail variables for jail _j. X# Xinit_variables() X{ X _j="$1" X X if [ -z "$_j" ]; then X warn "init_variables: you must specify a jail" X return X fi X X eval _rootdir=\"\$jail_${_j}_rootdir\" X _devdir="${_rootdir}/dev" X _fdescdir="${_devdir}/fd" X _procdir="${_rootdir}/proc" X eval _hostname=\"\$jail_${_j}_hostname\" X eval _ip=\"\$jail_${_j}_ip\" X eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" X eval _exec=\"\$jail_${_j}_exec\" X eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" X X i=1 X while [ true ]; do X eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\" X [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break X i=$((i + 1)) X done X X eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" X if [ -n "${_exec}" ]; then X # simple/backward-compatible execution X _exec_start="${_exec}" X _exec_stop="" X else X # flexible execution X if [ -z "${_exec_start}" ]; then X _exec_start="/bin/sh /etc/rc" X if [ -z "${_exec_stop}" ]; then X _exec_stop="/bin/sh /etc/rc.shutdown" X fi X fi X fi X X # The default jail ruleset will be used by rc.subr if none is specified. X eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" X eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" X [ -z "${_devfs}" ] && _devfs="NO" X eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" X [ -z "${_fdescfs}" ] && _fdescfs="NO" X eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" X [ -z "${_procfs}" ] && _procfs="NO" X X eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" X [ -z "${_mount}" ] && _mount="NO" X # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. X eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" X [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" X eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" X [ -z "${_flags}" ] && _flags="-l -U root" X eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" X [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" X eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" X X # Default settings for skel jail X eval _skel_enable=\"\${jail_${_j}_skel_enable:-${jail_skel_enable}}\" X [ -z "${_skel_enable}" ] && _skel_enable="NO" X eval _skel_root=\"\${jail_${_j}_skel_root:-${jail_skel_root}}\" X [ -z "${_skel_root}" ] && _skel_root="/" X eval _skel_romounts=\"\${jail_${_j}_skel_romounts:-${jail_skel_romounts}}\" X [ -z "${_skel_romounts}" ] && _skel_romounts="bin sbin lib libexec usr/bin usr/sbin usr/include usr/lib usr/libdata usr/libexec usr/sbin usr/share usr/src usr/obj" X eval _skel_rwmounts=\"\${jail_${_j}_skel_rwmounts:-${jail_skel_rwmounts}}\" X [ -z "${_skel_rwmounts}" ] && _skel_rwmounts="usr/ports" X X # Debugging aid X # X debug "$_j devfs enable: $_devfs" X debug "$_j fdescfs enable: $_fdescfs" X debug "$_j procfs enable: $_procfs" X debug "$_j mount enable: $_mount" X debug "$_j hostname: $_hostname" X debug "$_j ip: $_ip" X jail_show_addresses ${_j} X debug "$_j interface: $_interface" X debug "$_j fib: $_fib" X debug "$_j root: $_rootdir" X debug "$_j devdir: $_devdir" X debug "$_j fdescdir: $_fdescdir" X debug "$_j procdir: $_procdir" X debug "$_j ruleset: $_ruleset" X debug "$_j fstab: $_fstab" X debug "$_j exec start: $_exec_start" X debug "$_j consolelog: $_consolelog" X X i=1 X while [ true ]; do X eval out=\"\${_exec_afterstart${i}:-''}\" X X if [ -z "$out" ]; then X break; X fi X X debug "$_j exec after start #${i}: ${out}" X i=$((i + 1)) X done X X debug "$_j exec stop: $_exec_stop" X debug "$_j flags: $_flags" X debug "$_j consolelog: $_consolelog" X debug "$_j skel enable: $_skel_enable" X debug "$_j skel mount-readonly: $_skel_romounts" X debug "$_j skel mount-readwrite: $_skel_rwmounts" X debug "$_j skel mount skeleton from: $_skel_root" X X if [ -z "${_hostname}" ]; then X err 3 "$name: No hostname has been defined for ${_j}" X fi X if [ -z "${_rootdir}" ]; then X err 3 "$name: No root directory has been defined for ${_j}" X fi X} X X# set_sysctl rc_knob mib msg X# If the mib sysctl is set according to what rc_knob X# specifies, this function does nothing. However if X# rc_knob is set differently than mib, then the mib X# is set accordingly and msg is displayed followed by X# an '=" sign and the word 'YES' or 'NO'. X# Xset_sysctl() X{ X _knob="$1" X _mib="$2" X _msg="$3" X X _current=`${SYSCTL} -n $_mib 2>/dev/null` X if checkyesno $_knob ; then X if [ "$_current" -ne 1 ]; then X echo -n " ${_msg}=YES" X ${SYSCTL_W} 1>/dev/null ${_mib}=1 X fi X else X if [ "$_current" -ne 0 ]; then X echo -n " ${_msg}=NO" X ${SYSCTL_W} 1>/dev/null ${_mib}=0 X fi X fi X} X X# is_current_mountpoint() X# Is the directory mount point for a currently mounted file X# system? X# Xis_current_mountpoint() X{ X local _dir _dir2 X X _dir=$1 X X _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'` X [ ! -d "${_dir}" ] && return 1 X _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'` X [ "${_dir}" = "${_dir2}" ] X return $? X} X X# is_symlinked_mountpoint() X# Is a mount point, or any of its parent directories, a symlink? X# Xis_symlinked_mountpoint() X{ X local _dir X X _dir=$1 X X [ -L "$_dir" ] && return 0 X [ "$_dir" = "/" ] && return 1 X is_symlinked_mountpoint `dirname $_dir` X return $? X} X X# secure_umount X# Try to unmount a mount point without being vulnerable to X# symlink attacks. X# Xsecure_umount() X{ X local _dir X X _dir=$1 X X if is_current_mountpoint ${_dir}; then X umount -f ${_dir} >/dev/null 2>&1 X else X debug "Nothing mounted on ${_dir} - not unmounting" X fi X} X X X# jail_umount_fs X# This function unmounts certain special filesystems in the X# currently selected jail. The caller must call the init_variables() X# routine before calling this one. X# Xjail_umount_fs() X{ X local _device _mountpt _rest X X if checkyesno _fdescfs; then X if [ -d "${_fdescdir}" ] ; then X secure_umount ${_fdescdir} X fi X fi X if checkyesno _devfs; then X if [ -d "${_devdir}" ] ; then X secure_umount ${_devdir} X fi X fi X if checkyesno _procfs; then X if [ -d "${_procdir}" ] ; then X secure_umount ${_procdir} X fi X fi X if checkyesno _mount; then X [ -f "${_fstab}" ] || warn "${_fstab} does not exist" X tail -r ${_fstab} | while read _device _mountpt _rest; do X case ":${_device}" in X :#* | :) X continue X ;; X esac X secure_umount ${_mountpt} X done X fi X if checkyesno _skel_enable; then X for _mntpt in ${_skel_romounts} ${_skel_rwmounts} X do X if [ -d "${_rootdir}/${_mntpt}" ] ; then X secure_umount ${_rootdir}/${_mntpt} X fi X done X fi X} X X# jail_mount_fstab() X# Mount file systems from a per jail fstab while trying to X# secure against symlink attacks at the mount points. X# X# If we are certain we cannot secure against symlink attacks we X# do not mount all of the file systems (since we cannot just not X# mount the file system with the problematic mount point). X# X# The caller must call the init_variables() routine before X# calling this one. X# Xjail_mount_fstab() X{ X local _device _mountpt _rest X X while read _device _mountpt _rest; do X case ":${_device}" in X :#* | :) X continue X ;; X esac X if is_symlinked_mountpoint ${_mountpt}; then X warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}" X return X fi X done <${_fstab} X mount -a -F "${_fstab}" X} X X# jail_mount_skel() X# Mount file systems from a pre-defined "skeleton" while trying X# to secure against symlink attacks at the mount points X# Xjail_mount_skel() X{ X local _mntpt X X for _mntpt in ${_skel_rwmounts} X do X if is_symlinked_mountpoint ${_rootdir}/${_mntpt}; then X warn "${_rootdir}/${_mntpt} has symlink as parent - not mounting" X continue X fi X mount_nullfs ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 X done X for _mntpt in ${_skel_romounts} X do X if is_symlinked_mountpoint ${_rootdir}/${_mntpt}; then X warn "${_rootdir}/${_mntpt} has symlink as parent - not mounting" X continue X fi X mount_nullfs -ordonly ${_skel_root}/${_mntpt} ${_rootdir}/${_mntpt} > /dev/null 2>&1 X done X} X X# jail_show_addresses jail X# Debug print the input for the given _multi aliases X# for a jail for init_variables(). X# Xjail_show_addresses() X{ X local _j _type alias X _j="$1" X alias=0 X X if [ -z "${_j}" ]; then X warn "jail_show_addresses: you must specify a jail" X return X fi X X while : ; do X eval _addr=\"\$jail_${_j}_ip_multi${alias}\" X if [ -n "${_addr}" ]; then X debug "${_j} ip_multi${alias}: $_addr" X alias=$((${alias} + 1)) X else X break X fi X done X} X X# jail_extract_address argument X# The second argument is the string from one of the _ip X# or the _multi variables. In case of a comma separated list X# only one argument must be passed in at a time. X# The function alters the _type, _iface, _addr and _mask variables. X# Xjail_extract_address() X{ X local _i X _i=$1 X X if [ -z "${_i}" ]; then X warn "jail_extract_address: called without input" X return X fi X X # Check if we have an interface prefix given and split into X # iFace and rest. X case "${_i}" in X *\|*) # ifN|.. prefix there X _iface=${_i%%|*} X _r=${_i##*|} X ;; X *) _iface="" X _r=${_i} X ;; X esac X X # In case the IP has no interface given, check if we have a global one. X _iface=${_iface:-${_interface}} X X # Set address, cut off any prefix/netmask/prefixlen. X _addr=${_r} X _addr=${_addr%%[/ ]*} X X # Theoretically we can return here if interface is not set, X # as we only care about the _mask if we call ifconfig. X # This is not done because we may want to santize IP addresses X # based on _type later, and optionally change the type as well. X X # Extract the prefix/netmask/prefixlen part by cutting off the address. X _mask=${_r} X _mask=`expr "${_mask}" : "${_addr}\(.*\)"` X X # Identify type {inet,inet6}. X case "${_addr}" in X *\.*\.*\.*) _type="inet" ;; X *:*) _type="inet6" ;; X *) warn "jail_extract_address: type not identified" X ;; X esac X X # Handle the special /netmask instead of /prefix or X # "netmask xxx" case for legacy IP. X # We do NOT support shortend class-full netmasks. X if [ "${_type}" = "inet" ]; then X case "${_mask}" in X /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; X *) ;; X esac X X # In case _mask is still not set use /32. X _mask=${_mask:-/32} X X elif [ "${_type}" = "inet6" ]; then X # In case _maske is not set for IPv6, use /128. X _mask=${_mask:-/128} X fi X} X X# jail_handle_ips_option {add,del} input X# Handle a single argument imput which can be a comma separated X# list of addresses (theoretically with an option interface and X# prefix/netmask/prefixlen). X# Xjail_handle_ips_option() X{ X local _x _action _type _i X _action=$1 X _x=$2 X X if [ -z "${_x}" ]; then X # No IP given. This can happen for the primary address X # of each address family. X return X fi X X # Loop, in case we find a comma separated list, we need to handle X # each argument on its own. X while [ ${#_x} -gt 0 ]; do X case "${_x}" in X *,*) # Extract the first argument and strip it off the list. X _i=`expr "${_x}" : '^\([^,]*\)'` X _x=`expr "${_x}" : "^[^,]*,\(.*\)"` X ;; X *) _i=${_x} X _x="" X ;; X esac X X _type="" X _iface="" X _addr="" X _mask="" X jail_extract_address "${_i}" X X # make sure we got an address. X case "${_addr}" in X "") continue ;; X *) ;; X esac X X # Append address to list of addresses for the jail command. X case "${_addrl}" in X "") _addrl="${_addr}" ;; X *) _addrl="${_addrl},${_addr}" ;; X esac X X # Configure interface alias if requested by a given interface X # and if we could correctly parse everything. X case "${_iface}" in X "") continue ;; X esac X case "${_type}" in X inet) ;; X inet6) ;; X *) warn "Could not determine address family. Not going" \ X "to ${_action} address '${_addr}' for ${_jail}." X continue X ;; X esac X case "${_action}" in X add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias X ;; X del) # When removing the IP, ignore the _mask. X ifconfig ${_iface} ${_type} ${_addr} -alias X ;; X esac X done X} X X# jail_ips {add,del} X# Extract the comma separated list of addresses and return them X# for the jail command. X# Handle more than one address via the _multi option as well. X# If an interface is given also add/remove an alias for the X# address with an optional netmask. X# Xjail_ips() X{ X local _action X _action=$1 X X case "${_action}" in X add) ;; X del) ;; X *) warn "jail_ips: invalid action '${_action}'" X return X ;; X esac X X # Handle addresses. X jail_handle_ips_option ${_action} "${_ip}" X # Handle jail_xxx_ip_multi X alias=0 X while : ; do X eval _x=\"\$jail_${_jail}_ip_multi${alias}\" X case "${_x}" in X "") break ;; X *) jail_handle_ips_option ${_action} "${_x}" X alias=$((${alias} + 1)) X ;; X esac X done X} X Xjail_start() X{ X echo -n 'Configuring jails:' X set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \ X set_hostname_allow X set_sysctl jail_socket_unixiproute_only \ X security.jail.socket_unixiproute_only unixiproute_only X set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ X sysvipc_allow X echo '.' X X echo -n 'Starting jails:' X _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \ X err 3 "$name: Can't create temp dir, exiting..." X for _jail in ${jail_list} X do X init_variables $_jail X if [ -f /var/run/jail_${_jail}.id ]; then X echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" X continue; X fi X if [ ! -d "${_rootdir}" ] && [ ! -e "${_rootdir}" ]; then X # Poplate the skeleton jail X if checkyesno _skel_enable; then X echo -n "Initializing jail skeleton ${_jail} at ${_rootdir}" X delphijwarden_skel_create ${_rootdir} X else X echo -n "Initializing jail ${_jail} at ${_rootdir}" X delphijwarden_installworld ${_rootdir} X fi X echo . X fi X _addrl="" X jail_ips "add" X if [ -n "${_fib}" ]; then X _setfib="setfib -F '${_fib}'" X else X _setfib="" X fi X if checkyesno _mount; then X info "Mounting fstab for jail ${_jail} (${_fstab})" X if [ ! -f "${_fstab}" ]; then X err 3 "$name: ${_fstab} does not exist" X fi X jail_mount_fstab X fi X if checkyesno _skel_enable; then X info "Mounting skeleton for jail ${_jail} from ${_skel_root}" X jail_mount_skel X fi X if checkyesno _devfs; then X # If devfs is already mounted here, skip it. X df -t devfs "${_devdir}" >/dev/null X if [ $? -ne 0 ]; then X if is_symlinked_mountpoint ${_devdir}; then X warn "${_devdir} has symlink as parent - not starting jail ${_jail}" X continue X fi X info "Mounting devfs on ${_devdir}" X devfs_mount_jail "${_devdir}" ${_ruleset} X # Transitional symlink for old binaries X if [ ! -L "${_devdir}/log" ]; then X __pwd="`pwd`" X cd "${_devdir}" X ln -sf ../var/run/log log X cd "$__pwd" X fi X fi X X # XXX - It seems symlinks don't work when there X # is a devfs(5) device of the same name. X # Jail console output X # __pwd="`pwd`" X # cd "${_devdir}" X # ln -sf ../var/log/console console X # cd "$__pwd" X fi X if checkyesno _fdescfs; then X if is_symlinked_mountpoint ${_fdescdir}; then X warn "${_fdescdir} has symlink as parent, not mounting" X else X info "Mounting fdescfs on ${_fdescdir}" X mount -t fdescfs fdesc "${_fdescdir}" X fi X fi X if checkyesno _procfs; then X if is_symlinked_mountpoint ${_procdir}; then X warn "${_procdir} has symlink as parent, not mounting" X else X info "Mounting procfs onto ${_procdir}" X if [ -d "${_procdir}" ] ; then X mount -t procfs proc "${_procdir}" X fi X fi X fi X _tmp_jail=${_tmp_dir}/jail.$$ X eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ X \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 X X if [ "$?" -eq 0 ] ; then X _jail_id=$(head -1 ${_tmp_jail}) X i=1 X while [ true ]; do X eval out=\"\${_exec_afterstart${i}:-''}\" X X if [ -z "$out" ]; then X break; X fi X X jexec "${_jail_id}" ${out} X i=$((i + 1)) X done X X echo -n " $_hostname" X tail +2 ${_tmp_jail} >${_consolelog} X echo ${_jail_id} > /var/run/jail_${_jail}.id X else X jail_umount_fs X jail_ips "del" X echo " cannot start jail \"${_jail}\": " X tail +2 ${_tmp_jail} X fi X rm -f ${_tmp_jail} X done X rmdir ${_tmp_dir} X echo '.' X} X Xjail_stop() X{ X echo -n 'Stopping jails:' X for _jail in ${jail_list} X do X if [ -f "/var/run/jail_${_jail}.id" ]; then X _jail_id=$(cat /var/run/jail_${_jail}.id) X if [ ! -z "${_jail_id}" ]; then X init_variables $_jail X if [ -n "${_exec_stop}" ]; then X eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \ X >> ${_consolelog} 2>&1 X fi X killall -j ${_jail_id} -TERM > /dev/null 2>&1 X sleep 1 X killall -j ${_jail_id} -KILL > /dev/null 2>&1 X jail_umount_fs X echo -n " $_hostname" X fi X jail_ips "del" X rm /var/run/jail_${_jail}.id X else X echo " cannot stop jail ${_jail}. No jail id in /var/run" X fi X done X echo '.' X} X X# Create a skeleton under $1. Xdelphijwarden_skel_create() X{ X mkdir -p $1 X cd /usr/src/ && make hierarchy DESTDIR=$1 > /dev/null && cd /usr/src/etc && make all distribution DESTDIR=$1 > /dev/null X} X X# Install world under $1. Xdelphijwarden_installworld() X{ X mkdir -p $1 X cd /usr/src/ && make installworld DESTDIR=$1 > /dev/null && cd /usr/src/etc && make all distribution DESTDIR=$1 > /dev/null X} X Xdelphijwarden_prestart() X{ X if checkyesno jail_enable; then X warn "Please set jail_enable=NO in your /etc/rc.conf!" X exit X fi X} X Xload_rc_config "jail" Xload_rc_config $name Xcmd="$1" Xif [ $# -gt 0 ]; then X shift Xfi Xif [ -n "$*" ]; then X jail_list="$*" Xfi Xrun_rc_command "${cmd}" 49128ffcd73637ec98a5aa63c31b3ece echo x - delphijwarden/pkg-descr sed 's/^X//' >delphijwarden/pkg-descr << 'd10643b4b77f80778c2ddcade7b4d523' Xdelphijwarden is an enhanced version that can replace Xthe base system's rc.d/jail script. X XWWW: http://www.delphij.net/technology/warden/ d10643b4b77f80778c2ddcade7b4d523 exit