mkjail.pl 21.4 KB
Newer Older
1
2
3
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
5
6
7
8
9
10
11
# All rights reserved.
#
use English;
use Getopt::Std;
use Fcntl;
use IO::Handle;
use Socket;
12
use Fcntl ':flock';
13

14
15
16
# Drag in path stuff so we can find emulab stuff. Also untaints path.
BEGIN { require "/etc/emulab/paths.pm"; import emulabpaths; }

17
18
use libsetup qw(JailedNFSMounts REMOTE);

19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#
# Questions:
#
# * Whats the hostname for the jail? Perhaps vnodename.emulab.net
# * What should /etc/resolv.conf look like?
# 

#
# Create a jailed environment. There are some stub files stored in
# /etc/jail that copied into the jail.
#
sub usage()
{
    print("Usage: mkjail.pl [-s] [-i <ipaddr>] [-p <pid>] <hostname>\n");
    exit(-1);
}
my  $optlist = "i:p:e:s";

#
# Only real root can run this script.
#
if ($UID) {
    die("Must be root to run this script!\n");
}
43
system("sysctl jail.set_hostname_allowed=0 >/dev/null 2>&1");
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#
# Catch ^C and exit with error. 
#
my $leaveme = 0;
sub handler ($) {
    my ($signame) = @_;
    
    $SIG{INT}  = 'IGNORE';
    $SIG{USR1} = 'IGNORE';
    $SIG{TERM} = 'IGNORE';
    $SIG{HUP}  = 'IGNORE';

    if ($signame eq 'USR1') {
	$leaveme = 1;
    }
    fatal("Caught a SIG${signame}! Killing the jail ...");
}
$SIG{INT}  = \&handler;
$SIG{USR1} = \&handler;
$SIG{HUP}  = \&handler;
$SIG{TERM} = 'IGNORE';

#
# Turn off line buffering on output
#
STDOUT->autoflush(1);
STDERR->autoflush(1);

#
# Locals
#
my $JAILPATH	= "/var/emulab/jails";
77
78
79
80
81
my $ETCJAIL     = "/etc/jail";
my $LOCALFS	= "/users/local";
my $LOCALMNTPNT = "/local";
my $TMCC	= "$BINDIR/tmcc";
my $JAILCONFIG  = "jailconfig";
82
83
my @ROOTCPDIRS	= ("etc", "root");
my @ROOTMKDIRS  = ("dev", "tmp", "var", "usr", "proc", "users", "opt",
84
		   "bin", "sbin", "home", $LOCALMNTPNT);
85
my @ROOTMNTDIRS = ("bin", "sbin", "usr");
86
my @EMUVARDIRS	= ("logs", "db", "jails", "boot", "lock");
87
88
89
90
91
92
93
94
95
96
97
my $VNFILEMBS   = 64;
my $MAXVNDEVS	= 10;
my $IP;
my $PID;
my $debug	= 1;
my $cleaning	= 0;
my $vndevice;
my @mntpoints   = ();
my $jailpid;
my $tmccpid;
my $interactive = 0;
98
99
100

# This stuff is passed from tmcd, which we parse into a config string
# and an option set.
101
my %jailconfig  = ();
102
my $jailoptions = "";
103
104
my $sshdport    = 50000;	# Bogus default, good for testing.
my $routetabid  = 0;		# Default to main routing table.
105
my $jailflags   = 0;
106
107
108
109
my @jailips     = ();		# List of jail IPs (for routing table).
my $ipfwrules	= ();		# List of IPFW rules to clean.
my $JAIL_DEVMEM = 0x01;		# We need to know if these options given.
my $JAIL_ROUTING= 0x02;
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (@ARGV != 1) {
    usage();
}
my $HOST = $ARGV[0];

#
# Untaint the arguments.
#
if ($HOST =~ /^([-\w\/]+)$/) {
    $HOST = $1;
}
else {
    die("Tainted argument $HOST!\n");
}

if (defined($options{'s'})) {
    $interactive = 1;
}

138
139
140
141
142
143
144
145
146
147
148
149
150
151
#
# Get the parent IP.
# 
my $hostname = `hostname`;
my $hostip;

# Untaint and strip newline.
if ($hostname =~ /^([-\w\.]+)$/) {
    $hostname = $1;

    my (undef,undef,undef,undef,@ipaddrs) = gethostbyname($hostname);
    $hostip = inet_ntoa($ipaddrs[0]);
}

152
153
154
155
156
157
158
159
160
161
162
163
164
165
#
# If no IP, then it defaults to our hostname's IP.
# 
if (defined($options{'i'})) {
    $IP = $options{'i'};

    if ($IP =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
	$IP = $1;
    }
    else {
	die("Tainted argument $IP!\n");
    }
}
else {
166
    $IP = $hostip;
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
}
if (!defined($IP)) {
    usage();
}

if (defined($options{'p'})) {
    $PID = $options{'p'};

    if ($PID =~ /^([-\@\w]+)$/) {
	$PID = $1;
    }
    else {
	die("Tainted argument $PID.");
    }
}

print("Setting up jail for HOST:$HOST using IP:$IP\n")
    if ($debug);

#
187
188
189
# In most cases, the $HOST directory will have been created by the caller,
# and a config file possibly dropped in.
# When debugging, we have to create it here. 
190
191
192
193
194
195
196
197
# 
chdir($JAILPATH) or
    die("Could not chdir to $JAILPATH: $!\n");

if (! -e $HOST) {
    mkdir($HOST, 0770) or
	fatal("Could not mkdir $HOST in $JAILPATH: $!");
}
198
199
200
201
202
203
204
205
else {
    getjailconfig("$JAILPATH/$HOST");
}

#
# See if special options supported, and if so setup args as directed.
#
setjailoptions();
206

207
208
209
#
# Create the "disk";
#
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
if (-e "$HOST/root") {
    #
    # Try to pick up where we left off.
    # 
    restorerootfs("$JAILPATH/$HOST");
}
else {
    #
    # Create the root filesystem.
    #
    mkrootfs("$JAILPATH/$HOST");
}

#
# Start the tmcc proxy. This path will be valid in both the outer
# environment and in the jail!
#
startproxy("$JAILPATH/$HOST");

#
# Start the jail. We do it in a child so we can send a signal to the
# jailed process to force it to shutdown. The jail has to shut itself
# down.
#
$jailpid = fork();
if ($jailpid) {
    # We do not really care about the exit status of the jail.
    waitpid($jailpid, 0);
    undef($jailpid);
}
else {
    $SIG{TERM} = 'DEFAULT';
    $ENV{'TMCCVNODEID'} = $HOST;

244
245
    my $cmd = "jail $jailoptions ".
	"$JAILPATH/$HOST/root $HOST $IP /etc/jail/injail.pl";
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
    if ($interactive) {
	$cmd .= " /bin/csh";
    }
    exec($cmd);
    die("*** $0:\n".
	"    exec failed to start the jail!\n");
}
	 
#
# Once we exit, cleanup the mess.
#
cleanup();
exit(0);

#
# Create a file for a vnode device, vnconfig it, newfs, and then
# mount it on the "root" directory.
#
sub mkrootfs($)
{
    my ($path) = @_;
267
    my $vnsize = $VNFILEMBS;
268
269
270
271
272
273
274
275
276
277

    chdir($path) or
	fatal("Could not chdir to $path: $!");

    mkdir("root", 0770) or
	fatal("Could not mkdir 'root' in $path: $!");
    
    #
    # Big file of zeros.
    # 
278
    mysystem("dd if=/dev/zero of=root.vnode bs=1m count=$vnsize");
279
280
281
282
283

    #
    # Find a free vndevice.
    #
    for (my $i = 0; $i < $MAXVNDEVS; $i++) {
284
285
286
287
	# Make sure the dev entries exist!
	mysystem("(cd /dev; ./MAKEDEV vn${i})");
	
	system("vnconfig -c vn${i} root.vnode");
288
289
290
291
292
293
294
	if (! $?) {
	    $vndevice = $i;
	    last;
	}
    }
    fatal("Could not find a free vn device!") 
	if (!defined($vndevice));
295
296
    print("Using vn${vndevice}\n")
 	if ($debug);
297

298
    mysystem("vnconfig -s labels vn${vndevice} root.vnode");
299
300
    mysystem("disklabel -r -w vn${vndevice} auto");
    mysystem("newfs -b 8192 -f 1024 -i 4096 -c 15 /dev/vn${vndevice}c");
301
    mysystem("tunefs -m 2 -o space /dev/vn${vndevice}c");
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
    mysystem("mount /dev/vn${vndevice}c root");
    push(@mntpoints, "$path/root");

    #
    # Okay, copy in the top level directories. 
    #
    foreach my $dir (@ROOTCPDIRS) {
	mysystem("hier -f -FN cp /$dir root/$dir");
    }

    #
    # Make some other directories that are nice to have!
    #
    foreach my $dir (@ROOTMKDIRS) {
	mkdir("root/$dir", 0755) or
	    fatal("Could not mkdir '$dir' in $path/root: $!");
    }

    #
    # Okay, mount some other directories to save space.
    #
    foreach my $dir (@ROOTMNTDIRS) {
	mysystem("mount -r localhost:/$dir $path/root/$dir");
	push(@mntpoints, "$path/root/$dir");
    }

    #
    # The proc FS in the jail is per-jail of course.
    # 
    mysystem("mount -t procfs proc $path/root/proc");
    push(@mntpoints, "$path/root/proc");

    #
    # /tmp is special of course
    #
    mysystem("chmod 1777 root/tmp");

    #
    # /dev is also special. It gets a very restricted set of entries.
341
    # Note that we create some BPF devices since they work in our jails.
342
    #
343
344
345
346
347
348
349
350
    my $makedevs = "bpf31";
    if ($jailflags & $JAIL_DEVMEM) {
	$makedevs .= " std pty0";
    }
    else {
	$makedevs .= " jail";
    }
    mysystem("cd $path/root/dev; cp -p /dev/MAKEDEV .; ./MAKEDEV $makedevs");
351
352
353
354
355
356
357
358
359
360
    
    #
    # Create stub /var and create the necessary log files.
    #
    # NOTE: I stole this little diddy from /etc/rc.diskless2.
    #
    mysystem("mtree -nqdeU -f /etc/mtree/BSD.var.dist ".
	     "-p $path/root/var >/dev/null 2>&1");
    mysystem("mkdir -p $path/root/$path");

361
362
363
364
365
366
367
368
369
370
371
372
373
374
    #
    # Make the emulab directories since they are not in the mtree file.
    #
    if (! -e "$path/root/var/emulab") {
	mkdir("$path/root/var/emulab", 0755) or
	    fatal("Could not mkdir 'emulab' in $path/root/var: $!");
    }
    foreach my $dir (@EMUVARDIRS) {
	if (! -e "$path/root/var/emulab/$dir") {
	    mkdir("$path/root/var/emulab/$dir", 0755) or
		fatal("Could not mkdir 'dir' in $path/root/var/emulab: $!");
	}
    }

375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
    #
    # Get a list of all the plain files and create zero length versions
    # in the new var.
    #
    opendir(DIR, "/var/log") or
	fatal("Cannot opendir /var/log: $!");
    my @logs = grep { -f "/var/log/$_" } readdir(DIR);
    closedir(DIR);

    foreach my $log (@logs) {
	mysystem("touch $path/root/var/log/$log");
    }

    #
    # Now a bunch of stuff to set up a nice environment in the jail.
    #
391
392
393
    mysystem("cp -p $ETCJAIL/rc.conf $path/root/etc");
    mysystem("rm -f $path/root/etc/rc.conf.local");
    mysystem("cp -p $ETCJAIL/rc.local $path/root/etc");
394
    mysystem("cp -p $ETCJAIL/crontab $path/root/etc");
395
396
    mysystem("cp -p $ETCJAIL/group $path/root/etc");
    mysystem("cp -p $ETCJAIL/master.passwd $path/root/etc");
397
398
399
    mysystem("cp /dev/null $path/root/etc/fstab");
    mysystem("pwd_mkdb -p -d $path/root/etc $path/root/etc/master.passwd");
    mysystem("echo '$IP		$HOST' >> $path/root/etc/hosts");
400
401
402
403
404
405
406
407
408
409
410
411
412
413
    mysystem("echo 'sshd_flags=\"\$sshd_flags -p $sshdport\"' >> ".
	     " $path/root/etc/rc.conf");

    # No X11 forwarding. 
    mysystem("cat $path/root/etc/ssh/sshd_config | ".
	     "sed -e 's/^X11Forwarding.*yes/X11Forwarding no/' > ".
	     "$path/root/tmp/sshd_foo");
    mysystem("cp -f $path/root/tmp/sshd_foo $path/root/etc/ssh/sshd_config");

    # In the jail, 127.0.0.1 refers to the jail, but we want to use the
    # nameserver running *outside* the jail.
    mysystem("cat /etc/resolv.conf | ".
	     "sed -e 's/127\.0\.0\.1/$hostip/' > ".
	     "$path/root/etc/resolv.conf");
414
415
416
417
418
419
420
421
422

    #
    # If the jail gets its own routing table, must arrange for it to
    # be populated when the jail starts up.
    # 
    if ($jailflags & $JAIL_ROUTING) {
	addroutestorc("$path/root/etc/rc.conf");
    }
	
423
424
425
426
    #
    # Give the jail an NFS mount of the local project directory. This one
    # is read-write.
    #
427
428
429
430
    if (defined($PID) && -e $LOCALFS && -e "$LOCALFS/$PID") {
	mysystem("mkdir -p $path/root/$LOCALMNTPNT/$PID");
	mysystem("mount localhost:$LOCALFS/$PID $path/root/$LOCALMNTPNT/$PID");
	push(@mntpoints, "$path/root/$LOCALMNTPNT/$PID");
431
432
    }

433
434
435
436
437
438
439
440
441
442
443
    #
    # Ug. Until we have SFS working the way I want it, NFS mount the
    # usual directories inside the jail. This duplicates a lot of mounts,
    # but not sure what to do about that. 
    #
    if (! REMOTE()) {
	foreach my $dir ( JailedNFSMounts($HOST, "$path/root") ) {
	    push(@mntpoints, "$path/root/$dir");
	}
    }

444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
    cleanmess($path);
    return 0;
}

#
# Restore a jail after a crash.
#
sub restorerootfs($)
{
    my ($path) = @_;

    chdir($path) or
	fatal("Could not chdir to $path: $!");

    #
    # Find a free vndevice.
    #
    for (my $i = 0; $i < $MAXVNDEVS; $i++) {
462
463
464
465
	# Make sure the dev entries exist!
	mysystem("(cd /dev; ./MAKEDEV vn${i})");
	
	system("vnconfig -c vn${i} root.vnode");
466
467
468
469
470
471
472
	if (! $?) {
	    $vndevice = $i;
	    last;
	}
    }
    fatal("Could not find a free vn device!") 
	if (!defined($vndevice));
473
474
    print("Using vn${vndevice}\n")
 	if ($debug);
475

476
    mysystem("vnconfig -s labels vn${vndevice} root.vnode");
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
    mysystem("fsck -y /dev/vn${vndevice}c");
    mysystem("mount /dev/vn${vndevice}c root");
    push(@mntpoints, "$path/root");

    #
    # Okay, mount some other directories to save space.
    #
    foreach my $dir (@ROOTMNTDIRS) {
	mysystem("mount -r localhost:/$dir $path/root/$dir");
	push(@mntpoints, "$path/root/$dir");
    }

    #
    # The proc FS in the jail is per-jail of course.
    # 
    mysystem("mount -t procfs proc $path/root/proc");
    push(@mntpoints, "$path/root/proc");

    #
    # Give the jail an NFS mount of the local project directory. This one
    # is read-write.
    #
499
500
501
502
    if (defined($PID) && -e $LOCALFS && -e "$LOCALFS/$PID") {
	mysystem("mkdir -p $path/root/$LOCALMNTPNT/$PID");
	mysystem("mount localhost:$LOCALFS/$PID $path/root/$LOCALMNTPNT/$PID");
	push(@mntpoints, "$path/root/$LOCALMNTPNT/$PID");
503
    }
504
505
506
507
508
509
510
511
512
513
514

    #
    # Ug. Until we have SFS working the way I want it, NFS mount the
    # usual directories inside the jail. This duplicates a lot of mounts,
    # but not sure what to do about that. 
    #
    if (! REMOTE()) {
	foreach my $dir ( JailedNFSMounts($HOST, "$path/root") ) {
	    push(@mntpoints, "$path/root/$dir");
	}
    }
515
516
517
518
    return 0;
}

#
519
520
# Okay, we clean up some of what is in /etc and /etc/emulab so that the
# jail cannot see that stuff. 
521
522
523
524
525
526
527
528
529
530
531
#
sub cleanmess($) {
    my ($path) = @_;

    #
    # And, some security stuff. We want to remove bits of stuff from the
    # jail that would enable it to talk to tmcd directly. 
    #
    mysystem("rm -f $path/root/etc/emulab.cdkey");
    mysystem("rm -f $path/root/etc/emulab.pkey");

532
533
534
535
    mysystem("rm -f  $path/root/$ETCDIR/*.pem");
    mysystem("rm -f  $path/root/$ETCDIR/cvsup.auth");
    mysystem("rm -rf $path/root/$ETCDIR/.cvsup");
    mysystem("rm -f  $path/root/$ETCDIR/master.passwd");
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605

    #
    # Copy in emulabman if it exists.
    #
    if (my (undef,undef,undef,undef,undef,undef,undef,$dir) =
	getpwnam("emulabman")) {
	mysystem("hier cp $dir $path/root/home/emulabman");
    }
}

#
# Start the tmcc proxy and insert the unix path into the environment
# for the jail to pick up.
#
sub startproxy($)
{
    my ($dir) = @_;
    my $log   = "$dir/tmcc.log";

    #
    # The point of these paths is so that there is a comman path to
    # the socket both outside and inside the jail. Yuck!
    #
    my $insidepath  = "$dir/tmcc";
    my $outsidepath = "$dir/root/$insidepath";

    $tmccpid = fork();
    if ($tmccpid) {
	#
	# So tmcc will work nicely inside the jail without needing the
	# -l option specified all over.
	#
	$ENV{'TMCCUNIXPATH'} = $insidepath;
	
	select(undef, undef, undef, 0.2);
	return 0;
    }
    $SIG{TERM} = 'DEFAULT';

    # The -o option will cause the proxy to detach but not fork!
    # Eventually change this to standard pid file kill.
    exec("$TMCC -d -x $outsidepath -n $HOST -o $log");
    die("Exec of $TMCC failed! $!\n");
}

#
# Cleanup at exit.
#
sub cleanup()
{
    if ($cleaning) {
	die("*** $0:\n".
	    "    Oops, already cleaning!\n");
    }
    $cleaning = 1;
    
    #
    # Note that the unmounts will fail unless all the processes inside
    # the jail exit!
    # 
    if (defined($tmccpid)) {
	kill('TERM', $tmccpid);
	waitpid($tmccpid, 0);
    }

    if (defined($jailpid)) {
	kill('TERM', $jailpid);
	waitpid($jailpid, 0);
    }

606
607
608
609
    foreach my $ruleno (keys(%ipfwrules)) {
	system("ipfw delete $ruleno");
    }

610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
    while (@mntpoints) {
	my $mntpoint = pop(@mntpoints);

	# If the umounts fail, we do want to continue. Dangerous!
	system("umount $mntpoint");
	if ($?) {
	    # Avoid recursive calls to cleanup; do not use fatal.
	    die("*** $0:\n".
		"    umount '$mntpoint' failed: $!\n");
	}
    }
    if (defined($vndevice)) {
	system("vnconfig -u vn${vndevice}");
    }
    if (!$leaveme) {
625
626
627
628
629
630
631
        #
        # Ug, with NFS mounts inside the jail, we need to be really careful.
        #
	if (-d "$JAILPATH/$HOST/root" && !rmdir("$JAILPATH/$HOST/root")) {
	    die("*** $0:\n".
		"    $JAILPATH/$HOST/root is not empty! This is very bad!\n");
	}
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
	system("rm -rf $JAILPATH/$HOST");
    }
}

#
# Print error and exit.
#
sub fatal($)
{
    my ($msg) = @_;

    cleanup();
    die("*** $0:\n".
	"    $msg\n");
}

#
# Run a command string, redirecting output to a logfile.
#
sub mysystem($)
{
    my ($command) = @_;

    system($command);
    if ($?) {
	fatal("Command failed: $? - $command");
    }
}
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701

#
# Read in the jail config file. 
#
sub getjailconfig($)
{
    my ($path) = @_;

    $path .= "/$JAILCONFIG";

    if (! -e $path) {
	return 0;
    }
    
    if (! open(CONFIG, $path)) {
	print("$path could not be opened for reading: $!\n");
	return -1;
    }
    while (<CONFIG>) {
	if ($_ =~ /^(.*)="(.+)"$/ ||
	    $_ =~ /^(.*)=(.+)$/) {
	    $jailconfig{$1} = $2;
	}
    }
    close(CONFIG);
    return 0;
}

#
# See if special jail opts supported.
#
sub setjailoptions() {
    #
    # Do this all the time, so that we can figure out the sshd port.
    # 
    foreach my $key (keys(%jailconfig)) {
	my $val = $jailconfig{$key};

        SWITCH: for ($key) {
	    /^PORTRANGE$/ && do {
		if ($val =~ /(\d+),(\d+)/) {
		    $jailoptions .= " -p $1:$2";
702
703
704
705
706
		}
		last SWITCH;
	    };
	    /^SSHDPORT$/ && do {
		if ($val =~ /(\d+)/) {
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
		    $sshdport     = $1;
		}
		last SWITCH;
	    };
	    /^SYSVIPC$/ && do {
		if ($val) {
		    $jailoptions .= " -o sysvipc";
		}
		else {
		    $jailoptions .= " -o nosysvipc";
		}
		last SWITCH;
	    };
	    /^INETRAW$/ && do {
		if ($val) {
		    $jailoptions .= " -o inetraw";
		}
		else {
		    $jailoptions .= " -o noinetraw";
		}
		last SWITCH;
	    };
	    /^BPFRO$/ && do {
		if ($val) {
		    $jailoptions .= " -o bpfro";
		}
		else {
		    $jailoptions .= " -o nobpfro";
		}
		last SWITCH;
	    };
738
739
740
741
742
743
744
745
746
747
	    /^INADDRANY$/ && do {
		if ($val) {
		    $jailoptions .= " -o inaddrany";
		}
		else {
		    $jailoptions .= " -o noinaddrany";
		}
		last SWITCH;
	    };
	    /^ROUTING$/ && do {
748
	       if (0) {
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
		if ($val) {
		    $jailoptions .= " -o routing";

		    $jailflags |= $JAIL_ROUTING;
		    #
		    # If the jail gets routing privs, then it must get
		    # its own routing table. We need to know this number
		    # so we can enter an ipfw rule for it.
		    #
		    $routetabid   = getnextrtabid();
		    $jailoptions .= " -r $routetabid";
		}
		else {
		    $jailoptions .= " -o norouting";
		}
764
  	       }
765
766
767
768
769
770
		last SWITCH;
	    };
	    /^DEVMEM$/ && do {
		$jailflags |= $JAIL_DEVMEM;
		last SWITCH;
	    };
Leigh B. Stoller's avatar
Leigh B. Stoller committed
771
 	    /^IPADDRS$/ && do {
772
773
774
775
776
777
		# Comma separated list of IPs
		my @iplist = split(",", $val);

		foreach my $ip (@iplist) {
		    if ($ip =~ /(\d+\.\d+\.\d+\.\d+)/) {
			$jailoptions .= " -i $1";
778
			push(@jailips, $1);
779
780
781
782
		    }
		}
 		last SWITCH;
 	    };
783
784
785
786
787
788
	}
    }
    print("SSHD port is $sshdport\n");

    system("sysctl jail.inetraw_allowed=1 >/dev/null 2>&1");
    system("sysctl jail.bpf_allowed=1 >/dev/null 2>&1");
789
790
791
792
    system("sysctl jail.inaddrany_allowed=1 >/dev/null 2>&1");
    system("sysctl jail.multiip_allowed=1 >/dev/null 2>&1");
    system("sysctl net.link.ether.inet.useloopback=0 >/dev/null 2>&1");

793
794
795
    if ($?) {
	print("Special jail options are NOT supported!\n");
	$jailoptions = "";
796
	$jailflags   = 0;
797
798
799
	return 0;
    }
    print("Special jail options are supported: '$jailoptions'\n");
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856

    if (@jailips && ($jailflags & $JAIL_ROUTING)) {
	genipfwrules();
    }
    return 0;
}

#
# Append a list of static routes to the rc.conf file.
#
sub addroutestorc($rc)
{
    my ($rc)   = @_;
    my $count  = 0;

    #
    # Need the IP of the default router, which we got from DHCP but
    # is not stashed anyplace easy to get at. 
    # 
    my $router_name = `route get default | awk '/gateway:/ {print \$2}'`;
    chomp($router_name);
    my (undef,undef,undef,undef,@ipaddrs) = gethostbyname($router_name);
    my $router_ip = inet_ntoa($ipaddrs[0]);
    fatal("Could not determine IP of the default router!")
	if (!defined($router_ip));

    open(RC, ">>$rc") or
	fatal("Could not open $rc to append static routes");

    #
    # First the set of routes that all jails get. 
    # 
    print RC "static_routes=\"default lo0 host\"\n";
    print RC "route_default=\"default $router_ip\"\n";
    print RC "route_lo0=\"localhost -interface lo0\"\n";
    print RC "route_host=\"$hostip localhost\"\n";

    #
    # Now a list of routes for each of the IPs the jail has access
    # to. Of course, we need to know the interface name, so use the
    # route command again.
    # 
    foreach my $ip (@jailips) {
	my $interface = `route get $ip | awk '/interface:/ {print \$2}'`;
	my $netmask   = `route get $ip | awk '/mask:/ {print \$2}'`;
	chomp($interface);
	chomp($netmask);
	fatal("Could not find interface for $ip")
	    if (!defined($interface));

	print RC "static_routes=\"ip${count} \$static_routes\"\n";
	print RC "route_ip${count}=\"-net $ip -interface $interface " .
	    "-netmask $netmask\"\n";

	$count++;
    }
    close(RC);
857
858
    return 0;
}
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937

#
# Ug, with NFS mounts inside the jail, we need to be really careful.
#
sub removevnodedir($)
{
    my ($dir) = @_;

    if (-d "$dir/root" && !rmdir("$dir/root")) {
	die("*** $0:\n".
	    "    $dir/root is not empty! This is very bad!\n");
    }
    system("rm -rf $dir");
}

#
# Get a free routing table ID. This should eventually come from the
# kernel, but for now just use a file with a number in it. 
#
sub getnextrtabid()
{
    my $nextrtabid = 1;

    #
    # The chances of a race are low, but need to deal with it anyway.
    #
    my $lockfile  = "/var/emulab/lock/rtabid";
    my $rtabidfile= "/var/emulab/db/rtabid";

    open(LOCK, ">>$lockfile") ||
	fatal("Could not open $lockfile\n");
    
    while (flock(LOCK, LOCK_EX|LOCK_NB) == 0) {
	print "Waiting to get lock for $lockfile\n";
	sleep(1);
    }
    if (-e $rtabidfile) {
	my $rtabid = `cat $rtabidfile`;
	if ($rtabid =~ /^(\d*)$/) {
	    $nextrtabid = $1 + 1;
	}
	else {
	    close(LOCK);
	    fatal("Bad data in $rtabidfile!");
	}
    }
    system("echo $nextrtabid > $rtabidfile");
    close(LOCK);
    return $nextrtabid;
}

#
# Generate the list of ipfw rules for setting the rtabid. This should
# eventually go away when we have better support in the kernel for
# figuring this out.
#
sub genipfwrules()
{
    my $index = $routetabid * 100;

    if (scalar(@jailips) > 100) {
	fatal("Too many ipfw rules (too many IPs)!");
    }

    foreach my $ip (@jailips) {
	my $rule = "ipfw add $index rtabid $routetabid ip from any to $ip";

	#
	# Install rule. If any fail, we are doomed.
	#
	system($rule) == 0
	    or fatal("ipfw failed: $rule");
	
	#
	# Save for cleanup().
	# 
	$ipfwrules{$index++} = $rule;
    }
}