mkjail.pl 27.5 KB
Newer Older
1
2
3
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
5
6
# All rights reserved.
#
7
8
# Kernel, jail, netstat, route, ifconfig, ipfw, header files.
# 
9
10
11
12
13
use English;
use Getopt::Std;
use Fcntl;
use IO::Handle;
use Socket;
14
use Fcntl ':flock';
15

16
17
18
# Drag in path stuff so we can find emulab stuff. Also untaints path.
BEGIN { require "/etc/emulab/paths.pm"; import emulabpaths; }

19
use libsetup qw(JailedMounts REMOTE LOCALROOTFS TMPASSDB TMGROUPDB);
20

21
22
23
24
25
26
27
28
29
30
31
32
33
#
# Questions:
#
# * Whats the hostname for the jail? Perhaps vnodename.emulab.net
# * What should /etc/resolv.conf look like?
# 

#
# Create a jailed environment. There are some stub files stored in
# /etc/jail that copied into the jail.
#
sub usage()
{
34
    print("Usage: mkjail.pl [-V] [-s] [-i <ipaddr>] [-p <pid>] ".
35
	  "[-h <hostname>] <vnodeid>\n");
36
37
    exit(-1);
}
38
my  $optlist = "Vi:p:e:sh:";
39
40
41
42
43
44
45

#
# Only real root can run this script.
#
if ($UID) {
    die("Must be root to run this script!\n");
}
46
system("sysctl jail.set_hostname_allowed=0 >/dev/null 2>&1");
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

#
# Catch ^C and exit with error. 
#
my $leaveme = 0;
sub handler ($) {
    my ($signame) = @_;
    
    $SIG{INT}  = 'IGNORE';
    $SIG{USR1} = 'IGNORE';
    $SIG{TERM} = 'IGNORE';
    $SIG{HUP}  = 'IGNORE';

    if ($signame eq 'USR1') {
	$leaveme = 1;
    }
    fatal("Caught a SIG${signame}! Killing the jail ...");
}
$SIG{INT}  = \&handler;
$SIG{USR1} = \&handler;
$SIG{HUP}  = \&handler;
$SIG{TERM} = 'IGNORE';

#
# Turn off line buffering on output
#
STDOUT->autoflush(1);
STDERR->autoflush(1);

76
77
78
79
# XXX
my $JAILCNET	   = "172.16.0.0";
my $JAILCNETMASK   = "255.240.0.0";

80
81
82
83
#
# Locals
#
my $JAILPATH	= "/var/emulab/jails";
84
my $ETCJAIL     = "/etc/jail";
85
my $LOCALFS	= LOCALROOTFS();
86
87
88
my $LOCALMNTPNT = "/local";
my $TMCC	= "$BINDIR/tmcc";
my $JAILCONFIG  = "jailconfig";
89
my @ROOTCPDIRS	= ("etc", "root");
90
91
92
my @ROOTMKDIRS  = ("dev", "tmp", "var", "usr", "proc", "users", 
		   "bin", "sbin", "home", $LOCALMNTPNT);
my @ROOTMNTDIRS = ("bin", "sbin", "usr");
93
my @EMUVARDIRS	= ("logs", "db", "jails", "boot", "lock");
94
my $VNFILESECT  = 512 * ((1024 * 1024) / 512); # 64MB in 512b sectors.
95
my $MAXVNDEVS	= 100;
96
my $IP;
97
98
my $IPALIAS;
my $IPMASK;
99
my $PID;
100
my $jailhostname;
101
102
103
104
my $debug	= 1;
my $cleaning	= 0;
my $vndevice;
my @mntpoints   = ();
105
my $nfsmounts = 0;
106
107
108
my $jailpid;
my $tmccpid;
my $interactive = 0;
109
my $USEVCNETROUTES = 0;
110
111
112

# This stuff is passed from tmcd, which we parse into a config string
# and an option set.
113
my %jailconfig  = ();
114
my $jailoptions = "";
115
my $sshdport    = 50000;	# Bogus default, good for testing.
116
my $routetabid;			# Default to main routing table.
117
my $jailflags   = 0;
118
119
120
my @jailips     = ();		# List of jail IPs (for routing table).
my $JAIL_DEVMEM = 0x01;		# We need to know if these options given.
my $JAIL_ROUTING= 0x02;
121
122
123
124
125
126
127
128
129
130
131
132

#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (@ARGV != 1) {
    usage();
}
133
my $vnodeid = $ARGV[0];
134
135
136
137

#
# Untaint the arguments.
#
138
139
140
if ($vnodeid =~ /^([-\w\/\.]+)$/) {
    $vnodeid = $1;
    $jailhostname = $1;
141
142
}
else {
143
    die("Tainted argument $vnodeid!\n");
144
145
146
147
148
149
}

if (defined($options{'s'})) {
    $interactive = 1;
}

150
151
152
153
if (defined($options{'V'})) {
    $USEVCNETROUTES = 1;
}

154
155
156
157
158
159
160
161
162
163
164
165
166
167
#
# Get the parent IP.
# 
my $hostname = `hostname`;
my $hostip;

# Untaint and strip newline.
if ($hostname =~ /^([-\w\.]+)$/) {
    $hostname = $1;

    my (undef,undef,undef,undef,@ipaddrs) = gethostbyname($hostname);
    $hostip = inet_ntoa($ipaddrs[0]);
}

168
#
169
170
# If no IP, then it defaults to our hostname's IP, *if* none is provided
# by the jail configuration file. That check is later. 
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
# 
if (defined($options{'i'})) {
    $IP = $options{'i'};

    if ($IP =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
	$IP = $1;
    }
    else {
	die("Tainted argument $IP!\n");
    }
}

if (defined($options{'p'})) {
    $PID = $options{'p'};

    if ($PID =~ /^([-\@\w]+)$/) {
	$PID = $1;
    }
    else {
	die("Tainted argument $PID.");
    }
}

194
195
196
197
198
199
200
201
202
203
204
if (defined($options{'h'})) {
    $jailhostname = $options{'h'};

    if ($jailhostname =~ /^([-\w\.]+)$/) {
	$jailhostname = $1;
    }
    else {
	die("Tainted argument $jailhostname.");
    }
}

205
#
206
# In most cases, the $vnodeid directory will have been created by the caller,
207
208
# and a config file possibly dropped in.
# When debugging, we have to create it here. 
209
210
211
212
# 
chdir($JAILPATH) or
    die("Could not chdir to $JAILPATH: $!\n");

213
214
215
if (! -e $vnodeid) {
    mkdir($vnodeid, 0770) or
	fatal("Could not mkdir $vnodeid in $JAILPATH: $!");
216
}
217
else {
218
    getjailconfig("$JAILPATH/$vnodeid");
219
220
}

221
222
223
my $phys_cnet_if = `control_interface`;
chomp($phys_cnet_if);

224
225
226
227
#
# See if special options supported, and if so setup args as directed.
#
setjailoptions();
228

229
230
231
232
233
234
235
236
237
238
#
# If no IP set in the jail config, then use hostip.
#
if (!defined($IP)) {
    $IP = $hostip;
}

print("Setting up jail for $vnodeid using $IP\n")
    if ($debug);

239
240
241
#
# Create the "disk";
#
242
if (-e "$vnodeid/root") {
243
244
245
    #
    # Try to pick up where we left off.
    # 
246
    restorerootfs("$JAILPATH/$vnodeid");
247
248
249
250
251
}
else {
    #
    # Create the root filesystem.
    #
252
    mkrootfs("$JAILPATH/$vnodeid");
253
254
}

255
256
#
# If the jail has its own IP, must insert the control network alias.
257
258
# We use a 255.255.255.255 netmask since there might be multiple
# virtual nodes from the same subnet on this node. 
259
260
#
if (defined($IPALIAS)) {
261
    setcnethostalias($IPALIAS);
262
263
264
265
266
267
268
269
270
}

#
# Set up jail interfaces. We pass it the rtabid as well, and the script
# does all the right stuff. 
#
mysystem("ifsetup -i -j $vnodeid ".
	 (($jailflags & $JAIL_ROUTING) ? "-r $routetabid" : ""));

271
272
273
274
#
# Start the tmcc proxy. This path will be valid in both the outer
# environment and in the jail!
#
275
startproxy("$JAILPATH/$vnodeid");
276
277
278
279
280
281
282
283
284
285
286
287
288
289

#
# Start the jail. We do it in a child so we can send a signal to the
# jailed process to force it to shutdown. The jail has to shut itself
# down.
#
$jailpid = fork();
if ($jailpid) {
    # We do not really care about the exit status of the jail.
    waitpid($jailpid, 0);
    undef($jailpid);
}
else {
    $SIG{TERM} = 'DEFAULT';
290
    $ENV{'TMCCVNODEID'} = $vnodeid;
291

292
293
    my $cmd = "jail $jailoptions $JAILPATH/$vnodeid/root $jailhostname $IP ".
	"/etc/jail/injail -v $vnodeid";
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
    if ($interactive) {
	$cmd .= " /bin/csh";
    }
    exec($cmd);
    die("*** $0:\n".
	"    exec failed to start the jail!\n");
}
	 
#
# Once we exit, cleanup the mess.
#
cleanup();
exit(0);

#
# Create a file for a vnode device, vnconfig it, newfs, and then
# mount it on the "root" directory.
#
sub mkrootfs($)
{
    my ($path) = @_;
315
    my $vnsize = $VNFILESECT;
316
317
318
319
320
321
322
323

    chdir($path) or
	fatal("Could not chdir to $path: $!");

    mkdir("root", 0770) or
	fatal("Could not mkdir 'root' in $path: $!");
    
    #
324
    # Lots of zeros. Note we oseek to create a big hole.
325
    # 
326
    mysystem("dd if=/dev/zero of=root.vnode bs=512 oseek=$vnsize count=1");
327
328
329
330
331

    #
    # Find a free vndevice.
    #
    for (my $i = 0; $i < $MAXVNDEVS; $i++) {
332
	system("vnconfig -c vn${i} root.vnode");
333
334
335
336
337
338
339
	if (! $?) {
	    $vndevice = $i;
	    last;
	}
    }
    fatal("Could not find a free vn device!") 
	if (!defined($vndevice));
340
341
    print("Using vn${vndevice}\n")
 	if ($debug);
342

343
    mysystem("vnconfig -s labels vn${vndevice} root.vnode");
344
345
    mysystem("disklabel -r -w vn${vndevice} auto");
    mysystem("newfs -b 8192 -f 1024 -i 4096 -c 15 /dev/vn${vndevice}c");
346
    mysystem("tunefs -m 2 -o space /dev/vn${vndevice}c");
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
    mysystem("mount /dev/vn${vndevice}c root");
    push(@mntpoints, "$path/root");

    #
    # Okay, copy in the top level directories. 
    #
    foreach my $dir (@ROOTCPDIRS) {
	mysystem("hier -f -FN cp /$dir root/$dir");
    }

    #
    # Make some other directories that are nice to have!
    #
    foreach my $dir (@ROOTMKDIRS) {
	mkdir("root/$dir", 0755) or
	    fatal("Could not mkdir '$dir' in $path/root: $!");
    }

    #
    # Okay, mount some other directories to save space.
    #
    foreach my $dir (@ROOTMNTDIRS) {
369
370
371
372
373
	if ($nfsmounts) {
	    mysystem("mount -r localhost:/$dir $path/root/$dir");
	} else {
	    mysystem("mount -r -t null /$dir $path/root/$dir");
	}
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
	push(@mntpoints, "$path/root/$dir");
    }

    #
    # The proc FS in the jail is per-jail of course.
    # 
    mysystem("mount -t procfs proc $path/root/proc");
    push(@mntpoints, "$path/root/proc");

    #
    # /tmp is special of course
    #
    mysystem("chmod 1777 root/tmp");

    #
    # /dev is also special. It gets a very restricted set of entries.
390
    # Note that we create some BPF devices since they work in our jails.
391
    #
392
393
394
395
396
397
398
399
    my $makedevs = "bpf31";
    if ($jailflags & $JAIL_DEVMEM) {
	$makedevs .= " std pty0";
    }
    else {
	$makedevs .= " jail";
    }
    mysystem("cd $path/root/dev; cp -p /dev/MAKEDEV .; ./MAKEDEV $makedevs");
400
401

    # Remove some extraneous devices.
402
    mysystem("cd $path/root/dev; rm -f pci io klog console; ");
403
    
404
405
406
407
408
409
410
    #
    # "Link" /dev/console to /dev/null
    # We actually create a separate special file rather than just linking
    # in case anyone mucks with the permissions on /dev/console.
    #
    mysystem("cd $path/root/dev; hier cp null console; chmod 600 console");

411
412
413
414
415
416
417
418
419
    #
    # Create stub /var and create the necessary log files.
    #
    # NOTE: I stole this little diddy from /etc/rc.diskless2.
    #
    mysystem("mtree -nqdeU -f /etc/mtree/BSD.var.dist ".
	     "-p $path/root/var >/dev/null 2>&1");
    mysystem("mkdir -p $path/root/$path");

420
421
422
423
424
425
426
427
428
429
430
431
432
433
    #
    # Make the emulab directories since they are not in the mtree file.
    #
    if (! -e "$path/root/var/emulab") {
	mkdir("$path/root/var/emulab", 0755) or
	    fatal("Could not mkdir 'emulab' in $path/root/var: $!");
    }
    foreach my $dir (@EMUVARDIRS) {
	if (! -e "$path/root/var/emulab/$dir") {
	    mkdir("$path/root/var/emulab/$dir", 0755) or
		fatal("Could not mkdir 'dir' in $path/root/var/emulab: $!");
	}
    }

434
435
436
437
438
439
440
    #
    # Stash the control net IP if not the same as the host IP
    #
    if ($IP ne $hostip) {
	mysystem("echo $IP >> $path/root/var/emulab/boot/myip");
    }

441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
    #
    # Get a list of all the plain files and create zero length versions
    # in the new var.
    #
    opendir(DIR, "/var/log") or
	fatal("Cannot opendir /var/log: $!");
    my @logs = grep { -f "/var/log/$_" } readdir(DIR);
    closedir(DIR);

    foreach my $log (@logs) {
	mysystem("touch $path/root/var/log/$log");
    }

    #
    # Now a bunch of stuff to set up a nice environment in the jail.
    #
457
458
459
    mysystem("cp -p $ETCJAIL/rc.conf $path/root/etc");
    mysystem("rm -f $path/root/etc/rc.conf.local");
    mysystem("cp -p $ETCJAIL/rc.local $path/root/etc");
460
    mysystem("cp -p $ETCJAIL/crontab $path/root/etc");
461
    mysystem("cp /dev/null $path/root/etc/fstab");
462
    mysystem("ln -s /usr/compat $path/root/compat");
463
464
465
466
467
468

    # No X11 forwarding. 
    mysystem("cat $path/root/etc/ssh/sshd_config | ".
	     "sed -e 's/^X11Forwarding.*yes/X11Forwarding no/' > ".
	     "$path/root/tmp/sshd_foo");
    mysystem("cp -f $path/root/tmp/sshd_foo $path/root/etc/ssh/sshd_config");
469
470
471
472
473
474
475
476
477
478
    
    # Port/Address for sshd.
    if ($IP ne $hostip) {
	mysystem("echo 'ListenAddress $IP' >> ".
		 "$path/root/etc/ssh/sshd_config");
    }
    else {
	mysystem("echo 'sshd_flags=\"\$sshd_flags -p $sshdport\"' >> ".
		 "$path/root/etc/rc.conf");
    }
479
480
481
482
483
484

    # In the jail, 127.0.0.1 refers to the jail, but we want to use the
    # nameserver running *outside* the jail.
    mysystem("cat /etc/resolv.conf | ".
	     "sed -e 's/127\.0\.0\.1/$hostip/' > ".
	     "$path/root/etc/resolv.conf");
485

486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
    #
    # Password/group file stuff. If remote the jail picks them up. Locally
    # we start with current set of accounts on the physnode, since this is
    # more efficient (less tmcd work), and besides, the physnode starts with
    # exactly the same accounts.
    #
    if (REMOTE()) {
	mysystem("cp -p $ETCJAIL/group $path/root/etc");
	mysystem("cp -p $ETCJAIL/master.passwd $path/root/etc");
	mysystem("pwd_mkdb -p -d $path/root/etc $path/root/etc/master.passwd");
    }
    else {
	mysystem("cp -p /etc/group $path/root/etc");
	mysystem("cp -p /etc/master.passwd $path/root/etc");
	mysystem("pwd_mkdb -p -d $path/root/etc $path/root/etc/master.passwd");
	mysystem("cp -p " . TMPASSDB() . ".db $path/root/$DBDIR");
	mysystem("cp -p " . TMGROUPDB() . ".db $path/root/$DBDIR");
    }
    
505
506
    #
    # If the jail gets its own routing table, must arrange for it to
507
    # be populated with some extras when it boots up.
508
509
    # 
    if ($jailflags & $JAIL_ROUTING) {
510
	addroutestorc("$path/root/etc/rc.conf.routes");
511
    }
512

513
514
515
516
    #
    # Give the jail an NFS mount of the local project directory. This one
    # is read-write.
    #
517
518
    if (defined($PID) && -e $LOCALFS && -e "$LOCALFS/$PID") {
	mysystem("mkdir -p $path/root/$LOCALMNTPNT/$PID");
519
520
521
522
523
524
525
	if ($nfsmounts) {
	    mysystem("mount localhost:$LOCALFS/$PID ".
		     "      $path/root/$LOCALMNTPNT/$PID");
	} else {
	    mysystem("mount -t null $LOCALFS/$PID ".
		     "      $path/root/$LOCALMNTPNT/$PID");
	}
526
	push(@mntpoints, "$path/root/$LOCALMNTPNT/$PID");
527

528
529
#	mysystem("ln -s $LOCALMNTPNT/$PID/$vnodeid $path/root/opt");
	mkdir("$path/root/opt", 0775);
530
531
532
    }
    else {
	mkdir("$path/root/opt", 0775);
533
534
    }

535
536
537
538
539
540
    #
    # Ug. Until we have SFS working the way I want it, NFS mount the
    # usual directories inside the jail. This duplicates a lot of mounts,
    # but not sure what to do about that. 
    #
    if (! REMOTE()) {
541
	foreach my $dir ( JailedMounts($vnodeid, "$path/root", $nfsmounts) ) {
542
543
544
545
	    push(@mntpoints, "$path/root/$dir");
	}
    }

546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
    cleanmess($path);
    return 0;
}

#
# Restore a jail after a crash.
#
sub restorerootfs($)
{
    my ($path) = @_;

    chdir($path) or
	fatal("Could not chdir to $path: $!");

    #
    # Find a free vndevice.
    #
    for (my $i = 0; $i < $MAXVNDEVS; $i++) {
564
565
566
567
	# Make sure the dev entries exist!
	mysystem("(cd /dev; ./MAKEDEV vn${i})");
	
	system("vnconfig -c vn${i} root.vnode");
568
569
570
571
572
573
574
	if (! $?) {
	    $vndevice = $i;
	    last;
	}
    }
    fatal("Could not find a free vn device!") 
	if (!defined($vndevice));
575
576
    print("Using vn${vndevice}\n")
 	if ($debug);
577

578
    mysystem("vnconfig -s labels vn${vndevice} root.vnode");
579
580
581
582
583
584
585
586
    mysystem("fsck -y /dev/vn${vndevice}c");
    mysystem("mount /dev/vn${vndevice}c root");
    push(@mntpoints, "$path/root");

    #
    # Okay, mount some other directories to save space.
    #
    foreach my $dir (@ROOTMNTDIRS) {
587
588
589
590
591
	if ($nfsmounts) {
	    mysystem("mount -r localhost:/$dir $path/root/$dir");
	} else {
	    mysystem("mount -r -t null /$dir $path/root/$dir");
	}
592
593
594
595
596
597
598
599
600
	push(@mntpoints, "$path/root/$dir");
    }

    #
    # The proc FS in the jail is per-jail of course.
    # 
    mysystem("mount -t procfs proc $path/root/proc");
    push(@mntpoints, "$path/root/proc");

601
602
603
604
605
606
607
    #
    # Must rebuild the routes list cause of swapmodify.
    #
    if ($jailflags & $JAIL_ROUTING) {
	addroutestorc("$path/root/etc/rc.conf.routes");
    }

608
609
610
611
    #
    # Give the jail an NFS mount of the local project directory. This one
    # is read-write.
    #
612
613
    if (defined($PID) && -e $LOCALFS && -e "$LOCALFS/$PID") {
	mysystem("mkdir -p $path/root/$LOCALMNTPNT/$PID");
614
615
616
617
618
619
620
	if ($nfsmounts) {
	    mysystem("mount localhost:$LOCALFS/$PID ".
		     "      $path/root/$LOCALMNTPNT/$PID");
	} else {
	    mysystem("mount -t null $LOCALFS/$PID ".
		     "      $path/root/$LOCALMNTPNT/$PID");
	}
621
	push(@mntpoints, "$path/root/$LOCALMNTPNT/$PID");
622
    }
623
624
625
626
627
628
629

    #
    # Ug. Until we have SFS working the way I want it, NFS mount the
    # usual directories inside the jail. This duplicates a lot of mounts,
    # but not sure what to do about that. 
    #
    if (! REMOTE()) {
630
	foreach my $dir ( JailedMounts($vnodeid, "$path/root", $nfsmounts) ) {
631
632
633
	    push(@mntpoints, "$path/root/$dir");
	}
    }
634
635
636
637
    return 0;
}

#
638
639
# Okay, we clean up some of what is in /etc and /etc/emulab so that the
# jail cannot see that stuff. 
640
641
642
643
644
645
646
647
648
649
650
#
sub cleanmess($) {
    my ($path) = @_;

    #
    # And, some security stuff. We want to remove bits of stuff from the
    # jail that would enable it to talk to tmcd directly. 
    #
    mysystem("rm -f $path/root/etc/emulab.cdkey");
    mysystem("rm -f $path/root/etc/emulab.pkey");

651
    # This is /etc/emulab inside the jail.
652
653
654
655
    mysystem("rm -f  $path/root/$ETCDIR/*.pem");
    mysystem("rm -f  $path/root/$ETCDIR/cvsup.auth");
    mysystem("rm -rf $path/root/$ETCDIR/.cvsup");
    mysystem("rm -f  $path/root/$ETCDIR/master.passwd");
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688

    #
    # Copy in emulabman if it exists.
    #
    if (my (undef,undef,undef,undef,undef,undef,undef,$dir) =
	getpwnam("emulabman")) {
	mysystem("hier cp $dir $path/root/home/emulabman");
    }
}

#
# Start the tmcc proxy and insert the unix path into the environment
# for the jail to pick up.
#
sub startproxy($)
{
    my ($dir) = @_;
    my $log   = "$dir/tmcc.log";

    #
    # The point of these paths is so that there is a comman path to
    # the socket both outside and inside the jail. Yuck!
    #
    my $insidepath  = "$dir/tmcc";
    my $outsidepath = "$dir/root/$insidepath";

    $tmccpid = fork();
    if ($tmccpid) {
	#
	# So tmcc will work nicely inside the jail without needing the
	# -l option specified all over.
	#
	$ENV{'TMCCUNIXPATH'} = $insidepath;
689
690
691
692
693
694
695

	#
	# The above is good only for direct decendents of the init process.
	# So, the above will be phased out in favor of a file in the usual
        # place to clue the client in. 
	#
	mysystem("echo $insidepath > $dir/root/${BOOTDIR}/proxypath");
696
697
698
699
700
701
702
703
	
	select(undef, undef, undef, 0.2);
	return 0;
    }
    $SIG{TERM} = 'DEFAULT';

    # The -o option will cause the proxy to detach but not fork!
    # Eventually change this to standard pid file kill.
704
    exec("$TMCC -d -x $outsidepath -n $vnodeid -o $log");
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
    die("Exec of $TMCC failed! $!\n");
}

#
# Cleanup at exit.
#
sub cleanup()
{
    if ($cleaning) {
	die("*** $0:\n".
	    "    Oops, already cleaning!\n");
    }
    $cleaning = 1;
    
    #
    # Note that the unmounts will fail unless all the processes inside
    # the jail exit!
    # 
    if (defined($tmccpid)) {
	kill('TERM', $tmccpid);
	waitpid($tmccpid, 0);
    }

    if (defined($jailpid)) {
729
	kill('USR1', $jailpid);
730
731
732
	waitpid($jailpid, 0);
    }

733
734
735
736
737
    # Clean up interfaces we might have setup
    system("ifsetup -u -j $vnodeid");

    # If the jail has its own IP, clean the alias.
    if (defined($IPALIAS)) {
738
	clearcnethostalias($IPALIAS);
739
740
    }

741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
    while (@mntpoints) {
	my $mntpoint = pop(@mntpoints);

	# If the umounts fail, we do want to continue. Dangerous!
	system("umount $mntpoint");
	if ($?) {
	    # Avoid recursive calls to cleanup; do not use fatal.
	    die("*** $0:\n".
		"    umount '$mntpoint' failed: $!\n");
	}
    }
    if (defined($vndevice)) {
	system("vnconfig -u vn${vndevice}");
    }
    if (!$leaveme) {
756
757
758
        #
        # Ug, with NFS mounts inside the jail, we need to be really careful.
        #
759
760
	if (-d "$JAILPATH/$vnodeid/root" &&
	    !rmdir("$JAILPATH/$vnodeid/root")) {
761
	    die("*** $0:\n".
762
		"    $JAILPATH/$vnodeid/root is not empty! This is bad!\n");
763
	}
764
	system("rm -rf $JAILPATH/$vnodeid");
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
    }
}

#
# Print error and exit.
#
sub fatal($)
{
    my ($msg) = @_;

    cleanup();
    die("*** $0:\n".
	"    $msg\n");
}

#
# Run a command string, redirecting output to a logfile.
#
sub mysystem($)
{
    my ($command) = @_;

    system($command);
    if ($?) {
	fatal("Command failed: $? - $command");
    }
}
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823

#
# Read in the jail config file. 
#
sub getjailconfig($)
{
    my ($path) = @_;

    $path .= "/$JAILCONFIG";

    if (! -e $path) {
	return 0;
    }
    
    if (! open(CONFIG, $path)) {
	print("$path could not be opened for reading: $!\n");
	return -1;
    }
    while (<CONFIG>) {
	if ($_ =~ /^(.*)="(.+)"$/ ||
	    $_ =~ /^(.*)=(.+)$/) {
	    $jailconfig{$1} = $2;
	}
    }
    close(CONFIG);
    return 0;
}

#
# See if special jail opts supported.
#
sub setjailoptions() {
824
825
    my $portrange;
    
826
827
828
829
830
831
832
    #
    # Do this all the time, so that we can figure out the sshd port.
    # 
    foreach my $key (keys(%jailconfig)) {
	my $val = $jailconfig{$key};

        SWITCH: for ($key) {
833
834
835
836
837
838
839
840
841
842
843
844
	    /^JAILIP$/ && do {
		if ($val =~ /([\d\.]+),([\d\.]+)/) {
		    # Set the jail IP, but do not override one on the 
		    # command line.
		    if (!defined($IP)) {
			$IP      = $1;
			$IPALIAS = $1;
			$IPMASK  = $2;
		    }
		}
		last SWITCH;
	    };
845
846
	    /^PORTRANGE$/ && do {
		if ($val =~ /(\d+),(\d+)/) {
847
		    $portrange = "$1:$2";
848
849
850
851
852
		}
		last SWITCH;
	    };
	    /^SSHDPORT$/ && do {
		if ($val =~ /(\d+)/) {
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
		    $sshdport     = $1;
		}
		last SWITCH;
	    };
	    /^SYSVIPC$/ && do {
		if ($val) {
		    $jailoptions .= " -o sysvipc";
		}
		else {
		    $jailoptions .= " -o nosysvipc";
		}
		last SWITCH;
	    };
	    /^INETRAW$/ && do {
		if ($val) {
		    $jailoptions .= " -o inetraw";
		}
		else {
		    $jailoptions .= " -o noinetraw";
		}
		last SWITCH;
	    };
	    /^BPFRO$/ && do {
		if ($val) {
		    $jailoptions .= " -o bpfro";
		}
		else {
		    $jailoptions .= " -o nobpfro";
		}
		last SWITCH;
	    };
884
885
886
887
888
889
890
891
892
893
894
	    /^INADDRANY$/ && do {
		if ($val) {
		    $jailoptions .= " -o inaddrany";
		}
		else {
		    $jailoptions .= " -o noinaddrany";
		}
		last SWITCH;
	    };
	    /^ROUTING$/ && do {
		if ($val) {
895
		    $jailoptions .= " -o routing -i 127.0.0.1 ";
896
897
898
899

		    $jailflags |= $JAIL_ROUTING;
		    #
		    # If the jail gets routing privs, then it must get
900
		    # its own routing table. 
901
902
903
904
905
906
907
908
909
910
		    #
		    $routetabid   = getnextrtabid();
		    $jailoptions .= " -r $routetabid";
		}
		last SWITCH;
	    };
	    /^DEVMEM$/ && do {
		$jailflags |= $JAIL_DEVMEM;
		last SWITCH;
	    };
Leigh B. Stoller's avatar
Leigh B. Stoller committed
911
 	    /^IPADDRS$/ && do {
912
913
914
915
916
917
		# Comma separated list of IPs
		my @iplist = split(",", $val);

		foreach my $ip (@iplist) {
		    if ($ip =~ /(\d+\.\d+\.\d+\.\d+)/) {
			$jailoptions .= " -i $1";
918
			push(@jailips, $1);
919
920
921
922
		    }
		}
 		last SWITCH;
 	    };
923
924
	}
    }
925
926
927
928
    #
    # If there is no IP for the jail, must restrict the port range of
    # it. Otherwise it has it own IP, and there is no need to.
    # 
929
930
931
932
933
934
935
936
937
    if (! defined($IPALIAS)) {
	if (defined($portrange)) {
	    $jailoptions .= " -p $portrange";
	}
	else {
	    fatal("Must have a port range if jail ip equals host ip!");
	}
	print("SSHD port is $sshdport\n");
    }
938
939
940

    system("sysctl jail.inetraw_allowed=1 >/dev/null 2>&1");
    system("sysctl jail.bpf_allowed=1 >/dev/null 2>&1");
941
942
943
944
    system("sysctl jail.inaddrany_allowed=1 >/dev/null 2>&1");
    system("sysctl jail.multiip_allowed=1 >/dev/null 2>&1");
    system("sysctl net.link.ether.inet.useloopback=0 >/dev/null 2>&1");

945
946
947
    if ($?) {
	print("Special jail options are NOT supported!\n");
	$jailoptions = "";
948
	$jailflags   = 0;
949
950
951
	return 0;
    }
    print("Special jail options are supported: '$jailoptions'\n");
952
953
954
955
956

    return 0;
}

#
957
958
# Append a list of static routes to the rc.conf file. This basically
# augments the list of static routes that tmcd tells us to install. 
959
960
961
962
963
964
#
sub addroutestorc($rc)
{
    my ($rc)   = @_;
    my $count  = 0;

965
    open(RC, ">$rc") or
966
967
	fatal("Could not open $rc to append static routes");

968
    my $routerip  = getcnetrouter($USEVCNETROUTES);
969
    my $hostip    = `cat $BOOTDIR/myip`;
970
971
    chomp($hostip);

972
973
974
975
    #
    # First the set of routes that all jails get. 
    # 
    print RC "static_routes=\"default lo0 host\"\n";
976
    print RC "route_default=\"default $routerip\"\n";
977
978
    print RC "route_lo0=\"localhost -interface lo0\"\n";
    print RC "route_host=\"$hostip localhost\"\n";
979

980
    if ($IP ne $hostip) {
981
	#
982
	# Setup a route for all jails on this node, to the loopback.
983
	#
984
985
986
	print RC "static_routes=\"\$static_routes jailnet\"\n";
	print RC "route_jailnet=\"-net $IP -interface lo0 255.255.255.0\"\n";

987
988
989
	#
	# All other jails are reachable via the control net interface.
	#
990
	print RC "static_routes=\"\$static_routes privnet\"\n";
991
	print RC "route_privnet=\"-net $IP -interface $phys_cnet_if $IPMASK\"\n";
992
993
994
995
996
997
998
999
1000
	#
	# If using the virtual control net for routes, also make sure that
	# nodes are reachable with their real control net addresses directly.
	#
	if ($USEVCNETROUTES) {
	    print RC "static_routes=\"\$static_routes rcnet\"\n";
	    print RC "route_rcnet=\"-net $hostip -netmask " . getcnetmask(0) .
		" -interface $phys_cnet_if\"\n";
	}
1001
    }
1002
1003

    #
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
    # Now a list of routes for each of the IPs the jail has access
    # to. The idea here is to override the interface route such that
    # traffic to the local interface goes through lo0 instead. This
    # avoids going through traffic shaping when, say, pinging your own
    # interface!
    # 
    foreach my $ip (@jailips) {
	print RC "static_routes=\"ip${count} \$static_routes\"\n";
	print RC "route_ip${count}=\"$ip -interface lo0\"\n";
	$count++;
1014
1015
    }
    close(RC);
1016
1017
    return 0;
}
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065

#
# Ug, with NFS mounts inside the jail, we need to be really careful.
#
sub removevnodedir($)
{
    my ($dir) = @_;

    if (-d "$dir/root" && !rmdir("$dir/root")) {
	die("*** $0:\n".
	    "    $dir/root is not empty! This is very bad!\n");
    }
    system("rm -rf $dir");
}

#
# Get a free routing table ID. This should eventually come from the
# kernel, but for now just use a file with a number in it. 
#
sub getnextrtabid()
{
    my $nextrtabid = 1;

    #
    # The chances of a race are low, but need to deal with it anyway.
    #
    my $lockfile  = "/var/emulab/lock/rtabid";
    my $rtabidfile= "/var/emulab/db/rtabid";

    open(LOCK, ">>$lockfile") ||
	fatal("Could not open $lockfile\n");
    
    while (flock(LOCK, LOCK_EX|LOCK_NB) == 0) {
	print "Waiting to get lock for $lockfile\n";
	sleep(1);
    }
    if (-e $rtabidfile) {
	my $rtabid = `cat $rtabidfile`;
	if ($rtabid =~ /^(\d*)$/) {
	    $nextrtabid = $1 + 1;
	}
	else {
	    close(LOCK);
	    fatal("Bad data in $rtabidfile!");
	}
    }
    system("echo $nextrtabid > $rtabidfile");
    close(LOCK);
1066
1067
1068
1069
1070
1071
    #
    # Flush that routing table so its pristine. Again, this should be
    # handled in the kernel.
    #
    system("route flush -rtabid $nextrtabid");
    
1072
1073
    return $nextrtabid;
}
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142

#
# Return the number of alias on the jailhost control interface
#
sub jailcnetaliases()
{
    my $count = 0;

    if (open(IFC, "ifconfig $phys_cnet_if |")) {
	while (<IFC>) {
	    if ($_ =~ /inet ([0-9\.]*) netmask 0xffffffff/) {
		my $host = $1;
		if (inet_ntoa(inet_aton($host) & inet_aton($JAILCNETMASK)) eq
		    $JAILCNET) {
		    $count++;
		}
	    }
	}
	close(IFC);
    }
    return $count;
}

sub setcnethostalias($)
{
    my ($vnodeip) = @_;

    mysystem("ifconfig $phys_cnet_if alias $vnodeip netmask 255.255.255.255");

    if (!$USEVCNETROUTES) {
	return;
    }

    #
    # If the jail's IP is part of the local virtual control net,
    # make sure the physical host has an alias on it as well.
    #
    # The convention is that .0 is the physical host alias.
    #
    my $cnalias = inet_aton($vnodeip);
    if ((inet_ntoa($cnalias & inet_aton($JAILCNETMASK)) eq $JAILCNET) &&
	jailcnetaliases() == 1) {
	my $palias = inet_ntoa($cnalias & inet_aton("255.255.255.0"));
	mysystem("ifconfig $phys_cnet_if alias $palias netmask $JAILCNETMASK");
    }
}

sub clearcnethostalias($)
{
    my ($vnodeip) = @_;

    system("ifconfig $phys_cnet_if -alias $vnodeip");

    if (!$USEVCNETROUTES) {
	return;
    }

    #
    # If the jail's IP is part of the local virtual control net,
    # and we were the last jail, remove the physical host's alias.
    #
    my $cnalias = inet_aton($vnodeip);
    if ((inet_ntoa($cnalias & inet_aton($JAILCNETMASK)) eq $JAILCNET) &&
	jailcnetaliases() == 0) {
	my $palias = inet_ntoa($cnalias & inet_aton("255.255.255.0"));
	mysystem("ifconfig $phys_cnet_if -alias $palias");
    }
}

1143
sub getcnetrouter($)
1144
{
1145
1146
    my ($usevcnet) = @_;

1147
1148
    my $routerip;

1149
    if (!$usevcnet) {
1150
1151
1152
1153
1154
1155
1156
1157
1158
	$routerip = `cat $BOOTDIR/routerip`;
	chomp($routerip);
    } else {
	$routerip = inet_ntoa(inet_aton($JAILCNET) |
			      inet_aton("0.0.0.1"));
    }

    return $routerip;
}
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176

sub getcnetmask($)
{
    my ($usevcnet) = @_;

    my $cnetmask = "255.255.255.0";

    if (!$usevcnet) {
	if (-e "$BOOTDIR/mynetmask") {
	    $cnetmask = `cat $BOOTDIR/mynetmask`;
	    chomp($cnetmask);
	}
    } else {
	$cnetmask = $JAILCNETMASK;
    }

    return $cnetmask;
}