simple chroot environment rc.d script

To: tech-userlevel%NetBSD.org@localhost
Subject: simple chroot environment rc.d script
From: iMil <imil%home.imil.net@localhost>
Date: Thu, 23 Aug 2012 14:47:30 +0200 (CEST)


Hi,

/etc/rc.subr knows how to handle a chrooted service, but nothing is
available yet to build a basic chrooted environment.
I wrote this simple script based on pkgsrc/mk/bulk/mksandbox which
helps you creating a chrooted cage. Simply symlink it to the name of
the service to be chrooted and enable it in rc.conf.
Example:

# cd /etc/rc.d; ln -s mkchroot nginx_mkchroot
# cat >> /etc/rc.conf << EOF
nginx_chroot=/home/imil/chroot/nginx
nginx_mkchroot=YES
nginx=YES
EOF
# /etc/rc.d/nginx_mkchroot start
# chroot /home/imil/chroot/nginx /bin/ksh
...install needed packages...
# exit
# /etc/rc.d/nginx start

Here's the (very) naïve script:

$ cat mkchroot.sh
#!/bin/sh

# PROVIDE: mkchroot
# REQUIRE: root mountcritlocal
# BEFORE: DAEMON

$_rc_subr_loaded . /etc/rc.subr

service=$(basename $0)
service=${service%%_mkchroot}

[ -z $service ] && echo "no service name given." && exit 1

name="${service}_mkchroot"
rcvar=$name
start_cmd="start_service"
stop_cmd="stop_service"

ro_fses=" \
        bin sbin lib libexec usr/X11R7 usr/bin usr/games usr/include \
        usr/lib usr/libdata usr/libexec usr/share usr/sbin var/mail \
"

rw_fses=" \
        etc dev var/spool var/run var/cache var/db var/db/pkg var/lib \
        var/log var/games var/tmp tmp \
"

get_chrootdir()
{
        chrootdir=$(eval echo \$${service}_chroot)
}

mount_chroot()
{
        for d in ${ro_fses}; do
                mount -t null -r /$d $chrootdir/$d
        done
}

umount_chroot()
{
        get_chrootdir

        for d in ${ro_fses}; do
                umount $chrootdir/$d
        done
}

build_chroot()
{
        get_chrootdir

        if [ ! -d "$chrootdir" ]; then
                for d in $ro_fses $rw_fses;do
                        echo creating $d
                        mkdir -p $chrootdir/$d
                done

                cp /dev/MAKEDEV $chrootdir/dev
                cd $chrootdir/dev && sh MAKEDEV std

                cd /etc && pax -rwpe . $chrootdir/etc

                cp /usr/share/zoneinfo/GMT $chrootdir/etc/localtime

                chmod 1777 $chrootdir/tmp
        fi
}

start_service()
{
        build_chroot
        mount_chroot
}

stop_service()
{
        umount_chroot
}

load_rc_config ${name}
run_rc_command "$1"

# EOF

------------------------------------------------------------------
Emile "iMil" Heitor .°. <imil@{home.imil.net,NetBSD.org,gcu.info}>
                                                                _
              | http://imil.net        | ASCII ribbon campaign ( )
              | http://www.NetBSD.org  |  - against HTML email  X
              | http://gcu.info        |              & vCards / \

Follow-Ups:
- Re: simple chroot environment rc.d script
  - From: Matthew Mondor
- Re: simple chroot environment rc.d script
  - From: Thor Lancelot Simon

Prev by Date: Re: /usr/pkg cleanup, files not owned by any package
Next by Date: Re: simple chroot environment rc.d script
Previous by Thread: ppp rcvar
Next by Thread: Re: simple chroot environment rc.d script
Indexes:

Home | Main Index | Thread Index | Old Index