View | Details | Raw Unified | Return to bug 243510
Collapse All | Expand All

(-)sysutils/iocage/Makefile (-2 / +2 lines)
Lines 2-12 Link Here
2
2
3
PORTNAME=	iocage
3
PORTNAME=	iocage
4
PORTVERSION=	1.2
4
PORTVERSION=	1.2
5
PORTREVISION=	3
5
PORTREVISION=	4
6
CATEGORIES=	sysutils python
6
CATEGORIES=	sysutils python
7
PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
7
PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
8
8
9
MAINTAINER=	araujo@FreeBSD.org
9
MAINTAINER=	grembo@FreeBSD.org
10
COMMENT=	FreeBSD jail manager written in Python3
10
COMMENT=	FreeBSD jail manager written in Python3
11
11
12
LICENSE=	BSD2CLAUSE
12
LICENSE=	BSD2CLAUSE
(-)sysutils/iocage/files/patch-iocage__lib_ioc__common.py (+73 lines)
Line 0 Link Here
1
Originates here
2
https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5
3
https://github.com/iocage/iocage/pull/1106
4
and most likely can be removed on the next release of iocage.
5
--- iocage_lib/ioc_common.py.orig	2019-09-26 07:23:24 UTC
6
+++ iocage_lib/ioc_common.py
7
@@ -44,6 +44,9 @@ import iocage_lib.ioc_exceptions
8
 import iocage_lib.ioc_exec
9
 
10
 INTERACTIVE = False
11
+# 4 is a magic number for default and doesn't refer
12
+# to the actual ruleset 4 in devfs.rules(!)
13
+IOCAGE_DEVFS_RULESET = 4
14
 
15
 
16
 def callback(_log, callback_exception):
17
@@ -737,7 +740,7 @@ def generate_devfs_ruleset(conf, paths=N
18
     Will add a per jail devfs ruleset with the specified rules,
19
     specifying defaults that equal devfs_ruleset 4
20
     """
21
-    ruleset = conf['devfs_ruleset']
22
+    configured_ruleset = conf['devfs_ruleset']
23
     devfs_includes = []
24
     devfs_rulesets = su.run(
25
         ['devfs', 'rule', 'showsets'],
26
@@ -745,22 +748,26 @@ def generate_devfs_ruleset(conf, paths=N
27
     )
28
     ruleset_list = [int(i) for i in devfs_rulesets.stdout.splitlines()]
29
 
30
-    if ruleset != '4':
31
-        if int(ruleset) in ruleset_list:
32
-            return str(ruleset)
33
-
34
-        logit({
35
-            "level": "INFO",
36
-            "message": f'* Ruleset {ruleset} does not exist, using defaults'
37
-        },
38
-            _callback=callback,
39
-            silent=silent)
40
-
41
-    ruleset = 5  # 0-4 is always reserved
42
+    ruleset = int(conf["min_dyn_devfs_ruleset"])
43
     while ruleset in ruleset_list:
44
         ruleset += 1
45
     ruleset = str(ruleset)
46
 
47
+    # Custom devfs_ruleset configured, clone to dynamic ruleset
48
+    if int(configured_ruleset) != IOCAGE_DEVFS_RULESET:
49
+        if int(configured_ruleset) not in ruleset_list:
50
+            return (True, configured_ruleset, '0')
51
+        rules = su.run(
52
+            ['devfs', 'rule', '-s', configured_ruleset, 'show'],
53
+            stdout=su.PIPE, universal_newlines=True
54
+        )
55
+        for rule in rules.stdout.splitlines():
56
+            su.run(['devfs', 'rule', '-s', ruleset, 'add'] +
57
+                   rule.split(' ')[1:], stdout=su.PIPE)
58
+
59
+        return (True, configured_ruleset, ruleset)
60
+
61
+    # Create default ruleset
62
     devfs_dict = dict((dev, None) for dev in (
63
         'hide', 'null', 'zero', 'crypto', 'random', 'urandom', 'ptyp*',
64
         'ptyq*', 'ptyr*', 'ptys*', 'ptyP*', 'ptyQ*', 'ptyR*', 'ptyS*', 'ptyl*',
65
@@ -812,7 +819,7 @@ def generate_devfs_ruleset(conf, paths=N
66
 
67
         su.run(['devfs', 'rule', '-s', ruleset] + path, stdout=su.PIPE)
68
 
69
-    return ruleset
70
+    return (False, configured_ruleset, ruleset)
71
 
72
 
73
 def runscript(script):
(-)sysutils/iocage/files/patch-iocage__lib_ioc__json.py (+74 lines)
Line 0 Link Here
1
Originates here
2
https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5
3
https://github.com/iocage/iocage/pull/1106
4
and most likely can be removed on the next release of iocage.
5
--- iocage_lib/ioc_json.py.orig	2019-09-26 07:23:24 UTC
6
+++ iocage_lib/ioc_json.py
7
@@ -671,7 +671,7 @@ class IOCConfiguration(IOCZFS):
8
     @staticmethod
9
     def get_version():
10
         """Sets the iocage configuration version."""
11
-        version = '26'
12
+        version = '27'
13
 
14
         return version
15
 
16
@@ -1104,6 +1104,10 @@ class IOCConfiguration(IOCZFS):
17
             if conf.get(option) == 'none':
18
                 conf[option] = 'auto'
19
 
20
+        # Version 27 key
21
+        if not conf.get('min_dyn_devfs_ruleset'):
22
+            conf['min_dyn_devfs_ruleset'] = '1000'
23
+
24
         if not default:
25
             conf.update(jail_conf)
26
 
27
@@ -1321,7 +1325,7 @@ class IOCConfiguration(IOCZFS):
28
             'vnet2_mac': 'none',
29
             'vnet3_mac': 'none',
30
             'vnet_default_interface': 'auto',
31
-            'devfs_ruleset': '4',
32
+            'devfs_ruleset': str(iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET),
33
             'exec_start': '/bin/sh /etc/rc',
34
             'exec_stop': '/bin/sh /etc/rc.shutdown',
35
             'exec_prestart': '/usr/bin/true',
36
@@ -1432,6 +1436,7 @@ class IOCConfiguration(IOCZFS):
37
             'nat_forwards': 'none',
38
             'plugin_name': 'none',
39
             'plugin_repository': 'none',
40
+            'min_dyn_devfs_ruleset': '1000',
41
         }
42
 
43
     def check_default_config(self):
44
@@ -2369,6 +2374,7 @@ class IOCJson(IOCConfiguration):
45
             'nat_forwards': ('string', ),
46
             'plugin_name': ('string', ),
47
             'plugin_repository': ('string', ),
48
+            'min_dyn_devfs_ruleset': ('string', ),
49
         }
50
 
51
         zfs_props = {
52
@@ -2648,6 +2654,22 @@ class IOCJson(IOCConfiguration):
53
                                 silent=self.silent,
54
                                 exception=ioc_exceptions.ValidationFailed
55
                             )
56
+                elif key in ('devfs_ruleset', 'min_dyn_devfs_ruleset'):
57
+                    try:
58
+                        intval = int(value)
59
+                        if intval <= 0:
60
+                            raise ValueError()
61
+                        conf[key] = str(intval)
62
+                    except ValueError:
63
+                        iocage_lib.ioc_common.logit(
64
+                            {
65
+                                'level': 'EXCEPTION',
66
+                                'message': f'Invalid {key} value: {value}'
67
+                            },
68
+                            _callback=self.callback,
69
+                            silent=self.silent,
70
+                            exception=ioc_exceptions.ValidationFailed
71
+                        )
72
 
73
                 return value, conf
74
             else:
(-)sysutils/iocage/files/patch-iocage__lib_ioc__start.py (+104 lines)
Line 0 Link Here
1
Originates here
2
https://github.com/iocage/iocage/commit/753b2f35731423597d7f51f33427b6d619fcd0b5
3
https://github.com/iocage/iocage/pull/1106
4
and most likely can be removed on the next release of iocage.
5
--- iocage_lib/ioc_start.py.orig	2019-09-26 07:23:24 UTC
6
+++ iocage_lib/ioc_start.py
7
@@ -145,7 +145,6 @@ class IOCStart(object):
8
         allow_quotas = self.conf["allow_quotas"]
9
         allow_socket_af = self.conf["allow_socket_af"]
10
         allow_vmm = self.conf["allow_vmm"]
11
-        devfs_ruleset = iocage_lib.ioc_common.generate_devfs_ruleset(self.conf)
12
         exec_prestart = self.conf["exec_prestart"]
13
         exec_poststart = self.conf["exec_poststart"]
14
         exec_clean = self.conf["exec_clean"]
15
@@ -486,16 +485,8 @@ class IOCStart(object):
16
             _callback=self.callback,
17
             silent=self.silent)
18
 
19
-        if wants_dhcp and self.conf['type'] != 'pluginv2' \
20
-                and self.conf['devfs_ruleset'] != '4':
21
-            iocage_lib.ioc_common.logit({
22
-                "level": "WARNING",
23
-                "message": f"  {self.uuid} is not using the devfs_ruleset"
24
-                           f" of 4, not generating a ruleset for the jail,"
25
-                           " DHCP may not work."
26
-            },
27
-                _callback=self.callback,
28
-                silent=self.silent)
29
+        devfs_paths = None
30
+        devfs_includes = None
31
 
32
         if self.conf['type'] == 'pluginv2' and os.path.isfile(
33
             os.path.join(self.path, f'{self.conf["plugin_name"]}.json')
34
@@ -509,17 +500,51 @@ class IOCStart(object):
35
                     plugin_name = self.conf['plugin_name']
36
                     plugin_devfs = devfs_json[
37
                         "devfs_ruleset"][f"plugin_{plugin_name}"]
38
-                    plugin_devfs_paths = plugin_devfs['paths']
39
-
40
-                    plugin_devfs_includes = None if 'includes' not in \
41
+                    devfs_paths = plugin_devfs['paths']
42
+                    devfs_includes = None if 'includes' not in \
43
                         plugin_devfs else plugin_devfs['includes']
44
 
45
-                    devfs_ruleset = \
46
-                        iocage_lib.ioc_common.generate_devfs_ruleset(
47
-                            self.conf,
48
-                            paths=plugin_devfs_paths,
49
-                            includes=plugin_devfs_includes
50
-                        )
51
+        # Generate dynamic devfs ruleset from configured one
52
+        (manual_devfs_config, configured_devfs_ruleset, devfs_ruleset) \
53
+            = iocage_lib.ioc_common.generate_devfs_ruleset(
54
+                self.conf, devfs_paths, devfs_includes)
55
+
56
+        if int(devfs_ruleset) <= 0:
57
+            iocage_lib.ioc_common.logit({
58
+                "level": "ERROR",
59
+                "message": f"{self.uuid} devfs_ruleset"
60
+                           f" {configured_devfs_ruleset} does not exist!"
61
+                           " - Not starting jail"
62
+            },
63
+                _callback=self.callback,
64
+                silent=self.silent)
65
+            return
66
+
67
+        # Manually configured devfs_ruleset doesn't support all iocage features
68
+        if manual_devfs_config:
69
+            if devfs_paths is not None or devfs_includes is not None:
70
+                iocage_lib.ioc_common.logit({
71
+                    "level": "WARNING",
72
+                    "message": f"  {self.uuid} is not using the devfs_ruleset"
73
+                               " of "
74
+                               f"{iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET}"
75
+                               ", devices and includes from plugin not added"
76
+                               ", some features of the plugin may not work."
77
+                },
78
+                    _callback=self.callback,
79
+                    silent=self.silent)
80
+
81
+            if wants_dhcp and self.conf['type'] != 'pluginv2':
82
+                iocage_lib.ioc_common.logit({
83
+                    "level": "WARNING",
84
+                    "message": f"  {self.uuid} is not using the devfs_ruleset"
85
+                               " of "
86
+                               f"{iocage_lib.ioc_common.IOCAGE_DEVFS_RULESET}"
87
+                               ", not generating a ruleset for the jail,"
88
+                               " DHCP may not work."
89
+                },
90
+                    _callback=self.callback,
91
+                    silent=self.silent)
92
 
93
         parameters = [
94
             fdescfs, _allow_mlock, tmpfs,
95
@@ -619,6 +644,9 @@ class IOCStart(object):
96
         iocage_lib.ioc_common.logit({
97
             'level': 'INFO',
98
             'message': f'  + Using devfs_ruleset: {devfs_ruleset}'
99
+                       + (' (cloned from devfs_ruleset '
100
+                          f'{configured_devfs_ruleset})' if manual_devfs_config
101
+                          else ' (iocage generated default)')
102
         },
103
             _callback=self.callback,
104
             silent=self.silent)

Return to bug 243510