1#!/bin/sh 2# 3# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com> 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions are met: 8# 9# * Redistributions of source code must retain the above copyright notice, this 10# list of conditions and the following disclaimer. 11# 12# * Redistributions in binary form must reproduce the above copyright notice, 13# this list of conditions and the following disclaimer in the documentation 14# and/or other materials provided with the distribution. 15# 16# * Neither the name of the copyright holder nor the names of its 17# contributors may be used to endorse or promote products derived from 18# this software without specific prior written permission. 19# 20# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 31. /usr/local/share/bastille/common.sh 32. /usr/local/etc/bastille/bastille.conf 33 34usage() { 35 error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]" 36} 37 38# Handle special-case commands first. 39case "$1" in 40help|-h|--help) 41 usage 42 ;; 43esac 44 45if [ $# -lt 2 ]; then 46 usage 47elif [ $# -eq 2 ]; then 48 _fstab="$@ nullfs ro 0 0" 49else 50 _fstab="$@" 51fi 52 53## assign needed variables 54_hostpath=$(echo "${_fstab}" | awk '{print $1}') 55_jailpath=$(echo "${_fstab}" | awk '{print $2}') 56_type=$(echo "${_fstab}" | awk '{print $3}') 57_perms=$(echo "${_fstab}" | awk '{print $4}') 58_checks=$(echo "${_fstab}" | awk '{print $5" "$6}') 59 60## if any variables are empty, bail out 61if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then 62 error_notify "FSTAB format not recognized." 63 warn "Format: /host/path jail/path nullfs ro 0 0" 64 warn "Read: ${_fstab}" 65 exit 1 66fi 67 68## if host path doesn't exist or type is not "nullfs" 69if [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then 70 error_notify "Detected invalid host path or incorrect mount type in FSTAB." 71 warn "Format: /host/path jail/path nullfs ro 0 0" 72 warn "Read: ${_fstab}" 73 exit 1 74fi 75 76## if mount permissions are not "ro" or "rw" 77if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then 78 error_notify "Detected invalid mount permissions in FSTAB." 79 warn "Format: /host/path jail/path nullfs ro 0 0" 80 warn "Read: ${_fstab}" 81 exit 1 82fi 83 84## if check & pass are not "0 0 - 1 1"; bail out 85if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then 86 error_notify "Detected invalid fstab options in FSTAB." 87 warn "Format: /host/path jail/path nullfs ro 0 0" 88 warn "Read: ${_fstab}" 89 exit 1 90fi 91 92for _jail in ${JAILS}; do 93 info "[${_jail}]:" 94 95 ## aggregate variables into FSTAB entry 96 _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" 97 _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" 98 99 ## Create mount point if it does not exist. -- cwells 100 if [ ! -d "${_fullpath}" ]; then 101 if ! mkdir -p "${_fullpath}"; then 102 error_exit "Failed to create mount point inside jail." 103 fi 104 fi 105 106 ## if entry doesn't exist, add; else show existing entry 107 if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then 108 if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then 109 error_exit "Failed to create fstab entry: ${_fstab_entry}" 110 fi 111 echo "Added: ${_fstab_entry}" 112 else 113 warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" 114 egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 115 fi 116 mount -F "${bastille_jailsdir}/${_jail}/fstab" -a 117 echo 118done 119