1#!/bin/sh
2#
3# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions are met:
8#
9# * Redistributions of source code must retain the above copyright notice, this
10#   list of conditions and the following disclaimer.
11#
12# * Redistributions in binary form must reproduce the above copyright notice,
13#   this list of conditions and the following disclaimer in the documentation
14#   and/or other materials provided with the distribution.
15#
16# * Neither the name of the copyright holder nor the names of its
17#   contributors may be used to endorse or promote products derived from
18#   this software without specific prior written permission.
19#
20# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
31. /usr/local/share/bastille/common.sh
32. /usr/local/etc/bastille/bastille.conf
33
34usage() {
35    error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]"
36}
37
38# Handle special-case commands first.
39case "$1" in
40help|-h|--help)
41    usage
42    ;;
43esac
44
45if [ $# -lt 2 ]; then
46    usage
47elif [ $# -eq 2 ]; then
48    _fstab="$@ nullfs ro 0 0"
49else
50    _fstab="$@"
51fi
52
53## assign needed variables
54_hostpath=$(echo "${_fstab}" | awk '{print $1}')
55_jailpath=$(echo "${_fstab}" | awk '{print $2}')
56_type=$(echo "${_fstab}" | awk '{print $3}')
57_perms=$(echo "${_fstab}" | awk '{print $4}')
58_checks=$(echo "${_fstab}" | awk '{print $5" "$6}')
59
60## if any variables are empty, bail out
61if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then
62    error_notify "FSTAB format not recognized."
63    warn "Format: /host/path jail/path nullfs ro 0 0"
64    warn "Read: ${_fstab}"
65    exit 1
66fi
67
68## if host path doesn't exist or type is not "nullfs"
69if [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
70    error_notify "Detected invalid host path or incorrect mount type in FSTAB."
71    warn "Format: /host/path jail/path nullfs ro 0 0"
72    warn "Read: ${_fstab}"
73    exit 1
74fi
75
76## if mount permissions are not "ro" or "rw"
77if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then
78    error_notify "Detected invalid mount permissions in FSTAB."
79    warn "Format: /host/path jail/path nullfs ro 0 0"
80    warn "Read: ${_fstab}"
81    exit 1
82fi
83
84## if check & pass are not "0 0 - 1 1"; bail out
85if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then
86    error_notify "Detected invalid fstab options in FSTAB."
87    warn "Format: /host/path jail/path nullfs ro 0 0"
88    warn "Read: ${_fstab}"
89    exit 1
90fi
91
92for _jail in ${JAILS}; do
93    info "[${_jail}]:"
94
95    ## aggregate variables into FSTAB entry
96    _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}"
97    _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}"
98
99    ## Create mount point if it does not exist. -- cwells
100    if [ ! -d "${_fullpath}" ]; then
101        if ! mkdir -p "${_fullpath}"; then
102            error_exit "Failed to create mount point inside jail."
103        fi
104    fi
105
106    ## if entry doesn't exist, add; else show existing entry
107    if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then
108        if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then
109            error_exit "Failed to create fstab entry: ${_fstab_entry}"
110        fi
111        echo "Added: ${_fstab_entry}"
112    else
113        warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab"
114        egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"
115    fi
116    mount -F "${bastille_jailsdir}/${_jail}/fstab" -a
117    echo
118done
119