ports/180739: ports/sysutils/ezjail patch

Julian H. Stacey jhs at berklix.com
Mon Jul 22 16:20:01 UTC 2013 

>Number:         180739
>Category:       ports
>Synopsis:       ports/sysutils/ezjail patch
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 22 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Julian H. Stacey
>Release:        FreeBSD 9.1-RELEASE amd64
>Organization:
http://www.berklix.com
>Environment:
System: FreeBSD lapr.js.berklix.net 9.1-RELEASE FreeBSD 9.1-RELEASE #3: Tue Apr 9 14:33:17 CEST 2013 jhs at lapr.js.berklix.net:/sys/amd64/compile/LAPR.small amd64


	
>Description:
	
	patch to fix ports/sysutils/ezjail
	Description private mailed to maintainer & S.O.
>How-To-Repeat:
	
>Fix:

	
	How To Repeat private mailed to maintainer & S.O.

Patch appended, a later fix for more may appear at master copy:
http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/gen/sysutils/ezjail/files/patch-bb.REL=ALL

Applies to ports/sysutils/ezjail using ezjail-3.3 
on current ports @ Mon Jul 22 15:53:40 CEST 2013

As well as applying the ports/ patch, it is reccomended that
administrators with prisons hosting jails within, that were
created by ports/sysutils/ezjail should:
	cd /usr/jails ; chmod o-rwx * ; chmod o+rx basejail
(Administrators & users of jails do not need to do anything).

I suggest port Maintainer should also modify permissions with which
/usr/jails/newjail gets installed (with an o-rwx), as those permissions
get inherited by "ezjail-admin create" (& fixed by patch below).
(Sorry, no time to also do that currently, as about to travel)

Explanatory notes privately mailed to:
"Maintainer of ports/sysutils/ezjail" <erdgeist at erdgeist.org>, & S O

*** ezjail-admin.orig	Mon Jul 22 14:47:30 2013
--- ezjail-admin	Mon Jul 22 14:57:02 2013
***************
*** 645,650 ****
--- 645,651 ----
        newfs -U "/dev/${ezjail_device}" || detach_images || exerr "Error: Could not newfs /dev/${ezjail_device}."
        # Create mount point and mount
        mkdir -p "${ezjail_rootdir}" || detach_images || exerr "Error: Could not create jail root mount point ${ezjail_rootdir}."
+       chmod o-rwx ${ezjail_rootdir}
        mount "/dev/${ezjail_device}" "${ezjail_rootdir}" || detach_images || exerr "Error: Could not mount /dev/${ezjail_device} to ${ezjail_root}."
      else
        if [ -e "${ezjail_rootdir}" -a ! -d "${ezjail_rootdir}" ]; then
***************
*** 660,665 ****
--- 662,668 ----
      ezjail_makeabsolute ezjail_fromarchive
      [ "${ezjail_fromarchive}" = "-" ] && unset ezjail_archive_opt || ezjail_archive_opt="-f ${ezjail_fromarchive}"
      mkdir -p "${ezjail_rootdir}" && cd "${ezjail_rootdir}" && pax -rz -pe ${ezjail_archive_opt} -s:^ezjail:.: ezjail/*
+       chmod o-rwx ${ezjail_rootdir}
      [ $? -eq 0 ] || detach_images || exerr "Error: Could not extract archive from ${ezjail_fromarchive}."
    elif [ -z "${ezjail_exists}" ]; then
      # now take a copy of our template jail
***************
*** 671,676 ****
--- 675,681 ----
        /sbin/zfs destroy ${ezjail_jailzfs}/newjail at _createnewjailtmp
      else
        mkdir -p "${ezjail_rootdir}" && cd "${ezjail_jailtemplate}" && find . | cpio -p -v "${ezjail_rootdir}" > /dev/null
+       chmod o-rwx ${ezjail_rootdir}
      fi
  
      [ $? -eq 0 ] || detach_images || exerr "Error: Could not copy template jail."
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list