--- /dev/null
+#!/bin/sh
+
+# Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+# based on vserver by Jacques Gelinas
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# This is a script to control a virtual server
+
+: ${UTIL_VSERVER_VARS:=/usr/lib/util-vserver/util-vserver-vars}
+test -e "$UTIL_VSERVER_VARS" || {
+ echo $"Can not find util-vserver installation (the file '$UTIL_VSERVER_VARS' would be expected); aborting..." >&2
+ exit 1
+}
+. "$UTIL_VSERVER_VARS"
+
+USR_SBIN=$__SBINDIR
+USR_LIB_VSERVER=$__PKGLIBDIR
+DEFAULTPATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
+
+vserver_mknod(){
+ mknod $1 $2 $3 $4
+ chmod $5 $1
+}
+
+mountproc()
+{
+ mkdir -p $1/proc $1/dev/pts
+ if [ ! -d $1/proc/1 ] ; then
+ mount -t proc none $1/proc
+ mount -t devpts -o gid=5,mode=0620 none $1/dev/pts
+ fi
+}
+umountproc()
+{
+ umount $1/proc 2>/dev/null
+ umount $1/dev/pts 2>/dev/null
+}
+
+# Check that the vservers parent directory has permission 000
+# This is the key to avoid chroot escape
+testperm()
+{
+ return
+ PERM=`$_SHOWPERM $__DEFAULT_VSERVERDIR/$1/..`
+ if [ "$PERM" != 000 ] ; then
+ echo
+ echo "**********************************************************"
+ echo $__DEFAULT_VSERVERDIR/$1/.. has insecure permissions.
+ echo A vserver administrator may be able to visit the root server.
+ echo To fix this, do
+ echo " " chmod 000 $__DEFAULT_VSERVERDIR/$1/..
+ echo do it anytime you want, even if vservers are running.
+ echo "**********************************************************"
+ echo
+ fi
+}
+# Set the IP alias needed by a vserver
+ifconfig_iproot()
+{
+ if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL" ] ;then
+ # A vserver may have more than one IP
+ # The first alias is dev:vserver
+ # and the other are dev:vserver1,2,3 and so on
+ # An IP may hold the device. The following is valid
+ # IPROOT="1.2.4.5 eth1:1.2.3.5"
+ # IPROOTDEV=eth0
+ # The first IP 1.2.3.4 will go on eth0 and the other on eth1
+ # VLAN devices are also supported (eth0.231 for vlan 231)
+ SUFFIX=
+ for oneip in $IPROOT
+ do
+ IPDEV=$IPROOTDEV
+ MASK=$IPROOTMASK
+ BCAST=$IPROOTBCAST
+ # Split the device and IP if available
+ case $oneip in
+ *:*)
+ eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip; echo IPDEV=$dev)`
+ ;;
+ esac
+ # Split the IP and the netmask if available
+ case $oneip in
+ */*)
+ eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip; echo MASK=$msk)`
+ eval `$_IFSPEC "" "$oneip" "$MASK" "$BCAST"`
+ ;;
+ esac
+ if [ "$IPDEV" != "" ] ; then
+ case $IPDEV in
+ *.*)
+ if [ ! -f /proc/net/vlan/$IPDEV ] ; then
+ /sbin/vconfig add `echo $IPDEV | tr . ' '`
+ # Put a dummy IP
+ /sbin/ifconfig $IPDEV 127.0.0.1
+ fi
+ ;;
+ esac
+ # Compute the default netmask, if missing
+ eval `$_IFSPEC $IPDEV "$oneip" "$MASK" "$BCAST"`
+ IPROOTMASK=$NETMASK
+ IPROOTBCAST=$BCAST
+ #echo /sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
+ /sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
+ fi
+ if [ "$SUFFIX" = "" ] ; then
+ SUFFIX=1
+ else
+ SUFFIX=`expr $SUFFIX + 1`
+ fi
+ done
+ fi
+ if [ "$IPROOTBCAST" = "" ] ; then
+ IPROOTBCAST=255.255.255.255
+ fi
+}
+ifconfig_iproot_off()
+{
+ if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL" -a "$IPROOTDEV" != "" ] ;then
+ SUFFIX=
+ for oneip in $IPROOT
+ do
+ IPDEV=$IPROOTDEV
+ # Split the device and IP if available
+ case $oneip in
+ *:*)
+ eval `echo $oneip | tr : ' ' | (read dev ip; echo IPDEV=$dev)`
+ ;;
+ esac
+ /sbin/ifconfig $IPDEV:$1$SUFFIX down 2>/dev/null
+ if [ "$SUFFIX" = "" ] ; then
+ SUFFIX=1
+ else
+ SUFFIX=`expr $SUFFIX + 1`
+ fi
+ done
+ fi
+}
+# Split an IPROOT definition, trash the devices and
+# compose a set of --ip option for chbind
+setipopt(){
+ RET=
+ IPS="$*"
+ if [ "$IPS" = "" ] ; then
+ IPS=0.0.0.0
+ fi
+ if [ "$1" = "ALL" ] ; then
+ IPS=`$_LISTDEVIP`
+ fi
+ for oneip in $IPS
+ do
+ # Split the device and IP if available
+ case $oneip in
+ *:*)
+ eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip)`
+ ;;
+ esac
+ #case $oneip in
+ #*/*)
+ # eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip)`
+ # ;;
+ #esac
+ echo --ip $oneip
+ done
+}
+
+# Extract the initial runlevel from the vserver inittab
+get_initdefault()
+{
+ INITDEFAULT=`grep :initdefault $__DEFAULT_VSERVERDIR/$1/etc/inittab | sed 's/:/ /g' | ( read a level b; echo $level)`
+}
+
+# Read the vserver configuration file, reusing the PROFILE value
+# found in /var/run/vservers
+readlastconf()
+{
+ if [ -f $__PKGSTATEDIR/$1.ctx ] ; then
+ . $__PKGSTATEDIR/$1.ctx
+ if [ "$S_PROFILE" != "" ] ; then
+ export PROFILE=$S_PROFILE
+ fi
+ fi
+ export PROFILE
+ . $__CONFDIR/$1.conf
+}
+usage()
+{
+ echo vserver [ options ] server-name command ...
+ echo
+ echo server-name is a directory in $__DEFAULT_VSERVERDIR
+ echo
+ echo The commands are:
+ echo " build : Create a virtual server by copying the packages"
+ echo " of the root server"
+ echo " enter : Enter in the virtual server context and starts a shell"
+ echo " Same as \"vserver name exec /bin/sh\""
+ echo " exec : Exec a command in the virtual server context"
+ echo " suexec : Exec a command in the virtual server context uid"
+ echo " service : Control a service inside a vserver"
+ echo " vserver name service service-name start/stop/restart/status"
+ echo " start : Starts the various services in the vserver, runlevel 3"
+ echo " stop : Ends all services and kills the remaining processes"
+ echo " running : Tells if a virtual server is running"
+ echo " It returns proper exit code, so you can use it as a test"
+ echo " status : Tells some information about a vserver"
+ echo " chkconfig : It turns a server on or off in a vserver"
+ echo
+ echo "--nodev : Do not configure the IP aliases of the vserver"
+ echo " Useful to enter a vserver without enabling its network"
+ echo " and avoiding conflicts with another copy of this vserver"
+ echo " running elsewhere"
+ echo "--silent : No informative messages about vserver context and IP numbers"
+ echo " Useful when you want to redirect the output"
+}
+
+calculateCaps()
+{
+ local f
+ for f in "$@"; do
+ case $f in
+ !CAP_SYS_CHROOT)
+ CHROOTOPT=--nochroot
+ ;;
+ *)
+ CAPS="$CAPS --cap $f"
+ ;;
+ esac
+ done
+}
+
+SILENT=
+NODEV=
+while true
+do
+ if [ "$1" = "--silent" ] ; then
+ SILENT=--silent
+ shift
+ elif [ "$1" = "--nodev" ] ; then
+ NODEV=--nodev
+ shift
+ else
+ break
+ fi
+done
+# Setup the default ulimit for a vserver
+setdefulimit(){
+ # File handle are limited to half of the current system limit
+ # Virtual memory is limited to the ram size
+ NFILE=`cat /proc/sys/fs/file-max`
+ NFILE=`expr $NFILE / 2`
+ VMEM=`cat /proc/meminfo | grep MemTotal | (read a b c; echo $b)`
+ # Disabled for now, we need a different to set the security
+ # context limit than fiddling with ulimit
+ #ulimit -H -n $NFILE -v $VMEM
+}
+if [ $# -lt 2 ] ; then
+ usage
+elif [ "$2" = "build" ] ; then
+ # Either the directory does not exist or is empty
+ NBSUB=`ls $__DEFAULT_VSERVERDIR/$1 2>/dev/null | grep -v lost+found | wc -l`
+ NBSUB=`expr $NBSUB`
+ if [ "$NBSUB" != 0 ] ; then
+ echo Virtual server $__DEFAULT_VSERVERDIR/$1 already exist
+ else
+ if [ ! -d $__DEFAULT_VSERVERDIR ] ; then
+ mkdir $__DEFAULT_VSERVERDIR || exit 1
+ chmod 000 $__DEFAULT_VSERVERDIR
+ echo Directory $__DEFAULT_VSERVERDIR was created with permissions 000
+ fi
+ mkdir -p $__DEFAULT_VSERVERDIR/$1 || exit 1
+ chmod 755 $__DEFAULT_VSERVERDIR/$1
+ if test "$UTIL_VSERVER_AVOID_COPY"; then
+ mkdir -p $__DEFAULT_VSERVERDIR/$1/{etc/rc.d/init.d,sbin,var/run,var/log}
+ else
+ cp -ax /sbin /bin /etc /usr /var /lib $__DEFAULT_VSERVERDIR/$1/. || exit 1
+ fi
+ cd $__DEFAULT_VSERVERDIR/$1 || exit 1
+ rm -fr lib/modules/*
+ rm -f var/spool/mail/*
+ rm -f `find var/run -type f`
+ rm -f `find var/log -type f`
+ touch var/log/wtmp
+ rm -f var/lock/subsys/*
+ rm -f etc/cron.d/kmod
+ mkdir proc tmp home root boot
+ test -f /root/.bashrc && cp -a /root/.bashrc root/.
+ test -f /root/.bash_profile && cp -a /root/.bash_profile root/.
+ chmod 1777 tmp
+ chmod 750 root
+ # Create a minimal dev so the virtual server can't grab
+ # more privileges
+ mkdir dev dev/pts
+ vserver_mknod dev/null c 1 3 666
+ vserver_mknod dev/zero c 1 5 666
+ vserver_mknod dev/full c 1 7 666
+ vserver_mknod dev/random c 1 8 644
+ vserver_mknod dev/urandom c 1 9 644
+ vserver_mknod dev/tty c 5 0 666
+ vserver_mknod dev/ptmx c 5 2 666
+ touch dev/hdv1
+ # Turn off some service useless on a vserver
+ # vserver_turnoff apmd network autofs dhcpd gpm ipchains iptables \
+ # irda isdn keytable kudzu linuxconf-setup netfs nfs nfslock \
+ # pcmcia portmap pppoe random rawdevices rhnsd rstatd ruserd \
+ # rwalld rwhod sendmail smb snmpd v_httpd h_xinetd v_sshd vservers \
+ # xfs ypbind xinetd
+ (
+ cd etc/init.d 2>/dev/null || cd etc/rc.d/init.d
+ for serv in *
+ do
+ case $serv in
+ *.bak|*~|functions|killall|halt|single)
+ ;;
+ *)
+ #$USR_LIB_VSERVER/capchroot $__DEFAULT_VSERVERDIR/$1 /sbin/chkconfig --level 2345 $serv off
+ $0 --silent $1 chkconfig --level 2345 $serv off
+ ;;
+ esac
+ done
+ )
+ rm -f etc/rc.d/rc6.d/S*reboot
+ # Create a dummy /etc/fstab and /etc/mtab to please
+ # df and linuxconf. We use hdv1, which does not exist
+ # to remind the admin that it is not the real drive
+ echo /dev/hdv1 / ext2 defaults 1 1 >etc/fstab
+ echo /dev/hdv1 / ext2 rw 0 0 >etc/mtab
+ # Install the vreboot utility
+ cp -a "$_VREBOOT" sbin/.
+ ln -sf vreboot sbin/vhalt
+
+ echo Directory $__DEFAULT_VSERVERDIR/$1 has been populated
+ if [ ! -d $__CONFDIR ] ; then
+ mkdir $__CONFDIR
+ chmod 600 $__CONFDIR
+ echo Directory $__CONFDIR has been created
+ fi
+ if [ ! -f $__CONFDIR/$1.conf ] ; then
+ CONF=$__CONFDIR/$1.conf
+ cat >$CONF <<-EOF
+if [ "$PROFILE" = "" ] ; then
+ PROFILE=prod
+fi
+# Select the IP number assigned to the virtual server
+# This IP must be one IP of the server, either an interface
+# or an IP alias
+# A vserver may have more than one IP. Separate them with spaces.
+# do not forget double quotes.
+# Some examples:
+# IPROOT="1.2.3.4 2.3.4.5"
+# IPROOT="eth0:1.2.3.4 eth1:2.3.4.5"
+# If the device is not specified, IPROOTDEV is used
+case \$PROFILE in
+prod)
+ IPROOT=1.2.3.4
+ # The netmask and broadcast are computed by default from IPROOTDEV
+ #IPROOTMASK=
+ #IPROOTBCAST=
+ # You can define on which device the IP alias will be done
+ # The IP alias will be set when the server is started and unset
+ # when the server is stopped
+ #IPROOTDEV=eth0
+ # You can set a different host name for the vserver
+ # If empty, the host name of the main server is used
+ S_HOSTNAME=
+ ;;
+backup)
+ IPROOT=1.2.3.4
+ #IPROOTMASK=
+ #IPROOTBCAST=
+ #IPROOTDEV=eth0
+ S_HOSTNAME=
+ ;;
+esac
+# Uncomment the onboot line if you want to enable this
+# virtual server at boot time
+#ONBOOT=yes
+# You can set a different NIS domain for the vserver
+# If empty, the current on is kept
+# Set it to "none" to have no NIS domain set
+S_DOMAINNAME=
+# You can set the priority level (nice) of all process in the vserver
+# Even root won't be able to raise it
+S_NICE=
+# You can set various flags for the new security context
+# lock: Prevent the vserver from setting new security context
+# sched: Merge scheduler priority of all processes in the vserver
+# so that it acts a like a single one.
+# nproc: Limit the number of processes in the vserver according to ulimit
+# (instead of a per user limit, this becomes a per vserver limit)
+# private: No other process can join this security context. Even root
+# Do not forget the quotes around the flags
+S_FLAGS="lock nproc"
+# You can set various ulimit flags and they will be inherited by the
+# vserver. You enter here various command line argument of ulimit
+# ULIMIT="-HS -u 200"
+# The example above, combined with the nproc S_FLAGS will limit the
+# vserver to a maximum of 200 processes
+ULIMIT="-HS -u 1000"
+# You can set various capabilities. By default, the vserver are run
+# with a limited set, so you can let root run in a vserver and not
+# worry about it. He can't take over the machine. In some cases
+# you can to give a little more capabilities (such as CAP_NET_RAW)
+# S_CAPS="CAP_NET_RAW"
+S_CAPS=""
+# Select an unused context (this is optional)
+# The default is to allocate a free context on the fly
+# In general you don't need to force a context
+#S_CONTEXT=
+ EOF
+ echo $CONF has been created. Look at it\!
+ fi
+ fi
+elif [ ! -f $__CONFDIR/$1.conf ] ; then
+ echo No configuration for this vserver: $__CONFDIR/$1.conf
+ exit 1
+elif [ ! -d $__DEFAULT_VSERVERDIR/$1/. ] ; then
+ echo No directory for this vserver: $__DEFAULT_VSERVERDIR/$1
+ exit 1
+elif [ "$2" = "start" ] ; then
+ echo Starting the virtual server $1
+ testperm $1
+ if ! $0 $1 running
+ then
+ test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
+ IPROOT=
+ IPROOTMASK=
+ IPROOTBCAST=
+ IPROOTDEV=
+ S_NICE=
+ S_FLAGS=
+ . $__CONFDIR/$1.conf
+ export PROFILE
+ ifconfig_iproot $1
+ cd $__DEFAULT_VSERVERDIR/$1 || exit 1
+
+ if [ "$PROFILE" != "" ] ; then
+ echo export PROFILE=$PROFILE >etc/PROFILE
+ fi
+
+ rm -f `find var/run -type f`
+ touch var/run/utmp
+ chgrp ${UTMP_GROUP:-utmp} var/run/utmp
+ chmod 0664 var/run/utmp
+ rm -f var/lock/subsys/*
+ mountproc $__DEFAULT_VSERVERDIR/$1
+ CTXOPT=
+ HOSTOPT=
+ DOMAINOPT=
+ NICECMD=
+ FLAGS=
+ CAPS=
+ get_initdefault $1
+ STARTCMD="/etc/rc.d/rc $INITDEFAULT"
+ if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
+ STARTCMD="/etc/init.d/rc $INITDEFAULT"
+ elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
+ STARTCMD="/sbin/rc default"
+ elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.M ] ; then
+ STARTCMD="/etc/rc.d/rc.M"
+ fi
+
+ DISCONNECT=
+ FAKEINIT=
+ for f in $S_FLAGS dummy
+ do
+ case $f in
+ dummy)
+ ;;
+
+ minit)
+ FAKEINIT=true
+ FLAGS="$FLAGS --flag fakeinit"
+ STARTCMD=/sbin/minit-start
+ DISCONNECT=--disconnect
+ ;;
+
+ fakeinit)
+ FAKEINIT=true
+ FLAGS="$FLAGS --flag $f"
+ STARTCMD=/sbin/init
+ DISCONNECT=--disconnect
+ ;;
+ *)
+ FLAGS="$FLAGS --flag $f"
+ ;;
+ esac
+ done
+ if [ "$FAKEINIT" = "" ] ; then
+ $USR_LIB_VSERVER/fakerunlevel $INITDEFAULT var/run/utmp
+ fi
+
+ calculateCaps $S_CAPS
+
+ if [ "$S_CONTEXT" != "" ] ; then
+ CTXOPT="--ctx $S_CONTEXT"
+ fi
+ if [ "$S_HOSTNAME" != "" ] ; then
+ HOSTOPT="--hostname $S_HOSTNAME"
+ export HOSTNAME=$S_HOSTNAME
+ fi
+ if [ "$S_DOMAINNAME" != "" ] ; then
+ DOMAINOPT="--domainname $S_DOMAINNAME"
+ fi
+ if [ "$S_NICE" != "" ] ; then
+ NICECMD="nice -$S_NICE"
+ fi
+ mkdir -p $__PKGSTATEDIR
+ chmod 700 $__PKGSTATEDIR
+ setdefulimit
+ if [ "$ULIMIT" != "" ] ; then
+ ulimit $ULIMIT
+ fi
+ #echo FLAGS=$FLAGS
+ #echo CAPS=$CAPS
+ # We switch to /vservers/$1 now, because after the
+ # security context switch /vservers directory becomes a dead zone.
+ cd $__DEFAULT_VSERVERDIR/$1
+ IPOPT=`setipopt $IPROOT`
+ export PATH=$DEFAULTPATH
+ $NICECMD $_CHBIND $SILENT $IPOPT --bcast $IPROOTBCAST \
+ $_CHCONTEXT_COMPAT $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure \
+ $_SAVE_S_CONTEXT $__PKGSTATEDIR/$1.ctx \
+ $_CAPCHROOT $CHROOTOPT . $STARTCMD
+ sleep 2
+ test ! -x $__CONFDIR/$1.sh || $__CONFDIR/$1.sh post-start $1
+ fi
+elif [ "$2" = "running" ] ; then
+ if [ ! -f $__PKGSTATEDIR/$1.ctx ] ; then
+ echo Server $1 is not running
+ exit 1
+ else
+ . $__PKGSTATEDIR/$1.ctx
+ NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
+ #NB=`$_CHCONTEXT_COMPAT --silent --ctx $S_CONTEXT ps ax | wc -l`
+ #NB=`eval expr $NB + 0`
+ if [ "$NB" -gt 0 ] ; then
+ echo Server $1 is running
+ exit 0
+ else
+ echo Server $1 is not running
+ exit 1
+ fi
+ fi
+elif [ "$2" = "status" ] ; then
+ if $0 $1 running
+ then
+ . $__PKGSTATEDIR/$1.ctx
+ NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
+ echo $NB processes running
+ echo Vserver uptime: `$USR_LIB_VSERVER/filetime $__PKGSTATEDIR/$1.ctx`
+ fi
+elif [ "$2" = "stop" ] ; then
+ echo Stopping the virtual server $1
+ IPROOT=
+ IPROOTMASK=
+ IPROOTBCAST=
+ IPROOTDEV=
+ CAPS=
+ IS_MINIT=
+ readlastconf $1
+ if $0 $1 running
+ then
+ test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-stop $1
+ ifconfig_iproot $1
+ cd $__DEFAULT_VSERVERDIR/$1
+ mountproc $__DEFAULT_VSERVERDIR/$1
+ # The fakeinit flag tell us how to turn off the server
+ get_initdefault $1
+ export PREVLEVEL=$INITDEFAULT
+ STOPCMD="/etc/rc.d/rc 6"
+ if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
+ STOPCMD="/etc/init.d/rc 6"
+ elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
+ STOPCMD="/sbin/rc shutdown"
+ elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.6 ] ; then
+ STOPCMD="/etc/rc.d/rc.6"
+ fi
+
+ for f in $S_FLAGS dummy
+ do
+ case $f in
+ minit)
+ IS_MINIT=1
+ FLAGS="$FLAGS --flag fakeinit"
+ STOPCMD="/sbin/minit-stop"
+ ;;
+
+ fakeinit)
+ FLAGS="$FLAGS --flag $f"
+ STOPCMD="/sbin/init 6"
+ ;;
+ *)
+ ;;
+ esac
+ done
+
+ calculateCaps $S_CAPS
+
+ cd $__DEFAULT_VSERVERDIR/$1
+ IPOPT=`setipopt $IPROOT`
+ export PATH=$DEFAULTPATH
+ $_CHBIND $SILENT $IPOPT --bcast $IPROOTBCAST \
+ $_CHCONTEXT_COMPAT $SILENT $CAPS --secure --ctx $S_CONTEXT \
+ $_CAPCHROOT . $STOPCMD
+
+ if test "$IS_MINIT"; then
+ echo "Waiting for minit finish-signal"
+ dd if=var/run/minit-stop of=/dev/zero bs=1 count=1 &>/dev/null
+ sleep 1
+ else
+ echo sleeping 5 seconds
+ sleep 5
+ fi
+
+ echo Killing all processes
+ $_CHBIND --silent $IPOPT --bcast $IPROOTBCAST \
+ $_CHCONTEXT_COMPAT $CAPS --secure --silent --ctx $S_CONTEXT \
+ $_VSERVERKILLALL
+ fi
+ # We umount anyway, because "enter" establish the mount
+ # but when you exit, the server is considered not running
+ umountproc $__DEFAULT_VSERVERDIR/$1
+ cd /
+ test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh post-stop $1
+ ifconfig_iproot_off $1
+elif [ "$2" = "restart" ] ; then
+ if $0 $1 running
+ then
+ $0 $1 stop
+ $0 $1 start
+ fi
+elif [ "$2" = "suexec" ] ; then
+ if [ -z "$3" ] ; then
+ echo "Missing user!" >&2
+ echo "vserver vserver-name suexec user command [ args ... ]" >&2
+ exit 1
+ elif [ -z "$4" ] ; then
+ echo "Missing command and arguments!" >&2
+ echo "vserver vserver-name suexec user command [ args ... ]" >&2
+ exit 1
+ else
+ IPROOT=
+ IPROOTMASK=
+ IPROOTBCAST=
+ IPROOTDEV=
+ readlastconf $1
+ . $__CONFDIR/$1.conf
+ cd $__DEFAULT_VSERVERDIR/$1
+ ifconfig_iproot $1
+ mountproc $__DEFAULT_VSERVERDIR/$1
+ PS1="[\u@vserver:$1 \W]"
+ export PS1
+ VSERVER=$1
+ USERID=$3
+ shift; shift; shift
+ CAPS=
+ for f in $S_CAPS dummy
+ do
+ case $f in
+ dummy)
+ ;;
+ !CAP_SYS_CHROOT)
+ CHROOTOPT=--nochroot
+ ;;
+ *)
+ CAPS="$CAPS --cap $f"
+ ;;
+ esac
+ done
+ FLAGS=
+ for f in $S_FLAGS dummy
+ do
+ case $f in
+ minit)
+ FLAGS="$FLAGS --flag fakeinit"
+ ;;
+
+ dummy)
+ ;;
+ *)
+ FLAGS="$FLAGS --flag $f"
+ ;;
+ esac
+ done
+ setdefulimit
+ if [ "$ULIMIT" != "" ] ; then
+ ulimit $ULIMIT
+ fi
+ if $0 $VSERVER running >/dev/null
+ then
+ . $__PKGSTATEDIR/$VSERVER.ctx
+ cd $__DEFAULT_VSERVERDIR/$VSERVER
+ IPOPT=`setipopt $IPROOT`
+ export PATH=$DEFAULTPATH
+ exec $_CHBIND $SILENT $IPOPT --bcast $IPROOTBCAST \
+ $_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure --ctx $S_CONTEXT \
+ $_CAPCHROOT --suid $USERID . "$@"
+ else
+ test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
+ CTXOPT=
+ HOSTOPT=
+ DOMAINOPT=
+ if [ "$S_CONTEXT" != "" ] ; then
+ CTXOPT="--ctx $S_CONTEXT"
+ fi
+ if [ "$S_HOSTNAME" != "" ] ; then
+ HOSTOPT="--hostname $S_HOSTNAME"
+ export HOSTNAME=$S_HOSTNAME
+ fi
+ if [ "$S_DOMAINNAME" != "" ] ; then
+ DOMAINOPT="--domainname $S_DOMAINNAME"
+ fi
+ mkdir -p $__PKGSTATEDIR
+ cd $__DEFAULT_VSERVERDIR/$VSERVER
+ IPOPT=`setipopt $IPROOT`
+ export PATH=$DEFAULTPATH
+ exec $_CHBIND $SILENT $IPOPT --bcast $IPROOTBCAST \
+ $_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure $CTXOPT $HOSTOPT $DOMAINOPT \
+ $_SAVE_S_CONTEXT $__PKGSTATEDIR/$VSERVER.ctx \
+ $_CAPCHROOT --suid $USERID $CHROOTOPT . "$@"
+ fi
+ fi
+elif [ "$2" = "exec" ] ; then
+ VSERV=$1
+ shift; shift
+ exec $0 $NODEV $SILENT $VSERV suexec root "$@"
+elif [ "$2" = "enter" ] ; then
+ testperm $1
+ exec $0 $NODEV $SILENT $1 exec /bin/bash -login
+elif [ "$2" = "service" ] ; then
+ VSERVER=$1
+ shift
+ shift
+ exec $0 $NODEV $SILENT $VSERVER exec /sbin/service "$@"
+elif [ "$2" = "chkconfig" ] ; then
+ VSERVER=$1
+ shift
+ shift
+ if [ "$1" = "--level" ] ; then
+ shift
+ LEVELS=$1
+ shift
+ fi
+ if [ $# != 2 -a ! -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
+ echo Invalid argument, expected vserver name chkconfig [ --level nnn ] service on\|off
+ elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
+ exec $0 --silent $VSERVER exec /sbin/chkconfig "$@"
+ elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/usr/sbin/update-rc.d ] ; then
+ if [ "$2" = "on" -o "$2" = "start" ] ; then
+ $0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
+ exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 start 80 2 3 4 5 . stop 20 0 1 6 . >/dev/null
+ elif [ "$2" = "off" -o "$2" = "stop" ] ; then
+ $0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
+ exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 stop 20 0 1 2 3 4 5 6 . >/dev/null
+ else
+ echo vserver chkconfig: Expecting on or off
+ fi
+ else
+ echo chkconfig functionality is not available on this
+ echo vserver distribution.
+ echo Looked for /sbin/chkconfig and /usr/sbin/update-rc.d
+ fi
+else
+ echo Command unknown $2
+ echo
+ usage
+fi
+
git://git.onelab.eu / util-vserver.git / blobdiff