1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
|
#!/bin/sh
# Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
# based on vserver by Jacques Gelinas
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# This is a script to control a virtual server
: ${UTIL_VSERVER_VARS:=/usr/lib/util-vserver/util-vserver-vars}
test -e "$UTIL_VSERVER_VARS" || {
echo $"Can not find util-vserver installation (the file '$UTIL_VSERVER_VARS' would be expected); aborting..." >&2
exit 1
}
. "$UTIL_VSERVER_VARS"
USR_SBIN=$__SBINDIR
USR_LIB_VSERVER=$__PKGLIBDIR
DEFAULTPATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
vserver_mknod(){
mknod $1 $2 $3 $4
chmod $5 $1
}
mountproc()
{
mkdir -p $1/proc $1/dev/pts
if [ ! -d $1/proc/1 ] ; then
mount -t proc none $1/proc
mount -t devpts -o gid=5,mode=0620 none $1/dev/pts
fi
}
umountproc()
{
umount $1/proc 2>/dev/null
umount $1/dev/pts 2>/dev/null
}
# Check that the vservers parent directory has permission 000
# This is the key to avoid chroot escape
testperm()
{
return
PERM=`$_SHOWPERM $__DEFAULT_VSERVERDIR/$1/..`
if [ "$PERM" != 000 ] ; then
echo
echo "**********************************************************"
echo $__DEFAULT_VSERVERDIR/$1/.. has insecure permissions.
echo A vserver administrator may be able to visit the root server.
echo To fix this, do
echo " " chmod 000 $__DEFAULT_VSERVERDIR/$1/..
echo do it anytime you want, even if vservers are running.
echo "**********************************************************"
echo
fi
}
# Set the IP alias needed by a vserver
ifconfig_iproot()
{
if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL" ] ;then
# A vserver may have more than one IP
# The first alias is dev:vserver
# and the other are dev:vserver1,2,3 and so on
# An IP may hold the device. The following is valid
# IPROOT="1.2.4.5 eth1:1.2.3.5"
# IPROOTDEV=eth0
# The first IP 1.2.3.4 will go on eth0 and the other on eth1
# VLAN devices are also supported (eth0.231 for vlan 231)
SUFFIX=
for oneip in $IPROOT
do
IPDEV=$IPROOTDEV
MASK=$IPROOTMASK
BCAST=$IPROOTBCAST
# Split the device and IP if available
case $oneip in
*:*)
eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip; echo IPDEV=$dev)`
;;
esac
# Split the IP and the netmask if available
case $oneip in
*/*)
eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip; echo MASK=$msk)`
eval `$_IFSPEC "" "$oneip" "$MASK" "$BCAST"`
;;
esac
if [ "$IPDEV" != "" ] ; then
case $IPDEV in
*.*)
if [ ! -f /proc/net/vlan/$IPDEV ] ; then
/sbin/vconfig add `echo $IPDEV | tr . ' '`
# Put a dummy IP
/sbin/ifconfig $IPDEV 127.0.0.1
fi
;;
esac
# Compute the default netmask, if missing
eval `$_IFSPEC $IPDEV "$oneip" "$MASK" "$BCAST"`
IPROOTMASK=$NETMASK
IPROOTBCAST=$BCAST
#echo /sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
/sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
fi
if [ "$SUFFIX" = "" ] ; then
SUFFIX=1
else
SUFFIX=`expr $SUFFIX + 1`
fi
done
fi
if [ "$IPROOTBCAST" = "" ] ; then
IPROOTBCAST=255.255.255.255
fi
}
ifconfig_iproot_off()
{
if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL" -a "$IPROOTDEV" != "" ] ;then
SUFFIX=
for oneip in $IPROOT
do
IPDEV=$IPROOTDEV
# Split the device and IP if available
case $oneip in
*:*)
eval `echo $oneip | tr : ' ' | (read dev ip; echo IPDEV=$dev)`
;;
esac
/sbin/ifconfig $IPDEV:$1$SUFFIX down 2>/dev/null
if [ "$SUFFIX" = "" ] ; then
SUFFIX=1
else
SUFFIX=`expr $SUFFIX + 1`
fi
done
fi
}
# Split an IPROOT definition, trash the devices and
# compose a set of --ip option for chbind
setipopt(){
RET=
IPS="$*"
if [ "$IPS" = "" ] ; then
IPS=0.0.0.0
fi
if [ "$1" = "ALL" ] ; then
IPS=`$_LISTDEVIP`
fi
for oneip in $IPS
do
# Split the device and IP if available
case $oneip in
*:*)
eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip)`
;;
esac
#case $oneip in
#*/*)
# eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip)`
# ;;
#esac
echo --ip $oneip
done
}
# Extract the initial runlevel from the vserver inittab
get_initdefault()
{
INITDEFAULT=`grep :initdefault $__DEFAULT_VSERVERDIR/$1/etc/inittab | sed 's/:/ /g' | ( read a level b; echo $level)`
}
# Read the vserver configuration file, reusing the PROFILE value
# found in /var/run/vservers
readlastconf()
{
if [ -f $__PKGSTATEDIR/$1.ctx ] ; then
. $__PKGSTATEDIR/$1.ctx
if [ "$S_PROFILE" != "" ] ; then
export PROFILE=$S_PROFILE
fi
fi
export PROFILE
. $__CONFDIR/$1.conf
}
usage()
{
echo vserver [ options ] server-name command ...
echo
echo server-name is a directory in $__DEFAULT_VSERVERDIR
echo
echo The commands are:
echo " build : Create a virtual server by copying the packages"
echo " of the root server"
echo " enter : Enter in the virtual server context and starts a shell"
echo " Same as \"vserver name exec /bin/sh\""
echo " exec : Exec a command in the virtual server context"
echo " suexec : Exec a command in the virtual server context uid"
echo " service : Control a service inside a vserver"
echo " vserver name service service-name start/stop/restart/status"
echo " start : Starts the various services in the vserver, runlevel 3"
echo " stop : Ends all services and kills the remaining processes"
echo " running : Tells if a virtual server is running"
echo " It returns proper exit code, so you can use it as a test"
echo " status : Tells some information about a vserver"
echo " chkconfig : It turns a server on or off in a vserver"
echo
echo "--nodev : Do not configure the IP aliases of the vserver"
echo " Useful to enter a vserver without enabling its network"
echo " and avoiding conflicts with another copy of this vserver"
echo " running elsewhere"
echo "--silent : No informative messages about vserver context and IP numbers"
echo " Useful when you want to redirect the output"
}
calculateCaps()
{
local f
for f in "$@"; do
case $f in
!CAP_SYS_CHROOT)
CHROOTOPT=--nochroot
;;
*)
CAPS="$CAPS --cap $f"
;;
esac
done
}
SILENT=
NODEV=
while true
do
if [ "$1" = "--silent" ] ; then
SILENT=--silent
shift
elif [ "$1" = "--nodev" ] ; then
NODEV=--nodev
shift
else
break
fi
done
# Setup the default ulimit for a vserver
setdefulimit(){
# File handle are limited to half of the current system limit
# Virtual memory is limited to the ram size
NFILE=`cat /proc/sys/fs/file-max`
NFILE=`expr $NFILE / 2`
VMEM=`cat /proc/meminfo | grep MemTotal | (read a b c; echo $b)`
# Disabled for now, we need a different to set the security
# context limit than fiddling with ulimit
#ulimit -H -n $NFILE -v $VMEM
}
if [ $# -lt 2 ] ; then
usage
elif [ "$2" = "build" ] ; then
# Either the directory does not exist or is empty
NBSUB=`ls $__DEFAULT_VSERVERDIR/$1 2>/dev/null | grep -v lost+found | wc -l`
NBSUB=`expr $NBSUB`
if [ "$NBSUB" != 0 ] ; then
echo Virtual server $__DEFAULT_VSERVERDIR/$1 already exist
else
if [ ! -d $__DEFAULT_VSERVERDIR ] ; then
mkdir $__DEFAULT_VSERVERDIR || exit 1
chmod 000 $__DEFAULT_VSERVERDIR
echo Directory $__DEFAULT_VSERVERDIR was created with permissions 000
fi
mkdir -p $__DEFAULT_VSERVERDIR/$1 || exit 1
chmod 755 $__DEFAULT_VSERVERDIR/$1
if test "$UTIL_VSERVER_AVOID_COPY"; then
mkdir -p $__DEFAULT_VSERVERDIR/$1/{etc/rc.d/init.d,sbin,var/run,var/log}
else
cp -ax /sbin /bin /etc /usr /var /lib $__DEFAULT_VSERVERDIR/$1/. || exit 1
fi
cd $__DEFAULT_VSERVERDIR/$1 || exit 1
rm -fr lib/modules/*
rm -f var/spool/mail/*
rm -f `find var/run -type f`
rm -f `find var/log -type f`
touch var/log/wtmp
rm -f var/lock/subsys/*
rm -f etc/cron.d/kmod
mkdir proc tmp home root boot
test -f /root/.bashrc && cp -a /root/.bashrc root/.
test -f /root/.bash_profile && cp -a /root/.bash_profile root/.
chmod 1777 tmp
chmod 750 root
# Create a minimal dev so the virtual server can't grab
# more privileges
mkdir dev dev/pts
vserver_mknod dev/null c 1 3 666
vserver_mknod dev/zero c 1 5 666
vserver_mknod dev/full c 1 7 666
vserver_mknod dev/random c 1 8 644
vserver_mknod dev/urandom c 1 9 644
vserver_mknod dev/tty c 5 0 666
vserver_mknod dev/ptmx c 5 2 666
touch dev/hdv1
# Turn off some service useless on a vserver
# vserver_turnoff apmd network autofs dhcpd gpm ipchains iptables \
# irda isdn keytable kudzu linuxconf-setup netfs nfs nfslock \
# pcmcia portmap pppoe random rawdevices rhnsd rstatd ruserd \
# rwalld rwhod sendmail smb snmpd v_httpd h_xinetd v_sshd vservers \
# xfs ypbind xinetd
(
cd etc/init.d 2>/dev/null || cd etc/rc.d/init.d
for serv in *
do
case $serv in
*.bak|*~|functions|killall|halt|single)
;;
*)
#$USR_LIB_VSERVER/capchroot $__DEFAULT_VSERVERDIR/$1 /sbin/chkconfig --level 2345 $serv off
$0 --silent $1 chkconfig --level 2345 $serv off
;;
esac
done
)
rm -f etc/rc.d/rc6.d/S*reboot
# Create a dummy /etc/fstab and /etc/mtab to please
# df and linuxconf. We use hdv1, which does not exist
# to remind the admin that it is not the real drive
echo /dev/hdv1 / ext2 defaults 1 1 >etc/fstab
echo /dev/hdv1 / ext2 rw 0 0 >etc/mtab
# Install the vreboot utility
cp -a "$_VREBOOT" sbin/.
ln -sf vreboot sbin/vhalt
echo Directory $__DEFAULT_VSERVERDIR/$1 has been populated
if [ ! -d $__CONFDIR ] ; then
mkdir $__CONFDIR
chmod 600 $__CONFDIR
echo Directory $__CONFDIR has been created
fi
if [ ! -f $__CONFDIR/$1.conf ] ; then
CONF=$__CONFDIR/$1.conf
cat >$CONF <<-EOF
if [ "$PROFILE" = "" ] ; then
PROFILE=prod
fi
# Select the IP number assigned to the virtual server
# This IP must be one IP of the server, either an interface
# or an IP alias
# A vserver may have more than one IP. Separate them with spaces.
# do not forget double quotes.
# Some examples:
# IPROOT="1.2.3.4 2.3.4.5"
# IPROOT="eth0:1.2.3.4 eth1:2.3.4.5"
# If the device is not specified, IPROOTDEV is used
case \$PROFILE in
prod)
IPROOT=1.2.3.4
# The netmask and broadcast are computed by default from IPROOTDEV
#IPROOTMASK=
#IPROOTBCAST=
# You can define on which device the IP alias will be done
# The IP alias will be set when the server is started and unset
# when the server is stopped
#IPROOTDEV=eth0
# You can set a different host name for the vserver
# If empty, the host name of the main server is used
S_HOSTNAME=
;;
backup)
IPROOT=1.2.3.4
#IPROOTMASK=
#IPROOTBCAST=
#IPROOTDEV=eth0
S_HOSTNAME=
;;
esac
# Uncomment the onboot line if you want to enable this
# virtual server at boot time
#ONBOOT=yes
# You can set a different NIS domain for the vserver
# If empty, the current on is kept
# Set it to "none" to have no NIS domain set
S_DOMAINNAME=
# You can set the priority level (nice) of all process in the vserver
# Even root won't be able to raise it
S_NICE=
# You can set various flags for the new security context
# lock: Prevent the vserver from setting new security context
# sched: Merge scheduler priority of all processes in the vserver
# so that it acts a like a single one.
# nproc: Limit the number of processes in the vserver according to ulimit
# (instead of a per user limit, this becomes a per vserver limit)
# private: No other process can join this security context. Even root
# Do not forget the quotes around the flags
S_FLAGS="lock nproc"
# You can set various ulimit flags and they will be inherited by the
# vserver. You enter here various command line argument of ulimit
# ULIMIT="-HS -u 200"
# The example above, combined with the nproc S_FLAGS will limit the
# vserver to a maximum of 200 processes
ULIMIT="-HS -u 1000"
# You can set various capabilities. By default, the vserver are run
# with a limited set, so you can let root run in a vserver and not
# worry about it. He can't take over the machine. In some cases
# you can to give a little more capabilities (such as CAP_NET_RAW)
# S_CAPS="CAP_NET_RAW"
S_CAPS=""
# Select an unused context (this is optional)
# The default is to allocate a free context on the fly
# In general you don't need to force a context
#S_CONTEXT=
EOF
echo $CONF has been created. Look at it\!
fi
fi
elif [ ! -f $__CONFDIR/$1.conf ] ; then
echo No configuration for this vserver: $__CONFDIR/$1.conf
exit 1
elif [ ! -d $__DEFAULT_VSERVERDIR/$1/. ] ; then
echo No directory for this vserver: $__DEFAULT_VSERVERDIR/$1
exit 1
elif [ "$2" = "start" ] ; then
echo Starting the virtual server $1
testperm $1
if ! $0 $1 running
then
test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
IPROOT=
IPROOTMASK=
IPROOTBCAST=
IPROOTDEV=
S_NICE=
S_FLAGS=
. $__CONFDIR/$1.conf
export PROFILE
ifconfig_iproot $1
cd $__DEFAULT_VSERVERDIR/$1 || exit 1
if [ "$PROFILE" != "" ] ; then
echo export PROFILE=$PROFILE >etc/PROFILE
fi
rm -f `find var/run -type f`
touch var/run/utmp
chgrp ${UTMP_GROUP:-utmp} var/run/utmp
chmod 0664 var/run/utmp
rm -f var/lock/subsys/*
mountproc $__DEFAULT_VSERVERDIR/$1
CTXOPT=
HOSTOPT=
DOMAINOPT=
NICECMD=
FLAGS=
CAPS=
get_initdefault $1
STARTCMD="/etc/rc.d/rc $INITDEFAULT"
if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
STARTCMD="/etc/init.d/rc $INITDEFAULT"
elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
STARTCMD="/sbin/rc default"
elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.M ] ; then
STARTCMD="/etc/rc.d/rc.M"
fi
DISCONNECT=
FAKEINIT=
for f in $S_FLAGS dummy
do
case $f in
dummy)
;;
minit)
FAKEINIT=true
FLAGS="$FLAGS --flag fakeinit"
STARTCMD=/sbin/minit-start
DISCONNECT=--disconnect
;;
fakeinit)
FAKEINIT=true
FLAGS="$FLAGS --flag $f"
STARTCMD=/sbin/init
DISCONNECT=--disconnect
;;
*)
FLAGS="$FLAGS --flag $f"
;;
esac
done
if [ "$FAKEINIT" = "" ] ; then
$USR_LIB_VSERVER/fakerunlevel $INITDEFAULT var/run/utmp
fi
calculateCaps $S_CAPS
if [ "$S_CONTEXT" != "" ] ; then
CTXOPT="--ctx $S_CONTEXT"
fi
if [ "$S_HOSTNAME" != "" ] ; then
HOSTOPT="--hostname $S_HOSTNAME"
export HOSTNAME=$S_HOSTNAME
fi
if [ "$S_DOMAINNAME" != "" ] ; then
DOMAINOPT="--domainname $S_DOMAINNAME"
fi
if [ "$S_NICE" != "" ] ; then
NICECMD="nice -n $S_NICE"
fi
mkdir -p $__PKGSTATEDIR
chmod 700 $__PKGSTATEDIR
setdefulimit
if [ "$ULIMIT" != "" ] ; then
ulimit $ULIMIT
fi
#echo FLAGS=$FLAGS
#echo CAPS=$CAPS
# We switch to /vservers/$1 now, because after the
# security context switch /vservers directory becomes a dead zone.
cd $__DEFAULT_VSERVERDIR/$1
IPOPT=`setipopt $IPROOT`
export PATH=$DEFAULTPATH
$NICECMD $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
$_CHCONTEXT_COMPAT $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure \
$_SAVE_S_CONTEXT $__PKGSTATEDIR/$1.ctx \
$_CAPCHROOT $CHROOTOPT . $STARTCMD
sleep 2
test ! -x $__CONFDIR/$1.sh || $__CONFDIR/$1.sh post-start $1
fi
elif [ "$2" = "running" ] ; then
if [ ! -f $__PKGSTATEDIR/$1.ctx ] ; then
echo Server $1 is not running
exit 1
else
. $__PKGSTATEDIR/$1.ctx
NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
#NB=`$_CHCONTEXT_COMPAT --silent --ctx $S_CONTEXT ps ax | wc -l`
#NB=`eval expr $NB + 0`
if [ "$NB" -gt 0 ] ; then
echo Server $1 is running
exit 0
else
echo Server $1 is not running
exit 1
fi
fi
elif [ "$2" = "status" ] ; then
if $0 $1 running
then
. $__PKGSTATEDIR/$1.ctx
NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
echo $NB processes running
echo Vserver uptime: `$USR_LIB_VSERVER/filetime $__PKGSTATEDIR/$1.ctx`
fi
elif [ "$2" = "stop" ] ; then
echo Stopping the virtual server $1
IPROOT=
IPROOTMASK=
IPROOTBCAST=
IPROOTDEV=
CAPS=
IS_MINIT=
readlastconf $1
if $0 $1 running
then
test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-stop $1
ifconfig_iproot $1
cd $__DEFAULT_VSERVERDIR/$1
mountproc $__DEFAULT_VSERVERDIR/$1
# The fakeinit flag tell us how to turn off the server
get_initdefault $1
export PREVLEVEL=$INITDEFAULT
STOPCMD="/etc/rc.d/rc 6"
if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
STOPCMD="/etc/init.d/rc 6"
elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
STOPCMD="/sbin/rc shutdown"
elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.6 ] ; then
STOPCMD="/etc/rc.d/rc.6"
fi
for f in $S_FLAGS dummy
do
case $f in
minit)
IS_MINIT=1
FLAGS="$FLAGS --flag fakeinit"
STOPCMD="/sbin/minit-stop"
;;
fakeinit)
FLAGS="$FLAGS --flag $f"
STOPCMD="/sbin/init 6"
;;
*)
;;
esac
done
calculateCaps $S_CAPS
cd $__DEFAULT_VSERVERDIR/$1
IPOPT=`setipopt $IPROOT`
export PATH=$DEFAULTPATH
$_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
$_CHCONTEXT_COMPAT $SILENT $CAPS --secure --ctx $S_CONTEXT \
$_CAPCHROOT . $STOPCMD
if test "$IS_MINIT"; then
echo "Waiting for minit finish-signal"
dd if=var/run/minit-stop of=/dev/zero bs=1 count=1 &>/dev/null
sleep 1
else
echo sleeping 5 seconds
sleep 5
fi
echo Killing all processes
$_CHBIND_COMPAT --silent $IPOPT --bcast $IPROOTBCAST \
$_CHCONTEXT_COMPAT $CAPS --secure --silent --ctx $S_CONTEXT \
$_VSERVERKILLALL
fi
# We umount anyway, because "enter" establish the mount
# but when you exit, the server is considered not running
umountproc $__DEFAULT_VSERVERDIR/$1
cd /
test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh post-stop $1
ifconfig_iproot_off $1
elif [ "$2" = "restart" ] ; then
if $0 $1 running
then
$0 $1 stop
$0 $1 start
fi
elif [ "$2" = "suexec" ] ; then
if [ -z "$3" ] ; then
echo "Missing user!" >&2
echo "vserver vserver-name suexec user command [ args ... ]" >&2
exit 1
elif [ -z "$4" ] ; then
echo "Missing command and arguments!" >&2
echo "vserver vserver-name suexec user command [ args ... ]" >&2
exit 1
else
IPROOT=
IPROOTMASK=
IPROOTBCAST=
IPROOTDEV=
readlastconf $1
. $__CONFDIR/$1.conf
cd $__DEFAULT_VSERVERDIR/$1
ifconfig_iproot $1
mountproc $__DEFAULT_VSERVERDIR/$1
PS1="[\u@vserver:$1 \W]"
export PS1
VSERVER=$1
USERID=$3
shift; shift; shift
CAPS=
for f in $S_CAPS dummy
do
case $f in
dummy)
;;
!CAP_SYS_CHROOT)
CHROOTOPT=--nochroot
;;
*)
CAPS="$CAPS --cap $f"
;;
esac
done
FLAGS=
for f in $S_FLAGS dummy
do
case $f in
minit)
FLAGS="$FLAGS --flag fakeinit"
;;
dummy)
;;
*)
FLAGS="$FLAGS --flag $f"
;;
esac
done
setdefulimit
if [ "$ULIMIT" != "" ] ; then
ulimit $ULIMIT
fi
if $0 $VSERVER running >/dev/null
then
. $__PKGSTATEDIR/$VSERVER.ctx
cd $__DEFAULT_VSERVERDIR/$VSERVER
IPOPT=`setipopt $IPROOT`
export PATH=$DEFAULTPATH
exec $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
$_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure --ctx $S_CONTEXT \
$_CAPCHROOT --suid $USERID . "$@"
else
test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
CTXOPT=
HOSTOPT=
DOMAINOPT=
if [ "$S_CONTEXT" != "" ] ; then
CTXOPT="--ctx $S_CONTEXT"
fi
if [ "$S_HOSTNAME" != "" ] ; then
HOSTOPT="--hostname $S_HOSTNAME"
export HOSTNAME=$S_HOSTNAME
fi
if [ "$S_DOMAINNAME" != "" ] ; then
DOMAINOPT="--domainname $S_DOMAINNAME"
fi
mkdir -p $__PKGSTATEDIR
cd $__DEFAULT_VSERVERDIR/$VSERVER
IPOPT=`setipopt $IPROOT`
export PATH=$DEFAULTPATH
exec $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
$_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure $CTXOPT $HOSTOPT $DOMAINOPT \
$_SAVE_S_CONTEXT $__PKGSTATEDIR/$VSERVER.ctx \
$_CAPCHROOT --suid $USERID $CHROOTOPT . "$@"
fi
fi
elif [ "$2" = "exec" ] ; then
VSERV=$1
shift; shift
exec $0 $NODEV $SILENT $VSERV suexec root "$@"
elif [ "$2" = "enter" ] ; then
testperm $1
exec $0 $NODEV $SILENT $1 exec /bin/bash -login
elif [ "$2" = "service" ] ; then
VSERVER=$1
shift
shift
exec $0 $NODEV $SILENT $VSERVER exec /sbin/service "$@"
elif [ "$2" = "chkconfig" ] ; then
VSERVER=$1
shift
shift
if [ "$1" = "--level" ] ; then
shift
LEVELS=$1
shift
fi
if [ $# != 2 -a ! -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
echo Invalid argument, expected vserver name chkconfig [ --level nnn ] service on\|off
elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
exec $0 --silent $VSERVER exec /sbin/chkconfig "$@"
elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/usr/sbin/update-rc.d ] ; then
if [ "$2" = "on" -o "$2" = "start" ] ; then
$0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 start 80 2 3 4 5 . stop 20 0 1 6 . >/dev/null
elif [ "$2" = "off" -o "$2" = "stop" ] ; then
$0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 stop 20 0 1 2 3 4 5 6 . >/dev/null
else
echo vserver chkconfig: Expecting on or off
fi
else
echo chkconfig functionality is not available on this
echo vserver distribution.
echo Looked for /sbin/chkconfig and /usr/sbin/update-rc.d
fi
else
echo Command unknown $2
echo
usage
fi
|
