#!/bin/sh # # Script to start a virtual rescudisk on a VServer vrbase=/root vrescuelog=/tmp/vcopy.log vrdir="" echo "TRACE: $0 $@" >> $vrescuelog if [ "${1%%=*}" = "--cleanup" ] then set -e vrdir=$vrbase/${1##*=} cd $vrdir/r umount proc umount target umount usr umount lib umount bin umount sbin rmdir proc rmdir target rmdir usr rmdir lib rmdir bin rmdir sbin rmdir dev/pts rm dev/* rmdir dev rm etc/* rmdir etc #rm * cd .. rmdir r cd .. rmdir $vrdir exit 0 fi if [ "${1%%=*}" = "--build" ] then vrdir=$vrbase/${1##*=} shift build="build" else build="" fi if [ "${1%%=*}" = "--dir" ] then vrdir=$vrbase/${1##*=} shift if ! cd $vrdir/r then echo "ERROR: Virtuall rescudisk '$vrdir' don't exist!" exit 110 fi fi vserver=$1 shift if [ "$vserver" = "--help" ] || [ "x$vserver" = "x" ] then echo $" USAGE: $0 [--dir=dir] vservername [[--running] command args*] $0 --build=dir vservername $0 --cleanup=dir $0 --help Create a virutal rescudisk for vservername with the vserver root mounted as /target. Run command in the rescudisk or start bash if no command are given. When --dir is given use the prebuild rescudisk in dir. When --running is given, run the kommand even if vserver is runing. With --build a rescudisk is build in dir, that alows extra preparations of the disc before commands are run. --cleanup try to remove the rescudisk. Don't trust the security of this rescuedisk, I'm a newbee on vserver! " exit 0 fi vconfdir="/etc/vservers" vdir=$vconfdir/$vserver if [ ! -d $vdir ] then echo $vdir echo "VServer '$vserver' existerar inte!" exit 1 else if [ -f $vdir/context ] then context="--xid `cat $vdir/context`" # untested! else context="" fi fi if [ "x$vrdir" = "x" ] then vrdir="rescue_$vserver$$" #echo $vrdir if ! $0 --build=$vrdir $vserver then exit $? fi $0 --dir=$vrdir $vserver "$@" err=$? $0 --cleanup=$vrdir exit $err fi if [ "$build" = "build" ] then set -e mkdir $vrdir # Set chroot barrier mkdir $vrdir/r if ! cd $vrdir/r then echo Failed creating dir exit 1 fi mkdir etc mkdir sbin mkdir bin mkdir lib mkdir usr mkdir target # NOTE on mount -r --bind! # # Mount --bind don't alowe shange in options, so ro don't work :-( # # Ther exist a kernel patch to fix this. Use them if You plan to run # anything untrusted in the rescue disk. OBS! Ther is probably allot # of other hole in the rescudisk, I'm a newbee on this! # # For now rw is good enuf.. rsync is the real use and kind of trust rsync mount -r --bind /sbin sbin mount -r --bind /bin bin mount -r --bind /lib lib mount -r --bind /usr usr mount --bind $vdir/vdir/. target mkdir proc mount --bind /proc proc # Proc hide? cp /etc/resolv.conf etc echo 127.0.0.1 localhost rescue-$vserver > etc/hosts echo "rescue-$vserver" > etc/hostname echo "root::0:0:root:/root:/bin/bash" > etc/passwd echo "nobody::65534:65534:nobody:/nonexistent:/bin/sh" >> etc/passwd echo "root::0:" > etc/group echo "nogroup::65534:" >> etc/group if [ -d /etc/vrescue.etc ] then cp -a /etc/vrescue.etc/* etc fi mkdir dev mkdir dev/pts cp -a /dev/random dev/ cp -a /dev/urandom dev/ cp -a /dev/null dev/ cp -a /dev/log dev/ cp -a /dev/fd dev/ cp -a /dev/stderr dev/ cp -a /dev/stdout dev/ cp -a /dev/stdin dev/ cp -a /dev/tty dev/ cp -a /dev/zero dev/ cp -a /dev/ptmx dev/ # mkdir dev/loop/ # cp -a /dev/loop/0 dev/loop/ exit 0 fi if [ "x$*" != "x" ] then if vserver $vserver running then if [ "$1" = "--running" ] then shift context="--xid `cat $vdir/run`" echo "TRACE: vcontext --silent --migrate $context --chroot -- \"$@\"" >> $vrescuelog vcontext --silent --migrate $context --chroot -- "$@" else echo "ERROR: Vserver is running!" exit 100 fi else if [ "$1" = "--running" ] then shift fi echo "TRACE: vcontext --silent --create $context --chroot -- \"$@\"" >> $vrescuelog vcontext --silent --create $context --chroot -- "$@" fi else if vserver $vserver running then echo "OBS! VServer '$vserver' mounted as /target is running!" context="--xid `cat $vdir/run`" vcontext --migrate $context --chroot -- bash else echo "VServer '$vserver' mounted as /target is not running!" vcontext --create $context --chroot -- bash fi fi