Update of /cvsroot/devil-linux/build/config/etc/sysconfig/jail
In directory sc8-pr-cvs1:/tmp/cvs-serv26226/config/etc/sysconfig/jail
Modified Files:
Tag: rel-1-0-patches
DOMINO ISC_BIND POSTFIX SAGATOR
Log Message:
backported some changes
- jail script has new command DELETE
- domino jail script now empties the lib and etc directories before creating
the jail
- fixed the corner case when an empty directory is being copied to the jail
dir (fl)
- postfix jail script now empties the lib and etc directories before
creating the jail
- better handling of subdirectories & links in jail script (fl)
Index: DOMINO
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/DOMINO,v
retrieving revision 1.8
retrieving revision 1.8.2.1
diff -u -d -r1.8 -r1.8.2.1
--- DOMINO 20 Aug 2003 19:15:35 -0000 1.8
+++ DOMINO 26 Dec 2003 14:45:57 -0000 1.8.2.1
@@ -9,17 +9,23 @@
# name of the daemon
NAME Lotus Domino
-# define user and group under which this daemon should run
-USER notes
-GROUP notes
+# delete the following directories/files, before doing anything
+DELETE /etc/*
+DELETE /lib/*
# define this, when the jail directory should not be emptied
NODELETE 1
+# define user and group under which this daemon should run
+USER notes
+GROUP notes
+
# devices to create
# parameter: devicename type major minor user.group rights
DEV null c 1 3 0.0 0666
-DEV zero c 1 5 0.0 0666
+DEV zero c 1 5 0.0 0644
+DEV random c 1 8 0.0 644
+DEV urandom c 1 9 0.0 644
DEV tty9 c 4 9 0.0 0666
# files and directories to copy
Index: ISC_BIND
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/ISC_BIND,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -d -r1.6.2.1 -r1.6.2.2
--- ISC_BIND 16 Oct 2003 17:49:52 -0000 1.6.2.1
+++ ISC_BIND 26 Dec 2003 14:45:57 -0000 1.6.2.2
@@ -22,8 +22,9 @@
# devices to create
# parameter: devicename type major minor user.group rights
DEV null c 1 3 0.0 0666
-DEV zero c 1 5 0.0 0666
-DEV random c 1 8 0.0 0444
+DEV zero c 1 5 0.0 0644
+DEV random c 1 8 0.0 644
+DEV urandom c 1 9 0.0 644
# files and directories to copy
COPY /etc/named
Index: POSTFIX
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/POSTFIX,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- POSTFIX 22 Jul 2003 00:21:03 -0000 1.3
+++ POSTFIX 26 Dec 2003 14:45:57 -0000 1.3.2.1
@@ -27,10 +27,16 @@
# define this, if the package should not be unpacked into the jail root directory
PACKAGEDIR /
+# delete the following directories/files, before doing anything
+DELETE /etc/*
+DELETE /lib/*
+
# devices to create
# parameter: devicename type major minor user.group rights
DEV null c 1 3 0.0 0666
-DEV zero c 1 5 0.0 0666
+DEV zero c 1 5 0.0 0644
+DEV random c 1 8 0.0 644
+DEV urandom c 1 9 0.0 644
# files and directories to copy
COPY /etc/postfix
@@ -42,14 +48,12 @@
COPY /lib/libnss*.so*
COPY /etc/localtime
COPY /usr/bin/cmp
+COPY /etc/passwd
+COPY /etc/group
+COPY /etc/shadow
+COPY /etc/gshadow
# set Linux capabilities
#CAP CAP_NET_BIND_SERVICE
LINK /var/spool/postfix
-
-COPYUSER postfix
-COPYGROUP postdrop
-COPYGROUP postfix
-COPYGROUP nogroup
-COPYUSER nobody
Index: SAGATOR
===================================================================
RCS file: /cvsroot/devil-linux/build/config/etc/sysconfig/jail/SAGATOR,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- SAGATOR 20 Sep 2003 18:58:00 -0000 1.3
+++ SAGATOR 26 Dec 2003 14:45:57 -0000 1.3.2.1
@@ -30,8 +30,9 @@
# devices to create
# parameter: devicename type major minor user.group rights
DEV null c 1 3 0.0 0666
-DEV zero c 1 5 0.0 0666
-DEV urandom c 1 9 0.0 0644
+DEV zero c 1 5 0.0 0644
+DEV random c 1 8 0.0 644
+DEV urandom c 1 9 0.0 644
# files and directories to copy
COPY /etc/resolv.conf
|
