Dear list,
Sometimes, you would like to add a few binaries to your jail in
order to debug it from the inside (for example, a cron job that
doesn't work well, a php script that isn't working from the jail
etc.), this can include such tools as the mysql client, strace and
similar tools. When you finish your troubleshooting, it would be
nice to have a jk command that would remove only those file that
were added and weren't there before issuing the jk_init (or
jk_cp).
I thought about adding the necessary sections in the
jailkit_init.ini file, then calling jk_init on the jail and
capturing its output to a temporary file. For example, lets alter
the following jail by deleting part of the /usr/share/zoneinfo
directory tree, then call jk_init on it again to recreate the
missing files and symlinks and keep track of them
root#admin 15:20:27 ~ # rm -rf
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/
root#admin 15:20:30 ~ # jk_init -j
/var/www/clients/client1/web5/ php > /tmp/jkinit-php
sh: warning: setlocale: LC_ALL: cannot change locale
(en_US.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change
locale (en_US.UTF-8)
root#admin 15:20:45 ~ # grep ^Creating /tmp/jkinit-php
> /tmp/jkinit-php-links
root#admin 15:20:57 ~ # grep ^Copying /tmp/jkinit-php
> /tmp/jkinit-php-copies
root#admin 15:21:02 ~ # wc -l /tmp/jkinit-php-copies
18 /tmp/copies
root#admin 15:21:09 ~ # wc -l /tmp/jkinit-php-links
36 /tmp/links
root#admin 15:21:12 ~ #
We have 18 files copied and 36 symlinks created.
A jk_remove script would simply remove any file in /tmp/copies
and unlink any link found in /tmp/links (a couple sed commands
would allow to extract only the desired PATH)
command grep Copying /tmp/jkinitphp | sed "s/^Copying.* to
//;" > /tmp/jkinit-php-copies
command grep Creating /tmp/jkinitphp | sed "s/^Creating.* to
//;" >/tmp/jkinit-php-links
root#admin 15:49:31 ~ # while read link; do
echo unlink $link; done < /tmp/jkinit-php-links
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kinshasa
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Luanda
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Nairobi
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bujumbura
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Porto-Novo
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Nouakchott
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Timbuktu
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bamako
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Libreville
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Mogadishu
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kampala
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Banjul
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Dakar
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Douala
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lagos
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Djibouti
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Tripoli
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lome
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Freetown
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Maseru
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lusaka
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Dar_es_Salaam
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Mbabane
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Maputo
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ouagadougou
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Niamey
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Conakry
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lubumbashi
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Asmara
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Asmera
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Harare
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Malabo
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Brazzaville
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Cairo
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Gaborone
unlink
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kigali
root#admin 15:49:54 ~ # while read file; do echo rm $file;
done < /tmp/jkinit-php-copies
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bissau
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bangui
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/El_Aaiun
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Addis_Ababa
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Juba
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ceuta
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Blantyre
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Johannesburg
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Abidjan
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Accra
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Khartoum
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Monrovia
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Algiers
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ndjamena
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Sao_Tome
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Casablanca
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Tunis
rm
/var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Windhoek
root#admin 15:50:47 ~ #
Thoughts ?