Merge branch 'master' into feature/add_config

Author: himrock922

libioc/Config/Jail/BaseConfig.py

@@ -79,16 +79,16 @@ class BaseConfig(dict):
 
     """
 
-    data: libioc.Config.Data.Data
+    _data: libioc.Config.Data.Data
     special_properties: 'libioc.Config.Jail.Properties.Properties'
 
     def __init__(
         self,
         logger: typing.Optional['libioc.Logger.Logger']=None
     ) -> None:
 
-        if self.data is None:
-            self.data = libioc.Config.Data.Data()
+        if hasattr(self, "_data") is False:
+            self._data = libioc.Config.Data.Data()
         self.logger = libioc.helpers_object.init_logger(self, logger)
 
         Properties = libioc.Config.Jail.Properties.JailConfigProperties
@@ -97,6 +97,34 @@ def __init__(
             logger=self.logger
         )
 
+    @property
+    def data(self) -> libioc.Config.Data.Data:
+        """Return the data object."""
+        return self._data
+
+    @data.setter
+    def data(self, new_data: libioc.Config.Data.Data) -> None:
+        """Validate and set the data object."""
+        if isinstance(new_data, libioc.Config.Data.Data) is False:
+            raise TypeError("data needs to be a flat dict structure")
+        new_data_keys = new_data.keys()
+        old_data = self._data
+        try:
+            self._data = dict()
+            identifier_keys = ["id", "name", "uuid"]
+            for key in identifier_keys:
+                if key in new_data_keys:
+                    self["id"] = new_data[key]
+                    break
+            for key in new_data_keys:
+                if key in identifier_keys:
+                    continue
+                self[key] = new_data[key]
+        except Exception:
+            self.logger.verbose("Configuration was not modified")
+            self._data = old_data
+            raise
+
     def clone(
         self,
         data: InputData,
@@ -142,7 +170,8 @@ def clone(
         new_data = libioc.Config.Data.Data(data)
         if current_id is not None:
             new_data["id"] = current_id
-        self.data = new_data
+        for key, value in new_data.items():
+            self.data[key] = value
 
     def read(self, data: dict, skip_on_error: bool=False) -> None:
         """

libioc/Config/Jail/Defaults.py

@@ -80,7 +80,7 @@
     "allow_quotas": 0,
     "allow_socket_af": 0,
     "allow_tun": 0,
-    "allow_vmm": 0,
+    "allow_vmm": False,
     "available": 0,
     "bpf": None,
     "comment": None,
@@ -129,7 +129,7 @@
     "jail_zfs": False,
     "jail_zfs_dataset": None,
     "jail_zfs_mountpoint": None,
-    "provisioning": {
+    "provision": {
         "method": None,
         "source": None,
         "rev": "master"

libioc/Config/Jail/File/Fstab.py

@@ -147,10 +147,7 @@ def __hash__(self) -> int:
         return hash(None)
 
 
-class Fstab(
-    libioc.Config.Jail.File.ResourceConfig,
-    collections.MutableSequence
-):
+class Fstab(collections.MutableSequence):
     """
     Fstab configuration file wrapper.
 
@@ -203,10 +200,7 @@ def path(self) -> str:
             path = self.file
         else:
             path = f"{self.jail.dataset.mountpoint}/{self.file}"
-            self._require_path_relative_to_resource(
-                filepath=path,
-                resource=self.jail
-            )
+            self.jail._require_relative_path(path)
 
         return path
 
@@ -400,7 +394,16 @@ def add_line(
 
         Use save() to write changes to the fstab file.
         """
-        if self.__contains__(line):
+        if type(line) == FstabLine:
+            if self.jail._is_path_relative(line["destination"]) is False:
+                line = FstabLine(line)  # clone to prevent mutation
+                line["destination"] = libioc.Types.AbsolutePath("/".join([
+                    self.jail.root_path,
+                    line["destination"].lstrip("/")
+                ]))
+
+        line_already_exists = self.__contains__(line)
+        if line_already_exists:
             destination = line["destination"]
             if replace is True:
                 self.logger.verbose(
@@ -425,11 +428,13 @@ def add_line(
 
         if type(line) == FstabLine:
             # destination is always relative to the jail resource
-            if line["destination"].startswith(self.jail.root_path) is False:
-                line["destination"] = libioc.Types.AbsolutePath("/".join([
+            if self.jail._is_path_relative(line["destination"]) is False:
+                _destination = libioc.Types.AbsolutePath("/".join([
                     self.jail.root_path,
                     line["destination"].strip("/")
                 ]))
+                self.jail._require_relative_path(_destination)
+                line["destination"] = _destination
 
             libioc.helpers.require_no_symlink(str(line["destination"]))
 
@@ -442,12 +447,17 @@ def add_line(
                     os.makedirs(line["destination"], 0o700)
 
             if (auto_mount_jail and self.jail.running) is True:
+                destination = line["destination"]
+                self.jail._require_relative_path(destination)
+                self.logger.verbose(
+                    f"auto-mount {destination}"
+                )
                 mount_command = [
                     "/sbin/mount",
                     "-o", line["options"],
                     "-t", line["type"],
                     line["source"],
-                    line["destination"]
+                    destination
                 ]
                 libioc.helpers.exec(mount_command, logger=self.logger)
                 _source = line["source"]
@@ -632,7 +642,7 @@ def insert(
             # find FstabAutoPlaceholderLine instead
             line = list(filter(
                 lambda x: isinstance(x, FstabAutoPlaceholderLine),
-                self._line
+                self._lines
             ))[0]
             real_index = self._lines.index(line)
         else:

libioc/Config/Jail/File/__init__.py

@@ -30,36 +30,6 @@
 import libioc.helpers_object
 import libioc.LaunchableResource
 
-
-class ResourceConfig:
-    """Shared abstract code between various config files in a resource."""
-
-    def _require_path_relative_to_resource(
-        self,
-        filepath: str,
-        resource: 'libioc.LaunchableResource.LaunchableResource'
-    ) -> None:
-
-        if self._is_path_relative_to_resource(filepath, resource) is False:
-            raise libioc.errors.SecurityViolationConfigJailEscape(
-                file=filepath
-            )
-
-    def _is_path_relative_to_resource(
-        self,
-        filepath: str,
-        resource: 'libioc.LaunchableResource.LaunchableResource'
-    ) -> bool:
-
-        real_resource_path = self._resolve_path(resource.dataset.mountpoint)
-        real_file_path = self._resolve_path(filepath)
-
-        return real_file_path.startswith(real_resource_path)
-
-    def _resolve_path(self, filepath: str) -> str:
-        return os.path.realpath(os.path.abspath(filepath))
-
-
 class ConfigFile(dict):
     """Abstraction of UCL file based config files in Resources."""
 
@@ -221,7 +191,7 @@ def __getitem__(
         return None
 
 
-class ResourceConfigFile(ConfigFile, ResourceConfig):
+class ResourceConfigFile(ConfigFile):
     """Abstraction of UCL file based config files in Resources."""
 
     def __init__(
@@ -238,8 +208,5 @@ def __init__(
     def path(self) -> str:
         """Absolute path to the file."""
         path = f"{self.resource.root_dataset.mountpoint}/{self.file}"
-        self._require_path_relative_to_resource(
-            filepath=path,
-            resource=self.resource
-        )
+        self.resource._require_relative_path(path)
         return os.path.abspath(path)

libioc/Config/Jail/JailConfig.py

@@ -40,7 +40,7 @@ class JailConfig(libioc.Config.Jail.BaseConfig.BaseConfig):
 
     legacy: bool = False
     jail: typing.Optional['libioc.Jail.JailGenerator']
-    data: dict = {}
+    data: dict
     ignore_source_config: bool
 
     def __init__(

libioc/Config/Jail/Properties/Resolver.py

@@ -162,7 +162,7 @@ def set(
                 )
         elif method == "skip":
             # directly set config property
-            self.config.get_raw["resolver"] = None
+            self.config.data["resolver"] = None
         else:
             if isinstance(value, str):
                 self.append(str(value), notify=False)

libioc/Config/Type/JSON.py

@@ -53,6 +53,6 @@ class DatasetConfigJSON(
     libioc.Config.Dataset.DatasetConfig,
     ConfigJSON
 ):
-    """ResourceConfig in JSON format."""
+    """ConfigFile in JSON format."""
 
     pass

libioc/Config/Type/UCL.py

@@ -52,6 +52,6 @@ class DatasetConfigUCL(
     libioc.Config.Dataset.DatasetConfig,
     ConfigUCL
 ):
-    """ResourceConfig in UCL format."""
+    """ConfigFile in UCL format."""
 
     pass

libioc/Jail.py

@@ -520,10 +520,7 @@ def start(
                 exec_start.append("service ipfw onestop")
 
         if self.config["jail_zfs"] is True:
-            share_storage = libioc.ZFSShareStorage.QueuingZFSShareStorage(
-                jail=self,
-                logger=self.logger
-            )
+            share_storage = self._zfs_share_storage
             share_storage.mount_zfs_shares()
             exec_start += share_storage.read_commands("jail")
             exec_created += share_storage.read_commands()
@@ -615,6 +612,15 @@ def _stop_failed_jail(
 
         yield jailLaunchEvent.end(stdout=stdout)
 
+    @property
+    def _zfs_share_storage(
+        self
+    ) -> libioc.ZFSShareStorage.QueuingZFSShareStorage:
+        return libioc.ZFSShareStorage.QueuingZFSShareStorage(
+            jail=self,
+            logger=self.logger
+        )
+
     def _start_dependant_jails(
         self,
         terms: libioc.Filter.Terms,
@@ -726,7 +732,7 @@ def _wrap_hook_script_command(
         self,
         commands: typing.Optional[typing.Union[str, typing.List[str]]],
         ignore_errors: bool=True,
-        jailed: bool=False,
+        jailed: bool=False,  # ToDo: remove unused argument
         write_env: bool=True
     ) -> typing.List[str]:
 
@@ -862,6 +868,7 @@ def _run_hook(self, hook_name: str) -> typing.Optional[
         raise NotImplementedError("_run_hook only supports start/stop")
 
     def _ensure_script_dir(self) -> None:
+        """Ensure that the launch scripts dir exists."""
         realpath = os.path.realpath(self.launch_script_dir)
         if realpath.startswith(self.dataset.mountpoint) is False:
             raise libioc.errors.SecurityViolationConfigJailEscape(
@@ -1602,6 +1609,30 @@ def devfs_ruleset(self) -> libioc.DevfsRules.DevfsRuleset:
         if self._allow_mount_zfs == "1":
             devfs_ruleset.append("add path zfs unhide")
 
+        if self.config["jail_zfs"] is True:
+            unhidden_parents: typing.Set[str] = set()
+            shared_datasets = self._zfs_share_storage.get_zfs_datasets()
+            if len(shared_datasets) > 0:
+                devfs_ruleset.append("add path zvol unhide")
+                for shared_dataset in shared_datasets:
+                    current_dataset_name = "zvol"
+                    for fragment in shared_dataset.name.split("/"):
+                        current_dataset_name += f"/{fragment}"
+                        if current_dataset_name in unhidden_parents:
+                            continue
+                        unhidden_parents.add(current_dataset_name)
+                        devfs_ruleset.append(
+                            f"add path {current_dataset_name} unhide"
+                        )
+                    devfs_ruleset.append(
+                        f"add path {current_dataset_name}/* unhide"
+                    )
+
+        if self.config["allow_vmm"] is True:
+            devfs_ruleset.append("add path vmm unhide")
+            devfs_ruleset.append("add path vmm/* unhide")
+            devfs_ruleset.append("add path nmdm* unhide")
+
         # create if the final rule combination does not exist as ruleset
         if devfs_ruleset not in self.host.devfs:
             self.logger.verbose("New devfs ruleset combination")
@@ -1680,6 +1711,9 @@ def _launch_command(self) -> typing.List[str]:
             f"mount.devfs={self._get_value('mount_devfs')}"
         ]
 
+        if self.config["allow_vmm"] is True:
+            command.append("allow.vmm=1")
+
         if self.host.userland_version > 9.3:
             command += [
                 f"mount.fdescfs={self._get_value('mount_fdescfs')}",
@@ -2174,6 +2208,14 @@ def env(self) -> typing.Dict[str, str]:
 
         jail_env["IOC_JAIL_PATH"] = self.root_dataset.mountpoint
         jail_env["IOC_JID"] = str(self.jid)
+        jail_env["PATH"] = ":".join((
+            "/sbin",
+            "/bin",
+            "/usr/sbin",
+            "/usr/bin",
+            "/usr/local/sbin",
+            "/usr/local/bin",
+        ))
 
         return jail_env