diff options
author | Bryan Drewery <bryan@shatow.net> | 2019-08-28 20:19:20 +0300 |
---|---|---|
committer | Bryan Drewery <bryan@shatow.net> | 2019-08-28 20:19:20 +0300 |
commit | 1937cc146ed7cabf1b1ac135b8c18911c8cd0e83 (patch) | |
tree | 7f47ade69d56041fc120a16555f586c20d99723d /src | |
parent | 819e46775cf308e3a8bb81437dbacc65fc39872e (diff) |
Expand securelevel check to handle MUTABLE_BASE=schg and TMPFS_WRKDIR/TMPFS_LOCALBASE.
Issue #684
Diffstat (limited to 'src')
-rwxr-xr-x | src/share/poudriere/common.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/share/poudriere/common.sh b/src/share/poudriere/common.sh index b9280384..c6f40a35 100755 --- a/src/share/poudriere/common.sh +++ b/src/share/poudriere/common.sh @@ -2389,8 +2389,14 @@ jail_start() { if [ "${DISTFILES_CACHE}" != "no" -a ! -d "${DISTFILES_CACHE}" ]; then err 1 "DISTFILES_CACHE directory does not exist. (cf. poudriere.conf)" fi - [ ${TMPFS_ALL} -ne 1 ] && [ $(sysctl -n kern.securelevel) -ge 1 ] && \ - err 1 "kern.securelevel >= 1. Poudriere requires no securelevel to be able to handle schg flags. USE_TMPFS=all can override this." + schg_immutable_base && [ $(sysctl -n kern.securelevel) -ge 1 ] && \ + err 1 "kern.securelevel >= 1. Poudriere requires no securelevel to be able to handle schg flags for MUTABLE_BASE=schg." + [ ${TMPFS_ALL} -eq 0 ] && [ ${TMPFS_WRKDIR} -eq 0 ] \ + && [ $(sysctl -n kern.securelevel) -ge 1 ] && \ + err 1 "kern.securelevel >= 1. Poudriere requires no securelevel to be able to handle schg flags. USE_TMPFS with 'wrkdir' or 'all' values can avoid this." + [ ${TMPFS_ALL} -eq 0 ] && [ ${TMPFS_LOCALBASE} -eq 0 ] \ + && [ $(sysctl -n kern.securelevel) -ge 1 ] && \ + err 1 "kern.securelevel >= 1. Poudriere requires no securelevel to be able to handle schg flags. USE_TMPFS with 'localbase' or 'all' values can avoid this." [ "${name#*.*}" = "${name}" ] || err 1 "The jail name cannot contain a period (.). See jail(8)" [ "${ptname#*.*}" = "${ptname}" ] || |