Skip to content

Commit

Permalink
support USB in jails
Browse files Browse the repository at this point in the history
  • Loading branch information
gronke committed Oct 2, 2018
1 parent cee9351 commit 6c012fc
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 1 deletion.
13 changes: 13 additions & 0 deletions iocage/Config/Jail/BaseConfig.py
Original file line number Diff line number Diff line change
Expand Up @@ -490,6 +490,19 @@ def _get_host_domainname(self) -> str:
except KeyError:
return "local"

def _get_usb_device(self) -> typing.List[str]:
devices = self.data["usb_device"].split() # type: typing.List[str]
return devices

def _set_usb_device(
self,
value: typing.Union[typing.List[str], str]
) -> None:
if isinstance(value, list):
self.data["usb_device"] = " ".join(value)
else:
self.data["usb_device"] = value

def get_string(self, key: str) -> str:
"""Get the stringified value of a configuration property."""
return self.stringify(self.__getitem__(key))
Expand Down
2 changes: 2 additions & 0 deletions iocage/Config/Jail/Defaults.py
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@ class JailConfigDefaults(iocage.Config.Jail.BaseConfig.BaseConfig):
"allow_mount_fdescfs": 0,
"allow_mount_zfs": 0,
"allow_mount_tmpfs": 0,
"allow_usb": 0,
"usb_device": ["ugen*"],
"allow_quotas": 0,
"allow_socket_af": 0,
"rlimits": None,
Expand Down
8 changes: 7 additions & 1 deletion iocage/Jail.py
Original file line number Diff line number Diff line change
Expand Up @@ -1437,9 +1437,15 @@ def devfs_ruleset(self) -> iocage.DevfsRules.DevfsRuleset:
if self._dhcp_enabled is True:
devfs_ruleset.append("add path 'bpf*' unhide")

if self._allow_mount_zfs == "1":
if self._allow_mount_zfs is True:
devfs_ruleset.append("add path zfs unhide")

if self.config["allow_usb"] is True:
devfs_ruleset.append("add path 'usb/*' unhide")
devfs_ruleset.append("add path 'usbctl' unhide")
for usb_device in self.config["usb_device"]:
devfs_ruleset.append(f"add path '{usb_device}' unhide")

# create if the final rule combination does not exist as ruleset
if devfs_ruleset not in self.host.devfs:
self.logger.verbose("New devfs ruleset combination")
Expand Down

0 comments on commit 6c012fc

Please sign in to comment.