Commit 5454f624 authored by Jesse Norell's avatar Jesse Norell
Browse files

track hash of jailkit sections/apps to avoid unnecessary jail rebuilds

parent aaf963a8
......@@ -2,3 +2,4 @@ ALTER TABLE `web_domain` ADD `jailkit_chroot_app_sections` mediumtext NULL DEFA
ALTER TABLE `web_domain` ADD `jailkit_chroot_app_programs` mediumtext NULL DEFAULT NULL;
ALTER TABLE `web_domain` ADD `delete_unused_jailkit` enum('n','y') NOT NULL DEFAULT 'n';
ALTER TABLE `web_domain` ADD `last_jailkit_update` date NOT NULL DEFAULT FROM_UNIXTIME(0);
ALTER TABLE `web_domain` ADD `last_jailkit_hash` varchar(255) DEFAULT NULL;
......@@ -2088,6 +2088,7 @@ CREATE TABLE `web_domain` (
`jailkit_chroot_app_programs` mediumtext NULL DEFAULT NULL,
`delete_unused_jailkit` enum('n','y') NOT NULL default 'n',
`last_jailkit_update` date NULL DEFAULT NULL,
`last_jailkit_hash` varchar(255) DEFAULT NULL,
PRIMARY KEY (`domain_id`),
UNIQUE KEY `serverdomain` ( `server_id` , `ip_address`, `domain` )
) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
......
......@@ -75,7 +75,7 @@ class cronjob_jailkit_maintenance extends cronjob {
// limit the number of jails we update at one time according to time of day
$num_jails_to_update = (date('H') < 6) ? 25 : 3;
$sql = "SELECT domain_id, domain, document_root, php_fpm_chroot, jailkit_chroot_app_sections, jailkit_chroot_app_programs, delete_unused_jailkit FROM web_domain WHERE type = 'vhost' AND last_jailkit_update < (NOW() - INTERVAL 24 HOUR) AND server_id = ? ORDER by last_jailkit_update LIMIT ?";
$sql = "SELECT domain_id, domain, document_root, php_fpm_chroot, jailkit_chroot_app_sections, jailkit_chroot_app_programs, delete_unused_jailkit, last_jailkit_hash FROM web_domain WHERE type = 'vhost' AND last_jailkit_update < (NOW() - INTERVAL 24 HOUR) AND server_id = ? ORDER by last_jailkit_update LIMIT ?";
$records = $app->db->queryAllRecords($sql, $conf['server_id'], $num_jails_to_update);
foreach($records as $rec) {
......@@ -101,19 +101,32 @@ class cronjob_jailkit_maintenance extends cronjob {
if (isset($web['jailkit_chroot_app_programs']) && $web['jailkit_chroot_app_programs'] != '') {
$programs = $web['jailkit_chroot_app_programs'];
}
$app->system->web_folder_protection($rec['document_root'], false);
$app->system->update_jailkit_chroot($rec['document_root'], $sections, $programs, $update_options);
$app->system->web_folder_protection($rec['document_root'], true);
$programs .= ' '.$jailkit_config['jailkit_chroot_cron_programs'];
$last_updated = preg_split('/[\s,]+/', $sections.' '.$programs);
$last_updated = array_unique($last_updated, SORT_REGULAR);
sort($last_updated, SORT_STRING);
$update_hash = hash('md5', implode(' ', $last_updated));
if ($update_hash != $rec['last_jailkit_hash']) {
$app->system->web_folder_protection($rec['document_root'], false);
$app->system->update_jailkit_chroot($rec['document_root'], $sections, $programs, $update_options);
$app->system->web_folder_protection($rec['document_root'], true);
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = ? WHERE `document_root` = ?", $update_hash, $rec['document_root']);
} else {
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW() WHERE `document_root` = ?", $rec['document_root']);
}
} elseif ($rec['delete_unused_jailkit'] == 'y') {
//$app->log('Removing unused jail: '.$rec['document_root'], LOGLEVEL_DEBUG);
print 'Removing unused jail: '.$rec['document_root']."\n";
$app->system->web_folder_protection($rec['document_root'], false);
$app->system->delete_jailkit_chroot($rec['document_root']);
$app->system->web_folder_protection($rec['document_root'], true);
}
// might need to update master db here? checking....
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW() WHERE `document_root` = ?", $rec['document_root']);
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = NULL WHERE `document_root` = ?", $rec['document_root']);
} else {
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW() WHERE `document_root` = ?", $rec['document_root']);
}
}
parent::onRunJob();
......
......@@ -37,6 +37,8 @@ class apache2_plugin {
var $action = '';
var $ssl_certificate_changed = false;
var $update_letsencrypt = false;
var $website = null;
var $jailkit_config = null;
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
......@@ -797,6 +799,77 @@ class apache2_plugin {
$app->system->chgrp($data['new']['document_root'].'/private', $groupname);
}
// load jailkit server config
$jailkit_config = $app->getconf->get_server_config($conf['server_id'], 'jailkit');
// website overrides
if (isset($data['new']['jailkit_chroot_app_sections']) && $data['new']['jailkit_chroot_app_sections'] != '' ) {
$jailkit_config['jailkit_chroot_app_sections'] = $data['new']['jailkit_chroot_app_sections'];
}
if (isset($data['new']['jailkit_chroot_app_programs']) && $data['new']['jailkit_chroot_app_programs'] != '' ) {
$jailkit_config['jailkit_chroot_app_programs'] = $data['new']['jailkit_chroot_app_programs'];
}
$last_updated = preg_split('/[\s,]+/', $jailkit_config['jailkit_chroot_app_sections']
.' '.$jailkit_config['jailkit_chroot_app_programs']
.' '.$jailkit_config['jailkit_chroot_cron_programs']);
$last_updated = array_unique($last_updated, SORT_REGULAR);
sort($last_updated, SORT_STRING);
$update_hash = hash('md5', implode(' ', $last_updated));
// Create jailkit chroot when enabling php_fpm_chroot
if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y') {
$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
$this->jailkit_config = $jailkit_config;
$this->_setup_jailkit_chroot();
$this->_add_jailkit_user();
$check_for_jailkit_updates=false;
// else delete if unused
} elseif ($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') {
$check_for_jailkit_updates=false;
$this->_delete_jailkit_if_unused($data['new']['domain_id']);
if(is_dir($data['new']['document_root'].'/etc/jailkit')) {
$check_for_jailkit_updates=true;
}
// else update if needed
} elseif ($data['new']['delete_unused_jailkit'] != 'y') {
$check_for_jailkit_updates=true;
}
// If jail exists (and wasn't deleted), we may need to update it
if($check_for_jailkit_updates &&
( ($data['old']['jailkit_chroot_app_sections'] != $data['new']['jailkit_chroot_app_sections']) ||
($data['old']['jailkit_chroot_app_programs'] != $data['new']['jailkit_chroot_app_programs']) ) )
{
if (isset($jailkit_config['jailkit_hardlinks'])) {
if ($jailkit_config['jailkit_hardlinks'] == 'yes') {
$options = array( 'hardlink', );
} elseif ($jailkit_config['jailkit_hardlinks'] == 'no') {
$options = array();
}
} else {
$options = array( 'allow_hardlink', );
}
$options[] = 'force';
$sections = $jailkit_config['jailkit_chroot_app_sections'];
$programs = $jailkit_config['jailkit_chroot_app_programs'] . ' '
. $jailkit_config['jailkit_chroot_cron_programs'];
// don't update if last_jailkit_hash is the same
$tmp = $app->db->queryOneRecord('SELECT `last_jailkit_hash` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);
if ($update_hash != $tmp['last_jailkit_hash']) {
$app->system->update_jailkit_chroot($data['new']['document_root'], $sections, $programs, $options);
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = ? WHERE `document_root` = ?", $update_hash, $data['new']['document_root']);
}
unset($tmp);
}
// Remove the symlink for the site, if site is renamed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
......@@ -1176,7 +1249,6 @@ class apache2_plugin {
//* Create custom php.ini
if(trim($data['new']['custom_php_ini']) != '') {
$has_custom_php_ini = true;
$custom_sendmail_path = false;
if(!is_dir($custom_php_ini_dir)) $app->system->mkdirpath($custom_php_ini_dir);
$php_ini_content = $this->get_master_php_ini_content($data['new']);
......@@ -1201,13 +1273,6 @@ class apache2_plugin {
}
}
$custom_sendmail_path = false;
$line = strtok($php_ini_content, '\n');
while ($line !== false) {
if (strpos($line, 'sendmail_path') === 0) $custom_sendmail_path = true;
$line = strtok('\n');
}
$app->system->file_put_contents($custom_php_ini_dir.'/php.ini', $php_ini_content);
} else {
$has_custom_php_ini = false;
......@@ -1252,7 +1317,7 @@ class apache2_plugin {
$trans = array(
'{DOCROOT}' => $vhost_data['web_document_root_www'],
'{DOCROOT_CLIENT}' => $vhost_data['web_document_root'],
'{DOMAIN}' => $vhost_data['domain']
'{DOMAIN}' => $vhost_data['domain']
);
$vhost_data['apache_directives'] = strtr($vhost_data['apache_directives'], $trans);
......@@ -1317,8 +1382,6 @@ class apache2_plugin {
$vhost_data['seo_redirect_enabled'] = 0;
}
$vhost_data['custom_sendmail_path'] = (isset($custom_sendmail_path) && $custom_sendmail_path) ? 'y' : 'n';
$tpl->setVar($vhost_data);
$tpl->setVar('apache_version', $app->system->getapacheversion());
......@@ -3376,7 +3439,6 @@ class apache2_plugin {
}
$custom_session_save_path = false;
$custom_sendmail_path = false;
if($custom_php_ini_settings != ''){
// Make sure we only have Unix linebreaks
$custom_php_ini_settings = str_replace("\r\n", "\n", $custom_php_ini_settings);
......@@ -3394,7 +3456,6 @@ class apache2_plugin {
if($value != ''){
$key = trim($key);
if($key == 'session.save_path') $custom_session_save_path = true;
if($key == 'sendmail_path') $custom_sendmail_path = true;
switch (strtolower($value)) {
case '0':
// PHP-FPM might complain about invalid boolean value if you use 0
......@@ -3417,7 +3478,6 @@ class apache2_plugin {
}
$tpl->setVar('custom_session_save_path', ($custom_session_save_path ? 'y' : 'n'));
$tpl->setVar('custom_sendmail_path', ($custom_sendmail_path ? 'y' : 'n'));
$tpl->setLoop('custom_php_ini_settings', $final_php_ini_settings);
......@@ -3632,6 +3692,154 @@ class apache2_plugin {
return $seo_redirects;
}
function _setup_jailkit_chroot()
{
global $app;
$app->uses('system');
if (isset($this->jailkit_config) && isset($this->jailkit_config['jailkit_hardlinks'])) {
if ($this->jailkit_config['jailkit_hardlinks'] == 'yes') {
$options = array( 'hardlink', );
} elseif ($this->jailkit_config['jailkit_hardlinks'] == 'no') {
$options = array();
}
} else {
$options = array( 'allow_hardlink', );
}
// should move return here if $this->website['new_jailkit_hash'] == $this->website['last_jailkit_hash'] ?
// check if the chroot environment is created yet if not create it with a list of program sections from the config
if (!is_dir($this->website['document_root'].'/etc/jailkit'))
{
$app->system->create_jailkit_chroot($this->website['document_root'], $this->jailkit_config['jailkit_chroot_app_sections'], $options);
$this->app->log("Added jailkit chroot", LOGLEVEL_DEBUG);
$this->_add_jailkit_programs($options);
$this->app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate("bash.bashrc.master");
$tpl->setVar('jailkit_chroot', true);
$tpl->setVar('domain', $this->website['domain']);
$tpl->setVar('home_dir', $this->_get_home_dir(""));
$bashrc = $this->website['document_root'].'/etc/bash.bashrc';
if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
file_put_contents($bashrc, $tpl->grab());
unset($tpl);
$this->app->log("Added bashrc script: ".$bashrc, LOGLEVEL_DEBUG);
$tpl = new tpl();
$tpl->newTemplate("motd.master");
$tpl->setVar('domain', $this->website['domain']);
$motd = $this->website['document_root'].'/var/run/motd';
if(@is_file($motd) || @is_link($motd)) unlink($motd);
$app->system->file_put_contents($motd, $tpl->grab());
} else {
// force update existing jails
$options[] = 'force';
$sections = $this->jailkit_config['jailkit_chroot_app_sections'];
$programs = $this->jailkit_config['jailkit_chroot_app_programs'] . ' '
. $this->jailkit_config['jailkit_chroot_cron_programs'];
if ($this->website['new_jailkit_hash'] == $this->website['last_jailkit_hash']) {
return;
}
$app->system->update_jailkit_chroot($this->website['document_root'], $sections, $programs, $options);
}
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = ? WHERE `document_root` = ?", $this->website['new_jailkit_hash'], $this->website['document_root']);
}
function _add_jailkit_programs($opts=array())
{
global $app;
$app->uses('system');
//copy over further programs and its libraries
$app->system->create_jailkit_programs($this->website['document_root'], $this->jailkit_config['jailkit_chroot_app_programs'], $opts);
$this->app->log("Added app programs to jailkit chroot", LOGLEVEL_DEBUG);
$app->system->create_jailkit_programs($this->website['document_root'], $this->jailkit_config['jailkit_chroot_cron_programs'], $opts);
$this->app->log("Added cron programs to jailkit chroot", LOGLEVEL_DEBUG);
}
function _get_home_dir($username)
{
return str_replace("[username]", $username, $this->jailkit_config['jailkit_chroot_home']);
}
function _add_jailkit_user()
{
global $app;
// add the user to the chroot
$jailkit_chroot_userhome = $this->_get_home_dir($this->website['system_user']);
if(!is_dir($this->website['document_root'].'/etc')) mkdir($this->website['document_root'].'/etc');
if(!is_file($this->website['document_root'].'/etc/passwd')) $app->system->exec_safe('touch ?', $this->website['document_root'].'/etc/passwd');
// IMPORTANT!
// ALWAYS create the user. Even if the user was created before
// if we check if the user exists, then a update (no shell -> jailkit) will not work
// and the user has FULL ACCESS to the root of the server!
$app->system->create_jailkit_user($this->website['system_user'], $this->website['document_root'], $jailkit_chroot_userhome);
$app->system->mkdir($this->website['document_root'].$jailkit_chroot_userhome, 0755, true);
$app->system->chown($this->website['document_root'].$jailkit_chroot_userhome, $this->website['system_user']);
$app->system->chgrp($this->website['document_root'].$jailkit_chroot_userhome, $this->website['system_group']);
$this->app->log("Added created jailkit user home in : ".$this->website['document_root'].$jailkit_chroot_userhome, LOGLEVEL_DEBUG);
}
private function _delete_jailkit_if_unused($parent_domain_id) {
global $app, $conf;
// get jail directory
$parent_domain = $app->db->queryOneRecord("SELECT * FROM `web_domain` WHERE `domain_id` = ? OR `parent_domain_id` = ? AND `document_root` IS NOT NULL", $parent_domain_id, $parent_domain_id);
if (!is_dir($parent_domain['document_root'])) {
return;
}
// chroot is used by php-fpm
if (isset($parent_domain['php_fpm_chroot']) && $parent_domain['php_fpm_chroot'] == 'y') {
return;
}
// check for any shell_user using this jail
$inuse = $app->db->queryOneRecord('SELECT shell_user_id FROM `shell_user` WHERE `parent_domain_id` = ? AND `chroot` = ?', $parent_domain_id, 'jailkit');
if($inuse) {
return;
}
// check for any cron job using this jail
$inuse = $app->db->queryOneRecord('SELECT id FROM `cron` WHERE `parent_domain_id` = ? AND `type` = ?', $parent_domain_id, 'chrooted');
if($inuse) {
return;
}
$app->system->delete_jailkit_chroot($parent_domain['document_root']);
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = NULL WHERE `document_root` = ?", $parent_domain['document_root']);
}
} // end class
?>
......@@ -242,13 +242,23 @@ class cron_jailkit_plugin {
$options = array( 'allow_hardlink', );
}
//check if the chroot environment is created yet if not create it with a list of program sections from the config
$last_updated = preg_split('/[\s,]+/', $this->jailkit_config['jailkit_chroot_app_sections']
.' '.$this->jailkit_config['jailkit_chroot_app_programs']
.' '.$this->jailkit_config['jailkit_chroot_cron_programs']);
$last_updated = array_unique($last_updated, SORT_REGULAR);
sort($last_updated, SORT_STRING);
$update_hash = hash('md5', implode(' ', $last_updated));
// should move return here if $update_hash == $parent_domain['last_jailkit_hash'] ?
// check if the chroot environment is created yet if not create it with a list of program sections from the config
if (!is_dir($this->parent_domain['document_root'].'/etc/jailkit'))
{
$app->system->create_jailkit_chroot($this->parent_domain['document_root'], $this->jailkit_config['jailkit_chroot_app_sections'], $options);
$this->app->log("Added jailkit chroot", LOGLEVEL_DEBUG);
$this->_add_jailkit_programs($options);
$this->app->load('tpl');
$tpl = new tpl();
......@@ -281,16 +291,19 @@ class cron_jailkit_plugin {
$options[] = 'force';
$sections = $this->jailkit_config['jailkit_chroot_app_sections'];
$programs = $this->jailkit_config['jailkit_chroot_app_programs'];
$programs = $this->jailkit_config['jailkit_chroot_app_programs'] . ' '
. $this->jailkit_config['jailkit_chroot_cron_programs'];
if ($update_hash == $parent_domain['last_jailkit_hash']) {
return;
}
$app->system->update_jailkit_chroot($this->parent_domain['document_root'], $sections, $programs, $options);
}
$this->_add_jailkit_programs($options);
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW() WHERE `document_root` = ?", $this->data['new']['dir']);
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = ? WHERE `document_root` = ?", $update_hash, $this->parent_domain['document_root']);
}
function _add_jailkit_programs($opts=array())
......@@ -309,7 +322,7 @@ class cron_jailkit_plugin {
{
global $app;
//add the user to the chroot
// add the user to the chroot
$jailkit_chroot_userhome = $this->_get_home_dir($this->parent_domain['system_user']);
if(!is_dir($this->parent_domain['document_root'].'/etc')) mkdir($this->parent_domain['document_root'].'/etc');
......@@ -381,8 +394,9 @@ class cron_jailkit_plugin {
$app->system->delete_jailkit_chroot($parent_domain['document_root']);
// might need to update master db here? checking....
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW() WHERE `document_root` = ?", $parent_domain['document_root']);
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = NULL WHERE `document_root` = ?", $parent_domain['document_root']);
}
} // end class
......
......@@ -37,6 +37,8 @@ class nginx_plugin {
var $action = '';
var $ssl_certificate_changed = false;
var $update_letsencrypt = false;
var $website = null;
var $jailkit_config = null;
//* This function is called during ispconfig installation to determine
// if a symlink shall be created for this plugin.
......@@ -636,6 +638,78 @@ class nginx_plugin {
}
// load jailkit server config
$jailkit_config = $app->getconf->get_server_config($conf['server_id'], 'jailkit');
// website overrides
if (isset($data['new']['jailkit_chroot_app_sections']) && $data['new']['jailkit_chroot_app_sections'] != '' ) {
$jailkit_config['jailkit_chroot_app_sections'] = $data['new']['jailkit_chroot_app_sections'];
}
if (isset($data['new']['jailkit_chroot_app_programs']) && $data['new']['jailkit_chroot_app_programs'] != '' ) {
$jailkit_config['jailkit_chroot_app_programs'] = $data['new']['jailkit_chroot_app_programs'];
}
$last_updated = preg_split('/[\s,]+/', $jailkit_config['jailkit_chroot_app_sections']
.' '.$jailkit_config['jailkit_chroot_app_programs']
.' '.$jailkit_config['jailkit_chroot_cron_programs']);
$last_updated = array_unique($last_updated, SORT_REGULAR);
sort($last_updated, SORT_STRING);
$update_hash = hash('md5', implode(' ', $last_updated));
// Create jailkit chroot when enabling php_fpm_chroot
if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y') {
$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
$this->jailkit_config = $jailkit_config;
$this->_setup_jailkit_chroot();
$this->_add_jailkit_user();
$check_for_jailkit_updates=false;
// else delete if unused
} elseif ($data['new']['delete_unused_jailkit'] == 'y' && $data['new']['php_fpm_chroot'] != 'y') {
$check_for_jailkit_updates=false;
$this->_delete_jailkit_if_unused($data['new']['domain_id']);
if(is_dir($data['new']['document_root'].'/etc/jailkit')) {
$check_for_jailkit_updates=true;
}
// else update if needed
} elseif ($data['new']['delete_unused_jailkit'] != 'y') {
$check_for_jailkit_updates=true;
}
// If jail exists (and wasn't deleted), we may need to update it
if($check_for_jailkit_updates &&
( ($data['old']['jailkit_chroot_app_sections'] != $data['new']['jailkit_chroot_app_sections']) ||
($data['old']['jailkit_chroot_app_programs'] != $data['new']['jailkit_chroot_app_programs']) ) )
{
if (isset($jailkit_config['jailkit_hardlinks'])) {
if ($jailkit_config['jailkit_hardlinks'] == 'yes') {
$options = array( 'hardlink', );
} elseif ($jailkit_config['jailkit_hardlinks'] == 'no') {
$options = array();
}
} else {
$options = array( 'allow_hardlink', );
}
$options[] = 'force';
$sections = $jailkit_config['jailkit_chroot_app_sections'];
$programs = $jailkit_config['jailkit_chroot_app_programs'] . ' '
. $jailkit_config['jailkit_chroot_cron_programs'];
// don't update if last_jailkit_hash is the same
$tmp = $app->db->queryOneRecord('SELECT `last_jailkit_hash` FROM web_domain WHERE domain_id = ?', $data['new']['parent_domain_id']);
if ($update_hash != $tmp['last_jailkit_hash']) {
$app->system->update_jailkit_chroot($data['new']['document_root'], $sections, $programs, $options);
// this gets last_jailkit_update out of sync with master db, but that is ok,
// as it is only used as a timestamp to moderate the frequency of updating on the slaves
$app->db->query("UPDATE `web_domain` SET `last_jailkit_update` = NOW(), `last_jailkit_hash` = ? WHERE `document_root` = ?", $update_hash, $data['new']['document_root']);
}
unset($tmp);
}
// Remove the symlink for the site, if site is renamed
if($this->action == 'update' && $data['old']['domain'] != '' && $data['new']['domain'] != $data['old']['domain']) {
if(is_dir('/var/log/ispconfig/httpd/'.$data['old']['domain'])) $app->system->exec_safe('rm -rf ?', '/var/log/ispconfig/httpd/'.$data['old']['domain']);
......@@ -3403,6 +3477,154 @@ class nginx_plugin {
return $seo_redirects;
}
function _setup_jailkit_chroot()
{
global $app;
$app->uses('system');
if (isset($this->jailkit_config) && isset($this->jailkit_config['jailkit_hardlinks'])) {
if ($this->jailkit_config['jailkit_hardlinks'] == 'yes') {
$options = array( 'hardlink', );
} elseif ($this->jailkit_config['jailkit_hardlinks'] == 'no') {
$options = array();
}
} else {
$options = array( 'allow_hardlink', );
}
// should move return here if $this->website['new_jailkit_hash'] == $this->website['last_jailkit_hash'] ?
// check if the chroot environment is created yet if not create it with a list of program sections from the config
if (!is_dir($this->website['document_root'].'/etc/jailkit'))
{
$app->system->create_jailkit_chroot($this->website['document_root'], $this->jailkit_config['jailkit_chroot_app_sections'], $options);
$this->app->log("Added jailkit chroot", LOGLEVEL_DEBUG);
$this->_add_jailkit_programs($options);
$this->app->load('tpl');
$tpl = new tpl();
$tpl->newTemplate("bash.bashrc.master");
$tpl->setVar('jailkit_chroot', true);
$tpl->setVar('domain', $this->website['domain']);
$tpl->setVar('home_dir', $this->_get_home_dir(""));
$bashrc = $this->website['document_root'].'/etc/bash.bashrc';
if(@is_file($bashrc) || @is_link($bashrc)) unlink($bashrc);
file_put_contents($bashrc, $tpl->grab());
unset($tpl);
$this->app->log("Added bashrc script: ".$bashrc, LOGLEVEL_DEBUG);
$tpl = new tpl();
$tpl->newTemplate("motd.master");
$tpl->setVar('domain', $this->website['domain']);
$motd = $this->website['document_root'].'/var/run/motd';
if(@is_file($motd) || @is_link($motd)) unlink($motd);
$app->system->file_put_contents($motd, $tpl->grab());
} else {
// force update existing jails
$options[] = 'force';