update - check is_jailed in ioc_stop

Defenso-QTH · Oct 3, 2024 · f732076 · f732076
1 parent 650e056
commit f732076
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 45 deletions.
diff --git a/iocage_lib/ioc_common.py b/iocage_lib/ioc_common.py
@@ -55,6 +55,19 @@
 IOCAGE_DEVFS_RULESET = 4
 
 
+def is_jailed(self):
+        from ctypes import cdll, c_int, c_size_t, sizeof, byref
+        from ctypes.util import find_library
+
+        libc = cdll.LoadLibrary(find_library("c"))
+        _mem = c_int(-1)
+        _sz = c_size_t(sizeof(_mem))
+        result = libc.sysctlbyname(b'security.jail.jailed', byref(_mem), byref(_sz), None, c_size_t(0))
+        if result != 0:
+            raise Exception('sysctl returned with error %s' % result)
+        return bool(_mem.value)
+
+
 def callback(_log, callback_exception):
     """Helper to call the appropriate logging level"""
     log = logging.getLogger('iocage')

diff --git a/iocage_lib/ioc_start.py b/iocage_lib/ioc_start.py
@@ -86,18 +86,6 @@ def __init__(
                 if not suppress_exception:
                     raise e
 
-    def is_jailed(self):
-        from ctypes import cdll, c_int, c_size_t, sizeof, byref
-        from ctypes.util import find_library
-
-        libc = cdll.LoadLibrary(find_library("c"))
-        _mem = c_int(-1)
-        _sz = c_size_t(sizeof(_mem))
-        result = libc.sysctlbyname(b'security.jail.jailed', byref(_mem), byref(_sz), None, c_size_t(0))
-        if result != 0:
-            raise Exception('sysctl returned with error %s' % result)
-        return bool(_mem.value)
-
     def __start_jail__(self):
         """
         Takes a UUID, and the user supplied name of a jail, the path and the
@@ -509,7 +497,7 @@ def __start_jail__(self):
             _callback=self.callback,
             silent=self.silent)
 
-        jailed = self.is_jailed()
+        jailed = iocage_lib.ioc_common.is_jailed()
         msg = f" + Jailed: {jailed and 'yes' or 'no'}"
         iocage_lib.ioc_common.logit({
             "level": "INFO",

diff --git a/iocage_lib/ioc_stop.py b/iocage_lib/ioc_stop.py
@@ -274,43 +274,52 @@ def __stop_jail__(self):
                         _callback=self.callback,
                         silent=self.silent)
 
-        # Clean up after our dynamic devfs rulesets
-        devfs_rulesets = su.run(
-            ['devfs', 'rule', 'showsets'],
-            stdout=su.PIPE, universal_newlines=True
-        )
-        ruleset_list = [int(i) for i in devfs_rulesets.stdout.splitlines()]
-
-        if int(devfs_ruleset) in ruleset_list:
-            try:
-                su.run(
-                    ['devfs', 'rule', '-s', devfs_ruleset, 'delset'],
-                    stdout=su.PIPE
-                )
-
-                iocage_lib.ioc_common.logit({
-                    "level": "INFO",
-                    "message": f'  + Removing devfs_ruleset: {devfs_ruleset}'
-                               ' OK'
-                },
-                    _callback=self.callback,
-                    silent=self.silent)
-            except su.CalledProcessError:
+        if iocage_lib.ioc_common.is_jailed():
+            iocage_lib.ioc_common.logit({
+                "level": "INFO",
+                "message": f'  + No devfs_ruleset to remove.'
+            },
+                _callback=self.callback,
+                silent=self.silent
+            )
+        else:
+            # Clean up after our dynamic devfs rulesets
+            devfs_rulesets = su.run(
+                ['devfs', 'rule', 'showsets'],
+                stdout=su.PIPE, universal_newlines=True
+            )
+            ruleset_list = [int(i) for i in devfs_rulesets.stdout.splitlines()]
+
+            if int(devfs_ruleset) in ruleset_list:
+                try:
+                    su.run(
+                        ['devfs', 'rule', '-s', devfs_ruleset, 'delset'],
+                        stdout=su.PIPE
+                    )
+
+                    iocage_lib.ioc_common.logit({
+                        "level": "INFO",
+                        "message": f'  + Removing devfs_ruleset: {devfs_ruleset}'
+                                   ' OK'
+                    },
+                        _callback=self.callback,
+                        silent=self.silent)
+                except su.CalledProcessError:
+                    iocage_lib.ioc_common.logit({
+                        "level": 'ERROR',
+                        "message": f'  + Removing devfs_ruleset: {devfs_ruleset}'
+                                   ' FAILED'
+                    },
+                        _callback=self.callback,
+                        silent=self.silent)
+            else:
                 iocage_lib.ioc_common.logit({
                     "level": 'ERROR',
-                    "message": f'  + Removing devfs_ruleset: {devfs_ruleset}'
-                               ' FAILED'
+                    "message": '  + Refusing to remove protected devfs_ruleset:'
+                               f' {devfs_ruleset}'
                 },
                     _callback=self.callback,
                     silent=self.silent)
-        else:
-            iocage_lib.ioc_common.logit({
-                "level": 'ERROR',
-                "message": '  + Refusing to remove protected devfs_ruleset:'
-                           f' {devfs_ruleset}'
-            },
-                _callback=self.callback,
-                silent=self.silent)
 
         # Build up a jail stop command.
         cmd = ['jail', '-q']