vshost-util-vserver

vserver (22410B)

---

 #!/bin/sh
 
 # Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 # based on vserver by Jacques Gelinas
 #  
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2, or (at your option)
 # any later version.
 #  
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #  
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 # This is a script to control a virtual server
 
 : ${UTIL_VSERVER_VARS:=/usr/lib/util-vserver/util-vserver-vars}
 test -e "$UTIL_VSERVER_VARS" || {
     echo $"Can not find util-vserver installation (the file '$UTIL_VSERVER_VARS' would be expected); aborting..." >&2
     exit 1
 }
 . "$UTIL_VSERVER_VARS"
 
 USR_SBIN=$__SBINDIR
 USR_LIB_VSERVER=$__PKGLIBEXECDIR
 DEFAULTPATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
 
 vserver_mknod(){
 	mknod $1 $2 $3 $4
 	chmod $5 $1
 }
 
 mountproc()
 {
 	mkdir -p $1/proc $1/dev/pts
 	if [ ! -d $1/proc/1 ] ; then
 		mount -t proc none $1/proc
 		mount -t devpts -o gid=5,mode=0620 none $1/dev/pts
 	fi
 }
 umountproc()
 {
 	umount $1/proc 2>/dev/null
 	umount $1/dev/pts 2>/dev/null
 }
 
 # Check that the vservers parent directory has permission 000
 # This is the key to avoid chroot escape
 testperm()
 {
 	return
 	PERM=`$_SHOWPERM $__DEFAULT_VSERVERDIR/$1/..`
 	if [ "$PERM" != 000 ] ; then
 		echo
 		echo "**********************************************************"
 		echo $__DEFAULT_VSERVERDIR/$1/.. has insecure permissions.
 		echo A vserver administrator may be able to visit the root server.
 		echo To fix this, do
 		echo "	" chmod 000 $__DEFAULT_VSERVERDIR/$1/..
 		echo do it anytime you want, even if vservers are running.
 		echo "**********************************************************"
 		echo
 	fi
 }
 # Set the IP alias needed by a vserver
 ifconfig_iproot()
 {
 	if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL" ] ;then
 		# A vserver may have more than one IP
 		# The first alias is dev:vserver
 		# and the other are dev:vserver1,2,3 and so on
 		# An IP may hold the device. The following is valid
 		#	IPROOT="1.2.4.5 eth1:1.2.3.5"
 		#	IPROOTDEV=eth0
 		# The first IP 1.2.3.4 will go on eth0 and the other on eth1
 		# VLAN devices are also supported (eth0.231 for vlan 231)
 		SUFFIX=
 		for oneip in $IPROOT
 		do
 			IPDEV=$IPROOTDEV
 			MASK=$IPROOTMASK
 			BCAST=$IPROOTBCAST
 			# Split the device and IP if available
 			case $oneip in
 			*:*)
 				eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip; echo IPDEV=$dev)`
 				;;
 			esac
 			# Split the IP and the netmask if available
 			case $oneip in
 			*/*)
 				eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip; echo MASK=$msk)`
 				eval `$_IFSPEC "" "$oneip" "$MASK" "$BCAST"`
 				;;
 			esac
 			if [ "$IPDEV" != "" ] ; then
 				case $IPDEV in
 				*.*)
 					if [ ! -f /proc/net/vlan/$IPDEV ] ; then
 						/sbin/vconfig add `echo $IPDEV | tr . ' '`
 						# Put a dummy IP
 						/sbin/ifconfig $IPDEV 127.0.0.1
 					fi
 					;;
 				esac
 				# Compute the default netmask, if missing
 				eval `$_IFSPEC $IPDEV "$oneip" "$MASK" "$BCAST"`
 				IPROOTMASK=$NETMASK
 				IPROOTBCAST=$BCAST
 				#echo /sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
 				/sbin/ifconfig $IPDEV:$1$SUFFIX $oneip netmask $IPROOTMASK broadcast $IPROOTBCAST
 			fi
 			if [ "$SUFFIX" = "" ] ; then
 				SUFFIX=1
 			else
 				SUFFIX=`expr $SUFFIX + 1`
 			fi
 		done
 	fi
 	if [ "$IPROOTBCAST" = "" ] ; then
 		IPROOTBCAST=255.255.255.255
 	fi
 }
 ifconfig_iproot_off()
 {
 	if [ "$NODEV" = "" -a "$IPROOT" != "" -a "$IPROOT" != "0.0.0.0" -a "$IPROOT" != "ALL"  -a "$IPROOTDEV" != "" ] ;then
 		SUFFIX=
 		for oneip in $IPROOT
 		do
 			IPDEV=$IPROOTDEV
 			# Split the device and IP if available
 			case $oneip in
 			*:*)
 				eval `echo $oneip | tr : ' ' | (read dev ip; echo IPDEV=$dev)`
 				;;
 			esac
 			/sbin/ifconfig $IPDEV:$1$SUFFIX down 2>/dev/null
 			if [ "$SUFFIX" = "" ] ; then
 				SUFFIX=1
 			else
 				SUFFIX=`expr $SUFFIX + 1`
 			fi
 		done
 	fi
 }
 # Split an IPROOT definition, trash the devices and
 # compose a set of --ip option for chbind
 setipopt(){
 	RET=
 	IPS="$*"
 	if [ "$IPS" = "" ] ; then
 		IPS=0.0.0.0
 	fi
 	if [ "$1" = "ALL" ] ; then
 		IPS=`$_LISTDEVIP`
 	fi
 	for oneip in $IPS
 	do
 		# Split the device and IP if available
 		case $oneip in
 		*:*)
 			eval `echo $oneip | tr : ' ' | (read dev ip; echo oneip=$ip)`
 			;;
 		esac
 		#case $oneip in
 		#*/*)
 		#	eval `echo $oneip | tr / ' ' | (read ip msk; echo oneip=$ip)`
 		#	;;
 		#esac
 		echo --ip $oneip
 	done
 }
 
 # Extract the initial runlevel from the vserver inittab
 get_initdefault()
 {
 	INITDEFAULT=`grep :initdefault $__DEFAULT_VSERVERDIR/$1/etc/inittab | sed 's/:/ /g' | ( read a level b; echo $level)`
 }
 
 # Read the vserver configuration file, reusing the PROFILE value
 # found in /var/run/vservers
 readlastconf()
 {
 	if [ -f $__PKGSTATEDIR/$1.ctx ] ; then
 		. $__PKGSTATEDIR/$1.ctx
 		if [ "$S_PROFILE" != "" ] ; then
 			export PROFILE=$S_PROFILE
 		fi
 	fi
 	export PROFILE
 	. $__CONFDIR/$1.conf
 }
 usage()
 {
 	echo vserver [ options ] server-name command ...
 	echo
 	echo server-name is a directory in $__DEFAULT_VSERVERDIR
 	echo
 	echo The commands are:
 	echo " build   : Create a virtual server by copying the packages"
 	echo "           of the root server"
 	echo " enter   : Enter in the virtual server context and starts a shell"
 	echo "           Same as \"vserver name exec /bin/sh\""
 	echo " exec    : Exec a command in the virtual server context"
 	echo " suexec  : Exec a command in the virtual server context uid"
 	echo " service : Control a service inside a vserver"
 	echo "           vserver name service service-name start/stop/restart/status"
 	echo " start   : Starts the various services in the vserver, runlevel 3"
 	echo " stop    : Ends all services and kills the remaining processes"
 	echo " running : Tells if a virtual server is running"
 	echo "           It returns proper exit code, so you can use it as a test"
 	echo " status  : Tells some information about a vserver"
 	echo " chkconfig : It turns a server on or off in a vserver"
 	echo
 	echo "--nodev  : Do not configure the IP aliases of the vserver"
 	echo "           Useful to enter a vserver without enabling its network"
 	echo "           and avoiding conflicts with another copy of this vserver"
 	echo "           running elsewhere"
 	echo "--silent : No informative messages about vserver context and IP numbers"
 	echo "           Useful when you want to redirect the output"
 }
 
 calculateCaps()
 {
     local f
     for f in "$@"; do
 	case $f in
 	    !CAP_SYS_CHROOT)
 		CHROOTOPT=--nochroot
 		;;
 	    *)
 		CAPS="$CAPS --cap $f"
 		;;
 	esac
     done
 }
 
 SILENT=
 NODEV=
 while true
 do
 	if [ "$1" = "--silent" ] ; then
 		SILENT=--silent
 		shift
 	elif [ "$1" = "--nodev" ] ; then
 		NODEV=--nodev
 		shift
 	else
 		break
 	fi
 done
 # Setup the default ulimit for a vserver
 setdefulimit(){
 	# File handle are limited to half of the current system limit
 	# Virtual memory is limited to the ram size
 	NFILE=`cat /proc/sys/fs/file-max`
 	NFILE=`expr $NFILE / 2`
 	VMEM=`cat /proc/meminfo  | grep MemTotal | (read a b c; echo $b)`
 	# Disabled for now, we need a different to set the security
 	# context limit than fiddling with ulimit
 	#ulimit -H -n $NFILE -v $VMEM
 }
 if [ $# -lt 2 ] ; then
 	usage
 elif [ "$2" = "build" ] ; then
 	# Either the directory does not exist or is empty
 	NBSUB=`ls $__DEFAULT_VSERVERDIR/$1 2>/dev/null | grep -v lost+found | wc -l` 
 	NBSUB=`expr $NBSUB`
 	if [ "$NBSUB" != 0 ] ; then
 		echo Virtual server $__DEFAULT_VSERVERDIR/$1 already exist
 	else
 		if [ ! -d $__DEFAULT_VSERVERDIR ] ; then
 			mkdir $__DEFAULT_VSERVERDIR || exit 1
 			chmod 000 $__DEFAULT_VSERVERDIR
 			echo Directory $__DEFAULT_VSERVERDIR was created with permissions 000
 		fi
 		mkdir -p $__DEFAULT_VSERVERDIR/$1 || exit 1
 		chmod 755 $__DEFAULT_VSERVERDIR/$1
 		if test "$UTIL_VSERVER_AVOID_COPY"; then
 		    mkdir -p $__DEFAULT_VSERVERDIR/$1/{etc/rc.d/init.d,sbin,var/run,var/log}
 		else
 		    cp -ax /sbin /bin /etc /usr /var /lib $__DEFAULT_VSERVERDIR/$1/. || exit 1
 		fi
 		cd $__DEFAULT_VSERVERDIR/$1 || exit 1
 		rm -fr lib/modules/*
 		rm -f var/spool/mail/*
 		rm -f `find var/run -type f`
 		rm -f `find var/log -type f`
 		touch var/log/wtmp
 		rm -f var/lock/subsys/*
 		rm -f etc/cron.d/kmod
 		mkdir proc tmp home root boot
 		test -f /root/.bashrc && cp -a /root/.bashrc root/.
 		test -f /root/.bash_profile && cp -a /root/.bash_profile root/.
 		chmod 1777 tmp
 		chmod 750 root
 		# Create a minimal dev so the virtual server can't grab
 		# more privileges
 		mkdir dev dev/pts
 		vserver_mknod dev/null c 1 3 666
 		vserver_mknod dev/zero c 1 5 666
 		vserver_mknod dev/full c 1 7 666
 		vserver_mknod dev/random c 1 8 644
 		vserver_mknod dev/urandom c 1 9 644
 		vserver_mknod dev/tty c 5 0 666
 		vserver_mknod dev/ptmx c 5 2 666
 		touch dev/hdv1
 		# Turn off some service useless on a vserver
 		#		vserver_turnoff apmd network autofs dhcpd gpm ipchains iptables \
 		#			irda isdn keytable kudzu linuxconf-setup netfs nfs nfslock \
 		#			pcmcia portmap pppoe random rawdevices rhnsd rstatd ruserd \
 		#			rwalld rwhod sendmail smb snmpd v_httpd h_xinetd v_sshd vservers \
 		#			xfs ypbind xinetd
 		(
 			cd etc/init.d 2>/dev/null || cd etc/rc.d/init.d
 			for serv in *
 			do
 				case $serv in
 				*.bak|*~|functions|killall|halt|single)
 					;;
 				*)
 					#$USR_LIB_VSERVER/capchroot $__DEFAULT_VSERVERDIR/$1 /sbin/chkconfig --level 2345 $serv off
 					$0 --silent $1 chkconfig --level 2345 $serv off
 					;;
 				esac
 			done
 		)
 		rm -f etc/rc.d/rc6.d/S*reboot
 		# Create a dummy /etc/fstab and /etc/mtab to please
 		# df and linuxconf. We use hdv1, which does not exist
 		# to remind the admin that it is not the real drive
 		echo /dev/hdv1 / ext2 defaults 1 1 >etc/fstab
 		echo /dev/hdv1 / ext2 rw 0 0 >etc/mtab
 		# Install the vreboot utility
 		cp -a "$_VREBOOT" sbin/.
 		ln -sf vreboot sbin/vhalt
 
 		echo Directory $__DEFAULT_VSERVERDIR/$1 has been populated
 		if [ ! -d $__CONFDIR ] ; then
 			mkdir $__CONFDIR
 			chmod 600 $__CONFDIR
 			echo Directory $__CONFDIR has been created
 		fi
 		if [ ! -f $__CONFDIR/$1.conf ] ; then
 			CONF=$__CONFDIR/$1.conf
 			cat >$CONF <<-EOF
 if [ "$PROFILE" = "" ] ; then
 	PROFILE=prod
 fi
 # Select the IP number assigned to the virtual server
 # This IP must be one IP of the server, either an interface
 # or an IP alias
 # A vserver may have more than one IP. Separate them with spaces.
 # do not forget double quotes.
 # Some examples:
 # IPROOT="1.2.3.4 2.3.4.5"
 # IPROOT="eth0:1.2.3.4 eth1:2.3.4.5"
 # If the device is not specified, IPROOTDEV is used
 case \$PROFILE in
 prod)
 	IPROOT=1.2.3.4
 	# The netmask and broadcast are computed by default from IPROOTDEV
 	#IPROOTMASK=
 	#IPROOTBCAST=
 	# You can define on which device the IP alias will be done
 	# The IP alias will be set when the server is started and unset
 	# when the server is stopped
 	#IPROOTDEV=eth0
 	# You can set a different host name for the vserver
 	# If empty, the host name of the main server is used
 	S_HOSTNAME=
 	;;
 backup)
 	IPROOT=1.2.3.4
 	#IPROOTMASK=
 	#IPROOTBCAST=
 	#IPROOTDEV=eth0
 	S_HOSTNAME=
 	;;
 esac
 # Uncomment the onboot line if you want to enable this
 # virtual server at boot time
 #ONBOOT=yes
 # You can set a different NIS domain for the vserver
 # If empty, the current on is kept
 # Set it to "none" to have no NIS domain set
 S_DOMAINNAME=
 # You can set the priority level (nice) of all process in the vserver
 # Even root won't be able to raise it
 S_NICE=
 # You can set various flags for the new security context
 # lock: Prevent the vserver from setting new security context
 # sched: Merge scheduler priority of all processes in the vserver
 #        so that it acts a like a single one.
 # nproc: Limit the number of processes in the vserver according to ulimit
 #        (instead of a per user limit, this becomes a per vserver limit)
 # private: No other process can join this security context. Even root
 # Do not forget the quotes around the flags
 S_FLAGS="lock nproc"
 # You can set various ulimit flags and they will be inherited by the
 # vserver. You enter here various command line argument of ulimit
 # ULIMIT="-HS -u 200"
 # The example above, combined with the nproc S_FLAGS will limit the
 # vserver to a maximum of 200 processes
 ULIMIT="-HS -u 1000"
 # You can set various capabilities. By default, the vserver are run
 # with a limited set, so you can let root run in a vserver and not
 # worry about it. He can't take over the machine. In some cases
 # you can to give a little more capabilities (such as CAP_NET_RAW)
 # S_CAPS="CAP_NET_RAW"
 S_CAPS=""
 # Select an unused context (this is optional)
 # The default is to allocate a free context on the fly
 # In general you don't need to force a context
 #S_CONTEXT=
 			EOF
 			echo $CONF has been created. Look at it\!
 		fi
 	fi
 elif [ ! -f $__CONFDIR/$1.conf ] ; then
 	echo No configuration for this vserver: $__CONFDIR/$1.conf
 	exit 1
 elif [ ! -d $__DEFAULT_VSERVERDIR/$1/. ] ; then
 	echo No directory for this vserver: $__DEFAULT_VSERVERDIR/$1
 	exit 1
 elif [ "$2" = "start" ] ; then
 	echo Starting the virtual server $1
 	testperm $1
 	if ! $0 $1 running
 	then
 		test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
 		IPROOT=
 		IPROOTMASK=
 		IPROOTBCAST=
 		IPROOTDEV=
 		S_NICE=
 		S_FLAGS=
 		. $__CONFDIR/$1.conf
 		export PROFILE
 		ifconfig_iproot $1
 		cd $__DEFAULT_VSERVERDIR/$1 || exit 1
 
 		if [ "$PROFILE" != "" ] ; then
 			echo export PROFILE=$PROFILE >etc/PROFILE
 		fi
 
 		rm -f `find var/run -type f`
 		touch var/run/utmp
 		chgrp ${UTMP_GROUP:-utmp} var/run/utmp
 		chmod 0664 var/run/utmp
 		rm -f  var/lock/subsys/*
 		mountproc $__DEFAULT_VSERVERDIR/$1
 		CTXOPT=
 		HOSTOPT=
 		DOMAINOPT=
 		NICECMD=
 		FLAGS=
 		CAPS=
 		get_initdefault $1
 		STARTCMD="/etc/rc.d/rc $INITDEFAULT"
 		if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
 			STARTCMD="/etc/init.d/rc $INITDEFAULT"
 		elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
 			STARTCMD="/sbin/rc default"
 		elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.M ] ; then
 		        STARTCMD="/etc/rc.d/rc.M"			
  		fi
 
 		DISCONNECT=
 		FAKEINIT=
 		for f in $S_FLAGS dummy
 		do
 			case $f in
 			dummy)
 				;;
 
                         minit)
 				FAKEINIT=true
                                 FLAGS="$FLAGS --flag fakeinit"
                                 STARTCMD=/sbin/minit-start
                                 DISCONNECT=--disconnect
 				;;
 
 			fakeinit)
 				FAKEINIT=true
 				FLAGS="$FLAGS --flag $f"
 				STARTCMD=/sbin/init
 				DISCONNECT=--disconnect
 				;;
 			*)
 				FLAGS="$FLAGS --flag $f"
 				;;
 			esac
 		done
 		if [ "$FAKEINIT" = "" ] ; then
 			$USR_LIB_VSERVER/fakerunlevel $INITDEFAULT var/run/utmp
 		fi
 
 		calculateCaps $S_CAPS
 
 		if [ "$S_CONTEXT" != "" ] ; then
 			CTXOPT="--ctx $S_CONTEXT"
 		fi
 		if [ "$S_HOSTNAME" != "" ] ; then
 			HOSTOPT="--hostname $S_HOSTNAME"
 			export HOSTNAME=$S_HOSTNAME
 		fi
 		if [ "$S_DOMAINNAME" != "" ] ; then
 			DOMAINOPT="--domainname $S_DOMAINNAME"
 		fi
 		if [ "$S_NICE" != "" ] ; then
 			NICECMD="nice -n $S_NICE"
 		fi
 		mkdir -p $__PKGSTATEDIR
 		chmod 700 $__PKGSTATEDIR
 		setdefulimit
 		if [ "$ULIMIT" != "" ] ; then
 			ulimit $ULIMIT
 		fi
 		#echo FLAGS=$FLAGS
 		#echo CAPS=$CAPS
 		# We switch to /vservers/$1 now, because after the
 		# security context switch /vservers directory becomes a dead zone.
 		cd $__DEFAULT_VSERVERDIR/$1
 		IPOPT=`setipopt $IPROOT`
 		export PATH=$DEFAULTPATH
 		$NICECMD $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
 			$_CHCONTEXT_COMPAT $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure \
 			$_SAVE_S_CONTEXT $__PKGSTATEDIR/$1.ctx \
 			$_CAPCHROOT $CHROOTOPT . $STARTCMD
 		sleep 2
 		test ! -x $__CONFDIR/$1.sh || $__CONFDIR/$1.sh post-start $1
 	fi
 elif [ "$2" = "running" ] ; then
 	if [ ! -f $__PKGSTATEDIR/$1.ctx ] ; then
 		echo Server $1 is not running
 		exit 1
 	else
 		. $__PKGSTATEDIR/$1.ctx
 		NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
 		#NB=`$_CHCONTEXT_COMPAT --silent --ctx $S_CONTEXT ps ax | wc -l`
 		#NB=`eval expr $NB + 0`
 		if [ "$NB" -gt 0 ] ; then
 			echo Server $1 is running
 			exit 0
 		else
 			echo Server $1 is not running
 			exit 1
 		fi
 	fi
 elif [ "$2" = "status" ] ; then
 	if $0 $1 running
 	then
 		. $__PKGSTATEDIR/$1.ctx
 		NB=$($USR_SBIN/vps ax | awk '{print $2}' | grep \^$S_CONTEXT\$ | wc -l)
 		echo $NB processes running
 		echo Vserver uptime: `$USR_LIB_VSERVER/filetime $__PKGSTATEDIR/$1.ctx`
 	fi
 elif [ "$2" = "stop" ] ; then
 	echo Stopping the virtual server $1
 	IPROOT=
 	IPROOTMASK=
 	IPROOTBCAST=
 	IPROOTDEV=
 	CAPS=
 	IS_MINIT=
 	readlastconf $1
 	if $0 $1 running
 	then
 		test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-stop $1
 		ifconfig_iproot $1
 		cd $__DEFAULT_VSERVERDIR/$1
 		mountproc $__DEFAULT_VSERVERDIR/$1
 		# The fakeinit flag tell us how to turn off the server
 		get_initdefault $1
 		export PREVLEVEL=$INITDEFAULT
 		STOPCMD="/etc/rc.d/rc 6"
 		if [ -x $__DEFAULT_VSERVERDIR/$1/etc/init.d/rc ] ; then
 			STOPCMD="/etc/init.d/rc 6"
 		elif [ -x $__DEFAULT_VSERVERDIR/$1/usr/bin/emerge ] ; then
 			STOPCMD="/sbin/rc shutdown"
 		elif [ -x $__DEFAULT_VSERVERDIR/$1/etc/rc.d/rc.6 ] ; then
 		        STOPCMD="/etc/rc.d/rc.6"
  		fi
 
 		for f in $S_FLAGS dummy
 		do
 			case $f in
                         minit)
 				IS_MINIT=1
 				FLAGS="$FLAGS --flag fakeinit"
                                 STOPCMD="/sbin/minit-stop"
                                 ;;
 
 			fakeinit)
 				FLAGS="$FLAGS --flag $f"
 				STOPCMD="/sbin/init 6"
 				;;
 			*)
 				;;
 			esac
 		done
 
 		calculateCaps $S_CAPS
 
 		cd $__DEFAULT_VSERVERDIR/$1
 		IPOPT=`setipopt $IPROOT`
 		export PATH=$DEFAULTPATH
 		$_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
 			$_CHCONTEXT_COMPAT $SILENT $CAPS --secure --ctx $S_CONTEXT \
 			$_CAPCHROOT . $STOPCMD
 
 		if test "$IS_MINIT"; then
 		    echo "Waiting for minit finish-signal"
 		    dd if=var/run/minit-stop of=/dev/zero bs=1 count=1 &>/dev/null
 		    sleep 1
 		else
 		    echo sleeping 5 seconds
 		    sleep 5
 		fi
 
 		echo Killing all processes
 		$_CHBIND_COMPAT --silent $IPOPT --bcast $IPROOTBCAST \
 			$_CHCONTEXT_COMPAT $CAPS --secure --silent --ctx $S_CONTEXT \
 			$_VSERVERKILLALL
 	fi
 	# We umount anyway, because "enter" establish the mount
 	# but when you exit, the server is considered not running
 	umountproc $__DEFAULT_VSERVERDIR/$1
 	cd /
 	test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh post-stop $1
 	ifconfig_iproot_off $1
 elif [ "$2" = "restart" ] ; then
 	if $0 $1 running
 	then
 		$0 $1 stop
 		$0 $1 start
 	fi
 elif [ "$2" = "suexec" ] ; then
 	if [ -z "$3" ] ; then
 		echo "Missing user!" >&2
 		echo "vserver vserver-name suexec user command [ args ... ]" >&2
 		exit 1
 	elif [ -z "$4" ] ; then
 		echo "Missing command and arguments!" >&2
 		echo "vserver vserver-name suexec user command [ args ... ]" >&2
 		exit 1
 	else
 		IPROOT=
 		IPROOTMASK=
 		IPROOTBCAST=
 		IPROOTDEV=
 		readlastconf $1
 		. $__CONFDIR/$1.conf
 		cd $__DEFAULT_VSERVERDIR/$1
 		ifconfig_iproot $1
 		mountproc $__DEFAULT_VSERVERDIR/$1
 		PS1="[\u@vserver:$1 \W]"
 		export PS1
 		VSERVER=$1
 		USERID=$3
 		shift; shift; shift
 		CAPS=
 		for f in $S_CAPS dummy
 		do
 			case $f in
 			dummy)
 				;;
 			!CAP_SYS_CHROOT)
 				CHROOTOPT=--nochroot
 				;;
 			*)
 				CAPS="$CAPS --cap $f"
 				;;
 			esac
 		done
 		FLAGS=
 		for f in $S_FLAGS dummy
 		do
 			case $f in
                         minit)
 				FLAGS="$FLAGS --flag fakeinit"
                                 ;;
 
 			dummy)
 				;;
 			*)
 				FLAGS="$FLAGS --flag $f"
 				;;
 			esac
 		done
 		setdefulimit
 		if [ "$ULIMIT" != "" ] ; then
 			ulimit $ULIMIT
 		fi
 		if $0 $VSERVER running >/dev/null
 		then
 			. $__PKGSTATEDIR/$VSERVER.ctx
 			cd $__DEFAULT_VSERVERDIR/$VSERVER
 			IPOPT=`setipopt $IPROOT`
 			export PATH=$DEFAULTPATH
 			exec $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
 				$_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure --ctx $S_CONTEXT \
 				$_CAPCHROOT --suid $USERID . "$@"
 		else
 			test -x $__CONFDIR/$1.sh && $__CONFDIR/$1.sh pre-start $1
 			CTXOPT=
 			HOSTOPT=
 			DOMAINOPT=
 			if [ "$S_CONTEXT" != "" ] ; then
 				CTXOPT="--ctx $S_CONTEXT"
 			fi
 			if [ "$S_HOSTNAME" != "" ] ; then
 				HOSTOPT="--hostname $S_HOSTNAME"
 				export HOSTNAME=$S_HOSTNAME
 			fi
 			if [ "$S_DOMAINNAME" != "" ] ; then
 				DOMAINOPT="--domainname $S_DOMAINNAME"
 			fi
 			mkdir -p $__PKGSTATEDIR
 			cd $__DEFAULT_VSERVERDIR/$VSERVER
 			IPOPT=`setipopt $IPROOT`
 			export PATH=$DEFAULTPATH
 			exec $_CHBIND_COMPAT $SILENT $IPOPT --bcast $IPROOTBCAST \
 				$_CHCONTEXT_COMPAT $SILENT $FLAGS $CAPS --secure $CTXOPT $HOSTOPT $DOMAINOPT \
 				$_SAVE_S_CONTEXT $__PKGSTATEDIR/$VSERVER.ctx \
 				$_CAPCHROOT --suid $USERID $CHROOTOPT . "$@"
 		fi
 	fi
 elif [ "$2" = "exec" ] ; then
 	VSERV=$1
 	shift; shift
 	exec $0 $NODEV $SILENT $VSERV suexec root "$@"
 elif [ "$2" = "enter" ] ; then
 	testperm $1
 	exec $0 $NODEV $SILENT $1 exec /bin/bash -login
 elif [ "$2" = "service" ] ; then
 	VSERVER=$1
 	shift
 	shift
 	exec $0 $NODEV $SILENT $VSERVER exec /sbin/service "$@"
 elif [ "$2" = "chkconfig" ] ; then
 	VSERVER=$1
 	shift
 	shift
 	if [ "$1" = "--level" ] ; then
 		shift
 		LEVELS=$1
 		shift
 	fi
 	if [ $# != 2 -a ! -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
 		echo Invalid argument, expected vserver name chkconfig [ --level nnn ] service on\|off
 	elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/sbin/chkconfig ] ; then
 		exec $0 --silent $VSERVER exec /sbin/chkconfig "$@"
 	elif [ -x $__DEFAULT_VSERVERDIR/$VSERVER/usr/sbin/update-rc.d ] ; then
 		if [ "$2" = "on" -o "$2" = "start" ] ; then
 			$0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
 			exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 start 80 2 3 4 5 . stop 20 0 1 6 . >/dev/null
 		elif [ "$2" = "off" -o "$2" = "stop" ] ; then
 			$0 --silent $VSERVER exec /usr/sbin/update-rc.d -f $1 remove >/dev/null
 			exec $0 --silent $VSERVER exec /usr/sbin/update-rc.d $1 stop 20 0 1 2 3 4 5 6 . >/dev/null
 		else
 			echo vserver chkconfig: Expecting on or off
 		fi
 	else
 		echo chkconfig functionality is not available on this
 		echo vserver distribution.
 		echo Looked for /sbin/chkconfig and /usr/sbin/update-rc.d
 	fi
 else
 	echo Command unknown $2
 	echo
 	usage
 fi