diff --git a/README.md b/README.md index 605025e..7e945c9 100644 --- a/README.md +++ b/README.md @@ -292,6 +292,37 @@ bootstrapping templates from GitHub or GitLab. See `bastille update` to ensure your bootstrapped releases include the latest patches. +**Ubuntu Linux [new since 0.9]** + +The bootstrap process for Linux containers is very different from the *BSD process. +You will need the package debootstrap and some kernel modules for that. +But don't worry, Bastille will do that for that for you. + +```shell +ishmael ~ # bastille bootstrap focal +sysrc: unknown variable 'linprocfs_load' +sysrc: unknown variable 'linsysfs_load' +sysrc: unknown variable 'tmpfs_load' +linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y) +#y +Loading modules +Persisting modules +linux_enable: -> YES +linprocfs_load: -> YES +linsysfs_load: -> YES +tmpfs_load: -> YES +Debootstrap not found. Should it be installed? (N|y) +#y +FreeBSD repository is up to date. +All repositories are up to date. +Checking integrity... done (0 conflicting) +The following 1 package(s) will be affected (of 0 checked): + +New packages to be INSTALLED: + debootstrap: 1.0.123_4 +[...] +``` +As of 0.9.20210714 Bastille supports Ubuntu 18.04 (bionic) and Ubuntu 20.04 (focal). bastille create --------------- @@ -381,6 +412,15 @@ shared base container is a "thin"). ishmael ~ # bastille create -T folsom 12.0-RELEASE 10.17.89.10 ``` +**Linux** +```shell +ishmael ~ # bastille create folsom focal 10.17.89.10 +``` + +Systemd is not supported due to the missing boot process. + + + I recommend using private (rfc1918) ip address ranges for your containers. These ranges include: diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 1a90875..503a8c8 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -429,11 +429,88 @@ http?://*/*/*) BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }') bootstrap_template ;; +#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad +ubuntu_bionic|bionic|ubuntu-bionic) + #check and install OS dependencies @hackacad + if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then + warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" + read answer + case $answer in + no|No|n|N|"") + error_exit "Exiting." + ;; + yes|Yes|y|Y) + info "Loading modules" + kldload linux linux64 linprocfs linsysfs tmpfs + info "Persisting modules" + sysrc linux_enable=YES + sysrc -f /boot/loader.conf linprocfs_load=YES + sysrc -f /boot/loader.conf linsysfs_load=YES + sysrc -f /boot/loader.conf tmpfs_load=YES + ;; + esac + fi + if which -s debootstrap; then + debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 + else + warn "Debootstrap not found. Should it be installed? (N|y)" + read answer + case $answer in + no|No|n|N|"") + error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." + ;; + yes|Yes|y|Y) + pkg install -y debootstrap + debootstrap --foreign --arch=amd64 --no-check-gpg bionic "${bastille_releasesdir}"/Ubuntu_1804 + ;; + esac + fi + echo "APT::Cache-Start 251658240;" > "${bastille_releasesdir}"/Ubuntu_1804/etc/apt/apt.conf.d/00aptitude + ;; +ubuntu_focal|focal|ubuntu-focal) + #check and install OS dependencies @hackacad + #ToDo: add function 'linux_pre' for sysrc etc. + if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then + warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)" + read answer + case $answer in + no|No|n|N|"") + error_exit "Exiting." + ;; + yes|Yes|y|Y) + info "Loading modules" + kldload linux linux64 linprocfs linsysfs tmpfs + info "Persisting modules" + sysrc linux_enable=YES + sysrc -f /boot/loader.conf linprocfs_load=YES + sysrc -f /boot/loader.conf linsysfs_load=YES + sysrc -f /boot/loader.conf tmpfs_load=YES + ;; + esac + fi + if which -s debootstrap; then + debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 + else + warn "Debootstrap not found. Should it be installed? (N|y)" + read answer + case $answer in + no|No|n|N|"") + error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail." + ;; + yes|Yes|y|Y) + pkg install -y debootstrap + debootstrap --foreign --arch=amd64 --no-check-gpg focal "${bastille_releasesdir}"/Ubuntu_2004 + ;; + esac + fi + ;; *) usage ;; esac + + case "${OPTION}" in update) bastille update "${RELEASE}" diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index afe66c2..3363c9a 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -53,7 +53,7 @@ validate_user() { USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)" if [ -n "${USER_SHELL}" ]; then if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then - jexec -l "${_jail}" /usr/bin/login -f "${USER}" + jexec -l "${_jail}" $LOGIN -f "${USER}" else echo "Invalid shell for user ${USER}" fi @@ -76,11 +76,12 @@ check_fib() { for _jail in ${JAILS}; do info "[${_jail}]:" + LOGIN="$(jexec -l "${_jail}" which login)" if [ -n "${USER}" ]; then validate_user else - check_fib - ${_setfib} jexec -l "${_jail}" /usr/bin/login -f root + LOGIN="$(jexec -l "${_jail}" which login)" + ${_setfib} jexec -l "${_jail}" $LOGIN -f root fi echo done diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 5bab048..611fdf3 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -158,7 +158,7 @@ if [ $# -gt 0 ]; then rctl -h jail: ;; import|imports|export|exports|backup|backups) - ls "${bastille_backupsdir}" | grep -Ev "*.sha256" + ls "${bastille_backupsdir}" | grep -v ".sha256$" exit 0 ;; *) diff --git a/usr/local/share/bastille/templates/default/linux/Bastillefile b/usr/local/share/bastille/templates/default/linux/Bastillefile new file mode 100644 index 0000000..5fd4669 --- /dev/null +++ b/usr/local/share/bastille/templates/default/linux/Bastillefile @@ -0,0 +1,14 @@ +PRE mkdir -p home +PRE mkdir -p tmp + + +FSTAB devfs root/dev devfs rw 0 0 +FSTAB tmpfs dev/shm tmpfs rw,size=1g,mode=1777 0 0 +FSTAB fdescfs dev/fd fdescfs rw,linrdlnk 0 0 +FSTAB linprocfs proc linprocfs rw 0 0 +FSTAB linsysfs sys linsysfs rw 0 0 +FSTAB /tmp tmp nullfs rw 0 0 +FSTAB /home home nullfs rw 0 0 + +CMD mkdir etc/apt/apt.conf.d/00aptitude +CMD echo "APT::Cache-Start 251658240;" > etc/apt/apt.conf.d/00aptitude \ No newline at end of file