BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Don't start empty jails unless templates defined, code improvements

Browse Source
This commit is contained in:
Jose
2021-01-08 20:26:31 -04:00
parent 083e019081
commit b528289815
1 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
usr/local/share/bastille/create.sh
View File

@@ -355,6 +355,11 @@ create_jail() {
# Jail must be started before applying the default template. -- cwells # Jail must be started before applying the default template. -- cwells
if [ -z "${EMPTY_JAIL}" ]; then if [ -z "${EMPTY_JAIL}" ]; then
bastille start "${NAME}" bastille start "${NAME}"
elif [ -n "${EMPTY_JAIL}" ]; then
# Don't start empty jails unless a template defined.
if [ -n "${bastille_template_empty}" ]; then
bastille start "${NAME}"
fi
fi fi
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then
@@ -375,17 +380,15 @@ create_jail() {
bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg IFCONFIG="${_ifconfig}" bastille template "${NAME}" ${bastille_template_vnet} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg IFCONFIG="${_ifconfig}"
fi fi
elif [ -n "${THICK_JAIL}" ]; then elif [ -n "${THICK_JAIL}" ]; then
if [ -n ${bastille_template_thick} ]; then if [ -n "${bastille_template_thick}" ]; then
bastille template "${NAME}" ${bastille_template_thick} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" bastille template "${NAME}" ${bastille_template_thick} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi fi
elif [ -n "${EMPTY_JAIL}" ]; then elif [ -n "${EMPTY_JAIL}" ]; then
if [ -n ${bastille_template_empty} ]; then if [ -n "${bastille_template_empty}" ]; then
if [ -s ${bastille_templatesdir}/${bastille_template_empty}/Bastillefile ]; then bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi
fi fi
else # Thin jail. else # Thin jail.
if [ -n ${bastille_template_thin} ]; then if [ -n "${bastille_template_thin}" ]; then
bastille template "${NAME}" ${bastille_template_thin} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" bastille template "${NAME}" ${bastille_template_thin} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi fi
fi fi
@@ -393,6 +396,11 @@ create_jail() {
# Apply values changed by the template. -- cwells # Apply values changed by the template. -- cwells
if [ -z "${EMPTY_JAIL}" ]; then if [ -z "${EMPTY_JAIL}" ]; then
bastille restart "${NAME}" bastille restart "${NAME}"
elif [ -n "${EMPTY_JAIL}" ]; then
# Don't restart empty jails unless a template defined.
if [ -n "${bastille_template_empty}" ]; then
bastille restart "${NAME}"
fi
fi fi
} }
@@ -526,6 +534,11 @@ if [ -z "${EMPTY_JAIL}" ]; then
if [ -n "${INTERFACE}" ]; then if [ -n "${INTERFACE}" ]; then
validate_netif validate_netif
validate_netconf validate_netconf
elif [ -z "${INTERFACE}" ]; then
if [ -n "${VNET_JAIL}" ]; then
# User must specify interface on vnet jails.
error_exit "Error: Network interface not defined."
fi
else else
validate_netconf validate_netconf
fi fi