Compare commits

...

35 Commits

Author SHA1 Message Date
Christer Edwards ff7de9167a Merge pull request #498 from cedwards/master
0.9.20220216 release
2022-02-16 23:34:59 -07:00
Christer Edwards aafc2b3323 0.9.20220216 release 2022-02-16 23:28:09 -07:00
Christer Edwards efed673e76 Merge pull request #490 from noracenofun/new-option--p-for-list-release
added the new option -p for list release
2022-02-16 23:05:03 -07:00
Christer Edwards 6aa6e40db1 Merge pull request #485 from JRGTH/clonejail_support
Initial support for clone jails
2022-02-16 23:02:41 -07:00
Christer Edwards 4726c48813 Merge pull request #491 from JRGTH/rename_fixes
Consistency improvements
2022-02-16 22:59:31 -07:00
Christer Edwards 920ca1fba0 Merge pull request #497 from frikilax/fix_fstab_clone
CLONE.SH::FIXED:: update fstab paths with new jail path
2022-02-16 22:58:52 -07:00
Theo BERTIN 6ca0369072 CLONE.SH::ADDED:: Complete FSTAB_RELEASE grep from fstab to get all release names
some release names (such as 14.0-CURRENT) were not correctly extracted from the fstab during fstab modification
2022-02-11 10:16:59 +01:00
Theo BERTIN 66d830a55f CLONE.SH::ADDED:: update fstab paths with new jail path 2022-02-11 09:41:02 +01:00
Christer Edwards e4e1fadf35 Merge pull request #495 from gogolok/readme_fix_formatting
README: Fix formatting
2022-02-02 12:35:47 -07:00
Robert Gogolok 6b43067d86 README: Fix formatting 2022-02-02 09:03:55 +01:00
JRGTH 9052271232 Consistency improvements 2022-01-17 20:47:48 -04:00
noracenofun 4be7795f0a added the new option -p for list release
This new option lists the patch level of FreeBSD releases.
2022-01-18 01:05:29 +01:00
Christer Edwards ab43a7569f Merge pull request #488 from JRGTH/rename_fixes
Update Linuxjail name entries upon jail renaming
2022-01-17 16:21:37 -07:00
Christer Edwards d7d0d864c3 Merge pull request #489 from noracenofun/bootstrap-aarch64/arm64-Debian/Ubuntu
bootstrap aarch64/arm64 Debian/Ubuntu support
2022-01-17 16:20:38 -07:00
Christer Edwards 5d9ea33889 Merge pull request #486 from noracenofun/patch-1
optimizing command `list -a`
2022-01-17 16:19:24 -07:00
noracenofun dc9b5fb9bd bootstrap aarch64/arm64 Debian/Ubuntu
added support to bootstrap aarch64/arm64 Debian or Ubuntu for ARM64 hosts
2022-01-16 19:51:58 +01:00
JRGTH a62f36333d Update Linuxjail name entries upon jail renaming 2022-01-16 14:00:23 -04:00
noracenofun 29e72cd34d various optimization and added linux release
various optimization as well as determine and display of linux release added
2022-01-16 16:06:20 +01:00
JRGTH 03b9817f5a Initial support for clone jails 2022-01-15 11:32:28 -04:00
Christer Edwards 38bb7faabf Merge pull request #483 from robarnold/import_vnet
Import basic vnet settings from iocage
2022-01-14 20:22:04 -07:00
Christer Edwards cc8e9f24a1 Merge pull request #482 from JRGTH/update_fixes
Fix to allow 32-Bit base releases to be updated
2022-01-14 20:18:16 -07:00
Christer Edwards 268d00be1f Merge pull request #484 from JRGTH/bootstrap_fixes
Bugfix to prevent double directory creation when bootstrapping Linux …
2022-01-14 20:04:18 -07:00
JRGTH 91bb955dd5 Bugfix to prevent double directory creation when bootstrapping Linux releases 2022-01-14 09:07:32 -04:00
Rob Arnold c98d03a8e5 Import basic vnet settings from iocage
There's quite a bit more we could do here, but this hits my basic usage
with vnets. Future work here would be things like ipv6 support or trying
to infer what a custom `interfaces` setting means.
2022-01-13 21:04:15 -08:00
JRGTH e11ed392f6 Fix to allow 32-Bit base releases to be updated 2022-01-13 20:39:07 -04:00
Christer Edwards 548ab2e250 Merge pull request #479 from JRGTH/master
Make sure to check/bootstrap directories first
2022-01-13 12:20:51 -07:00
Christer Edwards 9fa07ae24e Merge pull request #480 from robarnold/import
Import iocage basejails as Bastille thin jails
2022-01-13 12:20:32 -07:00
Rob Arnold 523c3f0bde Import iocage basejails as Bastille thin jails
I think these are the same concept, but with slightly different execution.
The main idea is to have a central base system that is shared (readonly) among
multiple jails. When this base system is updated, all the jails that reference
it immediately see the new system files.

This is implemented in iocage as a set of individual zfs mounts, one per
system directory. In Bastille, each system directory is symlinked into a
subdirectory of a single zfs mount.

My test plan here was to import an exported iocage basejail and verify that
its Bastille version has the right fstab and symlink changes:
```
Validating file: ssl_2021-11-19.zip...
File validation successful!
Importing 'ssl' from foreign compressed .zip archive.
Archive:  ssl_2021-11-19.zip
 extracting: ssl_2021-11-19
 extracting: ssl_2021-11-19_root
Receiving ZFS data stream...
Generating jail.conf...
Updating symlinks...
ln: usr/src: Directory not empty
Warning: directory usr/src on imported jail was not empty and will not be updated by Bastille
Container 'ssl' imported successfully.
```
2022-01-09 18:05:05 -08:00
JRGTH af0e9a95a4 Allow --safe to be added to defined options 2022-01-04 17:17:36 -04:00
JRGTH 26e8f382e4 Override case options by the user defined option(s) 2022-01-04 17:03:07 -04:00
JRGTH 788e4c283b Make sure to check/bootstrap directories first 2022-01-03 09:23:10 -04:00
Christer Edwards a56cb2d433 Merge pull request #478 from yaazkal/fix_create_vnet
Fix create vnet jails
2021-12-28 20:59:42 -07:00
yaazkal 17e4fa78f9 [FIX] vnet: use the right search pattern to choose the unique epair 2021-12-28 22:42:52 -05:00
yaazkal c8545e8598 [REF] indentation: change tab to spaces 2021-12-28 21:22:30 -05:00
yaazkal 9a47a6c573 [REF] SC2003: expr is antiquated 2021-12-28 21:19:54 -05:00
39 changed files with 528 additions and 339 deletions
+1 -1
View File
@@ -1,6 +1,6 @@
BSD 3-Clause License
Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -4,7 +4,7 @@ Bastille is available in the official FreeBSD ports tree at
`sysutils/bastille`. Binary packages available in `quarterly` and `latest`
repositories.
Current version is `0.9.20211225`.
Current version is `0.9.20220216`.
To install from the FreeBSD package repository:
+3 -3
View File
@@ -8,13 +8,13 @@ else:
# -- Project information -----------------------------------------------------
project = 'Bastille'
copyright = '2018-2021, Christer Edwards'
copyright = '2018-2022, Christer Edwards'
author = 'Christer Edwards'
# The short X.Y version
version = '0.9.20211225'
version = '0.9.20220216'
# The full version, including alpha/beta/rc tags
release = '0.9.20211225-beta'
release = '0.9.20220216-beta'
# -- General configuration ---------------------------------------------------
+2 -2
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -70,7 +70,7 @@ bastille_perms_check() {
bastille_perms_check
## version
BASTILLE_VERSION="0.9.20211225"
BASTILLE_VERSION="0.9.20220216"
usage() {
cat << EOF
@@ -57,5 +57,6 @@ bastille_network_gateway6="" ## default
bastille_template_base="default/base" ## default: "default/base"
bastille_template_empty="" ## default: "default/empty"
bastille_template_thick="default/thick" ## default: "default/thick"
bastille_template_clone="default/clone" ## default: "default/clone"
bastille_template_thin="default/thin" ## default: "default/thin"
bastille_template_vnet="default/vnet" ## default: "default/vnet"
+23 -19
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -304,13 +304,18 @@ bootstrap_release() {
debootstrap_release() {
# Make sure to check/bootstrap directories first.
RELEASE="${DIR_BOOTSTRAP}"
bootstrap_directories
#check and install OS dependencies @hackacad
#ToDo: add function 'linux_pre' for sysrc etc.
required_mods="fdescfs linprocfs linsysfs tmpfs"
linuxarc_mods="linux linux64"
for _req_kmod in ${required_mods}; do
if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ]; then
if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ] && \
[ ! "$(sysrc -f /boot/loader.conf.local -qn ${_req_kmod}_load)" = "YES" ]; then
warn "${_req_kmod} not enabled in /boot/loader.conf, Should I do that for you? (N|y)"
read answer
case "${answer}" in
@@ -343,7 +348,8 @@ debootstrap_release() {
kldload -v ${_lin_kmod}
fi
done
if [ ! "$(sysrc -qn linux_enable)" = "YES" ]; then
if [ ! "$(sysrc -qn linux_enable)" = "YES" ] && \
[ ! "$(sysrc -f /etc/rc.conf.local -qn linux_enable)" = "YES" ]; then
sysrc linux_enable=YES
fi
@@ -360,17 +366,6 @@ debootstrap_release() {
esac
fi
# Create subsequent Linux releases datasets
if [ ! -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then
if [ "${bastille_zfs_enable}" = "YES" ]; then
if [ -n "${bastille_zfs_zpool}" ]; then
zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${DIR_BOOTSTRAP}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}"
fi
else
mkdir -p "${bastille_releasesdir}/${DIR_BOOTSTRAP}"
fi
fi
# Fetch the Linux flavor
info "Bootstrapping ${PLATFORM_OS} distfiles..."
if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${LINUX_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then
@@ -441,6 +436,15 @@ bootstrap_template() {
HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
# bootstrapping from aarch64/arm64 Debian or Ubuntu require a different value for ARCH
# create a new variable
if [ "${HW_MACHINE_ARCH}" == "aarch64" ]; then
HW_MACHINE_ARCH_LINUX="arm64"
else
HW_MACHINE_ARCH_LINUX=${HW_MACHINE_ARCH}
fi
RELEASE="${1}"
OPTION="${2}"
@@ -532,35 +536,35 @@ ubuntu_bionic|bionic|ubuntu-bionic)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="bionic"
DIR_BOOTSTRAP="Ubuntu_1804"
ARCH_BOOTSTRAP="amd64"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
ubuntu_focal|focal|ubuntu-focal)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="focal"
DIR_BOOTSTRAP="Ubuntu_2004"
ARCH_BOOTSTRAP="amd64"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_stretch|stretch|debian-stretch)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="stretch"
DIR_BOOTSTRAP="Debian9"
ARCH_BOOTSTRAP="amd64"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_buster|buster|debian-buster)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="buster"
DIR_BOOTSTRAP="Debian10"
ARCH_BOOTSTRAP="amd64"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_bullseye|bullseye|debian-bullseye)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="bullseye"
DIR_BOOTSTRAP="Debian11"
ARCH_BOOTSTRAP="amd64"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
*)
+4 -2
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -130,7 +130,7 @@ update_fstab() {
# Update fstab to use the new name
FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab"
if [ -f "${FSTAB_CONFIG}" ]; then
FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq)
FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-5]|-BETA[1-5]|-CURRENT)|([0-9]{1,2}(-stable-build-[0-9]{1,3}|-stable-LAST))|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq)
FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
@@ -139,6 +139,8 @@ update_fstab() {
sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
fi
fi
# Update additional fstab paths with new jail path
sed -i '' "s|${bastille_jailsdir}/${TARGET}/root/|${bastille_jailsdir}/${NEWNAME}/root/|" "${FSTAB_CONFIG}"
fi
}
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+47 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -60,3 +60,49 @@ info() {
warn() {
echo -e "${COLOR_YELLOW}$*${COLOR_RESET}"
}
generate_vnet_jail_netblock() {
local jail_name="$1"
local use_unique_bridge="$2"
local external_interface="$3"
## determine number of containers + 1
## iterate num and grep all jail configs
## define uniq_epair
local jail_list=$(bastille list jails)
if [ -n "${jail_list}" ]; then
local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
local num_range=$((list_jails_num + 1))
for _num in $(seq 0 "${num_range}"); do
if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
local uniq_epair="bastille${_num}"
local uniq_epair_bridge="${_num}"
break
fi
done
else
local uniq_epair="bastille0"
local uniq_epair_bridge="0"
fi
if [ -n "${use_unique_bridge}" ]; then
## generate bridge config
cat <<-EOF
vnet;
vnet.interface = "e${uniq_epair_bridge}b_${jail_name}";
exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a";
exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}";
exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}";
exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}";
exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy";
EOF
else
## generate config
cat <<-EOF
vnet;
vnet.interface = e0b_${uniq_epair};
exec.prestart += "jib addm ${uniq_epair} ${external_interface}";
exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\"";
exec.poststop += "jib destroy ${uniq_epair}";
EOF
fi
}
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+85 -95
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,7 @@ usage() {
-L | --linux -- This option is intended for testing with Linux jails, this is considered experimental.
-T | --thick -- Creates a thick container, they consume more space as they are self contained and independent.
-V | --vnet -- Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity.
-C | --clone -- Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data.
-B | --bridge -- Enables VNET, VNET containers are attached to a specified, already existing external bridge.
EOF
@@ -185,28 +186,7 @@ EOF
}
generate_vnet_jail_conf() {
## determine number of containers + 1
## iterate num and grep all jail configs
## define uniq_epair
local jail_list=$(bastille list jails)
if [ -n "${jail_list}" ]; then
local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
local num_range=$(expr "${list_jails_num}" + 1)
for _num in $(seq 0 "${num_range}"); do
if ! grep -q "e${_num}b" "${bastille_jailsdir}"/*/jail.conf; then
uniq_epair="bastille${_num}"
uniq_epair_bridge="${_num}"
break
fi
done
else
uniq_epair="bastille0"
uniq_epair_bridge="0"
fi
if [ -n "${VNET_JAIL_BRIDGE}" ]; then
## generate bridge config
NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}")
cat << EOF > "${bastille_jail_conf}"
${NAME} {
devfs_ruleset = 13;
@@ -221,41 +201,46 @@ ${NAME} {
path = ${bastille_jail_path};
securelevel = 2;
exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
exec.prestart += "ifconfig ${bastille_jail_conf_interface} addm epair${uniq_epair_bridge}a";
exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${NAME}";
exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${NAME}";
exec.poststop += "ifconfig ${bastille_jail_conf_interface} deletem e${uniq_epair_bridge}a_${NAME}";
exec.poststop += "ifconfig e${uniq_epair_bridge}a_${NAME} destroy";
vnet;
vnet.interface = "e${uniq_epair_bridge}b_${NAME}";
${NETBLOCK}
}
EOF
else
## generate config
cat << EOF > "${bastille_jail_conf}"
${NAME} {
devfs_ruleset = 13;
enforce_statfs = 2;
exec.clean;
exec.consolelog = ${bastille_jail_log};
exec.start = '/bin/sh /etc/rc';
exec.stop = '/bin/sh /etc/rc.shutdown';
host.hostname = ${NAME};
mount.devfs;
mount.fstab = ${bastille_jail_fstab};
path = ${bastille_jail_path};
securelevel = 2;
vnet;
vnet.interface = e0b_${uniq_epair};
exec.prestart += "jib addm ${uniq_epair} ${bastille_jail_conf_interface}";
exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${NAME}\"";
exec.poststop += "jib destroy ${uniq_epair}";
}
EOF
post_create_jail() {
# Common config checks and settings.
# Using relative paths here.
# MAKE SURE WE'RE IN THE RIGHT PLACE.
cd "${bastille_jail_path}"
echo
if [ ! -f "${bastille_jail_conf}" ]; then
if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_shared}
fi
if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_loopback}
fi
if [ -n "${INTERFACE}" ]; then
local bastille_jail_conf_interface=${INTERFACE}
fi
fi
if [ ! -f "${bastille_jail_fstab}" ]; then
if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > "${bastille_jail_fstab}"
else
touch "${bastille_jail_fstab}"
fi
fi
# Generate the jail configuration file.
if [ -n "${VNET_JAIL}" ]; then
generate_vnet_jail_conf
else
generate_jail_conf
fi
}
create_jail() {
@@ -272,8 +257,10 @@ create_jail() {
if [ "${bastille_zfs_enable}" = "YES" ]; then
if [ -n "${bastille_zfs_zpool}" ]; then
## create required zfs datasets, mountpoint inherited from system
if [ -z "${CLONE_JAIL}" ]; then
zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}"
if [ -z "${THICK_JAIL}" ]; then
fi
if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
fi
fi
@@ -281,8 +268,10 @@ create_jail() {
mkdir -p "${bastille_jailsdir}/${NAME}/root"
fi
fi
## PoC for Linux jails @hackacad
if [ -n "${LINUX_JAIL}" ]; then
info "\nCreating a linuxjail. This may take a while...\n"
if [ ! -d "${bastille_jail_base}" ]; then
mkdir -p "${bastille_jail_base}"
fi
@@ -326,55 +315,29 @@ create_jail() {
fi
if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then
if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
if [ ! -d "${bastille_jail_base}" ]; then
mkdir -p "${bastille_jail_base}"
fi
if [ ! -d "${bastille_jail_template}" ]; then
mkdir -p "${bastille_jail_template}"
fi
fi
if [ ! -d "${bastille_jail_path}/usr/local" ]; then
mkdir -p "${bastille_jail_path}/usr/local"
fi
if [ ! -d "${bastille_jail_template}" ]; then
mkdir -p "${bastille_jail_template}"
fi
# Check and apply required settings.
post_create_jail
if [ ! -f "${bastille_jail_fstab}" ]; then
if [ -z "${THICK_JAIL}" ]; then
echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > "${bastille_jail_fstab}"
else
touch "${bastille_jail_fstab}"
fi
fi
if [ ! -f "${bastille_jail_conf}" ]; then
if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_shared}
fi
if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_loopback}
fi
if [ -n "${INTERFACE}" ]; then
local bastille_jail_conf_interface=${INTERFACE}
fi
## generate the jail configuration file
if [ -n "${VNET_JAIL}" ]; then
generate_vnet_jail_conf
else
generate_jail_conf
fi
fi
## using relative paths here
## MAKE SURE WE'RE IN THE RIGHT PLACE
cd "${bastille_jail_path}"
echo
if [ -z "${THICK_JAIL}" ]; then
if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src"
info "Creating a thinjail...\n"
for _link in ${LINK_LIST}; do
ln -sf /.bastille/${_link} ${_link}
done
# Properly link shared ports on thin jails in read-write.
if [ -d "${bastille_releasesdir}/${RELEASE}/usr/ports" ]; then
if [ ! -d "${bastille_jail_path}/usr/ports" ]; then
@@ -384,7 +347,7 @@ create_jail() {
fi
fi
if [ -z "${THICK_JAIL}" ]; then
if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
## rw
## copy only required files for thin jails
FILE_LIST=".cshrc .profile COPYRIGHT dev etc media mnt net proc root tmp var usr/obj usr/tests"
@@ -398,9 +361,21 @@ create_jail() {
fi
done
else
info "Creating a thickjail. This may take a while..."
if [ "${bastille_zfs_enable}" = "YES" ]; then
if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${CLONE_JAIL}" ]; then
info "Creating a clonejail...\n"
## clone the release base to the new basejail
SNAP_NAME="bastille-clone-$(date +%Y-%m-%d-%H%M%S)"
zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
zfs clone -p "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" \
"${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
# Check and apply required settings.
post_create_jail
elif [ -n "${THICK_JAIL}" ]; then
info "Creating a thickjail. This may take a while...\n"
## perform release base replication
## sane bastille zfs options
@@ -419,6 +394,7 @@ create_jail() {
## cleanup temp snapshots initially
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"@"${SNAP_NAME}"
fi
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
@@ -527,6 +503,10 @@ create_jail() {
if [ -n "${bastille_template_thick}" ]; then
bastille template "${NAME}" ${bastille_template_thick} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi
elif [ -n "${CLONE_JAIL}" ]; then
if [ -n "${bastille_template_clone}" ]; then
bastille template "${NAME}" ${bastille_template_clone} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi
elif [ -n "${EMPTY_JAIL}" ]; then
if [ -n "${bastille_template_empty}" ]; then
bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
@@ -572,6 +552,7 @@ fi
## reset this options
EMPTY_JAIL=""
THICK_JAIL=""
CLONE_JAIL=""
VNET_JAIL=""
LINUX_JAIL=""
@@ -599,6 +580,10 @@ while [ $# -gt 0 ]; do
VNET_JAIL_BRIDGE="1"
shift
;;
-C|--clone|clone)
CLONE_JAIL="1"
shift
;;
-*|--*)
error_notify "Unknown Option."
usage
@@ -611,13 +596,15 @@ done
## validate for combined options
if [ -n "${EMPTY_JAIL}" ]; then
if [ -n "${THICK_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${LINUX_JAIL}" ]; then
if [ -n "${CLONE_JAIL}" ] || [ -n "${THICK_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${LINUX_JAIL}" ]; then
error_exit "Error: Empty jail option can't be used with other options."
fi
elif [ -n "${LINUX_JAIL}" ]; then
if [ -n "${EMPTY_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${THICK_JAIL}" ]; then
if [ -n "${EMPTY_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${THICK_JAIL}" ] || [ -n "${CLONE_JAIL}" ]; then
error_exit "Error: Linux jail option can't be used with other options."
fi
elif [ -n "${CLONE_JAIL}" ] && [ -n "${THICK_JAIL}" ]; then
error_exit "Error: Clonejail and Thickjail can't be used together."
fi
NAME="$1"
@@ -801,6 +788,9 @@ fi
if [ -z ${bastille_template_thick+x} ]; then
bastille_template_thick='default/thick'
fi
if [ -z ${bastille_template_clone+x} ]; then
bastille_template_clone='default/clone'
fi
if [ -z ${bastille_template_thin+x} ]; then
bastille_template_thin='default/thin'
fi
+18 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -118,6 +118,23 @@ destroy_rel() {
if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then
error_notify "Notice: (${_jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
elif [ "${bastille_zfs_enable}" = "YES" ]; then
if [ -n "${bastille_zfs_zpool}" ]; then
## check if this release have child clones
if zfs list -H -t snapshot -r "${bastille_rel_base}" > /dev/null 2>&1; then
SNAP_CLONE=$(zfs list -H -t snapshot -r "${bastille_rel_base}" 2> /dev/null | awk '{print $1}')
for _snap_clone in ${SNAP_CLONE}; do
if zfs list -H -o clones "${_snap_clone}" > /dev/null 2>&1; then
CLONE_JAIL=$(zfs list -H -o clones "${_snap_clone}" | tr ',' '\n')
CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}/root"
if echo "${CLONE_JAIL}" | grep -qw "${CLONE_CHECK}"; then
error_notify "Notice: (${_jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
fi
fi
done
fi
fi
fi
done
fi
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+57 -9
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,7 @@ usage() {
-v | --verbose -- Be more verbose during the ZFS send operation.
--xz -- Export a ZFS jail using XZ(.xz) compressed image.
Tip: If no option specified, container should be exported to standard output.
Note: If no export option specified, the container should be redirected to standard output.
EOF
exit 1
@@ -80,6 +80,7 @@ zfs_enable_check() {
TARGET="${1}"
GZIP_EXPORT=
XZ_EXPORT=
SAFE_EXPORT=
USER_EXPORT=
RAW_EXPORT=
@@ -93,6 +94,50 @@ opt_count() {
COMP_OPTION=$(expr ${COMP_OPTION} + 1)
}
if [ -n "${bastille_export_options}" ]; then
# Overrides the case options by the user defined option(s) automatically.
# Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable.
# To restore the standard case options, empty bastille_export_options="" in bastille.conf, or `unset bastille_export_options` environment variable.
# Reference "/bastille/issues/443"
DEFAULT_EXPORT_OPTS="${bastille_export_options}"
info "Default export option(s): '${DEFAULT_EXPORT_OPTS}'"
for opt in ${DEFAULT_EXPORT_OPTS}; do
case "${opt}" in
--gz)
GZIP_EXPORT="1"
opt_count
shift;;
--xz)
XZ_EXPORT="1"
opt_count
shift;;
--tgz)
TGZ_EXPORT="1"
opt_count
zfs_enable_check
shift;;
--txz)
TXZ_EXPORT="1"
opt_count
zfs_enable_check
shift;;
--safe)
SAFE_EXPORT="1"
shift;;
--raw)
RAW_EXPORT="1"
opt_count
shift ;;
--verbose)
OPT_ZSEND="-Rv"
shift;;
-*|--*) error_notify "Unknown Option."
usage;;
esac
done
else
# Handle and parse option args
while [ $# -gt 0 ]; do
case "${1}" in
@@ -154,6 +199,7 @@ while [ $# -gt 0 ]; do
;;
esac
done
fi
# Validate for combined options
if [ "${COMP_OPTION}" -gt "1" ]; then
@@ -200,13 +246,13 @@ create_zfs_snap() {
if [ -z "${USER_EXPORT}" ]; then
info "Creating temporary ZFS snapshot for export..."
fi
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
}
clean_zfs_snap() {
# Cleanup the recursive temporary snapshot
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}/root@bastille_export_${DATE}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}/root@bastille_${TARGET}_${DATE}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
}
export_check() {
@@ -263,7 +309,7 @@ jail_export() {
export_check
# Export the raw container recursively and cleanup temporary snapshots
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" \
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" \
> "${bastille_backupsdir}/${TARGET}_${DATE}"
clean_zfs_snap
elif [ -n "${GZIP_EXPORT}" ]; then
@@ -271,7 +317,7 @@ jail_export() {
export_check
# Export the raw container recursively and cleanup temporary snapshots
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" | \
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" | \
gzip ${bastille_compress_gz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
clean_zfs_snap
elif [ -n "${XZ_EXPORT}" ]; then
@@ -279,7 +325,7 @@ jail_export() {
export_check
# Export the container recursively and cleanup temporary snapshots
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" | \
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" | \
xz ${bastille_compress_xz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
clean_zfs_snap
else
@@ -288,8 +334,10 @@ jail_export() {
export_check
# Quietly export the container recursively, user must redirect standard output
zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
if ! zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"; then
clean_zfs_snap
error_notify "\nError: An export option is required, see 'bastille export, otherwise the user must redirect to standard output."
fi
fi
fi
else
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+34 -6
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -183,15 +183,31 @@ generate_config() {
IPV6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://')
DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://')
DEVFS_RULESET=${DEVFS_RULESET:-4}
IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://')
CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//')
IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://')
VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://')
ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1
if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then
# Grab the default ipv4 route from netstat and pull out the interface
VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4)
fi
fi
elif [ "${FILE_EXT}" = ".tar.gz" ]; then
# Gather some bits from foreign/ezjail config files
PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*"
if [ -n "${PROP_CONFIG}" ]; then
IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//")
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
fi
# Always assume it's thin for ezjail
IS_THIN_JAIL=1
fi
# See if we need to generate a vnet network section
if [ "${IS_VNET_JAIL:-0}" = "1" ]; then
NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}")
else
# If there are multiple IP/NIC let the user configure network
if [ -n "${IPV4_CONFIG}" ]; then
if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then
@@ -238,8 +254,15 @@ generate_config() {
warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
fi
if [ "${FILE_EXT}" = ".tar.gz" ]; then
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
NETBLOCK=$(cat <<-EOF
interface = ${NETIF_CONFIG};
${IPX_ADDR} = ${IP_CONFIG};
ip6 = ${IP6_MODE};
EOF
)
fi
if [ "${IS_THIN_JAIL:-0}" = "1" ]; then
if [ -z "${CONFIG_RELEASE}" ]; then
# Fallback to host version
CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')
@@ -272,9 +295,7 @@ ${TARGET_TRIM} {
path = ${bastille_jailsdir}/${TARGET_TRIM}/root;
securelevel = 2;
interface = ${NETIF_CONFIG};
${IPX_ADDR} = ${IP_CONFIG};
ip6 = ${IP6_MODE};
${NETBLOCK}
}
EOF
}
@@ -337,6 +358,13 @@ update_symlinks() {
for _link in ${SYMLINKS}; do
if [ -L "${_link}" ]; then
ln -sf /.bastille/${_link} ${_link}
elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" -a -d "${_link}" ]; then
# -F will enforce that the directory is empty and replaced by the symlink
ln -sfF /.bastille/${_link} ${_link} || EXIT_CODE=$?
if [ "${EXIT_CODE:-0}" != "0" ]; then
# Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms
warn "Warning: directory ${_link} on imported jail was not empty and will not be updated by Bastille"
fi
fi
done
}
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
# Ressource limits added by Sven R github.com/hackacad
#
+58 -31
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille list [-j|-a] [release|template|(jail|container)|log|limit|(import|export|backup)]"
error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]"
}
if [ $# -eq 0 ]; then
@@ -54,65 +54,86 @@ if [ $# -gt 0 ]; then
if [ -d "${bastille_jailsdir}" ]; then
DEFAULT_VALUE="-"
SPACER=2
MAX_LENGTH_JAIL_NAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf | sed "s/^.*\/\(.*\)\/jail.conf$/\1/" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_NAME=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -m 1 -e "^.* {$" | awk '{ print length($1) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_NAME=${MAX_LENGTH_JAIL_NAME:-3}
if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi
MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10}
MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/grep "ifconfig_vnet0=" \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | sed 's/\// /g' | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_VNET_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10}
if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi
if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi
MAX_LENGTH_JAIL_HOSTNAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_HOSTNAME=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -m 1 -e "^[ ]*host.hostname[ ]*=[ ]*\(.*\);" | awk '{ print length(substr($3, 1, length($3)-1)) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_HOSTNAME=${MAX_LENGTH_JAIL_HOSTNAME:-8}
if [ ${MAX_LENGTH_JAIL_HOSTNAME} -lt 8 ]; then MAX_LENGTH_JAIL_HOSTNAME=8; fi
MAX_LENGTH_JAIL_PORTS=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name rdr.conf -exec awk '{ lines++; chars += length($0)} END { chars += lines - 1; print chars }' {} \; | sort -nr | head -n 1)
MAX_LENGTH_JAIL_PORTS=$(find ""${bastille_jailsdir}/*/rdr.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 -n1 awk '{ lines++; chars += length($0)} END { chars += lines - 1; print chars }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15}
if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi
if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi
MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab 2> /dev/null -exec grep "/releases/.*/root/.bastille nullfs" {} \; | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7}
MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin"" -maxdepth 1 -type f -name freebsd-version 2> /dev/null -exec grep "^USERLAND_VERSION=" {} \; | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin/freebsd-version"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7}
MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7}
if [ ${MAX_LENGTH_THICK_JAIL_RELEASE} -gt ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi
if [ ${MAX_LENGTH_LINUX_JAIL_RELEASE} -gt ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi
if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi
printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" ""
JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g")
for _JAIL in ${JAIL_LIST}; do
if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then
if [ "$(/usr/sbin/jls name | awk "/^${_JAIL}$/")" ]; then
JAIL_NAME=$(grep -h -m 1 -e "^.* {$" "${bastille_jailsdir}/${_JAIL}/jail.conf" 2> /dev/null | awk '{ print $1 }')
IS_FREEBSD_JAIL=0
if [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/bin/freebsd-version" -o -f "${bastille_jailsdir}/${JAIL_NAME}/root/.bastille/bin/freebsd-version" -o "$(grep -c "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_FREEBSD_JAIL=1; fi
IS_FREEBSD_JAIL=${IS_FREEBSD_JAIL:-0}
IS_LINUX_JAIL=0
if [ "$(grep -c "^linprocfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_LINUX_JAIL=1; fi
IS_LINUX_JAIL=${IS_LINUX_JAIL:-0}
if [ "$(/usr/sbin/jls name | awk "/^${JAIL_NAME}$/")" ]; then
JAIL_STATE="Up"
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then
JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}")
if [ ! ${JAIL_IP} ]; then JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}")
if [ ! ${JAIL_IP} ]; then JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi
else
JAIL_IP=$(/usr/sbin/jls -j ${_JAIL} ip4.addr 2> /dev/null)
if [ ${JAIL_IP} = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${_JAIL} ip6.addr 2> /dev/null); fi
JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip4.addr 2> /dev/null)
if [ ${JAIL_IP} = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip6.addr 2> /dev/null); fi
fi
JAIL_HOSTNAME=$(/usr/sbin/jls -j ${_JAIL} host.hostname 2> /dev/null)
JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//")
JAIL_PATH=$(/usr/sbin/jls -j ${_JAIL} path 2> /dev/null)
JAIL_RELEASE=$(jexec -l ${_JAIL} freebsd-version -u 2> /dev/null)
else
JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi)
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then
JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf" | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }')
else
JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | sed "s/\// /g" | awk '{ print $1 }')
JAIL_HOSTNAME=$(/usr/sbin/jls -j ${JAIL_NAME} host.hostname 2> /dev/null)
JAIL_PORTS=$(pfctl -a "rdr/${JAIL_NAME}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//")
JAIL_PATH=$(/usr/sbin/jls -j ${JAIL_NAME} path 2> /dev/null)
if [ ${IS_FREEBSD_JAIL} -eq 1 ]; then
JAIL_RELEASE=$(jexec -l ${JAIL_NAME} freebsd-version -u 2> /dev/null)
fi
JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf")
if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi
JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf")
if [ ${IS_LINUX_JAIL} -eq 1 ]; then
JAIL_RELEASE=$(grep -hE "^NAME=.*$|^VERSION_ID=.*$|^VERSION_CODENAME=.*$" "${JAIL_PATH}/etc/os-release" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | awk -F'=' '{ a[$1] = $2; o++ } o%3 == 0 { print a["VERSION_CODENAME"] " (" a["NAME"] " " a["VERSION_ID"] ")" }')
fi
else
JAIL_STATE=$(if [ "$(sed -n "/^${JAIL_NAME} {$/,/^}$/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | awk '$0 ~ /^'${JAIL_NAME}' \{|\}/ { printf "%s",$0 }')" == "${JAIL_NAME} {}" ]; then echo "Down"; else echo "n/a"; fi)
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }')
else
JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed "s/\// /g" | awk '{ print $1 }')
fi
JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
if [ -f "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" 2> /dev/null | sed "s/,$//"); else JAIL_PORTS=""; fi
JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
if [ ${JAIL_PATH} ]; then
if [ ${IS_FREEBSD_JAIL} -eq 1 ]; then
if [ -f "${JAIL_PATH}/bin/freebsd-version" ]; then
JAIL_RELEASE=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${JAIL_PATH}/bin/freebsd-version")
JAIL_RELEASE=$(grep -hE "^USERLAND_VERSION=" "${JAIL_PATH}/bin/freebsd-version" 2> /dev/null | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p")
else
JAIL_RELEASE=$(grep "/releases/.*/root/.bastille nullfs" "${bastille_jailsdir}/${_JAIL}/fstab" 2> /dev/null | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p")
JAIL_RELEASE=$(grep -h "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p")
fi
fi
if [ ${IS_LINUX_JAIL} -eq 1 ]; then
JAIL_RELEASE=$(grep -hE "^NAME=.*$|^VERSION_ID=.*$|^VERSION_CODENAME=.*$" "${JAIL_PATH}/etc/os-release" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | awk -F'=' '{ a[$1] = $2; o++ } o%3 == 0 { print a["VERSION_CODENAME"] " (" a["NAME"] " " a["VERSION_ID"] ")" }')
fi
else
JAIL_RELEASE=""
fi
fi
if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi
JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}}
JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}}
@@ -121,7 +142,7 @@ if [ $# -gt 0 ]; then
JAIL_HOSTNAME=${JAIL_HOSTNAME:-${DEFAULT_VALUE}}
JAIL_RELEASE=${JAIL_RELEASE:-${DEFAULT_VALUE}}
JAIL_PATH=${JAIL_PATH:-${DEFAULT_VALUE}}
printf " ${_JAIL}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#_JAIL} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
fi
done
else
@@ -133,8 +154,14 @@ if [ $# -gt 0 ]; then
REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g")
for _REL in ${REL_LIST}; do
if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" -o -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then
if [ "$2" == "-p" -a -f "${bastille_releasesdir}/${_REL}/bin/freebsd-version" ]; then
REL_PATCH_LEVEL=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${bastille_releasesdir}/${_REL}/bin/freebsd-version" 2> /dev/null)
REL_PATCH_LEVEL=${REL_PATCH_LEVEL:-${_REL}}
echo "${REL_PATCH_LEVEL}"
else
echo "${_REL}"
fi
fi
done
fi
;;
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+10 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -76,6 +76,8 @@ update_fstab() {
# Update fstab to use the new name
FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab"
if [ -f "${FSTAB_CONFIG}" ]; then
# Skip if fstab is empty, e.g newly created thick or clone jails
if [ -s "${FSTAB_CONFIG}" ]; then
FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}")
FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
@@ -85,6 +87,13 @@ update_fstab() {
sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
fi
fi
# Update linuxjail fstab name entries
# Search for either linprocfs/linsysfs, if true assume is a linux jail
if grep -qwE "linprocfs|linsysfs" "${FSTAB_CONFIG}"; then
sed -i '' "s|.${bastille_jailsdir}/${TARGET}/|${bastille_jailsdir}/${NEWNAME}/|" "${FSTAB_CONFIG}"
fi
fi
fi
}
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -0,0 +1,4 @@
ARG BASE_TEMPLATE=default/base
ARG HOST_RESOLV_CONF=/etc/resolv.conf
INCLUDE ${BASE_TEMPLATE} --arg HOST_RESOLV_CONF="${HOST_RESOLV_CONF}"
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+15 -2
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -73,6 +73,13 @@ if freebsd-version | grep -qi HBSD; then
error_exit "Not yet supported on HardenedBSD."
fi
# Check for alternate/unsupported archs
arch_check() {
if echo "${TARGET}" | grep -w "[0-9]\{1,2\}\.[0-9]\-RELEASE\-i386"; then
ARCH_I386="1"
fi
}
jail_check() {
# Check if the jail is thick and is running
if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
@@ -103,8 +110,13 @@ jail_update() {
release_update() {
# Update a release base(affects child containers)
if [ -d "${bastille_releasesdir}/${TARGET}" ]; then
TARGET_TRIM="${TARGET}"
if [ -n "${ARCH_I386}" ]; then
TARGET_TRIM=$(echo "${TARGET}" | sed 's/-i386//')
fi
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \
fetch install --currently-running "${TARGET}"
fetch install --currently-running "${TARGET_TRIM}"
else
error_exit "${TARGET} not found. See 'bastille bootstrap'."
fi
@@ -152,6 +164,7 @@ elif echo "${TARGET}" | grep -Eq '^[A-Za-z0-9_-]+/[A-Za-z0-9_-]+$'; then
BASTILLE_TEMPLATE="${TARGET}"
template_update
elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then
arch_check
release_update
else
jail_update
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without