Merge pull request #529 from BastilleBSD/fete_nationale_2022

prepare for fete nationale 2022
2022-07-13 21:32:33 -06:00 · 2022-07-13 21:30:04 -06:00 · 2022-07-10 20:23:44 -06:00 · 2022-07-10 20:23:22 -06:00 · 2022-06-20 06:35:02 -05:00 · 2022-06-20 06:30:42 -05:00
42 changed files with 652 additions and 370 deletions
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -23,6 +23,11 @@ Christer Edwards [christer.edwards@gmail.com]
 - Sven R.
 - Tobias Tom
 - Stefano Marinelli
 - Logan Ellis
 - Chuck Tuffli
 - Niketh Murali
 - Eric Borisch
 - Kevet Duncombe
 ### Special thanks
 Software doesn't happen in a vacuum. Thank you to the following people who may
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 BSD 3-Clause License
-Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
--- a/README.md
+++ b/README.md
@@ -292,7 +292,7 @@ bootstrapping templates from GitHub or GitLab.
 See `bastille update` to ensure your bootstrapped releases include the latest
 patches.
-** Ubuntu Linux [new since 0.9] **
+**Ubuntu Linux [new since 0.9]**
 The bootstrap process for Linux containers is very different from the BSD process.
 You will need the package debootstrap and some kernel modules for that.
@@ -735,8 +735,8 @@ After populating `usr/local/` with custom config files that your container will
 use, be sure to include `usr` in the template OVERLAY definition. eg;
 ```shell
-echo "CP etc" >> /usr/local/bastille/templates/username/base/Bastillefile
+echo "OVERLAY etc" >> /usr/local/bastille/templates/username/base/Bastillefile
-echo "CP usr" >> /usr/local/bastille/templates/username/base/Bastillefile
+echo "OVERLAY usr" >> /usr/local/bastille/templates/username/base/Bastillefile
 ```
 The above example will include anything under "etc" and "usr" inside
--- a/docs/chapters/installation.rst
+++ b/docs/chapters/installation.rst
@@ -4,7 +4,7 @@ Bastille is available in the official FreeBSD ports tree at
 `sysutils/bastille`. Binary packages available in `quarterly` and `latest`
 repositories.
-Current version is `0.9.20211225`.
+Current version is `0.9.20220714`.
 To install from the FreeBSD package repository:
--- a/docs/chapters/subcommands/bootstrap.rst
+++ b/docs/chapters/subcommands/bootstrap.rst
@@ -22,7 +22,7 @@ Releases
 Example
 -------
-To `bootstrap` a release, run the bootstrap sub-command with the
+To `bootstrap` a FreeBSD release, run the bootstrap sub-command with the
 release version as the argument.
 .. code-block:: shell
@@ -30,6 +30,14 @@ release version as the argument.
  ishmael ~ # bastille bootstrap 11.4-RELEASE [update]
  ishmael ~ # bastille bootstrap 12.1-RELEASE
 To `bootstrap` a HardenedBSD release, run the bootstrap sub-command with the
 build version as the argument.
 .. code-block:: shell
  ishmael ~ # bastille bootstrap 13-stable-build-latest
 This command will ensure the required directory structures are in place and
 download the requested release. For each requested release, `bootstrap` will
 download the base.txz. These files are verified (sha256 via MANIFEST file)
--- a/docs/chapters/targeting.rst
+++ b/docs/chapters/targeting.rst
@@ -27,7 +27,7 @@ Examples: Containers
 | cmd       | ALL    | 'sockstat -4'    | execute `sockstat -4` in ALL containers (ip4 sockets)       |
 +-----------+--------+-----+------------+-------------------------------------------------------------+
 | console   | mariadb02    | ---        | console (shell) access to mariadb02                         |
-+----+------+----+---------+------------+--------------+----------------------------------------------+
+----+------+--------+-----+------------+-------------------------------------------------------------+
 | pkg       | web01  | 'install nginx'  | install nginx package in web01 container                    |
 +-----------+--------+------------------+-------------------------------------------------------------+
 | pkg       | ALL    | upgrade          | upgrade packages in ALL containers                          |
@@ -39,11 +39,11 @@ Examples: Containers
 | template  | ALL    | username/base    | apply `username/base` template to ALL containers            |
 +-----------+--------+------------------+-------------------------------------------------------------+
 | start     | web02  | ---              | start web02 container                                       |
 +-----------+--------+-----+------------+-------------------------------------------------------------+
 | cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to container-path in bastion03|
 +----+------+----+---+------------------+--------------+----------------------------------------------+
 | cp | bastion03 | /tmp/resolv.conf-cf etc/resolv.conf | copy host-path to container-path in bastion03|
 +----+------+----+---+---------------------------------+----------------------------------------------+
 | create    | folsom | 12.1-RELEASE 10.17.89.10        | create 12.1 container named `folsom` with IP |
-+-----------+--------+------------------+--------------+----------------------------------------------+
+-----------+--------+---------------------------------+----------------------------------------------+
 Examples: Releases
@@ -60,7 +60,7 @@ Examples: Releases
 +-----------+--------------+--------------+-------------------------------------------------------------+
 | update    | 11.4-RELEASE | ---          | update 11.4-RELEASE release                                 |
 +-----------+--------------+--------------+-------------------------------------------------------------+
-| upgrade   | 11.3-RELEASE | 11.4-RELEASE | update 11.4-RELEASE release                                 |
+| upgrade   | 11.3-RELEASE | 11.4-RELEASE | upgrade 11.3-RELEASE release to 11.4-RELEASE                |
 +-----------+--------------+--------------+-------------------------------------------------------------+
-| verify    | 11.4-RELEASE | ---          | update 11.4-RELEASE release                                 |
+| verify    | 11.4-RELEASE | ---          | verify 11.4-RELEASE release                                 |
 +-----------+--------------+--------------+-------------------------------------------------------------+
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -8,13 +8,13 @@ else:
 # -- Project information -----------------------------------------------------
 project = 'Bastille'
-copyright = '2018-2021, Christer Edwards'
+copyright = '2018-2022, Christer Edwards'
 author = 'Christer Edwards'
 # The short X.Y version
-version = '0.9.20211225'
+version = '0.9.20220714'
 # The full version, including alpha/beta/rc tags
-release = '0.9.20211225-beta'
+release = '0.9.20220714-beta'
 # -- General configuration ---------------------------------------------------
--- a/usr/local/bin/bastille
+++ b/usr/local/bin/bastille
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -70,7 +70,7 @@ bastille_perms_check() {
 bastille_perms_check
 ## version
-BASTILLE_VERSION="0.9.20211225"
+BASTILLE_VERSION="0.9.20220714"
 usage() {
    cat << EOF
--- a/usr/local/etc/bastille/bastille.conf.sample
+++ b/usr/local/etc/bastille/bastille.conf.sample
@@ -57,5 +57,6 @@ bastille_network_gateway6=""                                          ## default
 bastille_template_base="default/base"                                 ## default: "default/base"
 bastille_template_empty=""                                            ## default: "default/empty"
 bastille_template_thick="default/thick"                               ## default: "default/thick"
 bastille_template_clone="default/clone"                               ## default: "default/clone"
 bastille_template_thin="default/thin"                                 ## default: "default/thin"
 bastille_template_vnet="default/vnet"                                 ## default: "default/vnet"
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -127,19 +127,29 @@ bootstrap_directories() {
        if [ "${bastille_zfs_enable}" = "YES" ]; then
            if [ -n "${bastille_zfs_zpool}" ]; then
                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache"
-                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}"
+                # Don't create unused/stale cache/RELEASE directory on Linux jails creation.
                if [ -z "${NOCACHEDIR}" ]; then
                    zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}"
                fi
            fi
        else
-            mkdir -p "${bastille_cachedir}/${RELEASE}"
+            mkdir -p "${bastille_cachedir}"
            # Don't create unused/stale cache/RELEASE directory on Linux jails creation.
            if [ -z "${NOCACHEDIR}" ]; then
                mkdir -p "${bastille_cachedir}/${RELEASE}"
            fi
        fi
    ## create subsequent cache/XX.X-RELEASE datasets
    elif [ ! -d "${bastille_cachedir}/${RELEASE}" ]; then
-        if [ "${bastille_zfs_enable}" = "YES" ]; then
+        # Don't create unused/stale cache/RELEASE directory on Linux jails creation.
-            if [ -n "${bastille_zfs_zpool}" ]; then
+        if [ -z "${NOCACHEDIR}" ]; then
-                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}"
+            if [ "${bastille_zfs_enable}" = "YES" ]; then
                if [ -n "${bastille_zfs_zpool}" ]; then
                    zfs create ${bastille_zfs_options} -o mountpoint="${bastille_cachedir}/${RELEASE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE}"
                fi
            else
                mkdir -p "${bastille_cachedir}/${RELEASE}"
            fi
        else
            mkdir -p "${bastille_cachedir}/${RELEASE}"
        fi
    fi
@@ -304,13 +314,19 @@ bootstrap_release() {
 debootstrap_release() {
    # Make sure to check/bootstrap directories first.
    NOCACHEDIR=1
    RELEASE="${DIR_BOOTSTRAP}"
    bootstrap_directories
    #check and install OS dependencies @hackacad
    #ToDo: add function 'linux_pre' for sysrc etc.
    required_mods="fdescfs linprocfs linsysfs tmpfs"
    linuxarc_mods="linux linux64"
    for _req_kmod in ${required_mods}; do
-        if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ]; then
+        if [ ! "$(sysrc -f /boot/loader.conf -qn ${_req_kmod}_load)" = "YES" ] && \
            [ ! "$(sysrc -f /boot/loader.conf.local -qn ${_req_kmod}_load)" = "YES" ]; then
            warn "${_req_kmod} not enabled in /boot/loader.conf, Should I do that for you?  (N|y)"
            read  answer
            case "${answer}" in
@@ -343,7 +359,8 @@ debootstrap_release() {
                kldload -v ${_lin_kmod}
            fi
        done
-        if [ ! "$(sysrc -qn linux_enable)" = "YES" ]; then
+        if [ ! "$(sysrc -qn linux_enable)" = "YES" ] && \
            [ ! "$(sysrc -f /etc/rc.conf.local -qn linux_enable)" = "YES" ]; then
            sysrc linux_enable=YES
        fi
@@ -360,17 +377,6 @@ debootstrap_release() {
        esac
    fi
    # Create subsequent Linux releases datasets
    if [ ! -d "${bastille_releasesdir}/${DIR_BOOTSTRAP}" ]; then
        if [ "${bastille_zfs_enable}" = "YES" ]; then
            if [ -n "${bastille_zfs_zpool}" ]; then
                zfs create ${bastille_zfs_options} -o mountpoint="${bastille_releasesdir}/${DIR_BOOTSTRAP}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${DIR_BOOTSTRAP}"
            fi
       else
           mkdir -p "${bastille_releasesdir}/${DIR_BOOTSTRAP}"
       fi
    fi
    # Fetch the Linux flavor
    info "Bootstrapping ${PLATFORM_OS} distfiles..."
    if ! debootstrap --foreign --arch=${ARCH_BOOTSTRAP} --no-check-gpg ${LINUX_FLAVOR} "${bastille_releasesdir}"/${DIR_BOOTSTRAP}; then
@@ -441,6 +447,16 @@ bootstrap_template() {
 HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
 HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
 # bootstrapping from aarch64/arm64 Debian or Ubuntu require a different value for ARCH
 # create a new variable
 if [ "${HW_MACHINE_ARCH}" == "aarch64" ]; then
    HW_MACHINE_ARCH_LINUX="arm64"
 else
    HW_MACHINE_ARCH_LINUX=${HW_MACHINE_ARCH}
 fi
 NOCACHEDIR=
 RELEASE="${1}"
 OPTION="${2}"
@@ -532,35 +548,35 @@ ubuntu_bionic|bionic|ubuntu-bionic)
    PLATFORM_OS="Ubuntu/Linux"
    LINUX_FLAVOR="bionic"
    DIR_BOOTSTRAP="Ubuntu_1804"
-    ARCH_BOOTSTRAP="amd64"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
    debootstrap_release
    ;;
 ubuntu_focal|focal|ubuntu-focal)
    PLATFORM_OS="Ubuntu/Linux"
    LINUX_FLAVOR="focal"
    DIR_BOOTSTRAP="Ubuntu_2004"
-    ARCH_BOOTSTRAP="amd64"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
    debootstrap_release
    ;;
 debian_stretch|stretch|debian-stretch)
    PLATFORM_OS="Debian/Linux"
    LINUX_FLAVOR="stretch"
    DIR_BOOTSTRAP="Debian9"
-    ARCH_BOOTSTRAP="amd64"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
    debootstrap_release
    ;;
 debian_buster|buster|debian-buster)
    PLATFORM_OS="Debian/Linux"
    LINUX_FLAVOR="buster"
    DIR_BOOTSTRAP="Debian10"
-    ARCH_BOOTSTRAP="amd64"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
    debootstrap_release
    ;;
 debian_bullseye|bullseye|debian-bullseye)
    PLATFORM_OS="Debian/Linux"
    LINUX_FLAVOR="bullseye"
    DIR_BOOTSTRAP="Debian11"
-    ARCH_BOOTSTRAP="amd64"
+    ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
    debootstrap_release
    ;;
 *)
--- a/usr/local/share/bastille/clone.sh
+++ b/usr/local/share/bastille/clone.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -130,7 +130,7 @@ update_fstab() {
    # Update fstab to use the new name
    FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab"
    if [ -f "${FSTAB_CONFIG}" ]; then
-        FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq)
+        FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-5]|-BETA[1-5]|-CURRENT)|([0-9]{1,2}(-stable-build-[0-9]{1,3}|-stable-LAST))|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq)
        FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
        FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
        if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
@@ -139,6 +139,8 @@ update_fstab() {
                sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
            fi
        fi
        # Update additional fstab paths with new jail path
        sed -i '' "s|${bastille_jailsdir}/${TARGET}/root/|${bastille_jailsdir}/${NEWNAME}/root/|" "${FSTAB_CONFIG}"
    fi
 }
--- a/usr/local/share/bastille/cmd.sh
+++ b/usr/local/share/bastille/cmd.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -29,6 +29,7 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 . /usr/local/share/bastille/common.sh
 . /usr/local/etc/bastille/bastille.conf
 usage() {
    error_exit "Usage: bastille cmd TARGET command"
@@ -51,12 +52,19 @@ RETURN=0
 for _jail in ${JAILS}; do
    COUNT=$(($COUNT+1))
    info "[${_jail}]:"
-    jexec -l -U root "${_jail}" "$@"
+
    if grep -qw "linsysfs" "${bastille_jailsdir}/${TARGET}/fstab"; then
        # Allow executing commands on Linux jails.
        jexec -l -u root "${_jail}" "$@"
    else
        jexec -l -U root "${_jail}" "$@"
    fi
    ERROR_CODE=$?
    info "[${_jail}]: ${ERROR_CODE}"
    if [ "$COUNT" -eq 1 ]; then
-        RETURN=$ERROR_CODE
+        RETURN=${ERROR_CODE}
    else 
        RETURN=$(($RETURN+$ERROR_CODE))
    fi
@@ -65,8 +73,8 @@ for _jail in ${JAILS}; do
 done
 # Check when a command is executed in all running jails. (bastille cmd ALL ...)
-if [ "$COUNT" -gt 1 ] && [ "$RETURN" -gt 0 ]; then
+if [ "${COUNT}" -gt 1 ] && [ "${RETURN}" -gt 0 ]; then
    RETURN=1
 fi
-return "$RETURN"
+return "${RETURN}"
--- a/usr/local/share/bastille/common.sh
+++ b/usr/local/share/bastille/common.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -60,3 +60,51 @@ info() {
 warn() {
    echo -e "${COLOR_YELLOW}$*${COLOR_RESET}"
 }
 generate_vnet_jail_netblock() {
    local jail_name="$1"
    local use_unique_bridge="$2"
    local external_interface="$3"
    ## determine number of containers + 1
    ## iterate num and grep all jail configs
    ## define uniq_epair
    local jail_list=$(bastille list jails)
    if [ -n "${jail_list}" ]; then
        local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
        local num_range=$((list_jails_num + 1))
        for _num in $(seq 0 "${num_range}"); do
            if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
                if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then
                    local uniq_epair="bastille${_num}"
                    local uniq_epair_bridge="${_num}"
                    break
                fi
            fi
        done
    else
        local uniq_epair="bastille0"
        local uniq_epair_bridge="0"
    fi
    if [ -n "${use_unique_bridge}" ]; then
        ## generate bridge config
        cat <<-EOF
  vnet;
  vnet.interface = "e${uniq_epair_bridge}b_${jail_name}";
  exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
  exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a";
  exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}";
  exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}";
  exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}";
  exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy";
 EOF
    else
        ## generate config
        cat <<-EOF
  vnet;
  vnet.interface = e0b_${uniq_epair};
  exec.prestart += "jib addm ${uniq_epair} ${external_interface}";
  exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\"";
  exec.poststop += "jib destroy ${uniq_epair}";
 EOF
    fi
 }
--- a/usr/local/share/bastille/config.sh
+++ b/usr/local/share/bastille/config.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/convert.sh
+++ b/usr/local/share/bastille/convert.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/cp.sh
+++ b/usr/local/share/bastille/cp.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,7 @@ usage() {
    -L | --linux  -- This option is intended for testing with Linux jails, this is considered experimental.
    -T | --thick  -- Creates a thick container, they consume more space as they are self contained and independent.
    -V | --vnet   -- Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity.
    -C | --clone  -- Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data.
    -B | --bridge -- Enables VNET, VNET containers are attached to a specified, already existing external bridge.
 EOF
@@ -169,6 +170,7 @@ ${NAME} {
  mount.fstab = ${bastille_jail_fstab};
  path = ${bastille_jail_path};
  devfs_ruleset = 4;
  enforce_statfs = 1;
  exec.start = '/bin/true';
  exec.stop = '/bin/true';
@@ -185,77 +187,61 @@ EOF
 }
 generate_vnet_jail_conf() {
-    ## determine number of containers + 1
+    NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}")
-    ## iterate num and grep all jail configs
+    cat << EOF > "${bastille_jail_conf}"
-    ## define uniq_epair
+${NAME} {
-    local jail_list=$(bastille list jails)
+  devfs_ruleset = 13;
-    if [ -n "${jail_list}" ]; then
+  enforce_statfs = 2;
-        local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
+  exec.clean;
-        local num_range=$(expr "${list_jails_num}" + 1)
+  exec.consolelog = ${bastille_jail_log};
-        for _num in $(seq 0 "${num_range}"); do
+  exec.start = '/bin/sh /etc/rc';
-            if ! grep -q "e${_num}b" "${bastille_jailsdir}"/*/jail.conf; then
+  exec.stop = '/bin/sh /etc/rc.shutdown';
-                uniq_epair="bastille${_num}"
+  host.hostname = ${NAME};
-		uniq_epair_bridge="${_num}"
+  mount.devfs;
-                break
+  mount.fstab = ${bastille_jail_fstab};
-            fi
+  path = ${bastille_jail_path};
-        done
+  securelevel = 2;
-    else
+
-        uniq_epair="bastille0"
+${NETBLOCK}
-        uniq_epair_bridge="0"
+}
 EOF
 }
 post_create_jail() {
    # Common config checks and settings.
    # Using relative paths here.
    # MAKE SURE WE'RE IN THE RIGHT PLACE.
    cd "${bastille_jail_path}"
    echo
    if [ ! -f "${bastille_jail_conf}" ]; then
        if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
            local bastille_jail_conf_interface=${bastille_network_shared}
        fi
        if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
            local bastille_jail_conf_interface=${bastille_network_loopback}
        fi
        if [ -n "${INTERFACE}" ]; then
            local bastille_jail_conf_interface=${INTERFACE}
        fi
    fi
-   if [ -n "${VNET_JAIL_BRIDGE}" ]; then
+    if [ ! -f "${bastille_jail_fstab}" ]; then
        if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
            echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > "${bastille_jail_fstab}"
        else
            touch "${bastille_jail_fstab}"
        fi
    fi
-   ## generate bridge config
+    # Generate the jail configuration file.
-    cat << EOF > "${bastille_jail_conf}"
+    if [ -n "${VNET_JAIL}" ]; then
-${NAME} {
+        generate_vnet_jail_conf
-  devfs_ruleset = 13;
+    else
-  enforce_statfs = 2;
+        generate_jail_conf
-  exec.clean;
+    fi
  exec.consolelog = ${bastille_jail_log};
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = ${NAME};
  mount.devfs;
  mount.fstab = ${bastille_jail_fstab};
  path = ${bastille_jail_path};
  securelevel = 2;
  exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
  exec.prestart += "ifconfig ${bastille_jail_conf_interface} addm epair${uniq_epair_bridge}a";
  exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${NAME}";
  exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${NAME}";
  exec.poststop += "ifconfig ${bastille_jail_conf_interface} deletem e${uniq_epair_bridge}a_${NAME}";
  exec.poststop += "ifconfig e${uniq_epair_bridge}a_${NAME} destroy";
  vnet;
  vnet.interface = "e${uniq_epair_bridge}b_${NAME}";
 }
 EOF
   else
    ## generate config
    cat << EOF > "${bastille_jail_conf}"
 ${NAME} {
  devfs_ruleset = 13;
  enforce_statfs = 2;
  exec.clean;
  exec.consolelog = ${bastille_jail_log};
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = ${NAME};
  mount.devfs;
  mount.fstab = ${bastille_jail_fstab};
  path = ${bastille_jail_path};
  securelevel = 2;
  vnet;
  vnet.interface = e0b_${uniq_epair};
  exec.prestart += "jib addm ${uniq_epair} ${bastille_jail_conf_interface}";
  exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${NAME}\"";
  exec.poststop += "jib destroy ${uniq_epair}";
 }
 EOF
 fi
 }
 create_jail() {
@@ -272,8 +258,10 @@ create_jail() {
        if [ "${bastille_zfs_enable}" = "YES" ]; then
            if [ -n "${bastille_zfs_zpool}" ]; then
                ## create required zfs datasets, mountpoint inherited from system
-                zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}"
+                if [ -z "${CLONE_JAIL}" ]; then
-                if [ -z "${THICK_JAIL}" ]; then
+                    zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}"
                fi
                if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
                    zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                fi
            fi
@@ -281,8 +269,10 @@ create_jail() {
            mkdir -p "${bastille_jailsdir}/${NAME}/root"
        fi
    fi
    ## PoC for Linux jails @hackacad
    if [ -n "${LINUX_JAIL}" ]; then
        info "\nCreating a linuxjail. This may take a while...\n"
        if [ ! -d "${bastille_jail_base}" ]; then
            mkdir -p "${bastille_jail_base}"
        fi
@@ -326,55 +316,29 @@ create_jail() {
    fi
    if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then
-        if [ ! -d "${bastille_jail_base}" ]; then
+        if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
-            mkdir -p "${bastille_jail_base}"
+            if [ ! -d "${bastille_jail_base}" ]; then
                mkdir -p "${bastille_jail_base}"
            fi
            if [ ! -d "${bastille_jail_template}" ]; then
                mkdir -p "${bastille_jail_template}"
            fi
        fi
        if [ ! -d "${bastille_jail_path}/usr/local" ]; then
            mkdir -p "${bastille_jail_path}/usr/local"
        fi
-        if [ ! -d "${bastille_jail_template}" ]; then
+        # Check and apply required settings.
-            mkdir -p "${bastille_jail_template}"
+        post_create_jail
        fi
-        if [ ! -f "${bastille_jail_fstab}" ]; then
+        if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
            if [ -z "${THICK_JAIL}" ]; then
                echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > "${bastille_jail_fstab}"
            else
                touch "${bastille_jail_fstab}"
            fi
        fi
        if [ ! -f "${bastille_jail_conf}" ]; then
            if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
                local bastille_jail_conf_interface=${bastille_network_shared}
            fi
            if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
                local bastille_jail_conf_interface=${bastille_network_loopback}
            fi
            if [ -n "${INTERFACE}" ]; then
                local bastille_jail_conf_interface=${INTERFACE}
            fi
            ## generate the jail configuration file
            if [ -n "${VNET_JAIL}" ]; then
                generate_vnet_jail_conf
            else
                generate_jail_conf
            fi
        fi
        ## using relative paths here
        ## MAKE SURE WE'RE IN THE RIGHT PLACE
        cd "${bastille_jail_path}"
        echo
        if [ -z "${THICK_JAIL}" ]; then
            LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src"
            info "Creating a thinjail...\n"
            for _link in ${LINK_LIST}; do
                ln -sf /.bastille/${_link} ${_link}
            done
            # Properly link shared ports on thin jails in read-write.
            if [ -d "${bastille_releasesdir}/${RELEASE}/usr/ports" ]; then
                if [ ! -d "${bastille_jail_path}/usr/ports" ]; then
@@ -384,7 +348,7 @@ create_jail() {
            fi
        fi
-        if [ -z "${THICK_JAIL}" ]; then
+        if [ -z "${THICK_JAIL}" ] && [ -z "${CLONE_JAIL}" ]; then
            ## rw
            ## copy only required files for thin jails
            FILE_LIST=".cshrc .profile COPYRIGHT dev etc media mnt net proc root tmp var usr/obj usr/tests"
@@ -398,27 +362,40 @@ create_jail() {
                fi
            done
        else
            info "Creating a thickjail. This may take a while..."
            if [ "${bastille_zfs_enable}" = "YES" ]; then
                if [ -n "${bastille_zfs_zpool}" ]; then
-                    ## perform release base replication
+                    if [ -n "${CLONE_JAIL}" ]; then
                        info "Creating a clonejail...\n"
                        ## clone the release base to the new basejail
                        SNAP_NAME="bastille-clone-$(date +%Y-%m-%d-%H%M%S)"
                        zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
-                    ## sane bastille zfs options
+                        zfs clone -p "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" \
-                    ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
+                        "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
-                    ## take a temp snapshot of the base release
+                        # Check and apply required settings.
-                    SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)"
+                        post_create_jail
-                    zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
+                    elif [ -n "${THICK_JAIL}" ]; then
                        info "Creating a thickjail. This may take a while...\n"
                        ## perform release base replication
-                    ## replicate the release base to the new thickjail and set the default mountpoint
+                        ## sane bastille zfs options
-                    zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" | \
+                        ZFS_OPTIONS=$(echo ${bastille_zfs_options} | sed 's/-o//g')
                    zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                    zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                    zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
-                    ## cleanup temp snapshots initially
+                        ## take a temp snapshot of the base release
-                    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
+                        SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)"
-                    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"@"${SNAP_NAME}"
+                        zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
                        ## replicate the release base to the new thickjail and set the default mountpoint
                        zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" | \
                        zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                        zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                        zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
                        ## cleanup temp snapshots initially
                        zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
                        zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"@"${SNAP_NAME}"
                    fi
                    if [ "$?" -ne 0 ]; then
                        ## notify and clean stale files/directories
@@ -527,6 +504,10 @@ create_jail() {
        if [ -n "${bastille_template_thick}" ]; then
            bastille template "${NAME}" ${bastille_template_thick} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
        fi
    elif [ -n "${CLONE_JAIL}" ]; then
        if [ -n "${bastille_template_clone}" ]; then
            bastille template "${NAME}" ${bastille_template_clone} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
        fi
    elif [ -n "${EMPTY_JAIL}" ]; then
        if [ -n "${bastille_template_empty}" ]; then
            bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
@@ -572,6 +553,7 @@ fi
 ## reset this options
 EMPTY_JAIL=""
 THICK_JAIL=""
 CLONE_JAIL=""
 VNET_JAIL=""
 LINUX_JAIL=""
@@ -599,6 +581,10 @@ while [ $# -gt 0 ]; do
            VNET_JAIL_BRIDGE="1"
            shift
            ;;
        -C|--clone|clone)
            CLONE_JAIL="1"
            shift
            ;;
        -*|--*)
            error_notify "Unknown Option."
            usage
@@ -611,13 +597,15 @@ done
 ## validate for combined options
 if [ -n "${EMPTY_JAIL}" ]; then
-    if [ -n "${THICK_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${LINUX_JAIL}" ]; then
+    if [ -n "${CLONE_JAIL}" ] || [ -n "${THICK_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${LINUX_JAIL}" ]; then
        error_exit "Error: Empty jail option can't be used with other options."
    fi
 elif [ -n "${LINUX_JAIL}" ]; then
-    if [ -n "${EMPTY_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${THICK_JAIL}" ]; then
+    if [ -n "${EMPTY_JAIL}" ] || [ -n "${VNET_JAIL}" ] || [ -n "${THICK_JAIL}" ] || [ -n "${CLONE_JAIL}" ]; then
        error_exit "Error: Linux jail option can't be used with other options."
    fi
 elif [ -n "${CLONE_JAIL}" ] && [ -n "${THICK_JAIL}" ]; then
    error_exit "Error: Clonejail and Thickjail can't be used together."
 fi
 NAME="$1"
@@ -801,6 +789,9 @@ fi
 if [ -z ${bastille_template_thick+x} ]; then
    bastille_template_thick='default/thick'
 fi
 if [ -z ${bastille_template_clone+x} ]; then
    bastille_template_clone='default/clone'
 fi
 if [ -z ${bastille_template_thin+x} ]; then
    bastille_template_thin='default/thin'
 fi
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -118,6 +118,23 @@ destroy_rel() {
            if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then
                error_notify "Notice: (${_jail}) depends on ${TARGET} base."
                BASE_HASCHILD="1"
            elif [ "${bastille_zfs_enable}" = "YES" ]; then
                if [ -n "${bastille_zfs_zpool}" ]; then
                    ## check if this release have child clones
                    if zfs list -H -t snapshot -r "${bastille_rel_base}" > /dev/null 2>&1; then
                        SNAP_CLONE=$(zfs list -H -t snapshot -r "${bastille_rel_base}" 2> /dev/null | awk '{print $1}')
                        for _snap_clone in ${SNAP_CLONE}; do
                            if zfs list -H -o clones "${_snap_clone}" > /dev/null 2>&1; then
                                CLONE_JAIL=$(zfs list -H -o clones "${_snap_clone}" | tr ',' '\n')
                                CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}/root"
                                if echo "${CLONE_JAIL}" | grep -qw "${CLONE_CHECK}"; then
                                    error_notify "Notice: (${_jail}) depends on ${TARGET} base."
                                    BASE_HASCHILD="1"
                                fi
                            fi
                        done
                    fi
                fi
            fi
        done
    fi
--- a/usr/local/share/bastille/edit.sh
+++ b/usr/local/share/bastille/edit.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/export.sh
+++ b/usr/local/share/bastille/export.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,7 @@ usage() {
    -v | --verbose  -- Be more verbose during the ZFS send operation.
         --xz       -- Export a ZFS jail using XZ(.xz) compressed image.
-Tip: If no option specified, container should be exported to standard output.
+Note: If no export option specified, the container should be redirected to standard output.
 EOF
    exit 1
@@ -80,6 +80,7 @@ zfs_enable_check() {
 TARGET="${1}"
 GZIP_EXPORT=
 XZ_EXPORT=
 SAFE_EXPORT=
 USER_EXPORT=
 RAW_EXPORT=
@@ -93,67 +94,112 @@ opt_count() {
    COMP_OPTION=$(expr ${COMP_OPTION} + 1)
 }
-# Handle and parse option args
+if [ -n "${bastille_export_options}" ]; then
-while [ $# -gt 0 ]; do
+    # Overrides the case options by the user defined option(s) automatically.
-    case "${1}" in
+    # Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable.
-        --gz)
+    # To restore the standard case options, empty bastille_export_options="" in bastille.conf, or `unset bastille_export_options` environment variable.
-            GZIP_EXPORT="1"
+    # Reference "/bastille/issues/443"
-            TARGET="${2}"
+
-            opt_count
+    DEFAULT_EXPORT_OPTS="${bastille_export_options}"
-            shift
+    info "Default export option(s): '${DEFAULT_EXPORT_OPTS}'"
-            ;;
+
-        --xz)
+    for opt in ${DEFAULT_EXPORT_OPTS}; do
-            XZ_EXPORT="1"
+        case "${opt}" in
-            TARGET="${2}"
+            --gz)
-            opt_count
+                GZIP_EXPORT="1"
-            shift
+                opt_count
-            ;;
+                shift;;
-        --tgz)
+            --xz)
-            TGZ_EXPORT="1"
+                XZ_EXPORT="1"
-            TARGET="${2}"
+                opt_count
-            opt_count
+                shift;;
-            zfs_enable_check
+            --tgz)
-            shift
+                TGZ_EXPORT="1"
-            ;;
+                opt_count
-        --txz)
+                zfs_enable_check
-            TXZ_EXPORT="1"
+                shift;;
-            TARGET="${2}"
+            --txz)
-            opt_count
+                TXZ_EXPORT="1"
-            zfs_enable_check
+                opt_count
-            shift
+                zfs_enable_check
-            ;;
+                shift;;
-        -s|--safe)
+            --safe)
-            SAFE_EXPORT="1"
+                SAFE_EXPORT="1"
-            TARGET="${2}"
+                shift;;
-            shift
+            --raw)
-            ;;
+                RAW_EXPORT="1"
-        -r|--raw)
+                opt_count
-            RAW_EXPORT="1"
+                shift ;;
-            TARGET="${2}"
+            --verbose)
-            opt_count
+                OPT_ZSEND="-Rv"
-            shift
+                shift;;
-            ;;
+            -*|--*) error_notify "Unknown Option."
-        -v|--verbose)
+                usage;;
-            OPT_ZSEND="-Rv"
+        esac
-            TARGET="${2}"
+    done
-            shift
+else
-            ;;
+    # Handle and parse option args
-        -*|--*)
+    while [ $# -gt 0 ]; do
-            error_notify "Unknown Option."
+        case "${1}" in
-            usage
+            --gz)
-            ;;
+                GZIP_EXPORT="1"
-        *)
+                TARGET="${2}"
-            if echo "${1}" | grep -q "\/"; then
+                opt_count
-                DIR_EXPORT="${1}"
+                shift
-            else
+                ;;
-                if [ $# -gt 2 ] || [ $# -lt 1 ]; then
+            --xz)
-                   usage
+                XZ_EXPORT="1"
                TARGET="${2}"
                opt_count
                shift
                ;;
            --tgz)
                TGZ_EXPORT="1"
                TARGET="${2}"
                opt_count
                zfs_enable_check
                shift
                ;;
            --txz)
                TXZ_EXPORT="1"
                TARGET="${2}"
                opt_count
                zfs_enable_check
                shift
                ;;
            -s|--safe)
                SAFE_EXPORT="1"
                TARGET="${2}"
                shift
                ;;
            -r|--raw)
                RAW_EXPORT="1"
                TARGET="${2}"
                opt_count
                shift
                ;;
            -v|--verbose)
                OPT_ZSEND="-Rv"
                TARGET="${2}"
                shift
                ;;
            -*|--*)
                error_notify "Unknown Option."
                usage
                ;;
            *)
                if echo "${1}" | grep -q "\/"; then
                    DIR_EXPORT="${1}"
                else
                    if [ $# -gt 2 ] || [ $# -lt 1 ]; then
                       usage
                    fi
                fi
-            fi
+                shift
-            shift
+                ;;
-            ;;
+        esac
-    esac
+    done
-done
+fi
 # Validate for combined options
 if [ "${COMP_OPTION}" -gt "1" ]; then
@@ -200,13 +246,13 @@ create_zfs_snap() {
    if [ -z "${USER_EXPORT}" ]; then
        info "Creating temporary ZFS snapshot for export..."
    fi
-    zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
+    zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
 }
 clean_zfs_snap() {
    # Cleanup the recursive temporary snapshot
-    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}/root@bastille_export_${DATE}"
+    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}/root@bastille_${TARGET}_${DATE}"
-    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
+    zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
 }
 export_check() {
@@ -263,7 +309,7 @@ jail_export() {
                export_check
                # Export the raw container recursively and cleanup temporary snapshots
-                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" \
+                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" \
                > "${bastille_backupsdir}/${TARGET}_${DATE}"
                clean_zfs_snap
            elif [ -n "${GZIP_EXPORT}" ]; then
@@ -271,7 +317,7 @@ jail_export() {
                export_check
                # Export the raw container recursively and cleanup temporary snapshots
-                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" | \
+                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" | \
                gzip ${bastille_compress_gz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
                clean_zfs_snap
            elif [ -n "${XZ_EXPORT}" ]; then
@@ -279,7 +325,7 @@ jail_export() {
                export_check
                # Export the container recursively and cleanup temporary snapshots
-                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}" | \
+                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" | \
                xz ${bastille_compress_xz_options} > "${bastille_backupsdir}/${TARGET}_${DATE}${FILE_EXT}"
                clean_zfs_snap
            else
@@ -288,8 +334,10 @@ jail_export() {
                export_check
                # Quietly export the container recursively, user must redirect standard output
-                zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_export_${DATE}"
+                if ! zfs send ${OPT_ZSEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"; then
-                clean_zfs_snap
+                    clean_zfs_snap
                    error_notify "\nError: An export option is required, see 'bastille export, otherwise the user must redirect to standard output."
                fi
            fi
        fi
    else
--- a/usr/local/share/bastille/htop.sh
+++ b/usr/local/share/bastille/htop.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/import.sh
+++ b/usr/local/share/bastille/import.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -181,65 +181,88 @@ generate_config() {
        if [ -n "${JSON_CONFIG}" ]; then
            IPV4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://')
            IPV6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://')
-	    DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://')
+            DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://')
-	    DEVFS_RULESET=${DEVFS_RULESET:-4}
+            DEVFS_RULESET=${DEVFS_RULESET:-4}
            IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://')
            CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//')
            IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://')
            VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://')
            ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1
            if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then
                # Grab the default ipv4 route from netstat and pull out the interface
                VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4)
            fi
        fi
    elif [ "${FILE_EXT}" = ".tar.gz" ]; then
        # Gather some bits from foreign/ezjail config files
        PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*"
        if [ -n "${PROP_CONFIG}" ]; then
            IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//")
            CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
        fi
        # Always assume it's thin for ezjail
        IS_THIN_JAIL=1
    fi
-    # If there are multiple IP/NIC let the user configure network
+    # See if we need to generate a vnet network section
-    if [ -n "${IPV4_CONFIG}" ]; then
+    if [ "${IS_VNET_JAIL:-0}" = "1" ]; then
-        if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then
+        NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}")
-            NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
+    else
-            if [ -z "${NETIF_CONFIG}" ]; then
+        # If there are multiple IP/NIC let the user configure network
-                config_netif
+        if [ -n "${IPV4_CONFIG}" ]; then
            if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then
                NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
                if [ -z "${NETIF_CONFIG}" ]; then
                    config_netif
                fi
                IPX_ADDR="ip4.addr"
                IP_CONFIG="${IPV4_CONFIG}"
                IP6_MODE="disable"
            fi
-            IPX_ADDR="ip4.addr"
+        elif [ -n "${IPV6_CONFIG}" ]; then
-            IP_CONFIG="${IPV4_CONFIG}"
+            if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then
-            IP6_MODE="disable"
+                NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
-        fi
+                if [ -z "${NETIF_CONFIG}" ]; then
-    elif [ -n "${IPV6_CONFIG}" ]; then
+                    config_netif
-        if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then
+                fi
            NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
            if [ -z "${NETIF_CONFIG}" ]; then
                config_netif
            fi
            IPX_ADDR="ip6.addr"
            IP_CONFIG="${IPV6_CONFIG}"
            IP6_MODE="new"
        fi
    elif [ -n "${IPVX_CONFIG}" ]; then
        if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then
            NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
            if [ -z "${NETIF_CONFIG}" ]; then
                config_netif
            fi
            IPX_ADDR="ip4.addr"
            IP_CONFIG="${IPVX_CONFIG}"
            IP6_MODE="disable"
            if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
                IPX_ADDR="ip6.addr"
                IP_CONFIG="${IPV6_CONFIG}"
                IP6_MODE="new"
            fi
        elif [ -n "${IPVX_CONFIG}" ]; then
            if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then
                NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
                if [ -z "${NETIF_CONFIG}" ]; then
                    config_netif
                fi
                IPX_ADDR="ip4.addr"
                IP_CONFIG="${IPVX_CONFIG}"
                IP6_MODE="disable"
                if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
                    IPX_ADDR="ip6.addr"
                    IP6_MODE="new"
                fi
            fi
        fi
        # Let the user configure network manually
        if [ -z "${NETIF_CONFIG}" ]; then
            NETIF_CONFIG="lo1"
            IPX_ADDR="ip4.addr"
            IP_CONFIG="-"
            IP6_MODE="disable"
            warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
        fi
        NETBLOCK=$(cat <<-EOF
  interface = ${NETIF_CONFIG};
  ${IPX_ADDR} = ${IP_CONFIG};
  ip6 = ${IP6_MODE};
 EOF
        )
    fi
-    # Let the user configure network manually
+    if [ "${IS_THIN_JAIL:-0}" = "1" ]; then
    if [ -z "${NETIF_CONFIG}" ]; then
        NETIF_CONFIG="lo1"
        IPX_ADDR="ip4.addr"
        IP_CONFIG="-"
        IP6_MODE="disable"
        warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
    fi
    if [ "${FILE_EXT}" = ".tar.gz" ]; then
        CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
        if [ -z "${CONFIG_RELEASE}" ]; then
            # Fallback to host version
            CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//')
@@ -272,9 +295,7 @@ ${TARGET_TRIM} {
  path = ${bastille_jailsdir}/${TARGET_TRIM}/root;
  securelevel = 2;
-  interface = ${NETIF_CONFIG};
+${NETBLOCK}
  ${IPX_ADDR} = ${IP_CONFIG};
  ip6 = ${IP6_MODE};
 }
 EOF
 }
@@ -337,6 +358,13 @@ update_symlinks() {
    for _link in ${SYMLINKS}; do
        if [ -L "${_link}" ]; then
            ln -sf /.bastille/${_link} ${_link}
        elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" -a -d "${_link}" ]; then
            # -F will enforce that the directory is empty and replaced by the symlink
            ln -sfF /.bastille/${_link} ${_link} || EXIT_CODE=$?
            if [ "${EXIT_CODE:-0}" != "0" ]; then
                # Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms
                warn "Warning: directory ${_link} on imported jail was not empty and will not be updated by Bastille"
            fi
        fi
    done
 }
--- a/usr/local/share/bastille/limits.sh
+++ b/usr/local/share/bastille/limits.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # Ressource limits added by Sven R github.com/hackacad
 #
--- a/usr/local/share/bastille/list.sh
+++ b/usr/local/share/bastille/list.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 . /usr/local/etc/bastille/bastille.conf
 usage() {
-    error_exit "Usage: bastille list [-j|-a] [release|template|(jail|container)|log|limit|(import|export|backup)]"
+    error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]"
 }
 if [ $# -eq 0 ]; then
@@ -54,65 +54,86 @@ if [ $# -gt 0 ]; then
        if [ -d "${bastille_jailsdir}" ]; then
            DEFAULT_VALUE="-"
            SPACER=2
-            MAX_LENGTH_JAIL_NAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf | sed "s/^.*\/\(.*\)\/jail.conf$/\1/" | awk '{ print length($0) }' | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_NAME=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -m 1 -e "^.* {$" | awk '{ print length($1) }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_NAME=${MAX_LENGTH_JAIL_NAME:-3}
            if [ ${MAX_LENGTH_JAIL_NAME} -lt 3 ]; then MAX_LENGTH_JAIL_NAME=3; fi
-            MAX_LENGTH_JAIL_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" {} \; | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1 /p" | sed 's/\// /g' | awk '{ print length($1) }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_IP:-10}
-            MAX_LENGTH_JAIL_VNET_IP=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec grep -l "vnet;" {} + | sed 's/\(.*\)jail.conf$/grep "ifconfig_vnet0=" \1root\/etc\/rc.conf/' | sh | sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' | sed 's/\// /g' | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_VNET_IP=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -l "vnet;" | grep -h "ifconfig_vnet0=" $(sed -n "s/\(.*\)jail.conf$/\1root\/etc\/rc.conf/p") | sed -n "s/^ifconfig_vnet0=\"\(.*\)\"$/\1/p"| sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print length($2); else print 15 }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_VNET_IP=${MAX_LENGTH_JAIL_VNET_IP:-10}
            if [ ${MAX_LENGTH_JAIL_VNET_IP} -gt ${MAX_LENGTH_JAIL_IP} ]; then MAX_LENGTH_JAIL_IP=${MAX_LENGTH_JAIL_VNET_IP}; fi
            if [ ${MAX_LENGTH_JAIL_IP} -lt 10 ]; then MAX_LENGTH_JAIL_IP=10; fi
-            MAX_LENGTH_JAIL_HOSTNAME=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name jail.conf -exec sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" {} \; | awk '{ print length($0) }' | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_HOSTNAME=$(find ""${bastille_jailsdir}/*/jail.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -m 1 -e "^[ ]*host.hostname[ ]*=[ ]*\(.*\);" | awk '{ print length(substr($3, 1, length($3)-1)) }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_HOSTNAME=${MAX_LENGTH_JAIL_HOSTNAME:-8}
            if [ ${MAX_LENGTH_JAIL_HOSTNAME} -lt 8 ]; then MAX_LENGTH_JAIL_HOSTNAME=8; fi
-            MAX_LENGTH_JAIL_PORTS=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name rdr.conf -exec awk '{ lines++; chars += length($0)} END { chars += lines - 1; print chars }' {} \; | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_PORTS=$(find ""${bastille_jailsdir}/*/rdr.conf"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 -n1 awk '{ lines++; chars += length($0)} END { chars += lines - 1; print chars }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_PORTS=${MAX_LENGTH_JAIL_PORTS:-15}
            if [ ${MAX_LENGTH_JAIL_PORTS} -lt 15 ]; then MAX_LENGTH_JAIL_PORTS=15; fi
            if [ ${MAX_LENGTH_JAIL_PORTS} -gt 30 ]; then MAX_LENGTH_JAIL_PORTS=30; fi
-            MAX_LENGTH_JAIL_RELEASE=$(find "${bastille_jailsdir}" -maxdepth 2 -type f -name fstab 2> /dev/null -exec grep "/releases/.*/root/.bastille nullfs" {} \; | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
+            MAX_LENGTH_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/releases/.*/root/.bastille.*nullfs" | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
            MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_JAIL_RELEASE:-7}
-            MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin"" -maxdepth 1 -type f -name freebsd-version 2> /dev/null -exec grep "^USERLAND_VERSION=" {} \; | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
+            MAX_LENGTH_THICK_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/root/bin/freebsd-version"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -hE "^USERLAND_VERSION=" | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p" | awk '{ print length($0) }' | sort -nr | head -n 1)
            MAX_LENGTH_THICK_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE:-7}
            MAX_LENGTH_LINUX_JAIL_RELEASE=$(find ""${bastille_jailsdir}/*/fstab"" -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h "/jails/.*/root/proc.*linprocfs" | grep -hE "^NAME=|^VERSION_ID=|^VERSION_CODENAME=" $(sed -n "s/^linprocfs *\(.*\)\/.*$/\1\/etc\/os-release/p") 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | sed "N;N;s/\n/;/g" | sed -n "s/^NAME=\(.*\);VERSION_ID=\(.*\);VERSION_CODENAME=\(.*\)$/\1 \2 (\3)/p" | awk '{ print length($0) }' | sort -nr | head -n 1) 
            MAX_LENGTH_LINUX_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE:-7}
            if [ ${MAX_LENGTH_THICK_JAIL_RELEASE} -gt ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi
            if [ ${MAX_LENGTH_LINUX_JAIL_RELEASE} -gt ${MAX_LENGTH_JAIL_RELEASE} ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi
            if [ ${MAX_LENGTH_JAIL_RELEASE} -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi
            printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" ""
            JAIL_LIST=$(ls "${bastille_jailsdir}" | sed "s/\n//g")
            for _JAIL in ${JAIL_LIST}; do
                if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then
-                        if [ "$(/usr/sbin/jls name | awk "/^${_JAIL}$/")" ]; then
+                        JAIL_NAME=$(grep -h -m 1 -e "^.* {$" "${bastille_jailsdir}/${_JAIL}/jail.conf" 2> /dev/null | awk '{ print $1 }')
                        IS_FREEBSD_JAIL=0
                        if [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/bin/freebsd-version" -o -f "${bastille_jailsdir}/${JAIL_NAME}/root/.bastille/bin/freebsd-version" -o "$(grep -c "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_FREEBSD_JAIL=1; fi
                        IS_FREEBSD_JAIL=${IS_FREEBSD_JAIL:-0}
                        IS_LINUX_JAIL=0
                        if [ "$(grep -c "^linprocfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_LINUX_JAIL=1; fi
                        IS_LINUX_JAIL=${IS_LINUX_JAIL:-0}
                        if [ "$(/usr/sbin/jls name | awk "/^${JAIL_NAME}$/")" ]; then
                                JAIL_STATE="Up"
-                                if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then
+                                if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
-                                        JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}")
+                                        JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}")
-                                        if [ ! ${JAIL_IP} ]; then JAIL_IP=$(jexec -l ${_JAIL} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi
+                                        if [ ! ${JAIL_IP} ]; then JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi
                                else
-                                        JAIL_IP=$(/usr/sbin/jls -j ${_JAIL} ip4.addr 2> /dev/null)
+                                        JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip4.addr 2> /dev/null)
-                                        if [ ${JAIL_IP} = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${_JAIL} ip6.addr 2> /dev/null); fi
+                                        if [ ${JAIL_IP} = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip6.addr 2> /dev/null); fi
                                fi
                                JAIL_HOSTNAME=$(/usr/sbin/jls -j ${JAIL_NAME} host.hostname 2> /dev/null)
                                JAIL_PORTS=$(pfctl -a "rdr/${JAIL_NAME}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//")
                                JAIL_PATH=$(/usr/sbin/jls -j ${JAIL_NAME} path 2> /dev/null)
                                if [ ${IS_FREEBSD_JAIL} -eq 1 ]; then
                                        JAIL_RELEASE=$(jexec -l ${JAIL_NAME} freebsd-version -u 2> /dev/null)
                                fi
                                if [ ${IS_LINUX_JAIL} -eq 1 ]; then
                                                JAIL_RELEASE=$(grep -hE "^NAME=.*$|^VERSION_ID=.*$|^VERSION_CODENAME=.*$" "${JAIL_PATH}/etc/os-release" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | awk -F'=' '{ a[$1] = $2; o++ } o%3 == 0 { print a["VERSION_CODENAME"] " (" a["NAME"] " " a["VERSION_ID"] ")" }')
                                fi
                                JAIL_HOSTNAME=$(/usr/sbin/jls -j ${_JAIL} host.hostname 2> /dev/null)
                                JAIL_PORTS=$(pfctl -a "rdr/${_JAIL}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//")
                                JAIL_PATH=$(/usr/sbin/jls -j ${_JAIL} path 2> /dev/null)
                                JAIL_RELEASE=$(jexec -l ${_JAIL} freebsd-version -u 2> /dev/null)
                        else
-                                JAIL_STATE=$(if [ "$(sed -n "/^${_JAIL} {$/,/^}$/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | awk '$0 ~ /^'${_JAIL}' \{|\}/ { printf "%s",$0 }')" == "${_JAIL} {}" ]; then echo "Down"; else echo "n/a"; fi)
+                                JAIL_STATE=$(if [ "$(sed -n "/^${JAIL_NAME} {$/,/^}$/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | awk '$0 ~ /^'${JAIL_NAME}' \{|\}/ { printf "%s",$0 }')" == "${JAIL_NAME} {}" ]; then echo "Down"; else echo "n/a"; fi)
-                                if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${_JAIL}/jail.conf")" ]; then
+                                if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
-                                        JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${_JAIL}/root/etc/rc.conf" | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }')
+                                        JAIL_IP=$(sed -n 's/^ifconfig_vnet0="\(.*\)"$/\1/p' "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | sed "s/\// /g" | awk '{ if ($1 ~ /^[inet|inet6]/) print $2; else print $1 }')
                                else
-                                        JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf" | sed "s/\// /g" | awk '{ print $1 }')
+                                        JAIL_IP=$(sed -n "s/^[ ]*ip[4,6].addr[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed "s/\// /g" | awk '{ print $1 }')
                                fi
-                                JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf")
+                                JAIL_HOSTNAME=$(sed -n "s/^[ ]*host.hostname[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
-                                if [ -f "${bastille_jailsdir}/${_JAIL}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${_JAIL}/rdr.conf" | sed "s/,$//"); else JAIL_PORTS=""; fi
+                                if [ -f "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" ]; then JAIL_PORTS=$(awk '$1 ~ /^[tcp|udp]/ { printf "%s/%s:%s,",$1,$2,$3 }' "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf" 2> /dev/null | sed "s/,$//"); else JAIL_PORTS=""; fi
-                                JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${_JAIL}/jail.conf")
+                                JAIL_PATH=$(sed -n "s/^[ ]*path[ ]*=[ ]*\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)
                                if [ ${JAIL_PATH} ]; then
-                                        if [ -f "${JAIL_PATH}/bin/freebsd-version" ]; then
+                                        if [ ${IS_FREEBSD_JAIL} -eq 1 ]; then
-                                                JAIL_RELEASE=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${JAIL_PATH}/bin/freebsd-version")
+                                                if [ -f "${JAIL_PATH}/bin/freebsd-version" ]; then
-                                        else
+                                                        JAIL_RELEASE=$(grep -hE "^USERLAND_VERSION=" "${JAIL_PATH}/bin/freebsd-version" 2> /dev/null | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p")
-                                                JAIL_RELEASE=$(grep "/releases/.*/root/.bastille nullfs" "${bastille_jailsdir}/${_JAIL}/fstab" 2> /dev/null | sed -n "s/^\(.*\) \/.*$/grep \"\^USERLAND_VERSION=\" \1\/bin\/freebsd-version 2\> \/dev\/null/p" | awk '!_[$0]++' | sh | sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p")
+                                                else
                                                        JAIL_RELEASE=$(grep -h "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null | grep -hE "^USERLAND_VERSION=" $(sed -n "s/^\(.*\) \/.*$/\1\/bin\/freebsd-version/p" | awk '!_[$0]++') | sed "s/[\"\'\^]//g;s/ .*$//g" | sed -n "s/^USERLAND_VERSION=\(.*\)$/\1/p")
                                                fi
                                        fi
                                        if [ ${IS_LINUX_JAIL} -eq 1 ]; then
                                                JAIL_RELEASE=$(grep -hE "^NAME=.*$|^VERSION_ID=.*$|^VERSION_CODENAME=.*$" "${JAIL_PATH}/etc/os-release" 2> /dev/null | sed "s/\"//g" | sed "s/ GNU\/Linux//g" | awk -F'=' '{ a[$1] = $2; o++ } o%3 == 0 { print a["VERSION_CODENAME"] " (" a["NAME"] " " a["VERSION_ID"] ")" }')
                                        fi
                                else
                                        JAIL_RELEASE=""
                                fi
                        fi
                        if [ ${#JAIL_PORTS} -gt ${MAX_LENGTH_JAIL_PORTS} ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi
                        JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}}
                        JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}}
@@ -121,7 +142,7 @@ if [ $# -gt 0 ]; then
                        JAIL_HOSTNAME=${JAIL_HOSTNAME:-${DEFAULT_VALUE}}
                        JAIL_RELEASE=${JAIL_RELEASE:-${DEFAULT_VALUE}}
                        JAIL_PATH=${JAIL_PATH:-${DEFAULT_VALUE}}
-                        printf " ${_JAIL}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#_JAIL} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
+                        printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
                fi
            done
        else
@@ -133,7 +154,13 @@ if [ $# -gt 0 ]; then
            REL_LIST=$(ls "${bastille_releasesdir}" | sed "s/\n//g")
            for _REL in ${REL_LIST}; do
                if [ -f "${bastille_releasesdir}/${_REL}/root/.profile" -o -d "${bastille_releasesdir}/${_REL}/debootstrap" ]; then
-                    echo "${_REL}"
+                    if [ "$2" == "-p" -a -f "${bastille_releasesdir}/${_REL}/bin/freebsd-version" ]; then
                        REL_PATCH_LEVEL=$(sed -n "s/^USERLAND_VERSION=\"\(.*\)\"$/\1/p" "${bastille_releasesdir}/${_REL}/bin/freebsd-version" 2> /dev/null)
                        REL_PATCH_LEVEL=${REL_PATCH_LEVEL:-${_REL}}
                        echo "${REL_PATCH_LEVEL}"
                    else
                        echo "${_REL}"
                    fi
                fi
            done
        fi
--- a/usr/local/share/bastille/mount.sh
+++ b/usr/local/share/bastille/mount.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/pkg.sh
+++ b/usr/local/share/bastille/pkg.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/rdr.sh
+++ b/usr/local/share/bastille/rdr.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 . /usr/local/etc/bastille/bastille.conf
 usage() {
-    error_exit "Usage: bastille rdr TARGET [clear|list|(tcp|udp host_port jail_port)]"
+    error_exit "Usage: bastille rdr TARGET [clear|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )]"
 }
 # Handle special-case commands first.
@@ -91,6 +91,16 @@ if ! grep -qs "$1 $2 $3" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
 fi
 }
 persist_rdr_log_rule() {
 proto=$1;host_port=$2;jail_port=$3;
 shift 3;
 log=$@;
 if ! grep -qs "$proto $host_port $jail_port $log" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
    echo "$proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
 fi
 }
 # function: load rdr rule via pfctl
 load_rdr_rule() {
 ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
@@ -98,6 +108,16 @@ load_rdr_rule() {
      | pfctl -a "rdr/${JAIL_NAME}" -f-
 }
 # function: load rdr rule with log via pfctl
 load_rdr_log_rule() {
 proto=$1;host_port=$2;jail_port=$3;
 shift 3;
 log=$@
 ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
  printf '%s\nrdr pass %s on $ext_if inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "$log" "$proto" "$host_port" "$JAIL_IP" "$jail_port" ) \
      | pfctl -a "rdr/${JAIL_NAME}" -f-
 }
 while [ $# -gt 0 ]; do
    case "$1" in
        list)
@@ -127,11 +147,44 @@ while [ $# -gt 0 ]; do
        tcp|udp)
            if [ $# -lt 3 ]; then
                usage
            elif [ $# -eq 3 ]; then
                check_jail_validity
                persist_rdr_rule $1 $2 $3
                load_rdr_rule $1 $2 $3
                shift 3
            else
                case "$4" in
                    log)
                        proto=$1
                        host_port=$2
                        jail_port=$3
                        shift 3
                        if [ $# -gt 3 ]; then
                            for last in $@; do
 				true
                            done
                            if [ $2 == "(" ] && [ $last == ")" ] ; then
                                check_jail_validity
                                persist_rdr_log_rule $proto $host_port $jail_port $@
                                load_rdr_log_rule $proto $host_port $jail_port $@
                                shift $#
                            else
                                usage
                            fi
                        elif [ $# -eq 1 ]; then
                            check_jail_validity
                            persist_rdr_log_rule $proto $host_port $jail_port $@
                            load_rdr_log_rule $proto $host_port $jail_port $@
                            shift 1
                        else
                            usage
                        fi
                        ;;
                    *)
                        usage
                        ;;
                esac
            fi
            check_jail_validity
            persist_rdr_rule $1 $2 $3
            load_rdr_rule $1 $2 $3
            shift 3
            ;;
        *)
            usage
--- a/usr/local/share/bastille/rename.sh
+++ b/usr/local/share/bastille/rename.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -76,13 +76,22 @@ update_fstab() {
    # Update fstab to use the new name
    FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab"
    if [ -f "${FSTAB_CONFIG}" ]; then
-        FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}")
+        # Skip if fstab is empty, e.g newly created thick or clone jails
-        FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
+        if [ -s "${FSTAB_CONFIG}" ]; then
-        FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
+            FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RC[1-2])|([0-9]{1,2}-stable-build-[0-9]{1,3})|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)|(current-BUILD-LATEST)' "${FSTAB_CONFIG}")
-        if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
+            FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}")
-            # If both variables are set, update as needed
+            FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0"
-            if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" "${FSTAB_CONFIG}"; then
+            if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then
-                sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
+                # If both variables are set, update as needed
                if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" "${FSTAB_CONFIG}"; then
                    sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}"
                fi
            fi
            # Update linuxjail fstab name entries
            # Search for either linprocfs/linsysfs, if true assume is a linux jail
            if grep -qwE "linprocfs|linsysfs" "${FSTAB_CONFIG}"; then
                sed -i '' "s|.${bastille_jailsdir}/${TARGET}/|${bastille_jailsdir}/${NEWNAME}/|" "${FSTAB_CONFIG}"
            fi
        fi
    fi
--- a/usr/local/share/bastille/restart.sh
+++ b/usr/local/share/bastille/restart.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/service.sh
+++ b/usr/local/share/bastille/service.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/start.sh
+++ b/usr/local/share/bastille/start.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -49,12 +49,8 @@ fi
 for _jail in ${JAILS}; do
    ## test if running
    if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
-        ## remove ip4.addr from firewall table:jails
+        ## Capture ip4.addr address while still running
-        if [ -n "${bastille_network_loopback}" ]; then
+        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
            if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
                pfctl -q -t jails -T delete "$(/usr/sbin/jls -j ${_jail} ip4.addr)"
            fi
        fi
        # Check if pfctl is present
        if which -s pfctl; then
@@ -73,6 +69,13 @@ for _jail in ${JAILS}; do
        ## stop container
        info "[${_jail}]:"
        jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
        ## remove (captured above) ip4.addr from firewall table:jails
        if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
            if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
                pfctl -q -t jails -T delete "${_ip}"
            fi
        fi
    fi
    echo
 done
--- a/usr/local/share/bastille/sysrc.sh
+++ b/usr/local/share/bastille/sysrc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -229,6 +229,7 @@ for _jail in ${JAILS}; do
    bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path)
    if [ "$(bastille config $TARGET get vnet)" != 'enabled' ]; then
        _jail_ip=$(/usr/sbin/jls -j "${_jail}" ip4.addr 2>/dev/null)
        _jail_ip6=$(/usr/sbin/jls -j "${_jail}" ip6.addr 2>/dev/null)
        if [ -z "${_jail_ip}" -o "${_jail_ip}" = "-" ]; then
            error_notify "Jail IP not found: ${_jail}"
            _jail_ip='' # In case it was -. -- cwells
@@ -251,7 +252,7 @@ for _jail in ${JAILS}; do
    # Build a list of sed commands like this: -e 's/${username}/root/g' -e 's/${domain}/example.com/g'
    # Values provided by default (without being defined by the user) are listed here. -- cwells
-    ARG_REPLACEMENTS="-e 's/\${JAIL_IP}/${_jail_ip}/g' -e 's/\${JAIL_NAME}/${_jail}/g'"
+    ARG_REPLACEMENTS="-e 's/\${JAIL_IP}/${_jail_ip}/g' -e 's/\${JAIL_IP6}/${_jail_ip6}/g' -e 's/\${JAIL_NAME}/${_jail}/g'"
    # This is parsed outside the HOOKS loop so an ARG file can be used with a Bastillefile. -- cwells
    if [ -s "${bastille_template}/ARG" ]; then
        while read _line; do
--- a/usr/local/share/bastille/templates/default/clone/Bastillefile
+++ b/usr/local/share/bastille/templates/default/clone/Bastillefile
@@ -0,0 +1,4 @@
 ARG BASE_TEMPLATE=default/base
 ARG HOST_RESOLV_CONF=/etc/resolv.conf
 INCLUDE ${BASE_TEMPLATE} --arg HOST_RESOLV_CONF="${HOST_RESOLV_CONF}"
--- a/usr/local/share/bastille/top.sh
+++ b/usr/local/share/bastille/top.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/umount.sh
+++ b/usr/local/share/bastille/umount.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/update.sh
+++ b/usr/local/share/bastille/update.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -73,6 +73,13 @@ if freebsd-version | grep -qi HBSD; then
    error_exit "Not yet supported on HardenedBSD."
 fi
 # Check for alternate/unsupported archs
 arch_check() {
    if echo "${TARGET}" | grep -w "[0-9]\{1,2\}\.[0-9]\-RELEASE\-i386"; then
        ARCH_I386="1"
    fi
 }
 jail_check() {
    # Check if the jail is thick and is running
    if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
@@ -103,8 +110,13 @@ jail_update() {
 release_update() {
    # Update a release base(affects child containers)
    if [ -d "${bastille_releasesdir}/${TARGET}" ]; then
        TARGET_TRIM="${TARGET}"
        if [ -n "${ARCH_I386}" ]; then
            TARGET_TRIM=$(echo "${TARGET}" | sed 's/-i386//')
        fi
        env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \
-        fetch install --currently-running "${TARGET}"
+        fetch install --currently-running "${TARGET_TRIM}"
    else
        error_exit "${TARGET} not found. See 'bastille bootstrap'."
    fi
@@ -152,6 +164,7 @@ elif echo "${TARGET}" | grep -Eq '^[A-Za-z0-9_-]+/[A-Za-z0-9_-]+$'; then
    BASTILLE_TEMPLATE="${TARGET}"
    template_update
 elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then
    arch_check
    release_update
 else
    jail_update
--- a/usr/local/share/bastille/upgrade.sh
+++ b/usr/local/share/bastille/upgrade.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/verify.sh
+++ b/usr/local/share/bastille/verify.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/zfs.sh
+++ b/usr/local/share/bastille/zfs.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2018-2021, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2022, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
Author	SHA1	Message	Date
Christer Edwards	da377f4735	Merge pull request #529 from BastilleBSD/fete_nationale_2022 prepare for fete nationale 2022	2022-07-13 21:32:33 -06:00
Christer Edwards	f5b47d8f9e	prepare for fete nationale 2022	2022-07-13 21:30:04 -06:00
Christer Edwards	6de6e7bc6f	Merge pull request #519 from JRGTH/bootstrap_fixes Avoid cache/RELEASE dirs creation on Linux jails	2022-07-10 20:23:44 -06:00
Christer Edwards	533d108d91	Merge pull request #526 from boogiewookie/master The text speaks of defining an OVERLAY but the example uses CP.	2022-07-10 20:23:22 -06:00
Kevet Duncombe	a5bf6eca16	Merge pull request #1 from boogiewookie/boogiewookie-patch-1 Update README.md	2022-06-20 06:35:02 -05:00
Kevet Duncombe	10468cd08f	Update README.md	2022-06-20 06:30:42 -05:00
Christer Edwards	e8a72bcd75	Merge pull request #520 from JRGTH/cmd_fixes Allow 'bastille cmd' on Linux jails	2022-05-31 13:36:31 -06:00
JRGTH	b69eedc066	Allow 'bastille cmd' on Linux jails Allow executing commands on Linux jails with `bastille cmd`.	2022-05-16 09:34:37 -04:00
JRGTH	62d038049d	Avoid cache/RELEASE dirs creation on Linux jails Don't create unused/stale cache/RELEASE directory/datasets on Linux jails creation.	2022-05-15 04:15:39 -04:00
Christer Edwards	3ba1024704	Merge pull request #510 from cyrilst/patch-1 Repair table, fix incorrect descriptions	2022-05-04 14:50:24 -06:00
Christer Edwards	dbb720fef4	Merge pull request #500 from eborisch/graceful_network_stop Permit outgoing network connections during stop action	2022-05-04 14:49:26 -06:00
Christer Edwards	d0903347a6	Merge pull request #502 from nmurali94/master Extend RDR to support logging	2022-05-04 14:47:30 -06:00
Christer Edwards	b9d38a5d01	Merge pull request #505 from ctuffli/patch-1 Allow Linux jails to see their mount points	2022-05-04 14:46:38 -06:00
Christer Edwards	f14eddc958	Merge pull request #507 from ellislm/fix_vnet_epair fix non-unique epair creation when using vnet	2022-05-04 14:45:33 -06:00
Christer Edwards	e64c81d18a	Merge pull request #515 from ddowse/template-ip6 Add variable JAIL_IP6 to access ip6.addr in templates	2022-05-04 14:44:00 -06:00
Christer Edwards	674a34d69c	Merge pull request #511 from fellmoon/patch-1 Update bootstrap.rst	2022-05-04 14:38:39 -06:00
fellmoon	a97ac27a46	Update bootstrap.rst	2022-05-04 22:27:15 +02:00
Daniel Dowse - Freelancer	4302445eb5	Add variable JAIL_IP6 to access ip6.addr in templates	2022-04-08 15:26:53 +02:00
fellmoon	d9f1dfdc2f	Update bootstrap.rst added example how to bootstrap hardenedbsd	2022-03-21 00:42:39 +01:00
cyrilst	ebb93c795e	Repair table, fix incorrect descriptions	2022-03-16 13:55:51 +01:00
Logan Ellis	dbd4b5edc5	fix non-unique epair creation when using vnet	2022-03-10 00:08:38 -08:00
Chuck Tuffli	abc8a6b280	Allow Linux jails to see their mount points Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running `mountpoint /proc` While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory. Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible.	2022-03-04 08:16:33 -08:00
Niketh Murali	6e5a566d7f	Extend RDR to support logging PF allows us to log rdr rules. The syntax to enable this is found in pf.conf under the syntax grammar section for rdr-rule. This commit extends Bastille's command line interface to allow users to choose to log their rdr rules using the pf.conf syntax - `````````````````````````````````````````````````````` tcp\|udp host_port jail_port [log ['(' logopts ')'] ] `````````````````````````````````````````````````````` Here, the syntax after jail_port is optional. This is sufficient to provide backwards compatibility. The keyword 'log' enables logging with the default options. The user can also provide custom options - logopts - whose the syntax and allowed keywords are defined in pf.conf. It's left to the user to supply correct logopts as the code does not verify those values or their syntax.	2022-03-01 21:54:34 -05:00
Eric A. Borisch	24eb03c2e6	Permit outgoing connections during stop action	2022-02-24 09:42:40 -06:00
Christer Edwards	ff7de9167a	Merge pull request #498 from cedwards/master 0.9.20220216 release	2022-02-16 23:34:59 -07:00
Christer Edwards	aafc2b3323	0.9.20220216 release	2022-02-16 23:28:09 -07:00
Christer Edwards	efed673e76	Merge pull request #490 from noracenofun/new-option--p-for-list-release added the new option -p for list release	2022-02-16 23:05:03 -07:00
Christer Edwards	6aa6e40db1	Merge pull request #485 from JRGTH/clonejail_support Initial support for clone jails	2022-02-16 23:02:41 -07:00
Christer Edwards	4726c48813	Merge pull request #491 from JRGTH/rename_fixes Consistency improvements	2022-02-16 22:59:31 -07:00
Christer Edwards	920ca1fba0	Merge pull request #497 from frikilax/fix_fstab_clone CLONE.SH::FIXED:: update fstab paths with new jail path	2022-02-16 22:58:52 -07:00
Theo BERTIN	6ca0369072	CLONE.SH::ADDED:: Complete FSTAB_RELEASE grep from fstab to get all release names some release names (such as 14.0-CURRENT) were not correctly extracted from the fstab during fstab modification	2022-02-11 10:16:59 +01:00
Theo BERTIN	66d830a55f	CLONE.SH::ADDED:: update fstab paths with new jail path	2022-02-11 09:41:02 +01:00
Christer Edwards	e4e1fadf35	Merge pull request #495 from gogolok/readme_fix_formatting README: Fix formatting	2022-02-02 12:35:47 -07:00
Robert Gogolok	6b43067d86	README: Fix formatting	2022-02-02 09:03:55 +01:00
JRGTH	9052271232	Consistency improvements	2022-01-17 20:47:48 -04:00
noracenofun	4be7795f0a	added the new option -p for list release This new option lists the patch level of FreeBSD releases.	2022-01-18 01:05:29 +01:00
Christer Edwards	ab43a7569f	Merge pull request #488 from JRGTH/rename_fixes Update Linuxjail name entries upon jail renaming	2022-01-17 16:21:37 -07:00
Christer Edwards	d7d0d864c3	Merge pull request #489 from noracenofun/bootstrap-aarch64/arm64-Debian/Ubuntu bootstrap aarch64/arm64 Debian/Ubuntu support	2022-01-17 16:20:38 -07:00
Christer Edwards	5d9ea33889	Merge pull request #486 from noracenofun/patch-1 optimizing command `list -a`	2022-01-17 16:19:24 -07:00
noracenofun	dc9b5fb9bd	bootstrap aarch64/arm64 Debian/Ubuntu added support to bootstrap aarch64/arm64 Debian or Ubuntu for ARM64 hosts	2022-01-16 19:51:58 +01:00
JRGTH	a62f36333d	Update Linuxjail name entries upon jail renaming	2022-01-16 14:00:23 -04:00
noracenofun	29e72cd34d	various optimization and added linux release various optimization as well as determine and display of linux release added	2022-01-16 16:06:20 +01:00
JRGTH	03b9817f5a	Initial support for clone jails	2022-01-15 11:32:28 -04:00
Christer Edwards	38bb7faabf	Merge pull request #483 from robarnold/import_vnet Import basic vnet settings from iocage	2022-01-14 20:22:04 -07:00
Christer Edwards	cc8e9f24a1	Merge pull request #482 from JRGTH/update_fixes Fix to allow 32-Bit base releases to be updated	2022-01-14 20:18:16 -07:00
Christer Edwards	268d00be1f	Merge pull request #484 from JRGTH/bootstrap_fixes Bugfix to prevent double directory creation when bootstrapping Linux …	2022-01-14 20:04:18 -07:00
JRGTH	91bb955dd5	Bugfix to prevent double directory creation when bootstrapping Linux releases	2022-01-14 09:07:32 -04:00
Rob Arnold	c98d03a8e5	Import basic vnet settings from iocage There's quite a bit more we could do here, but this hits my basic usage with vnets. Future work here would be things like ipv6 support or trying to infer what a custom `interfaces` setting means.	2022-01-13 21:04:15 -08:00
JRGTH	e11ed392f6	Fix to allow 32-Bit base releases to be updated	2022-01-13 20:39:07 -04:00
Christer Edwards	548ab2e250	Merge pull request #479 from JRGTH/master Make sure to check/bootstrap directories first	2022-01-13 12:20:51 -07:00
Christer Edwards	9fa07ae24e	Merge pull request #480 from robarnold/import Import iocage basejails as Bastille thin jails	2022-01-13 12:20:32 -07:00
Rob Arnold	523c3f0bde	Import iocage basejails as Bastille thin jails I think these are the same concept, but with slightly different execution. The main idea is to have a central base system that is shared (readonly) among multiple jails. When this base system is updated, all the jails that reference it immediately see the new system files. This is implemented in iocage as a set of individual zfs mounts, one per system directory. In Bastille, each system directory is symlinked into a subdirectory of a single zfs mount. My test plan here was to import an exported iocage basejail and verify that its Bastille version has the right fstab and symlink changes: ``` Validating file: ssl_2021-11-19.zip... File validation successful! Importing 'ssl' from foreign compressed .zip archive. Archive: ssl_2021-11-19.zip extracting: ssl_2021-11-19 extracting: ssl_2021-11-19_root Receiving ZFS data stream... Generating jail.conf... Updating symlinks... ln: usr/src: Directory not empty Warning: directory usr/src on imported jail was not empty and will not be updated by Bastille Container 'ssl' imported successfully. ```	2022-01-09 18:05:05 -08:00
JRGTH	af0e9a95a4	Allow `--safe` to be added to defined options	2022-01-04 17:17:36 -04:00
JRGTH	26e8f382e4	Override case options by the user defined option(s)	2022-01-04 17:03:07 -04:00
JRGTH	788e4c283b	Make sure to check/bootstrap directories first	2022-01-03 09:23:10 -04:00
Christer Edwards	a56cb2d433	Merge pull request #478 from yaazkal/fix_create_vnet Fix create vnet jails	2021-12-28 20:59:42 -07:00
yaazkal	17e4fa78f9	[FIX] vnet: use the right search pattern to choose the unique epair	2021-12-28 22:42:52 -05:00
yaazkal	c8545e8598	[REF] indentation: change tab to spaces	2021-12-28 21:22:30 -05:00
yaazkal	9a47a6c573	[REF] SC2003: expr is antiquated	2021-12-28 21:19:54 -05:00