Compare commits
11 Commits
20231125_p
...
eol_patch
| Author | SHA1 | Date | |
|---|---|---|---|
|
b30a7484bb | ||
|
b05493bc8e | ||
|
|
97a0e692d9 | ||
|
|
3df39078bf | ||
|
|
620ad465d6 | ||
|
|
c2b17f346d | ||
|
|
d0ff97057e | ||
|
|
c8b3fb3bc1 | ||
|
|
51f9003016 | ||
|
|
2de0766b54 | ||
|
a38403b028 |
@@ -8,10 +8,19 @@
|
|||||||
|
|
||||||
# Add the following to /etc/rc.conf[.local] to enable this service
|
# Add the following to /etc/rc.conf[.local] to enable this service
|
||||||
#
|
#
|
||||||
# bastille_enable (bool): Set to NO by default.
|
# bastille_enable (bool): Set to "NO" by default.
|
||||||
# Set it to YES to enable bastille.
|
# Set it to "YES" to enable bastille.
|
||||||
# bastille_list (string): Set to "ALL" by default.
|
# bastille_conf (bool): Set to "/usr/local/etc/bastille/bastille.conf" by default.
|
||||||
# Space separated list of jails to start.
|
# Path to bastile.conf file. Used if bastille_rcorder="YES".
|
||||||
|
# bastille_list (string): Set to "ALL" by default.
|
||||||
|
# Space separated list of jails to start or "ALL" to start all
|
||||||
|
# jails.
|
||||||
|
# bastille_rcorder (bool): Set to "NO" by default.
|
||||||
|
# Set it to "YES" to start all jails in order, defined by
|
||||||
|
# rcorder(8). It starts all jails, except jails with "KEYWORD:
|
||||||
|
# nostart" in jail.conf. Value of bastille_list is ignored in this
|
||||||
|
# case, requires correct path to bastile.conf in bastille_conf
|
||||||
|
# var.
|
||||||
#
|
#
|
||||||
|
|
||||||
. /etc/rc.subr
|
. /etc/rc.subr
|
||||||
@@ -19,24 +28,36 @@
|
|||||||
name=bastille
|
name=bastille
|
||||||
rcvar=${name}_enable
|
rcvar=${name}_enable
|
||||||
|
|
||||||
: ${bastille_enable:=NO}
|
: ${bastille_enable:="NO"}
|
||||||
|
: ${bastille_conf:="/usr/local/etc/bastille/bastille.conf"}
|
||||||
: ${bastille_list:="ALL"}
|
: ${bastille_list:="ALL"}
|
||||||
|
: ${bastille_rcorder:="NO"}
|
||||||
|
|
||||||
command=/usr/local/bin/${name}
|
command=/usr/local/bin/${name}
|
||||||
start_cmd="bastille_start"
|
start_cmd="bastille_start"
|
||||||
stop_cmd="bastille_stop"
|
stop_cmd="bastille_stop"
|
||||||
restart_cmd="bastille_stop && bastille_start"
|
restart_cmd="bastille_stop && bastille_start"
|
||||||
|
|
||||||
|
rcordered_list() {
|
||||||
|
local _jailsdir
|
||||||
|
_jailsdir=$(. $bastille_conf; echo $bastille_jailsdir)
|
||||||
|
bastille_ordered_list=$(rcorder -s nostart ${_jailsdir}/*/jail.conf | xargs dirname | xargs basename | tr "\n" " ")
|
||||||
|
}
|
||||||
|
|
||||||
bastille_start()
|
bastille_start()
|
||||||
{
|
{
|
||||||
if [ -z "${bastille_list}" ]; then
|
|
||||||
echo "bastille_list is undefined"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
local _jail
|
local _jail
|
||||||
|
|
||||||
for _jail in ${bastille_list}; do
|
if checkyesno bastille_rcorder; then
|
||||||
|
rcordered_list
|
||||||
|
elif [ -z "${bastille_list}" ]; then
|
||||||
|
echo "bastille_list is undefined"
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
bastille_ordered_list=${bastille_list}
|
||||||
|
fi
|
||||||
|
|
||||||
|
for _jail in ${bastille_ordered_list}; do
|
||||||
echo "Starting Bastille Container: ${_jail}"
|
echo "Starting Bastille Container: ${_jail}"
|
||||||
${command} start ${_jail}
|
${command} start ${_jail}
|
||||||
done
|
done
|
||||||
@@ -44,16 +65,20 @@ bastille_start()
|
|||||||
|
|
||||||
bastille_stop()
|
bastille_stop()
|
||||||
{
|
{
|
||||||
if [ -z "${bastille_list}" ]; then
|
local _jail _revlist
|
||||||
|
|
||||||
|
if checkyesno bastille_rcorder; then
|
||||||
|
rcordered_list
|
||||||
|
elif [ -z "${bastille_list}" ]; then
|
||||||
echo "bastille_list is undefined"
|
echo "bastille_list is undefined"
|
||||||
return 1
|
return 1
|
||||||
|
else
|
||||||
|
bastille_ordered_list=${bastille_list}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local _jail
|
|
||||||
|
|
||||||
## reverse order of list for shutdown ## fixes #389
|
## reverse order of list for shutdown ## fixes #389
|
||||||
bastille_revlist=$(echo "${bastille_list}" | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
|
_revlist=$(echo "${bastille_ordered_list}" | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
|
||||||
for _jail in ${bastille_revlist}; do
|
for _jail in ${_revlist}; do
|
||||||
echo "Stopping Bastille Container: ${_jail}"
|
echo "Stopping Bastille Container: ${_jail}"
|
||||||
${command} stop ${_jail}
|
${command} stop ${_jail}
|
||||||
done
|
done
|
||||||
|
|||||||
@@ -474,9 +474,9 @@ if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" !=
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
## allow override bootstrap URLs via environment variables
|
## allow override bootstrap URLs via environment variables
|
||||||
[ -n ${BASTILLE_URL_FREEBSD} ] && bastille_url_freebsd="${BASTILLE_URL_FREEBSD}"
|
[ -n "${BASTILLE_URL_FREEBSD}" ] && bastille_url_freebsd="${BASTILLE_URL_FREEBSD}"
|
||||||
[ -n ${BASTILLE_URL_HARDENEDBSD} ] && bastille_url_hardenedbsd="${BASTILLE_URL_HARDENEDBSD}"
|
[ -n "${BASTILLE_URL_HARDENEDBSD}" ] && bastille_url_hardenedbsd="${BASTILLE_URL_HARDENEDBSD}"
|
||||||
[ -n ${BASTILLE_URL_MIDNIGHTBSD} ] && bastille_url_midnightbsd="${BASTILLE_URL_MIDNIGHTBSD}"
|
[ -n "${BASTILLE_URL_MIDNIGHTBSD}" ] && bastille_url_midnightbsd="${BASTILLE_URL_MIDNIGHTBSD}"
|
||||||
|
|
||||||
## Filter sane release names
|
## Filter sane release names
|
||||||
case "${1}" in
|
case "${1}" in
|
||||||
|
|||||||
@@ -607,36 +607,80 @@ LINUX_JAIL=""
|
|||||||
# Handle and parse options
|
# Handle and parse options
|
||||||
while [ $# -gt 0 ]; do
|
while [ $# -gt 0 ]; do
|
||||||
case "${1}" in
|
case "${1}" in
|
||||||
-E|--empty|empty)
|
-E|--empty)
|
||||||
EMPTY_JAIL="1"
|
EMPTY_JAIL="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-L|--linux|linux)
|
-L|--linux)
|
||||||
LINUX_JAIL="1"
|
LINUX_JAIL="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-T|--thick|thick)
|
-T|--thick)
|
||||||
THICK_JAIL="1"
|
THICK_JAIL="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-V|--vnet|vnet)
|
-V|--vnet)
|
||||||
VNET_JAIL="1"
|
VNET_JAIL="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-B|--bridge|bridge)
|
-B|--bridge)
|
||||||
VNET_JAIL="1"
|
VNET_JAIL="1"
|
||||||
VNET_JAIL_BRIDGE="1"
|
VNET_JAIL_BRIDGE="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
-C|--clone|clone)
|
-C|--clone)
|
||||||
CLONE_JAIL="1"
|
CLONE_JAIL="1"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
-CV|-VC|--clone-vnet)
|
||||||
|
CLONE_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-CB|-BC|--clone-bridge)
|
||||||
|
CLONE_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
VNET_JAIL_BRIDGE="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-TV|-VT|--thick-vnet)
|
||||||
|
THICK_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-TB|-BT|--thick-bridge)
|
||||||
|
THICK_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
VNET_JAIL_BRIDGE="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-EB|-BE|--empty-bridge)
|
||||||
|
EMPTY_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
VNET_JAIL_BRIDGE="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-EV|-VE|--empty-vnet)
|
||||||
|
EMPTY_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-LV|-VL|--linux-vnet)
|
||||||
|
LINUX_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-LB|-BL|--linux-bridge)
|
||||||
|
LINUX_JAIL="1"
|
||||||
|
VNET_JAIL="1"
|
||||||
|
VNET_JAIL_BRIDGE="1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
-*|--*)
|
-*|--*)
|
||||||
error_notify "Unknown Option."
|
error_notify "Unknown Option."
|
||||||
usage
|
usage
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
Reference in New Issue
Block a user