From aeab811b583cd2cf93a3d867f2554895bdd5e1b2 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 15:49:44 -0600 Subject: [PATCH 01/26] config: Allow setting priority and boot options --- usr/local/share/bastille/config.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index a6ff11c5..ce77a62b 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -73,7 +73,7 @@ while [ "$#" -gt 0 ]; do esac done -if [ "$#" -lt 1 ] || [ "$#" -gt 3 ]; then +if [ "$#" -lt 1 ] || [ "$#" -gt 4 ]; then usage fi @@ -113,6 +113,24 @@ print_jail_conf() { } for _jail in ${JAILS}; do + +if [ "${PROPERTY}" = "priority" ]; then + FILE="${bastille_jailsdir}/${_jail}/boot.conf" + if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then + info "[${_jail}]:" + sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" + else + error_exit "Priority value must be a number." + fi +elif [ "${PROPERTY}" = "boot" ]; then + FILE="${bastille_jailsdir}/${_jail}/boot.conf" + if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then + info "[${_jail}]:" + sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" + else + error_exit "Boot value must be 'on' or 'off'." + fi +else FILE="${bastille_jailsdir}/${_jail}/jail.conf" if [ ! -f "${FILE}" ]; then error_notify "jail.conf does not exist for jail: ${_jail}" @@ -200,6 +218,7 @@ for _jail in ${JAILS}; do ' "${_tmpfile}" > "${FILE}" rm "${_tmpfile}" fi +fi done # Only display this message once at the end (not for every jail). -- cwells From fdc4dda008f634975dcd8774e32b2ed87056e6cd Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 15:54:46 -0600 Subject: [PATCH 02/26] rc: Remove rcorder in favor of priorities and boot setting --- usr/local/etc/rc.d/bastille | 55 ++++++++++++++----------------------- 1 file changed, 20 insertions(+), 35 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index 15420986..bc86ae98 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -30,8 +30,6 @@ rcvar=${name}_enable : ${bastille_enable:="NO"} : ${bastille_conf:="/usr/local/etc/bastille/bastille.conf"} -: ${bastille_list:="ALL"} -: ${bastille_rcorder:="NO"} : ${bastille_startup_delay:=0} command=/usr/local/bin/${name} @@ -39,48 +37,35 @@ start_cmd="bastille_start" stop_cmd="bastille_stop" restart_cmd="bastille_stop && bastille_start" -rcordered_list() { - local _jailsdir - _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) - bastille_ordered_list=$(rcorder -s nostart ${_jailsdir}/*/jail.conf | xargs dirname | xargs basename -a | tr "\n" " ") -} - bastille_start() { - local _jail + local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) + local _priority_list=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -k2 -n | awk -F'/' '{print $(NF-1)}') - if checkyesno bastille_rcorder; then - rcordered_list - elif [ -z "${bastille_list}" ]; then - echo "bastille_list is undefined" - return 1 - else - bastille_ordered_list=${bastille_list} - fi - - for _jail in ${bastille_ordered_list}; do - sleep ${bastille_startup_delay} - echo "Starting Bastille Container: ${_jail}" - ${command} start ${_jail} + for _jail in ${_priority_list}; do + local _boot_file=${_jailsdir}/${_jail}/boot.conf + # Set defaults if boot file does not exist + if [ ! -f ${_boot_file} ]; then + sysrc -f ${_boot_file} boot=on + sysrc -f ${_boot_file} priority=99 + fi + local _boot_enabled="$(sysrc -f ${_boot_file} -n boot)" + if [ "${_boot_enabled}" = "yes" ]; then + echo "Starting Bastille Container: ${_jail}" + ${command} start ${_jail} + sleep ${bastille_startup_delay} + else + continue + fi done } bastille_stop() { - local _jail _revlist + local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) + local _priority_list_rev=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -k2 -nr | awk -F'/' '{print $(NF-1)}') - if checkyesno bastille_rcorder; then - rcordered_list - elif [ -z "${bastille_list}" ]; then - echo "bastille_list is undefined" - return 1 - else - bastille_ordered_list=${bastille_list} - fi - - ## reverse order of list for shutdown ## fixes #389 - _revlist=$(echo "${bastille_ordered_list}" | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }') - for _jail in ${_revlist}; do + for _jail in ${_priority_list_rev}; do echo "Stopping Bastille Container: ${_jail}" ${command} stop ${_jail} done From b49310cafcef6f12bb0924c647c43f0017f0336b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 16:00:56 -0600 Subject: [PATCH 03/26] create: Set boot and priority values on creation --- usr/local/share/bastille/create.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index f99ad4b0..2873e591 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -47,6 +47,7 @@ usage() { -L | --linux This option is intended for testing with Linux jails, this is considered experimental. -M | --static-mac Generate a static MAC address for jail (VNET only). --no-validate Do not validate the release when creating the jail. + -p | --priority VALUE Sets the priority value for jail startup and shutdown. -T | --thick Creates a thick container, they consume more space as they are self contained and independent. -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. -v | --vlan VLANID Creates the jail with specified VLAN ID (VNET only). @@ -654,6 +655,10 @@ create_jail() { bastille restart "${NAME}" fi fi + + # Apply priority and boot settings + sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=on + sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" priority="${PRIORITY}" } bastille_root_check @@ -675,6 +680,7 @@ LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" +PRIORITY="99" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) @@ -705,6 +711,14 @@ while [ $# -gt 0 ]; do STATIC_MAC="1" shift ;; + -p|--priority) + if echo "${2}" | grep -Eoq "^[0-9]+$"; then + PRIORITY="${2}" + shift 2 + else + error_exit "Not a valid priority value: \"${2}\"" + fi + ;; --no-validate|no-validate) VALIDATE_RELEASE="" shift From fd1e19b91678a4ecf339fd3040d3bed4923c9dd4 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 16:22:49 -0600 Subject: [PATCH 04/26] rd: fix sorting or priorities --- usr/local/etc/rc.d/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index bc86ae98..20306eb3 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -40,7 +40,7 @@ restart_cmd="bastille_stop && bastille_start" bastille_start() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) - local _priority_list=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -k2 -n | awk -F'/' '{print $(NF-1)}') + local _priority_list=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -n | awk -F'/' '{print $(NF-1)}') for _jail in ${_priority_list}; do local _boot_file=${_jailsdir}/${_jail}/boot.conf @@ -63,7 +63,7 @@ bastille_start() bastille_stop() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) - local _priority_list_rev=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -k2 -nr | awk -F'/' '{print $(NF-1)}') + local _priority_list_rev=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -nr | awk -F'/' '{print $(NF-1)}') for _jail in ${_priority_list_rev}; do echo "Stopping Bastille Container: ${_jail}" From cf806dab59fc8c12b06ac3067c7f94cc7afeb5c1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 16:30:32 -0600 Subject: [PATCH 05/26] config: Allow getting priority and boot config --- usr/local/share/bastille/config.sh | 205 +++++++++++++++-------------- 1 file changed, 106 insertions(+), 99 deletions(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index ce77a62b..0dd21893 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -114,111 +114,118 @@ print_jail_conf() { for _jail in ${JAILS}; do -if [ "${PROPERTY}" = "priority" ]; then - FILE="${bastille_jailsdir}/${_jail}/boot.conf" - if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then - info "[${_jail}]:" - sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" - else - error_exit "Priority value must be a number." - fi -elif [ "${PROPERTY}" = "boot" ]; then - FILE="${bastille_jailsdir}/${_jail}/boot.conf" - if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then - info "[${_jail}]:" - sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" - else - error_exit "Boot value must be 'on' or 'off'." - fi -else - FILE="${bastille_jailsdir}/${_jail}/jail.conf" - if [ ! -f "${FILE}" ]; then - error_notify "jail.conf does not exist for jail: ${_jail}" - continue - fi - - if [ "${ACTION}" = 'get' ]; then - _output=$( - print_jail_conf "${FILE}" | awk -F= -v property="${PROPERTY}" ' - $1 == property { - # note that we have found the property - found = 1; - # check if there is a value for this property - if (NF == 2) { - # remove any quotes surrounding the string - #sub(",[^|]*\\|", ",", $2); - sub(/^"/, "", $2); - sub(/"$/, "", $2); - print $2; - } else { - # no value, just the property name - print "enabled"; - } - exit 0; - } - END { - # if we have not found anything we need to print a special - # string - if (! found) { - print("not set"); - # let the caller know that this is a warn condition - exit(120); - } - }' - ) - # check if our output is a warning or regular - if [ $? -eq 120 ]; then - warn "${_output}" - else - echo "${_output}" - fi - else # Setting the value. -- cwells - if [ -n "${VALUE}" ]; then - VALUE=$(echo "${VALUE}" | sed 's/\//\\\//g') - if echo "${VALUE}" | grep ' ' > /dev/null 2>&1; then # Contains a space, so wrap in quotes. -- cwells - VALUE="'${VALUE}'" + if [ "${PROPERTY}" = "priority" ]; then + FILE="${bastille_jailsdir}/${_jail}/boot.conf" + info "[${_jail}]:" + if [ "${ACTION}" = "set" ]; then + if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then + sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" + else + error_exit "Priority value must be a number." fi - LINE=" ${PROPERTY} = ${VALUE};" else - LINE=" ${PROPERTY};" + sysrc -f "${FILE}" -n "${PROPERTY}" fi + elif [ "${PROPERTY}" = "boot" ]; then + FILE="${bastille_jailsdir}/${_jail}/boot.conf" + info "[${_jail}]:" + if [ "${ACTION}" = "set" ]; then + if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then + sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" + else + error_exit "Boot value must be 'on' or 'off'." + fi + else + sysrc -f "${FILE}" -n "${PROPERTY}" + fi + else + FILE="${bastille_jailsdir}/${_jail}/jail.conf" + if [ ! -f "${FILE}" ]; then + error_notify "jail.conf does not exist for jail: ${_jail}" + continue + fi + if [ "${ACTION}" = 'get' ]; then + _output=$( + print_jail_conf "${FILE}" | awk -F= -v property="${PROPERTY}" ' + $1 == property { + # note that we have found the property + found = 1; + # check if there is a value for this property + if (NF == 2) { + # remove any quotes surrounding the string + #sub(",[^|]*\\|", ",", $2); + sub(/^"/, "", $2); + sub(/"$/, "", $2); + print $2; + } else { + # no value, just the property name + print "enabled"; + } + exit 0; + } + END { + # if we have not found anything we need to print a special + # string + if (! found) { + print("not set"); + # let the caller know that this is a warn condition + exit(120); + } + }' + ) + # check if our output is a warning or regular + if [ $? -eq 120 ]; then + warn "${_output}" + else + echo "${_output}" + fi + else # Setting the value. -- cwells + if [ -n "${VALUE}" ]; then + VALUE=$(echo "${VALUE}" | sed 's/\//\\\//g') + if echo "${VALUE}" | grep ' ' > /dev/null 2>&1; then # Contains a space, so wrap in quotes. -- cwells + VALUE="'${VALUE}'" + fi + LINE=" ${PROPERTY} = ${VALUE};" + else + LINE=" ${PROPERTY};" + fi - # add the value to the config file, replacing any existing value or, if - # there is none, at the end - # - # awk doesn't have "inplace" editing so we use a temp file - _tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed" - cp "${FILE}" "${_tmpfile}" && \ - awk -F= -v line="${LINE}" -v property="${PROPERTY}" ' - BEGIN { - # build RE as string as we can not expand vars in RE literals - prop_re = "^[[:space:]]*" property "[[:space:]]*;?$"; - } - $1 ~ prop_re && !found { - # we already have an entry in the config for this property so - # we need to substitute our line here rather than keep the - # existing line - print(line); - # note we have already found the property - found = 1; - # move onto the next line - next; - } - $1 == "}" { - # reached the end of the stanza so if we have not already - # added our line we need to do so now - if (! found) { - print(line); + # add the value to the config file, replacing any existing value or, if + # there is none, at the end + # + # awk doesn't have "inplace" editing so we use a temp file + _tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed" + cp "${FILE}" "${_tmpfile}" && \ + awk -F= -v line="${LINE}" -v property="${PROPERTY}" ' + BEGIN { + # build RE as string as we can not expand vars in RE literals + prop_re = "^[[:space:]]*" property "[[:space:]]*;?$"; } - } - { - # print each uninteresting line unchanged - print; - } - ' "${_tmpfile}" > "${FILE}" - rm "${_tmpfile}" + $1 ~ prop_re && !found { + # we already have an entry in the config for this property so + # we need to substitute our line here rather than keep the + # existing line + print(line); + # note we have already found the property + found = 1; + # move onto the next line + next; + } + $1 == "}" { + # reached the end of the stanza so if we have not already + # added our line we need to do so now + if (! found) { + print(line); + } + } + { + # print each uninteresting line unchanged + print; + } + ' "${_tmpfile}" > "${FILE}" + rm "${_tmpfile}" + fi fi -fi done # Only display this message once at the end (not for every jail). -- cwells From edeff6a9a1215a52c1763a5a01568ede72b2a4bc Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 17:04:40 -0600 Subject: [PATCH 06/26] config: Exit when no restart required+generic restart info --- usr/local/share/bastille/config.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 0dd21893..56114602 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -113,7 +113,7 @@ print_jail_conf() { } for _jail in ${JAILS}; do - + # Handle Bastille specific properties if [ "${PROPERTY}" = "priority" ]; then FILE="${bastille_jailsdir}/${_jail}/boot.conf" info "[${_jail}]:" @@ -126,6 +126,7 @@ for _jail in ${JAILS}; do else sysrc -f "${FILE}" -n "${PROPERTY}" fi + exit 0 elif [ "${PROPERTY}" = "boot" ]; then FILE="${bastille_jailsdir}/${_jail}/boot.conf" info "[${_jail}]:" @@ -138,6 +139,7 @@ for _jail in ${JAILS}; do else sysrc -f "${FILE}" -n "${PROPERTY}" fi + exit 0 else FILE="${bastille_jailsdir}/${_jail}/jail.conf" if [ ! -f "${FILE}" ]; then @@ -230,7 +232,7 @@ done # Only display this message once at the end (not for every jail). -- cwells if [ "${ACTION}" = 'set' ]; then - info "A restart is required for the changes to be applied. See 'bastille restart ${TARGET}'." + info "A restart is required for the changes to be applied. See 'bastille restart'." fi exit 0 From ee6460525729748f93df48736efb47121b04581a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 17:09:42 -0600 Subject: [PATCH 07/26] rc: Better var naming --- usr/local/etc/rc.d/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index 20306eb3..4d9f82b0 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -49,8 +49,8 @@ bastille_start() sysrc -f ${_boot_file} boot=on sysrc -f ${_boot_file} priority=99 fi - local _boot_enabled="$(sysrc -f ${_boot_file} -n boot)" - if [ "${_boot_enabled}" = "yes" ]; then + local _boot="$(sysrc -f ${_boot_file} -n boot)" + if [ "${_boot}" = "on" ]; then echo "Starting Bastille Container: ${_jail}" ${command} start ${_jail} sleep ${bastille_startup_delay} From 9910ee882d8245338c2f86c786ce39fd32286d43 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 12 Mar 2025 19:57:43 -0600 Subject: [PATCH 08/26] config: Dont print restart message on priority or boot --- usr/local/share/bastille/config.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 56114602..8f89cfef 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -81,6 +81,7 @@ bastille_root_check TARGET="${1}" ACTION="${2}" +BASTILLE_PROPERTY="" shift 2 set_target "${TARGET}" @@ -115,6 +116,7 @@ print_jail_conf() { for _jail in ${JAILS}; do # Handle Bastille specific properties if [ "${PROPERTY}" = "priority" ]; then + BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" info "[${_jail}]:" if [ "${ACTION}" = "set" ]; then @@ -126,8 +128,8 @@ for _jail in ${JAILS}; do else sysrc -f "${FILE}" -n "${PROPERTY}" fi - exit 0 elif [ "${PROPERTY}" = "boot" ]; then + BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" info "[${_jail}]:" if [ "${ACTION}" = "set" ]; then @@ -139,7 +141,6 @@ for _jail in ${JAILS}; do else sysrc -f "${FILE}" -n "${PROPERTY}" fi - exit 0 else FILE="${bastille_jailsdir}/${_jail}/jail.conf" if [ ! -f "${FILE}" ]; then @@ -231,7 +232,7 @@ for _jail in ${JAILS}; do done # Only display this message once at the end (not for every jail). -- cwells -if [ "${ACTION}" = 'set' ]; then +if [ "${ACTION}" = 'set' ] && [ -z "${BASTILLE_PROPERTY}" ]; then info "A restart is required for the changes to be applied. See 'bastille restart'." fi From 4813f7d3b0247dede692306621a1763b426c3b6c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 00:03:30 -0600 Subject: [PATCH 09/26] rc: Add comments --- usr/local/etc/rc.d/bastille | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index 4d9f82b0..c19aebf8 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -9,18 +9,12 @@ # Add the following to /etc/rc.conf[.local] to enable this service # # bastille_enable (bool): Set to "NO" by default. -# Set it to "YES" to enable bastille. +# Set it to "YES" to enable bastille. # bastille_conf (bool): Set to "/usr/local/etc/bastille/bastille.conf" by default. -# Path to bastile.conf file. Used if bastille_rcorder="YES". -# bastille_list (string): Set to "ALL" by default. -# Space separated list of jails to start or "ALL" to start all -# jails. -# bastille_rcorder (bool): Set to "NO" by default. -# Set it to "YES" to start all jails in order, defined by -# rcorder(8). It starts all jails, except jails with "KEYWORD: -# nostart" in jail.conf. Value of bastille_list is ignored in this -# case, requires correct path to bastile.conf in bastille_conf -# var. +# Path to bastile.conf file. +# bastille_startup_delay (bool): Set to 0 by default. +# Set to a numerical value. +# This is the delay between startup of each jail. # . /etc/rc.subr @@ -40,6 +34,7 @@ restart_cmd="bastille_stop && bastille_start" bastille_start() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) + # Sort jails by priority value local _priority_list=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -n | awk -F'/' '{print $(NF-1)}') for _jail in ${_priority_list}; do @@ -63,6 +58,7 @@ bastille_start() bastille_stop() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) + # Sort jails by priority value, in reverse order local _priority_list_rev=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -nr | awk -F'/' '{print $(NF-1)}') for _jail in ${_priority_list_rev}; do From e6a226085c809bd66174b705110e77be691d82b6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 06:43:14 -0600 Subject: [PATCH 10/26] list: Include boot and priority --- usr/local/share/bastille/list.sh | 35 +++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index c01875ab..4833a457 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -34,10 +34,12 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille list [option(s)] [-j|-a] [RELEASE (-p)] [template] [JAIL|CONTAINER] [log] [limit] [import] [export] [backup]" + error_notify "Usage: bastille list [option(s)] [-j|-a] [RELEASE (-p)] [template] [JAIL|CONTAINER] [log] [limit] [import] [export] [backup] [priority]" cat << EOF Options: + -a | --all List all jails, running and stopped, in bastille format. + -j | --json List jails in json format. -x | --debug Enable debug mode. EOF @@ -77,7 +79,7 @@ list_all(){ if [ "${MAX_LENGTH_THICK_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_THICK_JAIL_RELEASE}; fi if [ "${MAX_LENGTH_LINUX_JAIL_RELEASE}" -gt "${MAX_LENGTH_JAIL_RELEASE}" ]; then MAX_LENGTH_JAIL_RELEASE=${MAX_LENGTH_LINUX_JAIL_RELEASE}; fi if [ "${MAX_LENGTH_JAIL_RELEASE}" -lt 7 ]; then MAX_LENGTH_JAIL_RELEASE=7; fi - printf " JID%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" + printf " JID%*sBoot%*sPrio%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" if [ -n "${TARGET}" ]; then # Query all info for a specific jail. JAIL_LIST="${TARGET}" @@ -89,6 +91,8 @@ list_all(){ if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then JAIL_NAME=$(grep -h -m 1 -e "^.* {$" "${bastille_jailsdir}/${_JAIL}/jail.conf" 2> /dev/null | awk '{ print $1 }') JID="$(jls -j ${_JAIL} jid 2>/dev/null)" + BOOT="$(sysrc -f ${bastille_jailsdir}/${_JAIL}/boot.conf -n boot)" + PRIORITY="$(sysrc -f ${bastille_jailsdir}/${_JAIL}/boot.conf -n priority)" IS_FREEBSD_JAIL=0 if [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/bin/freebsd-version" ] || [ -f "${bastille_jailsdir}/${JAIL_NAME}/root/.bastille/bin/freebsd-version" ] || [ "$(grep -c "/releases/.*/root/.bastille.*nullfs" "${bastille_jailsdir}/${JAIL_NAME}/fstab" 2> /dev/null)" -gt 0 ]; then IS_FREEBSD_JAIL=1; fi IS_FREEBSD_JAIL=${IS_FREEBSD_JAIL:-0} @@ -101,8 +105,8 @@ list_all(){ JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}") if [ ! "${JAIL_IP}" ]; then JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi else - JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip4.addr 2> /dev/null) - if [ "${JAIL_IP}" = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip6.addr 2> /dev/null); fi + JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip4.addr 2> /dev/null | sed 's/,/\n/g') + if [ "${JAIL_IP}" = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip6.addr 2> /dev/null | sed 's/,/\n/g'); fi fi JAIL_HOSTNAME=$(/usr/sbin/jls -j ${JAIL_NAME} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${JAIL_NAME}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") @@ -142,6 +146,8 @@ list_all(){ if [ "${#JAIL_PORTS}" -gt "${MAX_LENGTH_JAIL_PORTS}" ]; then JAIL_PORTS="$(echo ${JAIL_PORTS} | cut -c-$((${MAX_LENGTH_JAIL_PORTS} - 3)))..."; fi JAIL_NAME=${JAIL_NAME:-${DEFAULT_VALUE}} JID=${JID:-${DEFAULT_VALUE}} + BOOT=${BOOT:-${DEFAULT_VALUE}} + PRIORITY=${PRIORITY:-${DEFAULT_VALUE}} JAIL_STATE=${JAIL_STATE:-${DEFAULT_VALUE}} JAIL_IP=${JAIL_IP:-${DEFAULT_VALUE}} JAIL_PORTS=${JAIL_PORTS:-${DEFAULT_VALUE}} @@ -157,12 +163,12 @@ list_all(){ # 10.10.10.11 # 10.10.10.12 FIRST_IP="$(echo "${JAIL_IP}" | head -n 1)" - printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${FIRST_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#FIRST_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${FIRST_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#FIRST_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" for IP in $(echo "${JAIL_IP}" | tail -n +2); do - printf "%*s %*s${IP}\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER}))" "" "$((5 + ${SPACER}))" "" + printf "%*s%*s%*s%*s ${IP}\n" "$((${MAX_LENGTH_JID} + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((5 + ${SPACER}))" "" done else - printf " ${JID}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" fi fi done @@ -233,6 +239,18 @@ list_ports(){ fi } +list_priority() { + if [ -d "${bastille_jailsdir}" ]; then + JAIL_LIST="$(bastille list jails)" + for _jail in ${JAIL_LIST}; do + if [ -f "${bastille_jailsdir}/${_jail}/boot.conf" ]; then + _priority="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n priority)" + echo "${_jail} ${_priority}" + fi + done + fi +} + bastille_root_check if [ "$#" -eq 0 ]; then @@ -311,6 +329,9 @@ if [ "$#" -gt 0 ]; then list_import exit 0 ;; + priorities|priority|prio) + list_priority + ;; *) # Check if we want to query all info for a specific jail instead. if [ -f "${bastille_jailsdir}/${1}/jail.conf" ]; then From afb0d40c7b35e4d56682290f020499e71e2f32c9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 06:48:42 -0600 Subject: [PATCH 11/26] rc: Use bastille list to show priorities --- usr/local/etc/rc.d/bastille | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index c19aebf8..88638ff4 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -8,10 +8,10 @@ # Add the following to /etc/rc.conf[.local] to enable this service # -# bastille_enable (bool): Set to "NO" by default. -# Set it to "YES" to enable bastille. -# bastille_conf (bool): Set to "/usr/local/etc/bastille/bastille.conf" by default. -# Path to bastile.conf file. +# bastille_enable (bool): Set to "NO" by default. +# Set to "YES" to enable bastille. +# bastille_conf (bool): Set to "/usr/local/etc/bastille/bastille.conf" by default. +# Path to bastile.conf file. # bastille_startup_delay (bool): Set to 0 by default. # Set to a numerical value. # This is the delay between startup of each jail. @@ -35,7 +35,7 @@ bastille_start() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) # Sort jails by priority value - local _priority_list=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -n | awk -F'/' '{print $(NF-1)}') + local _priority_list=$(${command} list priority | sort -k2 -n | awk '{print $1}') for _jail in ${_priority_list}; do local _boot_file=${_jailsdir}/${_jail}/boot.conf @@ -59,7 +59,7 @@ bastille_stop() { local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) # Sort jails by priority value, in reverse order - local _priority_list_rev=$(grep -Eo "^priority=\"[0-9]+\"$" ${_jailsdir}/*/boot.conf | sort -t '"' -k2 -nr | awk -F'/' '{print $(NF-1)}') + local _priority_list=$(${command} list priority | sort -k2 -nr | awk '{print $1}') for _jail in ${_priority_list_rev}; do echo "Stopping Bastille Container: ${_jail}" From a5b60e2f1596bceee4c581a98b93ab888a57d2a1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 06:50:59 -0600 Subject: [PATCH 12/26] config: Allow prio as well as priority --- usr/local/share/bastille/config.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 8f89cfef..0707a6d0 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -115,7 +115,8 @@ print_jail_conf() { for _jail in ${JAILS}; do # Handle Bastille specific properties - if [ "${PROPERTY}" = "priority" ]; then + if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then + PROPERTY="priority" BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" info "[${_jail}]:" From d8131c371c50fafc9770f65cb0822190fed1703f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 10:06:03 -0600 Subject: [PATCH 13/26] list: Cosmetic fixes --- usr/local/share/bastille/list.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 4833a457..065f8994 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -38,7 +38,7 @@ usage() { cat << EOF Options: - -a | --all List all jails, running and stopped, in bastille format. + -a | --all List all jails, running and stopped, in BastilleBSD format. -j | --json List jails in json format. -x | --debug Enable debug mode. From 2c72b89753057c89b945209dc8a8901df3afe68a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 10:06:37 -0600 Subject: [PATCH 14/26] Update list.sh --- usr/local/share/bastille/list.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 065f8994..a5e5b7a9 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -34,7 +34,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille list [option(s)] [-j|-a] [RELEASE (-p)] [template] [JAIL|CONTAINER] [log] [limit] [import] [export] [backup] [priority]" + error_notify "Usage: bastille list [option(s)] [RELEASE (-p)] [template] [JAIL|CONTAINER] [log] [limit] [import] [export] [backup] [priority]" cat << EOF Options: From eae87b92189ade68c8f6e2e7a77f676ba86bb19e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 13 Mar 2025 12:29:59 -0600 Subject: [PATCH 15/26] list: Print only IP using new IF style for jails --- usr/local/share/bastille/list.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a5e5b7a9..a59a0eb3 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -104,10 +104,10 @@ list_all(){ if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet 2> /dev/null | sed -n "/.inet /{s///;s/ .*//;p;}") if [ ! "${JAIL_IP}" ]; then JAIL_IP=$(jexec -l ${JAIL_NAME} ifconfig -n vnet0 inet6 2> /dev/null | awk '/inet6 / && (!/fe80::/ || !/%vnet0/)' | sed -n "/.inet6 /{s///;s/ .*//;p;}"); fi - else + else JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip4.addr 2> /dev/null | sed 's/,/\n/g') if [ "${JAIL_IP}" = "-" ]; then JAIL_IP=$(/usr/sbin/jls -j ${JAIL_NAME} ip6.addr 2> /dev/null | sed 's/,/\n/g'); fi - fi + fi JAIL_HOSTNAME=$(/usr/sbin/jls -j ${JAIL_NAME} host.hostname 2> /dev/null) JAIL_PORTS=$(pfctl -a "rdr/${JAIL_NAME}" -Psn 2> /dev/null | awk '{ printf "%s/%s:%s"",",$7,$14,$18 }' | sed "s/,$//") JAIL_PATH=$(/usr/sbin/jls -j ${JAIL_NAME} path 2> /dev/null) @@ -163,11 +163,14 @@ list_all(){ # 10.10.10.11 # 10.10.10.12 FIRST_IP="$(echo "${JAIL_IP}" | head -n 1)" + if echo "${FIRST_IP}" | grep -q "|"; then FIRST_IP=$(echo ${FIRST_IP} | awk -F"|" '{print $2}'); fi printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${FIRST_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#FIRST_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" for IP in $(echo "${JAIL_IP}" | tail -n +2); do + if echo "${IP}" | grep -q "|"; then IP=$(echo ${IP} | awk -F"|" '{print $2}'); fi printf "%*s%*s%*s%*s ${IP}\n" "$((${MAX_LENGTH_JID} + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((4 + ${SPACER}))" "" "$((5 + ${SPACER}))" "" done else + if echo "${JAIL_IP}" | grep -q "|"; then JAIL_IP=$(echo ${JAIL_IP} | awk -F"|" '{print $2}'); fi printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" fi fi From aad11581468b35ae4acfc18efdd7118f1771eefb Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 15 Mar 2025 21:35:03 -0600 Subject: [PATCH 16/26] Add -b|--boot for start/stop/restart --- usr/local/share/bastille/create.sh | 8 +++++++- usr/local/share/bastille/restart.sh | 20 ++++++++++++++++++++ usr/local/share/bastille/start.sh | 19 +++++++++++++++++-- usr/local/share/bastille/stop.sh | 19 +++++++++++++++++-- 4 files changed, 61 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 2873e591..8fdb9ef2 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -46,6 +46,7 @@ usage() { -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-boot Create jail with boot=off. --no-validate Do not validate the release when creating the jail. -p | --priority VALUE Sets the priority value for jail startup and shutdown. -T | --thick Creates a thick container, they consume more space as they are self contained and independent. @@ -657,7 +658,7 @@ create_jail() { fi # Apply priority and boot settings - sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=on + sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=${BOOT} sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" priority="${PRIORITY}" } @@ -671,6 +672,7 @@ if echo "${3}" | grep '@'; then fi # Handle options. +BOOT="on" EMPTY_JAIL="" THICK_JAIL="" CLONE_JAIL="" @@ -719,6 +721,10 @@ while [ $# -gt 0 ]; do error_exit "Not a valid priority value: \"${2}\"" fi ;; + --no-boot) + BOOT="off" + shift + ;; --no-validate|no-validate) VALIDATE_RELEASE="" shift diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index ffdb1650..8a4ff32e 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -30,5 +30,25 @@ # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +usage() { + error_notify "Usage: bastille restart [option(s)] TARGET" + cat << EOF + Options: + + -b | --boot Respect jail boot setting. + -v | --verbose Print every action on jail start. + -x | --debug Enable debug mode. + +EOF + exit 1 +} + +# Handle options. +case "${1}" in + -h|--help|help) + usage + ;; +esac + bastille stop "$@" bastille start "$@" diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 8a0960d1..4e4f3e44 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -38,20 +38,26 @@ usage() { cat << EOF Options: - -v | --verbose Print every action on jail start. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -v | --verbose Print every action on jail start. + -x | --debug Enable debug mode. EOF exit 1 } # Handle options. +BOOT=0 OPTION="" while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; + -b|--boot) + BOOT=1 + shift + ;; -v|--verbose) OPTION="-v" shift @@ -63,6 +69,7 @@ while [ "$#" -gt 0 ]; do -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in + b) BOOT=1 ;; v) OPTION="-v" ;; x) enable_debug ;; *) error_exit "Unknown Option: \"${1}\"" ;; @@ -87,6 +94,14 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + # Continue if '-b|--boot' is set and 'boot=off' + if [ "${BOOT}" -eq 1 ]; then + BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n boot)" + if [ "${BOOT_ENABLED}" = "off" ]; then + continue + fi + fi + info "[${_jail}]:" check_target_is_stopped "${_jail}" || error_continue "Jail is already running." diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 124cef24..41441290 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -38,20 +38,26 @@ usage() { cat << EOF Options: - -v | --verbose Print every action on jail stop. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -v | --verbose Print every action on jail stop. + -x | --debug Enable debug mode. EOF exit 1 } # Handle options. +BOOT=0 OPTION="" while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage ;; + -b|--boot) + BOOT=1 + shift + ;; -v|--verbose) OPTION="-v" shift @@ -63,6 +69,7 @@ while [ "$#" -gt 0 ]; do -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in + b) BOOT="1" ;; v) OPTION="-v" ;; x) enable_debug ;; *) error_exit "Unknown Option: \"${1}\"" ;; @@ -87,6 +94,14 @@ set_target "${TARGET}" for _jail in ${JAILS}; do + # Continue if '-b|--boot' is set and 'boot=off' + if [ "${BOOT}" -eq 1 ]; then + BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n boot)" + if [ "${BOOT_ENABLED}" = "off" ]; then + continue + fi + fi + info "[${_jail}]:" check_target_is_running "${_jail}" || error_continue "Jail is already stopped." From b843b2c100af0166cfaa76ab484a6fec4a3d55a7 Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Mon, 17 Mar 2025 19:54:34 -0600 Subject: [PATCH 17/26] priority: Use priority list for all comm --- usr/local/share/bastille/common.sh | 25 ++++++++++++++++++++++--- usr/local/share/bastille/destroy.sh | 2 +- usr/local/share/bastille/list.sh | 14 ++++++++++---- usr/local/share/bastille/stop.sh | 2 +- 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index fd62d6e2..c518a97f 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -146,6 +146,11 @@ jail_autocomplete() { set_target() { local _TARGET=${1} + if [ "${2}" = "reverse" ]; then + local _order="${2}" + else + local _order="forward" + fi JAILS="" TARGET="" if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then @@ -170,6 +175,13 @@ set_target() { TARGET="${TARGET} ${_jail}" JAILS="${JAILS} ${_jail}" done + if [ "${_order}" = "forward" ]; then + TARGET="$(bastille list priority | sort -k2 -n | awk '{print $1}') + JAILS="$(bastille list priority | sort -k2 -n | awk '{print $1}') + elif [ "${_order}" = "reverse" ]; then + TARGET="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}') + JAILS="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}') + fi export TARGET export JAILS fi @@ -196,7 +208,7 @@ set_target_single() { exit 1 fi fi - TARGET="${_TARGET}" + TARGET="${_TARGET} " JAILS="${_TARGET}" export TARGET export JAILS @@ -210,6 +222,14 @@ target_all_jails() { JAILS="${JAILS} ${_jail}" fi done + if [ "${_order}" = "forward" ]; then + TARGET="$(bastille list priority | sort -k2 -n | awk '{print $1}')" + JAILS="$(bastille list priority | sort -k2 -n | awk '{print $1}')" + elif [ "${_order}" = "reverse" ]; then + TARGET="$(bastille list priority | sort -k2 -nr | awk '{print $1}')" + JAILS="$(bastille list priority | sort -k2 -nr | awk '{print $1}')" + fi + export TARGET export JAILS } @@ -365,5 +385,4 @@ checkyesno() { return 1 ;; esac -} - +} \ No newline at end of file diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index b18a670a..4e655fc6 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -298,7 +298,7 @@ case "${TARGET}" in ;; *) ## just destroy a jail - set_target "${TARGET}" + set_target "${TARGET}" "reverse" destroy_jail "${JAILS}" ;; esac diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a59a0eb3..255ed5ed 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -243,9 +243,9 @@ list_ports(){ } list_priority() { + local _jail_list="${1}" if [ -d "${bastille_jailsdir}" ]; then - JAIL_LIST="$(bastille list jails)" - for _jail in ${JAIL_LIST}; do + for _jail in ${_jail_list}; do if [ -f "${bastille_jailsdir}/${_jail}/boot.conf" ]; then _priority="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n priority)" echo "${_jail} ${_priority}" @@ -333,7 +333,13 @@ if [ "$#" -gt 0 ]; then exit 0 ;; priorities|priority|prio) - list_priority + if [ -z "${2}" ]; then + _jail_list="$(list_jail)" + list_priority "${_jail_list}" + else + _jail_list="${2}" + list_priority "${_jail_list}" + fi ;; *) # Check if we want to query all info for a specific jail instead. @@ -346,4 +352,4 @@ if [ "$#" -gt 0 ]; then fi ;; esac -fi +fi \ No newline at end of file diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 41441290..29e1bcfa 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -90,7 +90,7 @@ fi TARGET="${1}" bastille_root_check -set_target "${TARGET}" +set_target "${TARGET}" "reverse" for _jail in ${JAILS}; do From 963c13a0477c4afcea1a7eee1dff4b7c147a6a89 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:02:07 -0600 Subject: [PATCH 18/26] Fix quotes --- usr/local/share/bastille/common.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index c518a97f..4045a043 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -176,11 +176,11 @@ set_target() { JAILS="${JAILS} ${_jail}" done if [ "${_order}" = "forward" ]; then - TARGET="$(bastille list priority | sort -k2 -n | awk '{print $1}') - JAILS="$(bastille list priority | sort -k2 -n | awk '{print $1}') + TARGET="$(bastille list priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" + JAILS="$(bastille list priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" elif [ "${_order}" = "reverse" ]; then - TARGET="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}') - JAILS="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}') + TARGET="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" + JAILS="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" fi export TARGET export JAILS From 8d6f7c9e283dacc78415c4eca4967992c25fdf68 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:23:57 -0600 Subject: [PATCH 19/26] bastille: clean up rc script --- usr/local/etc/rc.d/bastille | 30 ++--------------------------- usr/local/share/bastille/restart.sh | 7 ++++--- usr/local/share/bastille/start.sh | 20 ++++++++++++++++--- usr/local/share/bastille/stop.sh | 20 ++++++++++++++++--- 4 files changed, 40 insertions(+), 37 deletions(-) diff --git a/usr/local/etc/rc.d/bastille b/usr/local/etc/rc.d/bastille index 88638ff4..b8dd04eb 100755 --- a/usr/local/etc/rc.d/bastille +++ b/usr/local/etc/rc.d/bastille @@ -33,38 +33,12 @@ restart_cmd="bastille_stop && bastille_start" bastille_start() { - local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) - # Sort jails by priority value - local _priority_list=$(${command} list priority | sort -k2 -n | awk '{print $1}') - - for _jail in ${_priority_list}; do - local _boot_file=${_jailsdir}/${_jail}/boot.conf - # Set defaults if boot file does not exist - if [ ! -f ${_boot_file} ]; then - sysrc -f ${_boot_file} boot=on - sysrc -f ${_boot_file} priority=99 - fi - local _boot="$(sysrc -f ${_boot_file} -n boot)" - if [ "${_boot}" = "on" ]; then - echo "Starting Bastille Container: ${_jail}" - ${command} start ${_jail} - sleep ${bastille_startup_delay} - else - continue - fi - done + ${command} start --boot --delay ${bastille_startup_delay} ALL } bastille_stop() { - local _jailsdir=$(. $bastille_conf; echo $bastille_jailsdir) - # Sort jails by priority value, in reverse order - local _priority_list=$(${command} list priority | sort -k2 -nr | awk '{print $1}') - - for _jail in ${_priority_list_rev}; do - echo "Stopping Bastille Container: ${_jail}" - ${command} stop ${_jail} - done + ${command} stop ALL } load_rc_config ${name} diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 8a4ff32e..ebc70dd7 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -35,9 +35,10 @@ usage() { cat << EOF Options: - -b | --boot Respect jail boot setting. - -v | --verbose Print every action on jail start. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -d | --delay VALUE Time to wait between starting/stopping each jail. + -v | --verbose Print every action on jail start. + -x | --debug Enable debug mode. EOF exit 1 diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 4e4f3e44..2067875a 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -38,9 +38,10 @@ usage() { cat << EOF Options: - -b | --boot Respect jail boot setting. - -v | --verbose Print every action on jail start. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -d | --delay VALUE Time to wait between starting each jail. + -v | --verbose Print every action on jail start. + -x | --debug Enable debug mode. EOF exit 1 @@ -48,6 +49,7 @@ EOF # Handle options. BOOT=0 +DELAY_TIME=0 OPTION="" while [ "$#" -gt 0 ]; do case "${1}" in @@ -58,6 +60,14 @@ while [ "$#" -gt 0 ]; do BOOT=1 shift ;; + -d|--delay) + if [ -z "{2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then + error_exit "[-d|--delay] requires a value." + else + DELAY_TIME="${2}" + fi + shift 2 + ;; -v|--verbose) OPTION="-v" shift @@ -173,4 +183,8 @@ for _jail in ${JAILS}; do bastille rdr ${_jail} ${_rules} done < "${bastille_jailsdir}/${_jail}/rdr.conf" fi + + # Delay between jail action + sleep "${DELAY_TIME}" + done diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 29e1bcfa..5fa411cf 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -38,9 +38,10 @@ usage() { cat << EOF Options: - -b | --boot Respect jail boot setting. - -v | --verbose Print every action on jail stop. - -x | --debug Enable debug mode. + -b | --boot Respect jail boot setting. + -d | --delay VALUE Time to wait between stopping each jail. + -v | --verbose Print every action on jail stop. + -x | --debug Enable debug mode. EOF exit 1 @@ -48,6 +49,7 @@ EOF # Handle options. BOOT=0 +DELAY_TIME=0 OPTION="" while [ "$#" -gt 0 ]; do case "${1}" in @@ -58,6 +60,14 @@ while [ "$#" -gt 0 ]; do BOOT=1 shift ;; + -d|--delay) + if [ -z "{2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then + error_exit "[-d|--delay] requires a value." + else + DELAY_TIME="${2}" + fi + shift 2 + ;; -v|--verbose) OPTION="-v" shift @@ -149,4 +159,8 @@ for _jail in ${JAILS}; do pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" done fi + + # Delay between jail action + sleep "${DELAY_TIME}" + done From 7ae59c85513dbf06c3b1588dbf17135c6f03488a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:25:41 -0600 Subject: [PATCH 20/26] fix '' --- usr/local/share/bastille/start.sh | 2 +- usr/local/share/bastille/stop.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 2067875a..a2245925 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -61,7 +61,7 @@ while [ "$#" -gt 0 ]; do shift ;; -d|--delay) - if [ -z "{2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then + if [ -z "{2}" ] && ! echo "${2}" | grep -Eq "^[0-9]+$"; then error_exit "[-d|--delay] requires a value." else DELAY_TIME="${2}" diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 5fa411cf..8bd99994 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -61,7 +61,7 @@ while [ "$#" -gt 0 ]; do shift ;; -d|--delay) - if [ -z "{2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then + if [ -z "{2}" ] && ! echo "${2}" | grep -Eq "^[0-9]+$"; then error_exit "[-d|--delay] requires a value." else DELAY_TIME="${2}" From 950cb0bc4347ecd709af0f66e2205ae9b6dd470f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:28:06 -0600 Subject: [PATCH 21/26] fix $ --- usr/local/share/bastille/start.sh | 2 +- usr/local/share/bastille/stop.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index a2245925..4056c65c 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -61,7 +61,7 @@ while [ "$#" -gt 0 ]; do shift ;; -d|--delay) - if [ -z "{2}" ] && ! echo "${2}" | grep -Eq "^[0-9]+$"; then + if [ -z "${2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then error_exit "[-d|--delay] requires a value." else DELAY_TIME="${2}" diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 8bd99994..b6747af3 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -61,7 +61,7 @@ while [ "$#" -gt 0 ]; do shift ;; -d|--delay) - if [ -z "{2}" ] && ! echo "${2}" | grep -Eq "^[0-9]+$"; then + if [ -z "${2}" ] && ! echo "${2}" | grep -Eq '^[0-9]+$'; then error_exit "[-d|--delay] requires a value." else DELAY_TIME="${2}" From 601d120d76ae7ad17be4164c216dfe9858042a17 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 19 Mar 2025 05:59:22 -0600 Subject: [PATCH 22/26] fix blank after jail name --- usr/local/share/bastille/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 4045a043..14f0e256 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -208,7 +208,7 @@ set_target_single() { exit 1 fi fi - TARGET="${_TARGET} " + TARGET="${_TARGET}" JAILS="${_TARGET}" export TARGET export JAILS @@ -385,4 +385,4 @@ checkyesno() { return 1 ;; esac -} \ No newline at end of file +} From eaacab6e7e8abb7da200f4008891123a33dc9bb9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 19 Mar 2025 10:24:50 -0600 Subject: [PATCH 23/26] fix listing jail priority --- usr/local/share/bastille/common.sh | 32 ++++++++++++++++++++++-------- usr/local/share/bastille/list.sh | 21 -------------------- 2 files changed, 24 insertions(+), 29 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 14f0e256..99318a42 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -144,6 +144,22 @@ jail_autocomplete() { fi } +list_jail_priority() { + local _jail_list="${1}" + if [ -d "${bastille_jailsdir}" ]; then + for _jail in ${_jail_list}; do + local _boot_file=${bastille_jailsdir}/${_jail}/boot.conf + # Set defaults if boot file does not exist + if [ ! -f ${_boot_file} ]; then + sysrc -f ${_boot_file} boot=on + sysrc -f ${_boot_file} priority=99 + fi + _priority="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n priority)" + echo "${_jail} ${_priority}" + done + fi +} + set_target() { local _TARGET=${1} if [ "${2}" = "reverse" ]; then @@ -176,11 +192,11 @@ set_target() { JAILS="${JAILS} ${_jail}" done if [ "${_order}" = "forward" ]; then - TARGET="$(bastille list priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" - JAILS="$(bastille list priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" + TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" + JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" elif [ "${_order}" = "reverse" ]; then - TARGET="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" - JAILS="$(bastille list priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" + TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" + JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" fi export TARGET export JAILS @@ -223,11 +239,11 @@ target_all_jails() { fi done if [ "${_order}" = "forward" ]; then - TARGET="$(bastille list priority | sort -k2 -n | awk '{print $1}')" - JAILS="$(bastille list priority | sort -k2 -n | awk '{print $1}')" + TARGET="$(list_jail_priority | sort -k2 -n | awk '{print $1}')" + JAILS="$(list_jail_priority | sort -k2 -n | awk '{print $1}')" elif [ "${_order}" = "reverse" ]; then - TARGET="$(bastille list priority | sort -k2 -nr | awk '{print $1}')" - JAILS="$(bastille list priority | sort -k2 -nr | awk '{print $1}')" + TARGET="$(list_jail_priority | sort -k2 -nr | awk '{print $1}')" + JAILS="$(list_jail_priority | sort -k2 -nr | awk '{print $1}')" fi export TARGET export JAILS diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 255ed5ed..162be24c 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -242,18 +242,6 @@ list_ports(){ fi } -list_priority() { - local _jail_list="${1}" - if [ -d "${bastille_jailsdir}" ]; then - for _jail in ${_jail_list}; do - if [ -f "${bastille_jailsdir}/${_jail}/boot.conf" ]; then - _priority="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n priority)" - echo "${_jail} ${_priority}" - fi - done - fi -} - bastille_root_check if [ "$#" -eq 0 ]; then @@ -332,15 +320,6 @@ if [ "$#" -gt 0 ]; then list_import exit 0 ;; - priorities|priority|prio) - if [ -z "${2}" ]; then - _jail_list="$(list_jail)" - list_priority "${_jail_list}" - else - _jail_list="${2}" - list_priority "${_jail_list}" - fi - ;; *) # Check if we want to query all info for a specific jail instead. if [ -f "${bastille_jailsdir}/${1}/jail.conf" ]; then From 3c88a0bcc2b70b12f8c6a9bffa331e3da99b4894 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 19 Mar 2025 10:48:26 -0600 Subject: [PATCH 24/26] fix listing priority again --- usr/local/share/bastille/common.sh | 4 ++-- usr/local/share/bastille/create.sh | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 99318a42..dcc855e9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -151,8 +151,8 @@ list_jail_priority() { local _boot_file=${bastille_jailsdir}/${_jail}/boot.conf # Set defaults if boot file does not exist if [ ! -f ${_boot_file} ]; then - sysrc -f ${_boot_file} boot=on - sysrc -f ${_boot_file} priority=99 + sysrc -f ${_boot_file} boot=on > /dev/null 2>&1 + sysrc -f ${_boot_file} priority=99 > /dev/null 2>&1 fi _priority="$(sysrc -f ${bastille_jailsdir}/${_jail}/boot.conf -n priority)" echo "${_jail} ${_priority}" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 8fdb9ef2..0c288959 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -549,6 +549,10 @@ create_jail() { # Set strict permissions on the jail by default chmod 0700 "${bastille_jailsdir}/${NAME}" + # Apply priority and boot settings before starting jail + sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=${BOOT} + sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" priority="${PRIORITY}" + # Jail must be started before applying the default template. -- cwells if [ -z "${EMPTY_JAIL}" ]; then bastille start "${NAME}" @@ -656,10 +660,6 @@ create_jail() { bastille restart "${NAME}" fi fi - - # Apply priority and boot settings - sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=${BOOT} - sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" priority="${PRIORITY}" } bastille_root_check From afb233ab12a276a27d662d19cf8a81988895e49f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 19 Mar 2025 15:04:24 -0600 Subject: [PATCH 25/26] Update common.sh --- usr/local/share/bastille/common.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index dcc855e9..0dbe9902 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -145,7 +145,11 @@ jail_autocomplete() { } list_jail_priority() { - local _jail_list="${1}" + if [ -z "${1}" ]; then + local _jail_list="$(bastille list jails)" + else + local _jail_list="${1}" + fi if [ -d "${bastille_jailsdir}" ]; then for _jail in ${_jail_list}; do local _boot_file=${bastille_jailsdir}/${_jail}/boot.conf From 87bcd57c7983afc71aa386abb13745b359392614 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 19 Mar 2025 15:25:15 -0600 Subject: [PATCH 26/26] Update common.sh --- usr/local/share/bastille/common.sh | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 0dbe9902..1fbbe5a0 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -145,11 +145,7 @@ jail_autocomplete() { } list_jail_priority() { - if [ -z "${1}" ]; then - local _jail_list="$(bastille list jails)" - else - local _jail_list="${1}" - fi + local _jail_list="${1}" if [ -d "${bastille_jailsdir}" ]; then for _jail in ${_jail_list}; do local _boot_file=${bastille_jailsdir}/${_jail}/boot.conf @@ -243,13 +239,10 @@ target_all_jails() { fi done if [ "${_order}" = "forward" ]; then - TARGET="$(list_jail_priority | sort -k2 -n | awk '{print $1}')" - JAILS="$(list_jail_priority | sort -k2 -n | awk '{print $1}')" + JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -n | awk '{print $1}')" elif [ "${_order}" = "reverse" ]; then - TARGET="$(list_jail_priority | sort -k2 -nr | awk '{print $1}')" - JAILS="$(list_jail_priority | sort -k2 -nr | awk '{print $1}')" + JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -nr | awk '{print $1}')" fi - export TARGET export JAILS }