Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-18 00:00:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-4

Browse Source
This commit is contained in:
tschettervictor
2025-02-03 12:08:29 -07:00
committed by GitHub
parent 8da08943a3 a01b60d8a4
commit 2c40e72940
15 changed files with 369 additions and 998 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS.md
View File

@@ -28,6 +28,7 @@ Christer Edwards [christer.edwards@gmail.com]
- Niketh Murali
- Eric Borisch
- Kevet Duncombe
- Victor Tschetter
### Special thanks
Software doesn't happen in a vacuum. Thank you to the following people who may

7
README.md
View File

@@ -62,7 +62,7 @@ Available Commands:
config Get or set a config value for the targeted container(s).
console Console into a running container.
convert Convert a Thin container into a Thick container.
cp cp(1) files from host to targeted container(s).
cp cp(1) files from host or container to host or targeted container(s).
create Create a new thin container or a thick container if -T|--thick option specified.
destroy Destroy a stopped container or a FreeBSD release.
edit Edit container configuration files (advanced).
@@ -70,12 +70,13 @@ Available Commands:
help Help about any command.
htop Interactive process viewer (requires htop).
import Import a specified container.
jcp cp(1) files from a jail to jail(s).
limits Apply resources limits to targeted container(s). See rctl(8).
list List containers (running).
mount Mount a volume inside the targeted container(s).
pkg Manipulate binary packages within targeted container(s). See pkg(8).
rcp cp(1) files from a jail to host.
rdr Redirect host port to container port.
rcp reverse cp(1) files from a single container to the host.
rename Rename a container.
restart Restart a running container.
service Manage services within targeted container(s).
@@ -97,7 +98,7 @@ Use "bastille command -h|--help" for more information about a command.
```
## 0.12-beta
## 0.13-beta
This document outlines the basic usage of the Bastille container management
framework. This release is still considered beta.

2
docs/chapters/installation.rst
View File

@@ -4,7 +4,7 @@ Bastille is available in the official FreeBSD ports tree at
`sysutils/bastille`. Binary packages available in `quarterly` and `latest`
repositories.
Current version is `0.12.20250111`.
Current version is `0.13.20250126`.
To install from the FreeBSD package repository:

24
docs/chapters/subcommands/cp.rst
View File

@@ -2,21 +2,31 @@
cp
==
This command allows efficiently copying files from host to container(s).
This command allows copying files from host to jail(s).
.. code-block:: shell
ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf
ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf /etc/resolv.conf
[bastion]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/bastion/root/etc/resolv.conf
[unbound0]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound0/root/etc/resolv.conf
[unbound1]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound1/root/etc/resolv.conf
[squid]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/squid/root/etc/resolv.conf
[nginx]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/nginx/root/etc/resolv.conf
[folsom]:
/tmp/resolv.conf-cf -> /usr/local/bastille/jails/folsom/root/etc/resolv.conf
Unless you see errors reported in the output the `cp` was successful.
.. code-block:: shell
ishmael ~ # bastille cp help
Usage: bastille cp [option(s)] TARGET HOST_PATH JAIL_PATH
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

30
docs/chapters/subcommands/jcp.rst Normal file
View File

@@ -0,0 +1,30 @@
===
jcp
===
This command allows copying files from jail to jail(s).
.. code-block:: shell
ishmael ~ # bastille jcp bastion /tmp/resolv.conf-cf ALL /etc/resolv.conf
[unbound0]:
/usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound0/root/etc/resolv.conf
[unbound1]:
/usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound1/root/etc/resolv.conf
[squid]:
/usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/squid/root/etc/resolv.conf
[nginx]:
/usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/nginx/root/etc/resolv.conf
[folsom]:
/usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/folsom/root/etc/resolv.conf
Unless you see errors reported in the output the `jcp` was successful.
.. code-block:: shell
ishmael ~ # bastille jcp help
Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

22
docs/chapters/subcommands/rcp.rst Normal file
View File

@@ -0,0 +1,22 @@
===
rcp
===
This command allows copying files from jail to host.
.. code-block:: shell
ishmael ~ # bastille rcp bastion /test/testfile.txt /tmp/testfile.txt
[bastion]:
/usr/local/bastille/jails/bastion/root/test/testfile.txt -> /tmp/testfile.txt
Unless you see errors reported in the output the `rcp` was successful.
.. code-block:: shell
ishmael ~ # bastille rcp help
Usage: bastille rcp [option(s)] TARGET JAIL_PATH HOST_PATH
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.

4
docs/conf.py
View File

@@ -12,9 +12,9 @@ copyright = '2018-2025, Christer Edwards'
author = 'Christer Edwards'
# The short X.Y version
version = '0.12.20250111'
version = '0.13.20250126'
# The full version, including alpha/beta/rc tags
release = '0.12.20250111-beta'
release = '0.13.20250126-beta'
# -- General configuration ---------------------------------------------------

7
usr/local/bin/bastille
View File

@@ -78,7 +78,7 @@ bastille_perms_check() {
bastille_perms_check
## version
BASTILLE_VERSION="0.12.20250111"
BASTILLE_VERSION="0.13.20250126"
usage() {
cat << EOF
@@ -95,7 +95,7 @@ Available Commands:
config Get or set a config value for the targeted container(s).
console Console into a running container.
convert Convert a Thin container into a Thick container.
cp cp(1) files from host to targeted container(s).
cp cp(1) files from host to jail(s).
create Create a new thin container or a thick container if -T|--thick option specified.
destroy Destroy a stopped container or a FreeBSD release.
edit Edit container configuration files (advanced).
@@ -103,12 +103,13 @@ Available Commands:
export Exports a specified container.
help Help about any command.
htop Interactive process viewer (requires htop).
jcp cp(1) files from a jail to jail(s).
import Import a specified container.
limits Apply resources limits to targeted container(s). See rctl(8).
list List containers (running).
mount Mount a volume inside the targeted container(s).
pkg Manipulate binary packages within targeted container(s). See pkg(8).
rcp reverse cp(1) files from a single container to the host.
rcp cp(1) files from a jail to host.
rdr Redirect host port to container port.
rename Rename a container.
restart Restart a running container.

6
usr/local/share/bastille/console.sh
View File

@@ -94,10 +94,10 @@ fi
validate_user() {
if jexec -l "${TARGET}" id "${USER}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
USER_SHELL="$(jexec -l "${TARGET}" getent passwd "${USER}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then
if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
jexec -l "${_jail}" $LOGIN -f "${USER}"
if jexec -l "${TARGET}" grep -qwF "${USER_SHELL}" /etc/shells; then
jexec -l "${TARGET}" $LOGIN -f "${USER}"
else
echo "Invalid shell for user ${USER}"
fi

85
usr/local/share/bastille/cp.sh
View File

@@ -34,49 +34,64 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille cp [OPTION] TARGET HOST_PATH CONTAINER_PATH"
error_notify "Usage: bastille cp [option(s)] TARGET HOST_PATH JAIL_PATH"
cat << EOF
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1
}
CPSOURCE="${1}"
CPDEST="${2}"
# Handle options.
OPTION="-av"
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-q|--quiet)
OPTION="-a"
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
-q|--quiet)
OPTION="${1}"
CPSOURCE="${2}"
CPDEST="${3}"
;;
esac
if [ $# -ne 2 ]; then
if [ "$#" -ne 3 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
HOST_PATH="${2}"
JAIL_PATH="${3}"
case "${OPTION}" in
-q|--quiet)
OPTION="-a"
;;
*)
OPTION="-av"
;;
esac
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
info "[${_jail}]:"
bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
cp "${OPTION}" "${CPSOURCE}" "${bastille_jail_path}/${CPDEST}"
RETURN="$?"
if [ "${TARGET}" = "ALL" ]; then
# Display the return status for reference
echo -e "Returned: ${RETURN}\n"
else
echo
return "${RETURN}"
host_path="${HOST_PATH}"
jail_path="$(echo ${bastille_jailsdir}/${_jail}/root/${JAIL_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${host_path}" "${jail_path}"; then
error_continue "CP failed: ${host_path} -> ${jail_path}"
fi
done
done

2
usr/local/share/bastille/etcupdate.sh
View File

@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2018-2024, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without

103
usr/local/share/bastille/jcp.sh Normal file
View File

@@ -0,0 +1,103 @@
#!/bin/sh
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the copyright holder nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH"
cat << EOF
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle options.
OPTION="-av"
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-q|--quiet)
OPTION="-a"
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ "$#" -ne 4 ]; then
usage
fi
SOURCE_TARGET="${1}"
SOURCE_PATH="${2}"
DEST_TARGET="${3}"
DEST_PATH="${4}"
bastille_root_check
set_target_single "${SOURCE_TARGET}" && SOURCE_TARGET="${TARGET}"
set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}"
for _jail in ${DEST_TARGET}; do
if [ "${_jail}" = "${SOURCE_TARGET}" ]; then
continue
else
info "[${_jail}]:"
source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')"
dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then
error_continue "JCP failed: ${source_path} -> ${dest_path}"
fi
fi
done

98
usr/local/share/bastille/rcp.sh
View File

@@ -34,46 +34,64 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille rcp [OPTION] TARGET CONTAINER_PATH HOST_PATH"
error_notify "Usage: bastille rcp [option(s)] TARGET JAIL_PATH HOST_PATH"
cat << EOF
Options:
-q | --quiet Suppress output.
-x | --debug Enable debug mode.
EOF
exit 1
}
CPSOURCE="${1}"
CPDEST="${2}"
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
-q|--quiet)
OPTION="${1}"
CPSOURCE="${2}"
CPDEST="${3}"
;;
esac
if [ $# -ne 2 ]; then
usage
fi
if [ "${TARGET}" = "ALL" ]; then
usage
fi
case "${OPTION}" in
-q|--quiet)
OPTION="-a"
;;
*)
OPTION="-av"
;;
esac
for _jail in ${JAILS}; do
info "[${_jail}]:"
bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
cp "${OPTION}" "${bastille_jail_path}/${CPSOURCE}" "${CPDEST}"
RETURN="$?"
echo
return "${RETURN}"
# Handle options.
OPTION="-av"
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-q|--quiet)
OPTION="-a"
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ "$#" -ne 3 ]; then
usage
fi
TARGET="${1}"
JAIL_PATH="${2}"
HOST_PATH="${3}"
bastille_root_check
set_target_single "${TARGET}"
info "[${TARGET}]:"
host_path="${HOST_PATH}"
jail_path="$(echo ${bastille_jailsdir}/${TARGET}/root/${JAIL_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${jail_path}" "${host_path}"; then
error_exit "RCP failed: ${jail_path} -> ${host_path}"
fi

2
usr/local/share/bastille/rename.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (c) 2018-2024, Christer Edwards <christer.edwards@gmail.com>
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without

974
usr/local/share/bastille/setup.sh
View File

File diff suppressed because it is too large Load Diff