Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-26 15:30:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into multiple-interfaces

Browse Source
This commit is contained in:
tschettervictor
2025-02-24 00:30:08 -07:00
committed by GitHub
parent b8587048b1 9eb778d022
commit 2c470c0fcf
21 changed files with 881 additions and 460 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
usr/local/bin/bastille
View File

@@ -59,9 +59,6 @@ bastille_conf_check
## we only load this if conf_check passes
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
# Set default values for config properties added during the current major version:
: "${bastille_network_pf_ext_if:=ext_if}"
: "${bastille_network_pf_table:=jails}"
## bastille_prefix should be 0750
## this restricts file system access to privileged users
@@ -108,6 +105,7 @@ Available Commands:
limits Apply resources limits to targeted container(s). See rctl(8).
list List containers (running).
mount Mount a volume inside the targeted container(s).
network Add/remove network interfaces from targeted container.
pkg Manipulate binary packages within targeted container(s). See pkg(8).
rcp cp(1) files from a jail to host.
rdr Redirect host port to container port.
@@ -134,104 +132,62 @@ EOF
exit 1
}
[ $# -lt 1 ] && usage
CMD=$1
shift
target_all_jails_old() {
_JAILS=$(/usr/sbin/jls name)
JAILS=""
for _jail in ${_JAILS}; do
_JAILPATH=$(/usr/sbin/jls -j "${_jail}" path)
if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then
JAILS="${JAILS} ${_jail}"
fi
done
}
check_target_is_running_old() {
if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'."
fi
}
if [ "$#" -lt 1 ]; then
usage
else
CMD="${1}"
shift
fi
# Handle special-case commands first.
case "${CMD}" in
version|-v|--version)
info "${BASTILLE_VERSION}"
exit 0
;;
help|-h|--help)
usage
;;
bootstrap|clone|console|create|cp|destroy|edit|etcupdate|export|htop|import|jcp|list|mount|network|pkg|rcp|rdr|rename|restart|setup|start|stop|top|umount|update|upgrade|verify)
# Nothing "extra" to do for these commands. -- cwells
;;
config|cmd|convert|limits|service|sysrc|tags|template|zfs)
# Parse the target and ensure it exists. -- cwells
if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells
PARAMS='help'
elif [ "${1}" != 'help' ] && [ "${1}" != '-h' ] && [ "${1}" != '--help' ]; then
TARGET="${1}"
shift
# This is needed to handle the special case of 'bastille rcp' and 'bastille cp' with the '-q' or '--quiet'
# option specified before the TARGET. Also seems the cp and rcp commands does not support ALL as a target, so
# that's why is handled here. Maybe this behaviour needs an improvement later. -- yaazkal
if { [ "${CMD}" = 'rcp' ] || [ "${CMD}" = 'cp' ]; } && \
{ [ "${TARGET}" = '-q' ] || [ "${TARGET}" = '--quiet' ]; }; then
TARGET="${1}"
JAILS="${TARGET}"
OPTION="-q"
export OPTION
shift
fi
if [ "${TARGET}" = 'ALL' ]; then
target_all_jails_old
elif [ "${CMD}" = "pkg" ] && [ "${TARGET}" = '-H' ] || [ "${TARGET}" = '--host' ]; then
TARGET="${1}"
USE_HOST_PKG=1
if [ "${TARGET}" = 'ALL' ]; then
target_all_jails_old
else
JAILS="${TARGET}"
check_target_is_running_old
fi
shift
elif [ "${CMD}" = 'template' ] && [ "${TARGET}" = '--convert' ]; then
# This command does not act on a jail, so we are temporarily bypassing the presence/started
# checks. The command will simply convert a template from hooks to a Bastillefile. -- cwells
:
else
JAILS="${TARGET}"
# Ensure the target exists. -- cwells
if [ ! -d "${bastille_jailsdir}/${TARGET}" ]; then
error_exit "[${TARGET}]: Not found."
fi
case "${CMD}" in
cmd|pkg|service|stop|sysrc|template)
check_target_is_running_old
;;
convert|rename)
# Require the target to be stopped. -- cwells
if [ "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "${TARGET} is running. See 'bastille stop ${TARGET}'."
fi
;;
esac
fi
export USE_HOST_PKG
export TARGET
export JAILS
fi
;;
*) # Filter out all non-commands
usage
;;
version|-v|--version)
info "${BASTILLE_VERSION}"
exit 0
;;
help|-h|--help)
usage
;;
bootstrap| \
clone| \
cmd| \
config| \
console| \
convert| \
cp| \
create| \
destroy| \
edit| \
etcupdate| \
export| \
htop| \
import| \
limits| \
list| \
mount| \
network| \
pkg| \
rcp| \
rdr| \
rename| \
restart| \
service| \
setup| \
start| \
stop| \
sysrc| \
tags| \
template| \
top| \
umount| \
update| \
upgrade| \
verify| \
zfs)
;;
*)
usage
;;
esac
# shellcheck disable=SC2154

360
usr/local/share/bastille/bootstrap.sh
View File

@@ -34,49 +34,16 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille bootstrap [release|template] [update|arch]"
error_notify "Usage: bastille bootstrap [option(s)] [RELEASE|TEMPLATE] [update|arch]"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
bastille_root_check
#Validate if ZFS is enabled in rc.conf and bastille.conf.
if [ "$(sysrc -n zfs_enable)" = "YES" ] && ! checkyesno bastille_zfs_enable; then
warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)"
read answer
case $answer in
no|No|n|N|"")
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable."
;;
yes|Yes|y|Y) ;;
esac
fi
# Validate ZFS parameters.
if checkyesno bastille_zfs_enable; then
## check for the ZFS pool and bastille prefix
if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_zpool."
elif [ -z "${bastille_zfs_prefix}" ]; then
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_prefix."
elif ! zfs list "${bastille_zfs_zpool}" > /dev/null 2>&1; then
error_exit "ERROR: ${bastille_zfs_zpool} is not a ZFS pool."
fi
## check for the ZFS dataset prefix if already exist
if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then
if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then
error_exit "ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset."
fi
fi
fi
validate_release_url() {
## check upstream url, else warn user
if [ -n "${NAME_VERIFY}" ]; then
@@ -451,9 +418,64 @@ bootstrap_template() {
bastille verify "${_user}/${_repo}"
}
# Handle options.
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-x|--debug)
enable_debug
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
;;
*)
break
;;
esac
done
RELEASE="${1}"
OPTION="${2}"
NOCACHEDIR=
HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
bastille_root_check
#Validate if ZFS is enabled in rc.conf and bastille.conf.
if [ "$(sysrc -n zfs_enable)" = "YES" ] && ! checkyesno bastille_zfs_enable; then
warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)"
read answer
case $answer in
no|No|n|N|"")
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_enable."
;;
yes|Yes|y|Y) ;;
esac
fi
# Validate ZFS parameters.
if checkyesno bastille_zfs_enable; then
## check for the ZFS pool and bastille prefix
if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_zpool."
elif [ -z "${bastille_zfs_prefix}" ]; then
error_exit "ERROR: Missing ZFS parameters. See bastille_zfs_prefix."
elif ! zfs list "${bastille_zfs_zpool}" > /dev/null 2>&1; then
error_exit "ERROR: ${bastille_zfs_zpool} is not a ZFS pool."
fi
## check for the ZFS dataset prefix if already exist
if [ -d "/${bastille_zfs_zpool}/${bastille_zfs_prefix}" ]; then
if ! zfs list "${bastille_zfs_zpool}/${bastille_zfs_prefix}" > /dev/null 2>&1; then
error_exit "ERROR: ${bastille_zfs_zpool}/${bastille_zfs_prefix} is not a ZFS dataset."
fi
fi
fi
# bootstrapping from aarch64/arm64 Debian or Ubuntu require a different value for ARCH
# create a new variable
if [ "${HW_MACHINE_ARCH}" = "aarch64" ]; then
@@ -462,10 +484,6 @@ else
HW_MACHINE_ARCH_LINUX=${HW_MACHINE_ARCH}
fi
NOCACHEDIR=
RELEASE="${1}"
OPTION="${2}"
# Alternate RELEASE/ARCH fetch support(experimental)
if [ -n "${OPTION}" ] && [ "${OPTION}" != "${HW_MACHINE}" ] && [ "${OPTION}" != "update" ]; then
# Supported architectures
@@ -484,133 +502,133 @@ fi
## Filter sane release names
case "${1}" in
2.[0-9]*)
## check for MidnightBSD releases name
NAME_VERIFY=$(echo "${RELEASE}")
UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}"
PLATFORM_OS="MidnightBSD"
validate_release_url
;;
*-CURRENT|*-current)
## check for FreeBSD releases name
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]')
UPSTREAM_URL=$(echo "${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" | sed 's/releases/snapshots/')
PLATFORM_OS="FreeBSD"
validate_release_url
;;
*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9])
## check for FreeBSD releases name
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([0-9]{1,2})\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]')
UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}"
PLATFORM_OS="FreeBSD"
validate_release_url
;;
*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)
## check for HardenedBSD releases name(previous infrastructure, keep for reference)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${NAME_VERIFY}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
*-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*)
## check for HardenedBSD(specific stable build releases)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-build-[0-9]\{1,3\}//g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST)
## check for HardenedBSD(latest stable build release)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-BUILD-LATEST//g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-BUILD-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
current-build-[0-9]*|CURRENT-BUILD-[0-9]*)
## check for HardenedBSD(specific current build releases)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST)
## check for HardenedBSD(latest current build release)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-BUILD-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
http?://*/*/*)
BASTILLE_TEMPLATE_URL=${1}
BASTILLE_TEMPLATE_USER=$(echo "${1}" | awk -F / '{ print $4 }')
BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
bootstrap_template
;;
git@*:*/*)
BASTILLE_TEMPLATE_URL=${1}
git_repository=$(echo "${1}" | awk -F : '{ print $2 }')
BASTILLE_TEMPLATE_USER=$(echo "${git_repository}" | awk -F / '{ print $1 }')
BASTILLE_TEMPLATE_REPO=$(echo "${git_repository}" | awk -F / '{ print $2 }')
bootstrap_template
;;
#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
ubuntu_bionic|bionic|ubuntu-bionic)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="bionic"
DIR_BOOTSTRAP="Ubuntu_1804"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
ubuntu_focal|focal|ubuntu-focal)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="focal"
DIR_BOOTSTRAP="Ubuntu_2004"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
ubuntu_jammy|jammy|ubuntu-jammy)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="jammy"
DIR_BOOTSTRAP="Ubuntu_2204"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_buster|buster|debian-buster)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="buster"
DIR_BOOTSTRAP="Debian10"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_bullseye|bullseye|debian-bullseye)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="bullseye"
DIR_BOOTSTRAP="Debian11"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_bookworm|bookworm|debian-bookworm)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="bookworm"
DIR_BOOTSTRAP="Debian12"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
*)
usage
;;
2.[0-9]*)
## check for MidnightBSD releases name
NAME_VERIFY=$(echo "${RELEASE}")
UPSTREAM_URL="${bastille_url_midnightbsd}${HW_MACHINE_ARCH}/${NAME_VERIFY}"
PLATFORM_OS="MidnightBSD"
validate_release_url
;;
*-CURRENT|*-current)
## check for FreeBSD releases name
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})\.[0-9](-CURRENT)$' | tr '[:lower:]' '[:upper:]')
UPSTREAM_URL=$(echo "${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}" | sed 's/releases/snapshots/')
PLATFORM_OS="FreeBSD"
validate_release_url
;;
*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9]|*-BETA[1-9])
## check for FreeBSD releases name
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([0-9]{1,2})\.[0-9](-RELEASE|-RC[1-9]|-BETA[1-9])$' | tr '[:lower:]' '[:upper:]')
UPSTREAM_URL="${bastille_url_freebsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_VERIFY}"
PLATFORM_OS="FreeBSD"
validate_release_url
;;
*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)
## check for HardenedBSD releases name(previous infrastructure, keep for reference)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '^([1-9]{2,2})(-stable-last)$' | sed 's/STABLE/stable/g' | sed 's/last/LAST/g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-${NAME_VERIFY}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
*-stable-build-[0-9]*|*-STABLE-BUILD-[0-9]*)
## check for HardenedBSD(specific stable build releases)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build)-([0-9]{1,3})$' | sed 's/BUILD/build/g' | sed 's/STABLE/stable/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-build-[0-9]\{1,3\}//g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
*-stable-build-latest|*-stable-BUILD-LATEST|*-STABLE-BUILD-LATEST)
## check for HardenedBSD(latest stable build release)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '([0-9]{1,2})(-stable-build-latest)$' | sed 's/STABLE/stable/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/-BUILD-LATEST//g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/[0-9]\{1,2\}-stable-BUILD-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
current-build-[0-9]*|CURRENT-BUILD-[0-9]*)
## check for HardenedBSD(specific current build releases)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build)-([0-9]{1,3})' | sed 's/BUILD/build/g' | sed 's/CURRENT/current/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
current-build-latest|current-BUILD-LATEST|CURRENT-BUILD-LATEST)
## check for HardenedBSD(latest current build release)
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
NAME_RELEASE=$(echo "${NAME_VERIFY}" | sed 's/current-.*/current/g')
NAME_BUILD=$(echo "${NAME_VERIFY}" | sed 's/current-BUILD-//g')
UPSTREAM_URL="${bastille_url_hardenedbsd}${NAME_RELEASE}/${HW_MACHINE}/${HW_MACHINE_ARCH}/installer/${NAME_BUILD}"
PLATFORM_OS="HardenedBSD"
validate_release_url
;;
http?://*/*/*)
BASTILLE_TEMPLATE_URL=${1}
BASTILLE_TEMPLATE_USER=$(echo "${1}" | awk -F / '{ print $4 }')
BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
bootstrap_template
;;
git@*:*/*)
BASTILLE_TEMPLATE_URL=${1}
git_repository=$(echo "${1}" | awk -F : '{ print $2 }')
BASTILLE_TEMPLATE_USER=$(echo "${git_repository}" | awk -F / '{ print $1 }')
BASTILLE_TEMPLATE_REPO=$(echo "${git_repository}" | awk -F / '{ print $2 }')
bootstrap_template
;;
#adding Ubuntu Bionic as valid "RELEASE" for POC @hackacad
ubuntu_bionic|bionic|ubuntu-bionic)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="bionic"
DIR_BOOTSTRAP="Ubuntu_1804"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
ubuntu_focal|focal|ubuntu-focal)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="focal"
DIR_BOOTSTRAP="Ubuntu_2004"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
ubuntu_jammy|jammy|ubuntu-jammy)
PLATFORM_OS="Ubuntu/Linux"
LINUX_FLAVOR="jammy"
DIR_BOOTSTRAP="Ubuntu_2204"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_buster|buster|debian-buster)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="buster"
DIR_BOOTSTRAP="Debian10"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_bullseye|bullseye|debian-bullseye)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="bullseye"
DIR_BOOTSTRAP="Debian11"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
debian_bookworm|bookworm|debian-bookworm)
PLATFORM_OS="Debian/Linux"
LINUX_FLAVOR="bookworm"
DIR_BOOTSTRAP="Debian12"
ARCH_BOOTSTRAP=${HW_MACHINE_ARCH_LINUX}
debootstrap_release
;;
*)
usage
;;
esac
case "${OPTION}" in
update)
bastille update "${RELEASE}"
;;
update)
bastille update "${RELEASE}"
;;
esac

68
usr/local/share/bastille/cmd.sh
View File

@@ -34,15 +34,47 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille cmd TARGET command"
error_notify "Usage: bastille cmd [option(s)] TARGET command"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -eq 0 ]; then
usage
@@ -50,30 +82,40 @@ fi
bastille_root_check
TARGET="${1}"
shift 1
COUNT=0
RETURN=0
set_target "${TARGET}"
for _jail in ${JAILS}; do
COUNT=$(($COUNT+1))
info "[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
COUNT=$(($COUNT+1))
if grep -qw "linsysfs" "${bastille_jailsdir}/${_jail}/fstab"; then
# Allow executing commands on Linux jails.
jexec -l -u root "${_jail}" "$@"
else
jexec -l -U root "${_jail}" "$@"
fi
ERROR_CODE=$?
info "[${_jail}]: ${ERROR_CODE}"
if [ "${ERROR_CODE}" -ne 0 ]; then
warn "[${_jail}]: ${ERROR_CODE}"
fi
if [ "$COUNT" -eq 1 ]; then
RETURN=${ERROR_CODE}
else
RETURN=$(($RETURN+$ERROR_CODE))
fi
echo
done
# Check when a command is executed in all running jails. (bastille cmd ALL ...)

66
usr/local/share/bastille/config.sh
View File

@@ -34,7 +34,14 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille config TARGET get|set propertyName [newValue]"
error_notify "Usage: bastille config TARGET [get|set] PROPERTY_NAME NEW_VALUE"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
exit 1
}
# we need jail(8) to parse the config file so it can expand variables etc
@@ -46,37 +53,65 @@ print_jail_conf() {
'
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-x|--debug)
enable_debug
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
usage
;;
*)
break
;;
esac
done
if [ $# -eq 1 ] || [ $# -gt 3 ]; then
if [ "$#" -lt 1 ] || [ "$#" -gt 3 ]; then
usage
fi
bastille_root_check
ACTION=$1
shift
TARGET="${1}"
ACTION="${2}"
shift 2
case $ACTION in
set_target "${TARGET}"
case "${ACTION}" in
get)
if [ $# -ne 1 ]; then
if [ "$#" -ne 1 ]; then
error_notify 'Too many parameters for a "get" operation.'
usage
fi
;;
set) ;;
*) error_exit 'Only get and set are supported.' ;;
set)
;;
*)
error_exit 'Only get and set are supported.'
;;
esac
PROPERTY=$1
PROPERTY="${1}"
shift
VALUE="$@"
# we need jail(8) to parse the config file so it can expand variables etc
print_jail_conf() {
# we need to pass a literal \n to jail to get each parameter on its own
# line
jail -f "${1}" -e '
'
}
for _jail in ${JAILS}; do
FILE="${bastille_jailsdir}/${_jail}/jail.conf"
if [ ! -f "${FILE}" ]; then
@@ -93,6 +128,7 @@ for _jail in ${JAILS}; do
# check if there is a value for this property
if (NF == 2) {
# remove any quotes surrounding the string
#sub(",[^|]*\\|", ",", $2);
sub(/^"/, "", $2);
sub(/"$/, "", $2);
print $2;

58
usr/local/share/bastille/convert.sh
View File

@@ -34,21 +34,63 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille convert TARGET"
error_notify "Usage: bastille convert [option(s)] TARGET"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -ne 0 ]; then
if [ "$#" -ne 1 ]; then
usage
fi
TARGET="${1}"
bastille_root_check
set_target_single "${TARGET}"
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}"
else
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
convert_symlinks() {
# Work with the symlinks, revert on first cp error

75
usr/local/share/bastille/limits.sh
View File

@@ -35,36 +35,75 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_notify "Usage: bastille limits TARGET option value"
error_notify "Usage: bastille limits [option(s)] TARGET OPTION VALUE"
echo -e "Example: bastille limits JAILNAME memoryuse 1G"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
RACCT_ENABLE=$(sysctl -n kern.racct.enable)
if [ "${RACCT_ENABLE}" != '1' ]; then
echo "Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot"
# exit 1
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -ne 3 ]; then
usage
fi
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
if [ $# -ne 2 ]; then
usage
TARGET="${1}"
OPTION="${2}"
VALUE="${3}"
RACCT_ENABLE="$(sysctl -n kern.racct.enable)"
if [ "${RACCT_ENABLE}" != '1' ]; then
error_exit "Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot"
fi
bastille_root_check
OPTION="${1}"
VALUE="${2}"
set_target "${TARGET}"
for _jail in ${JAILS}; do
info "[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
_rctl_rule="jail:${_jail}:${OPTION}:deny=${VALUE}/jail"
_rctl_rule_log="jail:${_jail}:${OPTION}:log=${VALUE}/jail"
@@ -80,5 +119,5 @@ for _jail in ${JAILS}; do
echo -e "${OPTION} ${VALUE}"
rctl -a "${_rctl_rule}" "${_rctl_rule_log}"
echo -e "${COLOR_RESET}"
done

59
usr/local/share/bastille/service.sh
View File

@@ -33,24 +33,65 @@
. /usr/local/share/bastille/common.sh
usage() {
error_exit "Usage: bastille service TARGET service_name action"
error_notify "Usage: bastille service [options(s)] TARGET SERVICE_NAME ACTION"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
if [ "$#" -ne 3 ]; then
usage
fi
TARGET="${1}"
shift
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
info "[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
jexec -l "${_jail}" /usr/sbin/service "$@"
echo
done

60
usr/local/share/bastille/sysrc.sh
View File

@@ -31,26 +31,68 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille sysrc TARGET args"
error_notify "Usage: bastille sysrc [option(s)] TARGET args"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -lt 1 ]; then
if [ "$#" -lt 2 ]; then
usage
fi
TARGET="${1}"
shift
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
info "[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
jexec -l "${_jail}" /usr/sbin/sysrc "$@"
echo -e "${COLOR_RESET}"
done

48
usr/local/share/bastille/tags.sh
View File

@@ -35,31 +35,45 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_notify "Usage: bastille tags TARGET add tag1[,tag2,...]"
error_notify " bastille tags TARGET delete tag1[,tag2,...]"
error_notify " bastille tags TARGET list [tag]"
echo -e "Example: bastille tags JAILNAME add database,mysql"
echo -e " bastille tags JAILNAME delete mysql"
echo -e " bastille tags ALL list"
echo -e " bastille tags ALL list mysql"
error_notify "Usage: bastille tags TARGET [add|delete|list] [tag1,tag2]"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
exit 1
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
# Handle options.
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-x|--debug)
enable_debug
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
;;
*)
break
;;
esac
done
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
if [ $# -lt 2 ] || [ $# -gt 3 ]; then
usage
fi
bastille_root_check
TARGET="${1}"
ACTION="${2}"
TAGS="${3}"
ACTION="${1}"
TAGS="${2}"
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags"

82
usr/local/share/bastille/template.sh
View File

@@ -33,8 +33,16 @@
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
bastille_usage() {
error_exit "Usage: bastille template TARGET|--convert project/template"
usage() {
error_notify "Usage: bastille template [option(s)] TARGET [--convert|project/template]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
-x | --debug Enable debug mode.
EOF
exit 1
}
post_command_hook() {
@@ -107,26 +115,51 @@ render() {
fi
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
bastille_usage
;;
esac
# Handle options.
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done
if [ $# -lt 1 ]; then
if [ $# -lt 2 ]; then
bastille_usage
fi
bastille_root_check
## global variables
TEMPLATE="${1}"
TARGET="${1}"
TEMPLATE="${2}"
bastille_template=${bastille_templatesdir}/${TEMPLATE}
if [ -z "${HOOKS}" ]; then
HOOKS='LIMITS INCLUDE PRE FSTAB PF PKG OVERLAY CONFIG SYSRC SERVICE CMD RENDER'
fi
bastille_root_check
# We set the target only if it is not --convert
# Special case conversion of hook-style template files into a Bastillefile. -- cwells
if [ "${TARGET}" = '--convert' ]; then
if [ -d "${TEMPLATE}" ]; then # A relative path was provided. -- cwells
@@ -174,6 +207,8 @@ if [ "${TARGET}" = '--convert' ]; then
info "Template converted: ${TEMPLATE}"
exit 0
else
set_target "${TARGET}"
fi
case ${TEMPLATE} in
@@ -201,10 +236,6 @@ case ${TEMPLATE} in
error_exit "Template name/URL not recognized."
esac
if [ -z "${JAILS}" ]; then
error_exit "Container ${TARGET} is not running."
fi
# Check for an --arg-file parameter. -- cwells
for _script_arg in "$@"; do
case ${_script_arg} in
@@ -226,7 +257,16 @@ if [ -n "${ARG_FILE}" ] && [ ! -f "${ARG_FILE}" ]; then
fi
for _jail in ${JAILS}; do
info "[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "Applying template: ${TEMPLATE}..."
## get jail ip4 and ip6 values
@@ -236,7 +276,7 @@ for _jail in ${JAILS}; do
_jail_ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g' | awk '{print $1}')"
fi
## remove value if ip4 was not set or disabled, otherwise get value
if [ "${_jail_ip4}" = "not set" ] || [ "${_jail_ip4}" = "disabled" ]; then
if [ "${_jail_ip4}" = "not set" ] || [ "${_jail_ip4}" = "disable" ]; then
_jail_ip4='' # In case it was -. -- cwells
elif echo "${_jail_ip4}" | grep -q "|"; then
_jail_ip4="$(echo ${_jail_ip4} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
@@ -244,7 +284,7 @@ for _jail in ${JAILS}; do
_jail_ip4="$(echo ${_jail_ip4} | sed -E 's#/[0-9]+$##g')"
fi
## remove value if ip6 was not set or disabled, otherwise get value
if [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disabled" ]; then
if [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; then
_jail_ip6='' # In case it was -. -- cwells
elif echo "${_jail_ip6}" | grep -q "|"; then
_jail_ip6="$(echo ${_jail_ip6} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
@@ -252,8 +292,8 @@ for _jail in ${JAILS}; do
_jail_ip6="$(echo ${_jail_ip6} | sed -E 's#/[0-9]+$##g')"
fi
# print error when both ip4 and ip6 are not set
if { [ "${_jail_ip4}" = "not set" ] || [ "${_jail_ip4}" = "disabled" ]; } && \
{ [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disabled" ]; } then
if { [ "${_jail_ip4}" = "not set" ] || [ "${_jail_ip4}" = "disable" ]; } && \
{ [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; } then
error_notify "Jail IP not found: ${_jail}"
fi

79
usr/local/share/bastille/verify.sh
View File

@@ -33,8 +33,15 @@
. /usr/local/share/bastille/common.sh
. /usr/local/etc/bastille/bastille.conf
bastille_usage() {
error_exit "Usage: bastille verify [release|template]"
usage() {
error_notify "Usage: bastille verify [RELEASE|TEMPLATE]"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
exit 1
}
verify_release() {
@@ -82,7 +89,7 @@ verify_template() {
## line count must match newline count
# shellcheck disable=SC2046
# shellcheck disable=SC3003
if [ $(wc -l "${_path}" | awk '{print $1}') -ne $(grep -c $'\n' "${_path}") ]; then
if [ $(wc -l "${_path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${_path}" | wc -c)" ]; then
info "[${_hook}]:"
error_notify "${BASTILLE_TEMPLATE}:${_hook} [failed]."
error_notify "Line numbers don't match line breaks."
@@ -147,36 +154,48 @@ verify_template() {
fi
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
bastille_usage
;;
esac
# Handle options.
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-x|--debug)
enable_debug
shift
;;
-*)
error_exit "Unknown Option: \"${1}\""
;;
*)
break
;;
esac
done
if [ $# -gt 1 ] || [ $# -lt 1 ]; then
bastille_usage
if [ "$#" -ne 1 ]; then
usage
fi
bastille_root_check
case "$1" in
*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9])
RELEASE=$1
verify_release
;;
*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)
RELEASE=$1
verify_release
;;
http?*)
bastille_usage
;;
*/*)
BASTILLE_TEMPLATE=$1
verify_template
;;
*)
bastille_usage
;;
case "${1}" in
*-RELEASE|*-release|*-RC[1-9]|*-rc[1-9])
RELEASE="${1}"
verify_release
;;
*-stable-LAST|*-STABLE-last|*-stable-last|*-STABLE-LAST)
RELEASE="${1}"
verify_release
;;
http?*)
bastille_usage
;;
*/*)
BASTILLE_TEMPLATE="${1}"
verify_template
;;
*)
usage
;;
esac

92
usr/local/share/bastille/zfs.sh
View File

@@ -34,7 +34,14 @@
. /usr/local/etc/bastille/bastille.conf
usage() {
error_exit "Usage: bastille zfs TARGET [set|get|snap] [key=value|date]'"
error_notify "Usage: bastille zfs TARGET [set|get|snap|destroy_snap|df|usage] [key=value|date]"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
exit 1
}
zfs_snapshot() {
@@ -79,47 +86,68 @@ for _jail in ${JAILS}; do
done
}
# Handle special-case commands first.
case "$1" in
help|-h|--help)
# Handle options.
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-x|--debug)
enable_debug
shift
;;
-*)
error_notify "Unknown Option: \"${1}\""
usage
;;
*)
break
;;
esac
done
if [ "$#" -lt 2 ]; then
usage
;;
esac
fi
TARGET="${1}"
ACTION="${2}"
bastille_root_check
set_target "${TARGET}"
## check ZFS enabled
# Check if ZFS is enabled
if ! checkyesno bastille_zfs_enable; then
error_exit "ZFS not enabled."
fi
## check zpool defined
# Check if zpool is defined
if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "ZFS zpool not defined."
fi
if [ $# -lt 1 ]; then
usage
fi
case "$1" in
set)
ATTRIBUTE=$2
zfs_set_value
;;
get)
ATTRIBUTE=$2
zfs_get_value
;;
snap|snapshot)
TAG=$2
zfs_snapshot
;;
destroy_snap|destroy_snapshot)
TAG=$2
zfs_destroy_snapshot
;;
df|usage)
zfs_disk_usage
;;
case "${ACTION}" in
set)
ATTRIBUTE="${3}"
zfs_set_value
;;
get)
ATTRIBUTE="${3}"
zfs_get_value
;;
snap|snapshot)
TAG="${3}"
zfs_snapshot
;;
destroy_snap|destroy_snapshot)
TAG="${3}"
zfs_destroy_snapshot
;;
df|usage)
zfs_disk_usage
;;
*)
usage
;;
esac