From d2dc83d32047b961e3f9640e2980dbc4c7215da0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:21:09 -0700 Subject: [PATCH 01/14] bugfixes and code cleanup --- usr/local/share/bastille/mount.sh | 107 ++++++++++++++++++------------ 1 file changed, 66 insertions(+), 41 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index bb0e6615..11480edb 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -32,96 +32,121 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]" + error_exit "Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -lt 2 ]; then +if [ "$#" -lt 3 ] || [ "$#" -gt 6 ]; then usage -elif [ $# -eq 2 ]; then +fi + +TARGET="${1}" +shift + +if [ "$#" -eq 2 ]; then _fstab="$@ nullfs ro 0 0" else _fstab="$@" fi bastille_root_check +set_target "${TARGET}" -## assign needed variables +# Assign variables _hostpath=$(echo "${_fstab}" | awk '{print $1}') _jailpath=$(echo "${_fstab}" | awk '{print $2}') _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') -## if any variables are empty, bail out +# Exit if any variables are empty if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then error_notify "FSTAB format not recognized." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -# if host path doesn't exist, type is not "nullfs" or are using advanced mount type "tmpfs,linprocfs,linsysfs, fdescfs, -# procfs" +# Exit if host path doesn't exist, type is not "nullfs", or mount is an advanced mount type "tmpfs,linprocfs,linsysfs,fdescfs,procfs" if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \ { [ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ]; } || \ { [ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ]; } || \ { [ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ]; } || \ { [ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; } then warn "Detected advanced mount type ${_hostpath}" -elif [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then - error_notify "Detected invalid host path or incorrect mount type in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" +elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then + error_notify "Invalid host path or incorrect mount type in FSTAB." + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if mount permissions are not "ro" or "rw" +# Mount permissions need to be "ro" or "rw" if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then error_notify "Detected invalid mount permissions in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if check & pass are not "0 0 - 1 1"; bail out +# Dump and pass need to be "0 0 - 1 1" if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then error_notify "Detected invalid fstab options in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi for _jail in ${JAILS}; do + info "[${_jail}]:" - ## aggregate variables into FSTAB entry - _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" - ## Create mount point if it does not exist. -- cwells - if [ ! -d "${_fullpath}" ]; then - if ! mkdir -p "${_fullpath}"; then - error_exit "Failed to create mount point inside jail." - fi + # Check if mount point has already been added + if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + continue fi - ## if entry doesn't exist, add; else show existing entry - if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then - if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to create fstab entry: ${_fstab_entry}" + ## Create mount point if it does not exist + if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then + mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." + elif [ -f "${_hostpath}" ] ; then + _filename="$( basename ${_hostpath} )" + if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi + else + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi fi - echo "Added: ${_fstab_entry}" - else - warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" - fi - mount -F "${bastille_jailsdir}/${_jail}/fstab" -a - echo + fi + + # Add entry to fstab and mount + echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" + mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" + echo "Added: ${_fstab_entry}" done From 341db361034cbf05b426cd17b8efe779e6ccffbe Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:31 -0700 Subject: [PATCH 02/14] set_target and error_continue functions --- usr/local/share/bastille/common.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 9940d9e6..7a98d3e9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -56,6 +56,11 @@ error_notify() { echo -e "${COLOR_RED}$*${COLOR_RESET}" 1>&2 } +error_continue() { + error_notify "$@" + continue +} + # Notify message on error and exit error_exit() { error_notify "$@" @@ -118,6 +123,19 @@ EOF fi } +set_target() { + local _TARGET="${1}" + if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + target_all_jails + else + check_target_exists "${_TARGET}" || exit + JAILS="${_TARGET}" + TARGET="${_TARGET}" + export JAILS + export TARGET + fi +} + checkyesno() { ## copied from /etc/rc.subr -- cedwards (20231125) ## issue #368 (lowercase values should be parsed) From 9d254357d0fa03a2e4ec1cd95c7d99db2ab1dde8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:56 -0700 Subject: [PATCH 03/14] bugfixes and code cleanup --- usr/local/share/bastille/umount.sh | 50 ++++++++++++++++++------------ 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index dfd57664..b7f61e98 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -32,43 +32,55 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille umount TARGET container_path" + error_exit "Usage: bastille umount TARGET JAIL_PATH" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -ne 1 ]; then +if [ "$#" -ne 2 ]; then usage fi -bastille_root_check +TARGET="${1}" +MOUNT_PATH="${2}" -MOUNT_PATH=$1 +bastille_root_check +set_target "${TARGET}" for _jail in ${JAILS}; do + info "[${_jail}]:" +set -x + _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" + _mount="$( mount | grep -ow ${_jailpath} )" + _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" - _jailpath="${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" - - if [ ! -d "${_jailpath}" ]; then - error_exit "The specified mount point does not exist inside the jail." + # Exit if mount point non-existent + if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then + error_continue "The specified mount point does not exist." fi - # Unmount the volume. -- cwells - if ! umount "${_jailpath}"; then - error_exit "Failed to unmount volume: ${MOUNT_PATH}" + # Unmount + if [ -n "${_mount}" ]; then + umount "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - # Remove the entry from fstab so it is not automounted in the future. -- cwells - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to delete fstab entry: ${_fstab_entry}" + # Remove entry from fstab + if [ -n "${_fstab_entry}" ]; then + if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" + fi fi + # Delete if mount point was a file + if [ -f "${_jailpath}" ]; then + rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" + fi + echo "Unmounted: ${MOUNT_PATH}" - echo done From a5de4a93ffe3a0fa58b02c72a6a747c531281ccf Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:25:11 -0700 Subject: [PATCH 04/14] move mount and umount to no actions commands --- usr/local/bin/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..efd7a855 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -147,10 +147,10 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|import|list|rdr|restart|setup|start|update|upgrade|verify) +bootstrap|create|destroy|export|import|list|mount|rdr|restart|setup|start|umount|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; -clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|service|stop|sysrc|tags|template|top|umount|zfs) +clone|config|cmd|console|convert|cp|edit|htop|limits|pkg|rcp|rename|service|stop|sysrc|tags|template|top|zfs) # Parse the target and ensure it exists. -- cwells if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells PARAMS='help' From c8a4d74fb699c0937324c310563b997628e762c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:28:55 -0700 Subject: [PATCH 05/14] shellcheck disable 2104 --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 7a98d3e9..235dacbe 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -58,6 +58,8 @@ error_notify() { error_continue() { error_notify "$@" + # Disabling this shellcheck as we only ever call it inside of a loop + # shellcheck disable=SC2104 continue } From 30aa0c140804b1d5a170688732a2d39235500d5b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:13:38 -0700 Subject: [PATCH 06/14] better error handling --- usr/local/share/bastille/mount.sh | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 11480edb..aa39cf19 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -50,17 +50,19 @@ TARGET="${1}" shift if [ "$#" -eq 2 ]; then - _fstab="$@ nullfs ro 0 0" + _fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')" else - _fstab="$@" + _fstab="$(echo "$*" | sed 's#\\ #\\040#g')" fi bastille_root_check set_target "${TARGET}" # Assign variables -_hostpath=$(echo "${_fstab}" | awk '{print $1}') -_jailpath=$(echo "${_fstab}" | awk '{print $2}') +_hostpath_fstab=$(echo "${_fstab}" | awk '{print $1}') +_hostpath="$(echo "${_hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" +_jailpath_fstab=$(echo "${_fstab}" | awk '{print $2}') +_jailpath="$(echo "${_jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') @@ -107,17 +109,19 @@ for _jail in ${JAILS}; do info "[${_jail}]:" - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" continue fi - ## Create mount point if it does not exist + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." elif [ -f "${_hostpath}" ] ; then @@ -132,8 +136,9 @@ for _jail in ${JAILS}; do continue fi else - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." From 5f8c79d2775bcb11f50ed7734c358463f771f8d3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:14:04 -0700 Subject: [PATCH 07/14] allow mounting directories with spaces --- usr/local/share/bastille/umount.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index b7f61e98..639d7f03 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -55,10 +55,11 @@ set_target "${TARGET}" for _jail in ${JAILS}; do info "[${_jail}]:" -set -x - _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" - _mount="$( mount | grep -ow ${_jailpath} )" - _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" + + _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" + _mount="$( mount | grep -ow "${_jailpath}" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then @@ -72,7 +73,7 @@ set -x # Remove entry from fstab if [ -n "${_fstab_entry}" ]; then - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" fi fi @@ -82,5 +83,6 @@ set -x rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - echo "Unmounted: ${MOUNT_PATH}" + echo "Unmounted: ${_jailpath}" + done From 3dce542d6bff72384b65d36ad503238fdba93fef Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:15:26 -0700 Subject: [PATCH 08/14] add check_target_exists to common.sh --- usr/local/share/bastille/common.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 5066560f..5d02ba24 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -77,6 +77,15 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +check_target_exists() { + local _TARGET="${1}" + if [ ! -d "${bastille_jailsdir}"/"${_TARGET}" ]; then + return 1 + else + return 0 + fi +} + generate_static_mac() { local jail_name="${1}" local external_interface="${2}" @@ -143,7 +152,7 @@ set_target() { if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then target_all_jails else - check_target_exists "${_TARGET}" || exit + check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS From 67185a5a4205c3f9c22c394deccb7df848afd907 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:33:26 -0700 Subject: [PATCH 09/14] fix for multiple spacing in directiry --- usr/local/share/bastille/mount.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index aa39cf19..817268b8 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -114,7 +114,7 @@ for _jail in ${JAILS}; do _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" @@ -127,7 +127,7 @@ for _jail in ${JAILS}; do elif [ -f "${_hostpath}" ] ; then _filename="$( basename ${_hostpath} )" if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else @@ -138,8 +138,8 @@ for _jail in ${JAILS}; do else _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else From 08f5a9a755e5569f6f5ee86ee45ef24f5deab11d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:34:14 -0700 Subject: [PATCH 10/14] fix for multiple spacing --- usr/local/share/bastille/umount.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 639d7f03..ebbb52c5 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -57,8 +57,8 @@ for _jail in ${JAILS}; do info "[${_jail}]:" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" - _mount="$( mount | grep -ow "${_jailpath}" )" - _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')" _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent From 68a808863a1ae0e2c15f852699c903004f14b8fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:56:03 -0700 Subject: [PATCH 11/14] Update docs --- docs/chapters/subcommands/mount.rst | 33 +++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index f7fb0ee3..b4dc38d2 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -6,11 +6,40 @@ To mount storage within the container use `bastille mount`. .. code-block:: shell - ishmael ~ # bastille mount azkaban /storage/foo /media/foo nullfs ro 0 0 + ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 + [azkaban]: + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + +Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. + +It is also possible to mount individual files into a jail as seen below. +Bastille will not mount if a file is already present at the specified mount point. +If you do not specify a file name, bastille will mount the file underneath the specified directory as seen in the second example below. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + +It is also possible (but not recommended) to have spaces in the directories that are mounted. +It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. +It is possible to do the same for the jail path, but again, not recommemded. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 + [azkaban]: + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo Syntax follows standard `/etc/fstab` format: .. code-block:: shell - Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number] + Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number] From 0ebdb36a878409d3ccd6844c0992a54d238d16b1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:59:34 -0700 Subject: [PATCH 12/14] Better docs --- docs/chapters/subcommands/mount.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index b4dc38d2..9add58f0 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -8,10 +8,10 @@ To mount storage within the container use `bastille mount`. ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: - Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 [azkaban]: - Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar nullfs ro 0 0 Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. @@ -23,10 +23,10 @@ If you do not specify a file name, bastille will mount the file underneath the s ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf nullfs ro 0 0 ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf nullfs ro 0 0 It is also possible (but not recommended) to have spaces in the directories that are mounted. It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. @@ -36,7 +36,7 @@ It is possible to do the same for the jail path, but again, not recommemded. ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 [azkaban]: - Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 Syntax follows standard `/etc/fstab` format: From 281fab30e6452cae725d45d6b238923559aad217 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 16:39:33 -0700 Subject: [PATCH 13/14] document unmounting --- docs/chapters/subcommands/umount.rst | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/umount.rst b/docs/chapters/subcommands/umount.rst index f4aaeb49..cdcdabdb 100644 --- a/docs/chapters/subcommands/umount.rst +++ b/docs/chapters/subcommands/umount.rst @@ -8,9 +8,21 @@ To unmount storage from a container use `bastille umount`. ishmael ~ # bastille umount azkaban /media/foo [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo + ishmael ~ # bastille umount azkaban /mnt/etc/rc.conf + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/mnt/etc/rc.conf -Syntax requires only the container path to unmount: +Syntax requires only the jail path to unmount. .. code-block:: shell - Usage: bastille umount TARGET container_path + Usage: bastille umount TARGET JAIL_PATH + +If the directory you are unmounting has spaces, make sure to escape them with a backslash \, and enclode the mount point in quotes "". + +.. code-block:: shell + + ishmael ~ # bastille umount azkaban "/media/foo\ with\ spaces" + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo with spaces From 9d7b72743218bc0889a3107b7d17264c350166ec Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 31 Dec 2024 12:27:32 -0700 Subject: [PATCH 14/14] minor fix --- usr/local/share/bastille/mount.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 817268b8..95e84071 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -115,12 +115,13 @@ for _jail in ${JAILS}; do # Check if mount point has already been added _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" - if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then + if grep -Eq "[[:blank:]]${_existing_mount}.*[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_existing_mount}" "${bastille_jailsdir}/${_jail}/fstab" continue fi + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point."