Merge pull request #1358 from BastilleBSD/tschettervictor-patch-1

2026-03-24 17:55:01 +01:00 · 2025-12-12 19:04:28 -07:00
parent 1f661e3b9c b094badb0a
commit 45a07dcd3b
5 changed files with 20 additions and 25 deletions
--- a/docs/chapters/template.rst
+++ b/docs/chapters/template.rst
@@ -145,9 +145,6 @@ recursively.
 Special Hook Cases
 ------------------

-SYSRC requires that NO quotes be used or that quotes (``"``) be escaped ie;
-(``\\"``)
-
 ARG will always treat an ampersand "\``&``" literally, without the need to
 escape it. Escaping it will cause errors.

--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -666,10 +666,10 @@ create_jail() {

            # Retrieve epair name from jail.conf
            uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g')
-            gateway=''
-            gateway6=''
-            ifconfig_inet=''
-            ifconfig_inet6=''
+            gateway="NO"
+            gateway6="NO"
+            ifconfig_inet=""
+            ifconfig_inet6=""

            # Check for DHCP
            if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then
@@ -692,7 +692,7 @@ create_jail() {

            # Enable IPv6 if used
            if [ -n "${IP6_ADDR}" ]; then
-                ifconfig_inet6='inet6 -ifdisabled'
+                ifconfig_inet6="inet6 -ifdisabled"
                if echo "${IP}" | grep -qE 'SLAAC'; then
                    # Enable SLAAC if requested
                    ifconfig_inet6="${ifconfig_inet6} accept_rtadv"
@@ -720,7 +720,7 @@ create_jail() {
                # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
                # Use default "vnet0" otherwise
                if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
-                    bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
                else
                    bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
                fi
@@ -728,9 +728,9 @@ create_jail() {
                # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
                # Use default "vnet0" otherwise
                if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
-                    bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
                else
-                    bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}"
                fi
            fi

--- a/usr/local/share/bastille/sysrc.sh
+++ b/usr/local/share/bastille/sysrc.sh
@@ -100,7 +100,11 @@ for _jail in ${JAILS}; do

    info "\n[${_jail}]:"

-    jexec -l "${_jail}" /usr/sbin/sysrc "$@"
+    if [ -f "${bastille_jailsdir}/${_jail}/root/usr/sbin/sysrc" ]; then
+        jexec -l "${_jail}" /usr/sbin/sysrc "$@"
+    else
+        sysrc -j "${_jail}" "$@"
+    fi

    if [ "$?" -ne 0 ]; then
        ERRORS=$((ERRORS + 1))
--- a/usr/local/share/bastille/templates/default/base/Bastillefile
+++ b/usr/local/share/bastille/templates/default/base/Bastillefile
@@ -2,9 +2,9 @@ ARG HOST_RESOLV_CONF=/etc/resolv.conf

 CMD touch /etc/rc.conf
 CMD touch /etc/periodic.conf
-CMD sysrc -f /etc/periodic.conf daily_status_world_kernel="NO"
 CMD pw user mod root -h -

+SYSRC -f /etc/periodic.conf daily_status_world_kernel="NO"
 SYSRC syslogd_flags="-ss"
 SYSRC sendmail_enable="NO"
 SYSRC sendmail_submit_enable="NO"
--- a/usr/local/share/bastille/templates/default/vnet/Bastillefile
+++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile
@@ -3,18 +3,12 @@ ARG INTERFACE
 ARG VNET
 ARG GATEWAY
 ARG GATEWAY6
-ARG IFCONFIG="SYNCDHCP"
+ARG IFCONFIG
 ARG IFCONFIG6

-SYSRC ifconfig_${INTERFACE}_name=${VNET}
+SYSRC ifconfig_${INTERFACE}_name="${VNET}"
 SYSRC ifconfig_${VNET}="${IFCONFIG}"
-
-# Set description if EXT_INTERFACE is set
-CMD if [ -n "${EXT_INTERFACE}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"; fi
-
-# Apply IFCONFIG6 if set
-CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_ipv6="${IFCONFIG6}"; fi
-
-# GATEWAY will be empty for a DHCP config. -- cwells
-CMD if [ -n "${GATEWAY}" ]; then /usr/sbin/sysrc defaultrouter="${GATEWAY}"; fi
-CMD if [ -n "${GATEWAY6}" ]; then /usr/sbin/sysrc ipv6_defaultrouter="${GATEWAY6}"; fi
+SYSRC ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"
+SYSRC ifconfig_${VNET}_ipv6="${IFCONFIG6}"
+SYSRC defaultrouter="${GATEWAY}"
+SYSRC ipv6_defaultrouter="${GATEWAY6}"