diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index 5cb2db59..b9b2fc3e 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -145,9 +145,6 @@ recursively. Special Hook Cases ------------------ -SYSRC requires that NO quotes be used or that quotes (``"``) be escaped ie; -(``\\"``) - ARG will always treat an ampersand "\``&``" literally, without the need to escape it. Escaping it will cause errors. diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index aa5c70ad..94df0b45 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -666,10 +666,10 @@ create_jail() { # Retrieve epair name from jail.conf uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g') - gateway='' - gateway6='' - ifconfig_inet='' - ifconfig_inet6='' + gateway="NO" + gateway6="NO" + ifconfig_inet="" + ifconfig_inet6="" # Check for DHCP if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then @@ -692,7 +692,7 @@ create_jail() { # Enable IPv6 if used if [ -n "${IP6_ADDR}" ]; then - ifconfig_inet6='inet6 -ifdisabled' + ifconfig_inet6="inet6 -ifdisabled" if echo "${IP}" | grep -qE 'SLAAC'; then # Enable SLAAC if requested ifconfig_inet6="${ifconfig_inet6} accept_rtadv" @@ -720,7 +720,7 @@ create_jail() { # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected # Use default "vnet0" otherwise if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" else bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" fi @@ -728,9 +728,9 @@ create_jail() { # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected # Use default "vnet0" otherwise if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" else - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" fi fi diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 4d1e1a26..4f24d997 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -100,7 +100,11 @@ for _jail in ${JAILS}; do info "\n[${_jail}]:" - jexec -l "${_jail}" /usr/sbin/sysrc "$@" + if [ -f "${bastille_jailsdir}/${_jail}/root/usr/sbin/sysrc" ]; then + jexec -l "${_jail}" /usr/sbin/sysrc "$@" + else + sysrc -j "${_jail}" "$@" + fi if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) diff --git a/usr/local/share/bastille/templates/default/base/Bastillefile b/usr/local/share/bastille/templates/default/base/Bastillefile index d68abccc..7423caca 100644 --- a/usr/local/share/bastille/templates/default/base/Bastillefile +++ b/usr/local/share/bastille/templates/default/base/Bastillefile @@ -2,9 +2,9 @@ ARG HOST_RESOLV_CONF=/etc/resolv.conf CMD touch /etc/rc.conf CMD touch /etc/periodic.conf -CMD sysrc -f /etc/periodic.conf daily_status_world_kernel="NO" CMD pw user mod root -h - +SYSRC -f /etc/periodic.conf daily_status_world_kernel="NO" SYSRC syslogd_flags="-ss" SYSRC sendmail_enable="NO" SYSRC sendmail_submit_enable="NO" diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile index f0c4cadb..449b6bb6 100644 --- a/usr/local/share/bastille/templates/default/vnet/Bastillefile +++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile @@ -3,18 +3,12 @@ ARG INTERFACE ARG VNET ARG GATEWAY ARG GATEWAY6 -ARG IFCONFIG="SYNCDHCP" +ARG IFCONFIG ARG IFCONFIG6 -SYSRC ifconfig_${INTERFACE}_name=${VNET} +SYSRC ifconfig_${INTERFACE}_name="${VNET}" SYSRC ifconfig_${VNET}="${IFCONFIG}" - -# Set description if EXT_INTERFACE is set -CMD if [ -n "${EXT_INTERFACE}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"; fi - -# Apply IFCONFIG6 if set -CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_ipv6="${IFCONFIG6}"; fi - -# GATEWAY will be empty for a DHCP config. -- cwells -CMD if [ -n "${GATEWAY}" ]; then /usr/sbin/sysrc defaultrouter="${GATEWAY}"; fi -CMD if [ -n "${GATEWAY6}" ]; then /usr/sbin/sysrc ipv6_defaultrouter="${GATEWAY6}"; fi +SYSRC ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}" +SYSRC ifconfig_${VNET}_ipv6="${IFCONFIG6}" +SYSRC defaultrouter="${GATEWAY}" +SYSRC ipv6_defaultrouter="${GATEWAY6}"