From 30351a06455ca57a303b73a9726468248c99867f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 13:25:42 -0700 Subject: [PATCH 1/7] sysrc: begin support host command --- usr/local/share/bastille/templates/default/base/Bastillefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/templates/default/base/Bastillefile b/usr/local/share/bastille/templates/default/base/Bastillefile index d68abccc..7423caca 100644 --- a/usr/local/share/bastille/templates/default/base/Bastillefile +++ b/usr/local/share/bastille/templates/default/base/Bastillefile @@ -2,9 +2,9 @@ ARG HOST_RESOLV_CONF=/etc/resolv.conf CMD touch /etc/rc.conf CMD touch /etc/periodic.conf -CMD sysrc -f /etc/periodic.conf daily_status_world_kernel="NO" CMD pw user mod root -h - +SYSRC -f /etc/periodic.conf daily_status_world_kernel="NO" SYSRC syslogd_flags="-ss" SYSRC sendmail_enable="NO" SYSRC sendmail_submit_enable="NO" From 7e3f6cace6b795380acab895ae3ed67158a0c3ee Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 13:28:05 -0700 Subject: [PATCH 2/7] sysrc: allow fallback to host --- usr/local/share/bastille/sysrc.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 4d1e1a26..4f24d997 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -100,7 +100,11 @@ for _jail in ${JAILS}; do info "\n[${_jail}]:" - jexec -l "${_jail}" /usr/sbin/sysrc "$@" + if [ -f "${bastille_jailsdir}/${_jail}/root/usr/sbin/sysrc" ]; then + jexec -l "${_jail}" /usr/sbin/sysrc "$@" + else + sysrc -j "${_jail}" "$@" + fi if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) From 576844e15374c293bb1a968bfe8a5cf55c6b3c97 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 16:39:31 -0700 Subject: [PATCH 3/7] default/vnet: apply sysrc by default --- .../templates/default/vnet/Bastillefile | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile index f0c4cadb..0dbc6cbc 100644 --- a/usr/local/share/bastille/templates/default/vnet/Bastillefile +++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile @@ -1,20 +1,14 @@ ARG EXT_INTERFACE ARG INTERFACE ARG VNET -ARG GATEWAY -ARG GATEWAY6 +ARG GATEWAY="NO" +ARG GATEWAY6="NO" ARG IFCONFIG="SYNCDHCP" ARG IFCONFIG6 SYSRC ifconfig_${INTERFACE}_name=${VNET} SYSRC ifconfig_${VNET}="${IFCONFIG}" - -# Set description if EXT_INTERFACE is set -CMD if [ -n "${EXT_INTERFACE}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"; fi - -# Apply IFCONFIG6 if set -CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_ipv6="${IFCONFIG6}"; fi - -# GATEWAY will be empty for a DHCP config. -- cwells -CMD if [ -n "${GATEWAY}" ]; then /usr/sbin/sysrc defaultrouter="${GATEWAY}"; fi -CMD if [ -n "${GATEWAY6}" ]; then /usr/sbin/sysrc ipv6_defaultrouter="${GATEWAY6}"; fi +SYSRC ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}" +SYSRC ifconfig_${VNET}_ipv6="${IFCONFIG6}" +SYSRC defaultrouter="${GATEWAY}" +SYSRC ipv6_defaultrouter="${GATEWAY6}" From 694eb138990993e8e5c9c04b06fa5d07716f2c3a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 18:32:27 -0700 Subject: [PATCH 4/7] create: defaultrouter=NO --- usr/local/share/bastille/create.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index aa5c70ad..94df0b45 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -666,10 +666,10 @@ create_jail() { # Retrieve epair name from jail.conf uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g') - gateway='' - gateway6='' - ifconfig_inet='' - ifconfig_inet6='' + gateway="NO" + gateway6="NO" + ifconfig_inet="" + ifconfig_inet6="" # Check for DHCP if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then @@ -692,7 +692,7 @@ create_jail() { # Enable IPv6 if used if [ -n "${IP6_ADDR}" ]; then - ifconfig_inet6='inet6 -ifdisabled' + ifconfig_inet6="inet6 -ifdisabled" if echo "${IP}" | grep -qE 'SLAAC'; then # Enable SLAAC if requested ifconfig_inet6="${ifconfig_inet6} accept_rtadv" @@ -720,7 +720,7 @@ create_jail() { # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected # Use default "vnet0" otherwise if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" else bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" fi @@ -728,9 +728,9 @@ create_jail() { # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected # Use default "vnet0" otherwise if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" else - bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" + bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${gateway}" --arg GATEWAY6="${gateway6}" --arg IFCONFIG="${ifconfig}" --arg IFCONFIG6="${ifconfig6}" fi fi From a5b7e6514ea7cf65eb1a305b31a43345e0c07418 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 18:43:53 -0700 Subject: [PATCH 5/7] All values are passed during create. --- .../bastille/templates/default/vnet/Bastillefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile index 0dbc6cbc..f4c4cc43 100644 --- a/usr/local/share/bastille/templates/default/vnet/Bastillefile +++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile @@ -1,14 +1,14 @@ ARG EXT_INTERFACE ARG INTERFACE ARG VNET -ARG GATEWAY="NO" -ARG GATEWAY6="NO" -ARG IFCONFIG="SYNCDHCP" +ARG GATEWAY +ARG GATEWAY6 +ARG IFCONFIG ARG IFCONFIG6 SYSRC ifconfig_${INTERFACE}_name=${VNET} -SYSRC ifconfig_${VNET}="${IFCONFIG}" +SYSRC ifconfig_${VNET}=${IFCONFIG} SYSRC ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}" -SYSRC ifconfig_${VNET}_ipv6="${IFCONFIG6}" -SYSRC defaultrouter="${GATEWAY}" -SYSRC ipv6_defaultrouter="${GATEWAY6}" +SYSRC ifconfig_${VNET}_ipv6=${IFCONFIG6} +SYSRC defaultrouter=${GATEWAY} +SYSRC ipv6_defaultrouter=${GATEWAY6} From f9e6d0dd968bd488ae70c46e1fcb6229bcdc2444 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 18:46:26 -0700 Subject: [PATCH 6/7] Need quotes --- .../share/bastille/templates/default/vnet/Bastillefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile index f4c4cc43..449b6bb6 100644 --- a/usr/local/share/bastille/templates/default/vnet/Bastillefile +++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile @@ -6,9 +6,9 @@ ARG GATEWAY6 ARG IFCONFIG ARG IFCONFIG6 -SYSRC ifconfig_${INTERFACE}_name=${VNET} -SYSRC ifconfig_${VNET}=${IFCONFIG} +SYSRC ifconfig_${INTERFACE}_name="${VNET}" +SYSRC ifconfig_${VNET}="${IFCONFIG}" SYSRC ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}" -SYSRC ifconfig_${VNET}_ipv6=${IFCONFIG6} -SYSRC defaultrouter=${GATEWAY} -SYSRC ipv6_defaultrouter=${GATEWAY6} +SYSRC ifconfig_${VNET}_ipv6="${IFCONFIG6}" +SYSRC defaultrouter="${GATEWAY}" +SYSRC ipv6_defaultrouter="${GATEWAY6}" From b094badb0ad01a70d4f6dc65b3ea980af5416c71 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 19:04:13 -0700 Subject: [PATCH 7/7] templates: remove sysrc note/ not needed --- docs/chapters/template.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index 5cb2db59..b9b2fc3e 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -145,9 +145,6 @@ recursively. Special Hook Cases ------------------ -SYSRC requires that NO quotes be used or that quotes (``"``) be escaped ie; -(``\\"``) - ARG will always treat an ampersand "\``&``" literally, without the need to escape it. Escaping it will cause errors.