Merge pull request #1126 from BastilleBSD/tschettervictor-patch-3

docs/chapters/subcommands/limits.rst

@@ -50,4 +50,5 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
       Options:
 
       -a | --auto           Auto mode. Start/stop jail(s) if required.
+      -l | --log            Enable logging for the specified rule (rctl only).
       -x | --debug          Enable debug mode. 

usr/local/share/bastille/limits.sh

@@ -43,6 +43,7 @@ usage() {
     Options:
 
     -a | --auto           Auto mode. Start/stop jail(s) if required.
+    -l | --log            Enable logging for the specified rule (rctl only).
     -x | --debug          Enable debug mode.
 
 EOF
@@ -51,6 +52,7 @@ EOF
 
 # Handle options.
 AUTO=0
+OPT_LOG=0
 while [ "$#" -gt 0 ]; do
     case "${1}" in
         -h|--help|help)
@@ -60,6 +62,10 @@ while [ "$#" -gt 0 ]; do
             AUTO=1
             shift
             ;;
+        -l|--log)
+            OPT_LOG=1
+            shift
+            ;;
         -x|--debug)
             enable_debug
             shift
@@ -68,6 +74,7 @@ while [ "$#" -gt 0 ]; do
             for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
                 case ${_opt} in
                     a) AUTO=1 ;;
+                    l) OPT_LOG=1 ;;
                     x) enable_debug ;;
                     *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; 
                 esac
@@ -123,7 +130,7 @@ add_cpuset() {
 
     # Persist cpuset value
     echo "${_cpuset_rule}" >> "${bastille_jailsdir}/${_jail}/cpuset.conf"
-    echo -e "Limits: ${OPTION} ${VALUE}"
+    echo -e "[CPU LIMITS]: ${OPTION} ${VALUE}"
 
     # Restart jail to apply cpuset
     bastille restart ${_jail}
@@ -159,21 +166,28 @@ for _jail in ${JAILS}; do
                 # Add rctl rule to rctl.conf
                 _rctl_rule="jail:${_jail}:${OPTION}:deny=${VALUE}/jail"
                 _rctl_rule_log="jail:${_jail}:${OPTION}:log=${VALUE}/jail"
-
                 # Check whether the entry already exists and, if so, update it. -- cwells
                 if grep -qs "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf"; then
     	            _escaped_option=$(echo "${OPTION}" | sed 's/\//\\\//g')
     	            _escaped_rctl_rule=$(echo "${_rctl_rule}" | sed 's/\//\\\//g')
     	            _escaped_rctl_rule_log=$(echo "${_rctl_rule_log}" | sed 's/\//\\\//g')
                     sed -i '' -E "s/jail:${_jail}:${_escaped_option}:deny.+/${_escaped_rctl_rule}/" "${bastille_jailsdir}/${_jail}/rctl.conf"
-                    sed -i '' -E "s/jail:${_jail}:${_escaped_option}:log.+/${_escaped_rctl_rule_log}/" "${bastille_jailsdir}/${_jail}/rctl.conf"
+                    if [ "${OPT_LOG}" -eq 1 ]; then
+                        sed -i '' -E "s/jail:${_jail}:${_escaped_option}:log.+/${_escaped_rctl_rule_log}/" "${bastille_jailsdir}/${_jail}/rctl.conf"
+                    fi
                 else # Just append the entry. -- cwells
                     echo "${_rctl_rule}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
-                    echo "${_rctl_rule_log}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
+                    if [ "${OPT_LOG}" -eq 1 ]; then
+                        echo "${_rctl_rule_log}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
+                    fi
+                fi
+                if [ "${OPT_LOG}" -eq 1 ]; then
+                    echo -e "[LOGGING]: ${OPTION} ${VALUE}"
+                    rctl -a "${_rctl_rule}" "${_rctl_rule_log}"
+                else
+                    echo -e "${OPTION} ${VALUE}"
+                    rctl -a "${_rctl_rule}"
                 fi
-
-                echo -e "${OPTION} ${VALUE}"
-                rctl -a "${_rctl_rule}" "${_rctl_rule_log}"
             fi
             ;;
 
@@ -217,7 +231,7 @@ for _jail in ${JAILS}; do
                 done < "${bastille_jailsdir}/${_jail}/rctl.conf"
                 echo "RCTL limits cleared."
             fi
-	    ;;
+	        ;;
 
         list|show)