From b333a99cdcc442213971c4d5d11814ab74a15356 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 27 Feb 2025 23:50:00 -0700 Subject: [PATCH 01/36] import: Import jails using new interface format (iocage,ezjail) Imported jails from iocage and ezjail should now be imported using the new "if|ip" format and overall better handling on the network side of the import. --- usr/local/share/bastille/import.sh | 144 ++++++++++++++++++++++------- 1 file changed, 111 insertions(+), 33 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index d76c8858..fa8b177b 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -41,9 +41,10 @@ usage() { cat << EOF Options: - -f | --force Force an archive import regardless if the checksum file does not match or missing. - -v | --verbose Be more verbose during the ZFS receive operation. - -x | --debug Enable debug mode. + -f | --force Force an archive import regardless if the checksum file does not match or missing. + -M | --static-mac Generate static MAC for jail when importing foreign jails like iocage. + -v | --verbose Be more verbose during the ZFS receive operation. + -x | --debug Enable debug mode. Tip: If no option specified, container should be imported from standard input. @@ -54,6 +55,7 @@ EOF # Handle options. OPT_FORCE=0 OPT_ZRECV="-u" +OPT_STATIC_MAC="" USER_IMPORT= while [ "$#" -gt 0 ]; do case "${1}" in @@ -64,6 +66,10 @@ while [ "$#" -gt 0 ]; do OPT_FORCE="1" shift ;; + -M|--static-mac) + OPT_STATIC_MAC="1" + shift + ;; -v|--verbose) OPT_ZRECV="-u -v" shift @@ -191,8 +197,8 @@ generate_config() { # Gather some bits from foreign/iocage config files JSON_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/config.json" if [ -n "${JSON_CONFIG}" ]; then - IPV4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://') - IPV6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://') + IP4_CONFIG=$(grep -wo '\"ip4_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip4_addr://') + IP6_CONFIG=$(grep -wo '\"ip6_addr\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/ip6_addr://') DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://') DEVFS_RULESET=${DEVFS_RULESET:-4} IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://') @@ -218,41 +224,114 @@ generate_config() { # See if we need to generate a vnet network section if [ "${IS_VNET_JAIL:-0}" = "1" ]; then - NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}") + NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}" "${OPT_STATIC_MAC}") vnet_requirements else # If there are multiple IP/NIC let the user configure network - if [ -n "${IPV4_CONFIG}" ]; then - if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then - NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g') - if [ -z "${NETIF_CONFIG}" ]; then + IP4_DEFINITION="" + IP6_DEFINITION="" + IP6_MODE="disable" + # IP4 set, but not IP6 + if [ -n "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then + if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then config_netif - fi - IPX_ADDR="ip4.addr" - IP_CONFIG="${IPV4_CONFIG}" - IP6_MODE="disable" - fi - elif [ -n "${IPV6_CONFIG}" ]; then - if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then - NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g') - if [ -z "${NETIF_CONFIG}" ]; then + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + IP6_MODE="disable" + fi + else + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then config_netif - fi - IPX_ADDR="ip6.addr" - IP_CONFIG="${IPV6_CONFIG}" - IP6_MODE="new" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + IP6_MODE="disable" + fi fi + # IP6 set, but not IP4 + elif [ -z "${IP4_CONFIG}" ] && [ -z "${IP6_CONFIG}" ]; then + if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + else + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + fi + # IP4 and IP6 both set + elif [ -n "${IP4_CONFIG}" ] && [ -n "${IP6_CONFIG}" ]; then + if ! echo "${IP4_CONFIG}" | grep -q '.*,.*'; then + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then + config_netif + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + fi + else + IP4_IF=$(echo "${IP4_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP4_IF}" ]; then + config_netif + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IP4_CONFIG};" + else + IP4_DEFINITION="ip4.addr = ${IP4_CONFIG};" + fi + fi + if ! echo "${IP6_CONFIG}" | grep -q '.*,.*'; then + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + else + IP6_IF=$(echo "${IP6_CONFIG}" | grep '.*|' | sed 's/|.*//g') + if [ -z "${IP6_IF}" ]; then + config_netif + IP6_DEFINITION="ip6.addr = ${NETIF_CONFIG}|${IP6_CONFIG};" + IP6_MODE="new" + else + IP6_DEFINITION="ip6.addr = ${IP6_CONFIG};" + IP6_MODE="new" + fi + fi + # ezjail import elif [ -n "${IPVX_CONFIG}" ]; then if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g') if [ -z "${NETIF_CONFIG}" ]; then config_netif - fi - IPX_ADDR="ip4.addr" - IP_CONFIG="${IPVX_CONFIG}" - IP6_MODE="disable" + IP4_DEFINITION="ip4.addr = ${NETIF_CONFIG}|${IPVX_CONFIG};" + IP6_MODE="disable" + else + IP4_DEFINITION="ip4.addr = ${IPVX_CONFIG};" + IP6_MODE="disable" + fi if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then - IPX_ADDR="ip6.addr" + IP4_DEFINITION="" + IP6_DEFINITION="ip6.addr = ${IPVX_CONFIG};" IP6_MODE="new" fi fi @@ -260,16 +339,15 @@ generate_config() { # Let the user configure network manually if [ -z "${NETIF_CONFIG}" ]; then - NETIF_CONFIG="lo1" - IPX_ADDR="ip4.addr" - IP_CONFIG="-" + IP4_DEFINITION="ip4.addr = lo1|-;" + IP6_DEFINITION="" IP6_MODE="disable" warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration." fi NETBLOCK=$(cat <<-EOF - interface = ${NETIF_CONFIG}; - ${IPX_ADDR} = ${IP_CONFIG}; + ${IP4_DEFINITION} + ${IP6_DEFINITION} ip6 = ${IP6_MODE}; EOF ) From 00368cb71f348927bf776096745b66b662983663 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 00:07:14 -0700 Subject: [PATCH 02/36] import: Get default interface in set to "none" or auto --- usr/local/share/bastille/import.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index fa8b177b..dec4ec8c 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -206,7 +206,7 @@ generate_config() { IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://') VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://') ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1 - if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then + if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ] || [ "${VNET_DEFAULT_INTERFACE}" = "none" ]; then # Grab the default ipv4 route from netstat and pull out the interface VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4) fi @@ -385,6 +385,7 @@ ${TARGET_TRIM} { mount.fstab = ${bastille_jailsdir}/${TARGET_TRIM}/fstab; path = ${bastille_jailsdir}/${TARGET_TRIM}/root; securelevel = 2; + osrelease = ${CONFIG_RELEASE}; ${NETBLOCK} } From 0106df52594aefc47abb42bfa1d7d2f336582604 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 00:18:42 -0700 Subject: [PATCH 03/36] import: Support importing to specific release #360 --- usr/local/share/bastille/import.sh | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index dec4ec8c..490ac27c 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -36,7 +36,7 @@ usage() { # Build an independent usage for the import command # If no file/extension specified, will import from standard input - error_notify "Usage: bastille import [option(s)] FILE" + error_notify "Usage: bastille import [option(s)] FILE [RELEASE]" cat << EOF Options: @@ -59,7 +59,7 @@ OPT_STATIC_MAC="" USER_IMPORT= while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) + -h|--help|help) usage ;; -f|--force) @@ -82,6 +82,7 @@ while [ "$#" -gt 0 ]; do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in f) OPT_FORCE=1 ;; + M) OPT_STATIC_MAC=1 ;; v) OPT_ZRECV="-u -v" ;; x) enable_debug ;; *) error_exit "Unknown Option: \"${1}\"" ;; @@ -95,11 +96,12 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -gt 3 ] || [ $# -lt 1 ]; then +if [ $# -gt 2 ] || [ $# -lt 1 ]; then usage fi TARGET="${1}" +RELEASE="${2}" bastille_root_check @@ -182,6 +184,9 @@ update_fstab_import() { # If both variables are set, compare and update as needed if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" "${FSTAB_CONFIG}"; then info "Updating fstab..." + if [ -n "${RELEASE}" ]; then + FSTAB_NEWCONF="${RELEASE}" + fi sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}" fi fi @@ -355,9 +360,13 @@ EOF if [ "${IS_THIN_JAIL:-0}" = "1" ]; then if [ -z "${CONFIG_RELEASE}" ]; then - # Fallback to host version - CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') - warn "Warning: ${CONFIG_RELEASE} was set by default!" + if [ -n "${RELEASE}" ]; then + CONFIG_RELEASE="${RELEASE}" + else + # Fallback to host version + CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') + warn "Warning: ${CONFIG_RELEASE} was set by default!" + fi fi mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \ From 7ddff7fa94c6d2d8be2265228461c84c3bccb7c5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:25:17 -0700 Subject: [PATCH 04/36] export: Restructure code for new functions --- usr/local/share/bastille/export.sh | 86 +++++++++++++----------------- 1 file changed, 37 insertions(+), 49 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index f4d07fd4..57bd86a6 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -38,18 +38,17 @@ usage() { # Valid compress/options for ZFS systems are raw, .gz, .tgz, .txz and .xz # Valid compress/options for non ZFS configured systems are .tgz and .txz # If no compression option specified, user must redirect standard output - error_notify "Usage: bastille export | option(s) | TARGET | PATH" - + error_notify "Usage: bastille export [option(s)] TARGET PATH" cat << EOF Options: - --gz -- Export a ZFS jail using GZIP(.gz) compressed image. - -r | --raw -- Export a ZFS jail to an uncompressed RAW image. - -s | --safe -- Safely stop and start a ZFS jail before the exporting process. - --tgz -- Export a jail using simple .tgz compressed archive instead. - --txz -- Export a jail using simple .txz compressed archive instead. - -v | --verbose -- Be more verbose during the ZFS send operation. - --xz -- Export a ZFS jail using XZ(.xz) compressed image. + --gz Export a ZFS jail using GZIP(.gz) compressed image. + -r | --raw Export a ZFS jail to an uncompressed RAW image. + -s | --safe Safely stop and start a ZFS jail before the exporting process. + --tgz Export a jail using simple .tgz compressed archive instead. + --txz Export a jail using simple .txz compressed archive instead. + -v | --verbose Be more verbose during the ZFS send operation. + --xz Export a ZFS jail using XZ(.xz) compressed image. Note: If no export option specified, the container should be redirected to standard output. @@ -57,32 +56,6 @@ EOF exit 1 } -# Handle help option -case "${1}" in - help|-h|--help) - usage - ;; -esac - -if [ $# -gt 5 ] || [ $# -lt 1 ]; then - usage -fi - -TARGET="${1}" -GZIP_EXPORT= -XZ_EXPORT= -SAFE_EXPORT= -USER_EXPORT= -RAW_EXPORT= -DIR_EXPORT= -TXZ_EXPORT= -TGZ_EXPORT= -OPT_ZSEND="-R" -COMP_OPTION="0" - -bastille_root_check -set_target_single "${TARGET}" - zfs_enable_check() { # Temporarily disable ZFS so we can create a standard backup archive if checkyesno bastille_zfs_enable; then @@ -124,17 +97,17 @@ if [ -n "${bastille_export_options}" ]; then opt_count zfs_enable_check shift;; - --safe) + -s|--safe) SAFE_EXPORT="1" shift;; - --raw) + -r|--raw) RAW_EXPORT="1" opt_count shift ;; - --verbose) + -v|--verbose) OPT_ZSEND="-Rv" shift;; - --*|-*) error_notify "Unknown Option." + -*) error_notify "Unknown Option: \"${1}\"" usage;; esac done @@ -142,50 +115,46 @@ else # Handle options while [ $# -gt 0 ]; do case "${1}" in + -h|--help|help) + usage + ;; --gz) GZIP_EXPORT="1" - TARGET="${2}" opt_count shift ;; --xz) XZ_EXPORT="1" - TARGET="${2}" opt_count shift ;; --tgz) TGZ_EXPORT="1" - TARGET="${2}" opt_count zfs_enable_check shift ;; --txz) TXZ_EXPORT="1" - TARGET="${2}" opt_count zfs_enable_check shift ;; -s|--safe) SAFE_EXPORT="1" - TARGET="${2}" shift ;; -r|--raw) RAW_EXPORT="1" - TARGET="${2}" opt_count shift ;; -v|--verbose) OPT_ZSEND="-Rv" - TARGET="${2}" shift ;; - --*|-*) - error_notify "Unknown Option." + -*) + error_notify "Unknown Option: \"${1}\"" usage ;; *) @@ -202,6 +171,25 @@ else done fi +if [ $# -gt 2 ] || [ $# -lt 1 ]; then + usage +fi + +TARGET="${1}" +GZIP_EXPORT= +XZ_EXPORT= +SAFE_EXPORT= +USER_EXPORT= +RAW_EXPORT= +DIR_EXPORT= +TXZ_EXPORT= +TGZ_EXPORT= +OPT_ZSEND="-R" +COMP_OPTION="0" + +bastille_root_check +set_target_single "${TARGET}" + # Validate for combined options if [ "${COMP_OPTION}" -gt "1" ]; then error_exit "Error: Only one compression format can be used during export." @@ -217,7 +205,7 @@ if ! checkyesno bastille_zfs_enable; then [ -n "${RAW_EXPORT}" ] || [ -n "${SAFE_EXPORT}" ] || [ "${OPT_ZSEND}" = "-Rv" ]; then - error_exit "Options --xz, --gz, --raw, --safe, --verbose are valid for ZFS configured systems only." + error_exit "Options --xz, --gz, --raw, --safe, and --verbose are valid for ZFS configured systems only." fi fi From 295612da5fc03d36fecf6129ee17f589457deba3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:49:29 -0700 Subject: [PATCH 05/36] create: Do not check running if empty jail --- usr/local/share/bastille/create.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 03d35e41..806df544 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -554,10 +554,12 @@ create_jail() { fi fi - # Exit if jail was not started, which means something is wrong. - if ! check_target_is_running "${NAME}"; then - bastille destroy "${NAME}" - error_exit "[${NAME}]: Failed to create jail..." + # Exit if jail was not started, except for empty jails + if [ -z "${EMPTY_JAIL}" ]; then + if ! check_target_is_running "${NAME}"; then + bastille destroy "${NAME}" + error_exit "[${NAME}]: Failed to create jail..." + fi fi if [ -n "${VNET_JAIL}" ]; then From 34a0582075a2bd31da156648e350068681dcbcc8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:57:20 -0700 Subject: [PATCH 06/36] export: Add debug mode --- usr/local/share/bastille/export.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 57bd86a6..278cc0e9 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -153,6 +153,10 @@ else OPT_ZSEND="-Rv" shift ;; + -x) + enable_debug + shift + ;; -*) error_notify "Unknown Option: \"${1}\"" usage @@ -160,10 +164,6 @@ else *) if echo "${1}" | grep -q "\/"; then DIR_EXPORT="${1}" - else - if [ $# -gt 2 ] || [ $# -lt 1 ]; then - usage - fi fi shift ;; From 1c0ed95e6354908ad917c0be5ff2c388d9bd6035 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 11:59:56 -0700 Subject: [PATCH 07/36] export: Fix expr syntax --- usr/local/share/bastille/export.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 278cc0e9..44e8b050 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -65,7 +65,7 @@ zfs_enable_check() { } opt_count() { - COMP_OPTION=$(expr ${COMP_OPTION} + 1) + COMP_OPTION=$((COMP_OPTION + 1)) } if [ -n "${bastille_export_options}" ]; then From b734b926c29367038c7f1ab35047600052ccf236 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:03:08 -0700 Subject: [PATCH 08/36] export: Reset options --- usr/local/share/bastille/export.sh | 32 ++++++++++++++++++------------ 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 44e8b050..ad91e3eb 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -68,6 +68,18 @@ opt_count() { COMP_OPTION=$((COMP_OPTION + 1)) } +# Reset export options +GZIP_EXPORT= +XZ_EXPORT= +SAFE_EXPORT= +USER_EXPORT= +RAW_EXPORT= +DIR_EXPORT= +TXZ_EXPORT= +TGZ_EXPORT= +OPT_ZSEND="-R" +COMP_OPTION="0" + if [ -n "${bastille_export_options}" ]; then # Overrides the case options by the user defined option(s) automatically. # Add bastille_export_options="--optionA --optionB" to bastille.conf, or simply `export bastille_export_options="--optionA --optionB"` environment variable. @@ -162,10 +174,9 @@ else usage ;; *) - if echo "${1}" | grep -q "\/"; then - DIR_EXPORT="${1}" + if echo "${2}" | grep -q "\/"; then + DIR_EXPORT="${2}" fi - shift ;; esac done @@ -176,16 +187,11 @@ if [ $# -gt 2 ] || [ $# -lt 1 ]; then fi TARGET="${1}" -GZIP_EXPORT= -XZ_EXPORT= -SAFE_EXPORT= -USER_EXPORT= -RAW_EXPORT= -DIR_EXPORT= -TXZ_EXPORT= -TGZ_EXPORT= -OPT_ZSEND="-R" -COMP_OPTION="0" + +# Check for directory export +if echo "${2}" | grep -q "\/"; then + DIR_EXPORT="${2}" +fi bastille_root_check set_target_single "${TARGET}" From bb228a4f74e135a35574ec729efec3887223c330 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:04:33 -0700 Subject: [PATCH 09/36] export: Break on no options --- usr/local/share/bastille/export.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index ad91e3eb..8ef258dd 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -174,9 +174,7 @@ else usage ;; *) - if echo "${2}" | grep -q "\/"; then - DIR_EXPORT="${2}" - fi + break ;; esac done From 3acd06a0f1fcb8b1a687430aefb4ffa5b786f9d9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 12:59:48 -0700 Subject: [PATCH 10/36] create: Allow setting zfs options on creating jail #514 @s1dh Run 'bastille create help' to see syntax --- usr/local/share/bastille/create.sh | 57 ++++++++++++++++++------------ 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 03d35e41..99adb253 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -40,15 +40,18 @@ usage() { cat << EOF Options: - - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 @@ -669,12 +672,17 @@ while [ $# -gt 0 ]; do -h|--help|help) usage ;; - -D|--dual) - DUAL_STACK="1" + -B|--bridge) + VNET_JAIL="1" + VNET_JAIL_BRIDGE="1" shift ;; - -M|--static-mac) - STATIC_MAC="1" + -C|--clone) + CLONE_JAIL="1" + shift + ;; + -D|--dual) + DUAL_STACK="1" shift ;; -E|--empty) @@ -685,6 +693,14 @@ while [ $# -gt 0 ]; do LINUX_JAIL="1" shift ;; + -M|--static-mac) + STATIC_MAC="1" + shift + ;; + --no-validate|no-validate) + VALIDATE_RELEASE="" + shift + ;; -T|--thick) THICK_JAIL="1" shift @@ -693,18 +709,13 @@ while [ $# -gt 0 ]; do VNET_JAIL="1" shift ;; - -B|--bridge) - VNET_JAIL="1" - VNET_JAIL_BRIDGE="1" + -x|--debug) + enable_debug shift ;; - -C|--clone) - CLONE_JAIL="1" - shift - ;; - --no-validate|no-validate) - VALIDATE_RELEASE="" - shift + -Z|--zfs-opts) + bastille_zfs_options="${2}" + shift 2 ;; -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do From 7ea54efb9a79c7215e281e883aff747d7cdb9a48 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:04:06 -0700 Subject: [PATCH 11/36] docs: update create docs for zfs-opts --- docs/chapters/subcommands/create.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index fd3b9c5d..1105b88f 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -50,3 +50,27 @@ Also, uname does not work from within a jail. Much like MOTD, it gives you the information about the host system instead of the jail. If you need to check the version of freebsd running on the jail use the freebsd-version command to get accurate information. + +Bastille can create many different types of jails, along with many different options. See +the below help output. + +.. code-block:: shell + + ishmael ~ # bastille create help + + Usage: bastille create [option(s)] NAME RELEASE IP_ADDRESS [interface]" + + Options: + + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. + From 223c538680aa9ae593036d36dd7bffaf87b80c46 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 13:05:13 -0700 Subject: [PATCH 12/36] create: Fix spacing in help command --- usr/local/share/bastille/create.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 99adb253..78f4a78f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,17 +41,17 @@ usage() { cat << EOF Options: - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -M | --static-mac Generate a static MAC address for jail (VNET only). - --no-validate Do not validate the release when creating the jail. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -x | --debug Enable debug mode. - -Z | --zfs-opts Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 From e5a7618fb6e257480daea27006b50e737e3cb939 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:06:45 -0700 Subject: [PATCH 13/36] docs: Add --config to create help command --- docs/chapters/subcommands/create.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index 1105b88f..baabdb93 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -64,6 +64,7 @@ the below help output. -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. From 320bcde2b224f15357e6ab7f07c438d0bc75e18b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:15:10 -0700 Subject: [PATCH 14/36] create: Allow specifying a custom config file to override default --- usr/local/share/bastille/create.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 78f4a78f..e59be833 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -43,6 +43,7 @@ usage() { -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. @@ -667,6 +668,7 @@ LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" +OPT_CONFIG="" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) @@ -681,6 +683,22 @@ while [ $# -gt 0 ]; do CLONE_JAIL="1" shift ;; + -c|--config) + OPT_CONFIG="${2}" + if [ ! -f "${OPT_CONFIG}" ]; then + if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then + error_notify "Not a valid config file: ${OPT_CONFIG}" + usage + else + info "Using custom config: ${OPT_CONFIG}" + . /usr/local/etc/bastille/${OPT_CONFIG} + fi + else + info "Using custom config: ${OPT_CONFIG}" + . "${OPT_CONFIG}" + fi + shift 2 + ;; -D|--dual) DUAL_STACK="1" shift From 9e9cef90d43fbfdbe50030d52e4516ad68a0107a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:22:46 -0700 Subject: [PATCH 15/36] create: Override shellcheck for sourcing variable --- usr/local/share/bastille/create.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index e59be833..8cde2390 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -691,10 +691,12 @@ while [ $# -gt 0 ]; do usage else info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 . /usr/local/etc/bastille/${OPT_CONFIG} fi else info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 . "${OPT_CONFIG}" fi shift 2 From 24eefc325f466f616be46ca76edaf0ff51dfe5b6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:32:45 -0700 Subject: [PATCH 16/36] bootstrap: Allow bootstrapping with custom config --- usr/local/share/bastille/bootstrap.sh | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 74219638..24d06183 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -37,8 +37,9 @@ usage() { error_notify "Usage: bastille bootstrap [option(s)] [RELEASE|TEMPLATE] [update|arch]" cat << EOF Options: - - -x | --debug Enable debug mode. + + -c | --config Use a customized configuration file to override the default values. + -x | --debug Enable debug mode. EOF exit 1 @@ -424,6 +425,24 @@ while [ "$#" -gt 0 ]; do -h|--help|help) usage ;; + -c|--config) + OPT_CONFIG="${2}" + if [ ! -f "${OPT_CONFIG}" ]; then + if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then + error_notify "Not a valid config file: ${OPT_CONFIG}" + usage + else + info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 + . /usr/local/etc/bastille/${OPT_CONFIG} + fi + else + info "Using custom config: ${OPT_CONFIG}" + # shellcheck disable=SC1090 + . "${OPT_CONFIG}" + fi + shift 2 + ;; -x|--debug) enable_debug shift From 4941541b0c527ef8f725ba6092521d4ee1db0e1c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:43:55 -0700 Subject: [PATCH 17/36] docs: Remove config option from create --- docs/chapters/subcommands/create.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index baabdb93..1105b88f 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -64,7 +64,6 @@ the below help output. -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. From 6fcbdef5eb1e45028c8fb3edef7f3f2c26845986 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:44:28 -0700 Subject: [PATCH 18/36] bootstrap: Remove config option --- usr/local/share/bastille/bootstrap.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 24d06183..ccc4af6d 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -38,7 +38,6 @@ usage() { cat << EOF Options: - -c | --config Use a customized configuration file to override the default values. -x | --debug Enable debug mode. EOF @@ -425,24 +424,6 @@ while [ "$#" -gt 0 ]; do -h|--help|help) usage ;; - -c|--config) - OPT_CONFIG="${2}" - if [ ! -f "${OPT_CONFIG}" ]; then - if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then - error_notify "Not a valid config file: ${OPT_CONFIG}" - usage - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . /usr/local/etc/bastille/${OPT_CONFIG} - fi - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . "${OPT_CONFIG}" - fi - shift 2 - ;; -x|--debug) enable_debug shift From 22456b0d7c3359320ae62caabfe68fde28a25cb6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:45:10 -0700 Subject: [PATCH 19/36] create: Remove config option --- usr/local/share/bastille/create.sh | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 8cde2390..1c403066 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -43,7 +43,6 @@ usage() { -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -c | --config Use a customized configuration file to override the default values. -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). -L | --linux This option is intended for testing with Linux jails, this is considered experimental. @@ -683,24 +682,6 @@ while [ $# -gt 0 ]; do CLONE_JAIL="1" shift ;; - -c|--config) - OPT_CONFIG="${2}" - if [ ! -f "${OPT_CONFIG}" ]; then - if [ ! -f /usr/local/etc/bastille/${OPT_CONFIG} ]; then - error_notify "Not a valid config file: ${OPT_CONFIG}" - usage - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . /usr/local/etc/bastille/${OPT_CONFIG} - fi - else - info "Using custom config: ${OPT_CONFIG}" - # shellcheck disable=SC1090 - . "${OPT_CONFIG}" - fi - shift 2 - ;; -D|--dual) DUAL_STACK="1" shift From 98eb36b209927b61f0f6036851495f10bb39dca6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 17:45:53 -0700 Subject: [PATCH 20/36] create: Missed one var for config option --- usr/local/share/bastille/create.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 1c403066..78f4a78f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -667,7 +667,6 @@ LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" VALIDATE_RELEASE="1" -OPT_CONFIG="" while [ $# -gt 0 ]; do case "${1}" in -h|--help|help) From 2bd35fc9d2031bf49c0a6f30b3509796a5422f78 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 22:31:13 -0700 Subject: [PATCH 21/36] import: Manual network only if definitions not set --- usr/local/share/bastille/import.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 490ac27c..4982ed2e 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -343,7 +343,7 @@ generate_config() { fi # Let the user configure network manually - if [ -z "${NETIF_CONFIG}" ]; then + if [ -z "${IP4_DEFINITION}" ] && [ -z "${IP6_DEFINITION}" ]; then IP4_DEFINITION="ip4.addr = lo1|-;" IP6_DEFINITION="" IP6_MODE="disable" From b498fca79ef6bf6b4f9c2356fe49e9214860c9b7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:10:04 -0700 Subject: [PATCH 22/36] import: Fix import to a release from iocage --- usr/local/share/bastille/import.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 4982ed2e..2bc3803e 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -207,7 +207,11 @@ generate_config() { DEVFS_RULESET=$(grep -wo '\"devfs_ruleset\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/devfs_ruleset://') DEVFS_RULESET=${DEVFS_RULESET:-4} IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://') - CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//') + else + CONFIG_RELEASE="${RELEASE}" + fi IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://') VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://') ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1 @@ -221,7 +225,11 @@ generate_config() { PROP_CONFIG="${bastille_jailsdir}/${TARGET_TRIM}/prop.ezjail-${FILE_TRIM}-*" if [ -n "${PROP_CONFIG}" ]; then IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//") - CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') + else + CONFIG_RELEASE="${RELEASE}" + fi fi # Always assume it's thin for ezjail IS_THIN_JAIL=1 @@ -360,13 +368,9 @@ EOF if [ "${IS_THIN_JAIL:-0}" = "1" ]; then if [ -z "${CONFIG_RELEASE}" ]; then - if [ -n "${RELEASE}" ]; then - CONFIG_RELEASE="${RELEASE}" - else - # Fallback to host version - CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') - warn "Warning: ${CONFIG_RELEASE} was set by default!" - fi + # Fallback to host version + CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') + warn "Warning: ${CONFIG_RELEASE} was set by default!" fi mkdir "${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille" echo "${bastille_releasesdir}/${CONFIG_RELEASE} ${bastille_jailsdir}/${TARGET_TRIM}/root/.bastille nullfs ro 0 0" \ From efee919b4923d5e4222586360b0953c8233e8fa4 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:12:31 -0700 Subject: [PATCH 23/36] import: Fix import to release for bastille jails --- usr/local/share/bastille/import.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 2bc3803e..47e0c139 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -228,7 +228,7 @@ generate_config() { if [ -z "${RELEASE}" ]; then CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') else - CONFIG_RELEASE="${RELEASE}" + ="${RELEASE}" fi fi # Always assume it's thin for ezjail @@ -410,7 +410,11 @@ update_config() { # The config on select archives does not provide a clear way to determine # the base release, so lets try to get it from the base/COPYRIGHT file, # otherwise warn user and fallback to host system release - CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|') + if [ -z "${RELEASE}" ]; then + CONFIG_RELEASE=$(grep -wo 'releng/[0-9]\{2\}.[0-9]/COPYRIGHT' "${bastille_jailsdir}/${TARGET_TRIM}/root/COPYRIGHT" | sed 's|releng/||;s|/COPYRIGHT|-RELEASE|') + else + CONFIG_RELEASE="${RELEASE}" + fi if [ -z "${CONFIG_RELEASE}" ]; then # Fallback to host version CONFIG_RELEASE=$(freebsd-version | sed 's/\-[pP].*//') From eed70dc1293619f6bfa0420f4e5b9f8095abfb0e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 28 Feb 2025 23:13:57 -0700 Subject: [PATCH 24/36] import: Fix shellcheck --- usr/local/share/bastille/import.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 47e0c139..511fedcf 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -228,7 +228,7 @@ generate_config() { if [ -z "${RELEASE}" ]; then CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') else - ="${RELEASE}" + CONFIG_RELEASE="${RELEASE}" fi fi # Always assume it's thin for ezjail From 644bb8633ad6a9679790c7d83a5c069b93a31a11 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 2 Mar 2025 05:54:26 -0700 Subject: [PATCH 25/36] bastille: Missed jcp in main command --- usr/local/bin/bastille | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index d347952c..804c822e 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -160,6 +160,7 @@ case "${CMD}" in etcupdate| \ export| \ htop| \ + jcp | \ import| \ limits| \ list| \ From be6885eb3e005631f5dccae59de332936cbcb10f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 2 Mar 2025 17:47:18 -0700 Subject: [PATCH 26/36] stop: Do not attempt any pf actions if it has not been configured --- usr/local/share/bastille/stop.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index faafe4cc..124cef24 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -91,7 +91,7 @@ for _jail in ${JAILS}; do check_target_is_running "${_jail}" || error_continue "Jail is already stopped." # Remove RDR rules - if [ "$(bastille config ${_jail} get vnet)" != "enabled" ]; then + if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" _ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')" if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then @@ -114,17 +114,17 @@ for _jail in ${JAILS}; do jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" # Remove (captured above) IPs from firewall table - if [ "${_ip4}" != "not set" ]; then + if [ "${_ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then for _ip in ${_ip4}; do if echo "${_ip}" | grep -q "|"; then _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" fi - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" done fi - if [ "${_ip6}" != "not set" ]; then + if [ "${_ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then for _ip in ${_ip6}; do if echo "${_ip}" | grep -q "|"; then _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" From 4c68b748b6ee67503acc18ffe4d42d7134a217c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:13:48 -0700 Subject: [PATCH 27/36] create: Add --vlan option --- usr/local/share/bastille/create.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 6169e214..b8b61ce4 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,14 +41,15 @@ usage() { cat << EOF Options: - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -M | --static-mac Generate a static MAC address for jail (VNET only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -v | --vlan VLANID Creates the jail with specified VLAN ID + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. EOF exit 1 @@ -255,7 +256,7 @@ generate_vnet_jail_conf() { else devfs_ruleset_value=13 fi - NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}") + NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}" "${VLAN_ID}") cat << EOF > "${bastille_jail_conf}" ${NAME} { enforce_statfs = 2; @@ -662,6 +663,7 @@ EMPTY_JAIL="" THICK_JAIL="" CLONE_JAIL="" VNET_JAIL="" +VLAN_ID="" LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" @@ -695,6 +697,10 @@ while [ $# -gt 0 ]; do VNET_JAIL="1" shift ;; + -v|--vlan) + VLAN_ID="${2} + shift 2 + ;; -B|--bridge) VNET_JAIL="1" VNET_JAIL_BRIDGE="1" @@ -742,6 +748,8 @@ elif [ -n "${LINUX_JAIL}" ]; then fi elif [ -n "${CLONE_JAIL}" ] && [ -n "${THICK_JAIL}" ]; then error_exit "Error: Clonejail and Thickjail can't be used together." +elif [ -z "${VNET_JAIL}" ] && [ -z "${VNET_JAIL_BRIDGE}" ] && [ -n "${VLAN_ID}" ]; then + error_exit "Error: VLANs can only be used with VNET and bridged VNET jails." fi NAME="$1" From 8395e8b000c200952e1be19dcd1df7bd16cdaf91 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:28:23 -0700 Subject: [PATCH 28/36] create: More vlan imporvements --- usr/local/share/bastille/create.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index b8b61ce4..58b6e89c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -256,7 +256,7 @@ generate_vnet_jail_conf() { else devfs_ruleset_value=13 fi - NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}" "${VLAN_ID}") + NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}") cat << EOF > "${bastille_jail_conf}" ${NAME} { enforce_statfs = 2; @@ -609,6 +609,11 @@ create_jail() { # Join together IPv4 and IPv6 parts of ifconfig _ifconfig="${_ifconfig_inet} ${_ifconfig_inet6}" bastille template "${NAME}" ${bastille_template_vnet} --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" + + # Add VLAN ID if it was given + if [ -n "${VLAN_ID}" ]; then + bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" + fi fi fi if [ -n "${THICK_JAIL}" ]; then @@ -698,7 +703,11 @@ while [ $# -gt 0 ]; do shift ;; -v|--vlan) - VLAN_ID="${2} + if echo "${2}" | grep -Eq '^[0-9]+$'; then + VLAN_ID="${2} + else + error_exit "Not a valid VLAN ID: ${2}" + fi shift 2 ;; -B|--bridge) From 64447e2b3c4c247fb8b47df5c90c4f78948a00c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:32:43 -0700 Subject: [PATCH 29/36] vlans: Add Bastillefile --- .../share/bastille/templates/default/vlan/Bastillefile | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 usr/local/share/bastille/templates/default/vlan/Bastillefile diff --git a/usr/local/share/bastille/templates/default/vlan/Bastillefile b/usr/local/share/bastille/templates/default/vlan/Bastillefile new file mode 100644 index 00000000..6d594446 --- /dev/null +++ b/usr/local/share/bastille/templates/default/vlan/Bastillefile @@ -0,0 +1,6 @@ +ARG VLANID +ARG IFCONFIG="SYNCDHCP" + +SYSRC ifconfig_vnet0="up" +SYSRC vlans_vnet0="${VLANID}" +SYSRC ifconfig_vnet0_${VLANID}="${IFCONFIG}" From 6e7ea625b725786170a4bbcd8f21e14d097822f1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:33:57 -0700 Subject: [PATCH 30/36] create: Spacing --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 58b6e89c..5539b5dd 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -612,7 +612,7 @@ create_jail() { # Add VLAN ID if it was given if [ -n "${VLAN_ID}" ]; then - bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" + bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" fi fi fi From 90ceb69eb070c751e098b5e420b5ddb50905d46a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:34:32 -0700 Subject: [PATCH 31/36] conf: Add vlan template --- usr/local/etc/bastille/bastille.conf.sample | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index 4e6395c9..cfdca5b0 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -66,3 +66,4 @@ bastille_template_thick="default/thick" ## default bastille_template_clone="default/clone" ## default: "default/clone" bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" +bastille_template_vlan="default/vlan" ## default: "default/vlan" From dc9e225d8e38422b293c5048e7b17d1381b41133 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:38:13 -0700 Subject: [PATCH 32/36] create: Fix shellcheck --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 5539b5dd..8ea7ec7c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -704,7 +704,7 @@ while [ $# -gt 0 ]; do ;; -v|--vlan) if echo "${2}" | grep -Eq '^[0-9]+$'; then - VLAN_ID="${2} + VLAN_ID="${2}" else error_exit "Not a valid VLAN ID: ${2}" fi From 07095fc79e43449a82d0a4782d96f401ba49cc89 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:02:00 -0700 Subject: [PATCH 33/36] create: ZFS opts not optional --- usr/local/share/bastille/create.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 78f4a78f..d224ca3d 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,17 +41,17 @@ usage() { cat << EOF Options: - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -M | --static-mac Generate a static MAC address for jail (VNET only). - --no-validate Do not validate the release when creating the jail. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -x | --debug Enable debug mode. - -Z | --zfs-opts [zfs,options] Comma separated list of ZFS options to create the jail with. This overrides the defaults. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -M | --static-mac Generate a static MAC address for jail (VNET only). + --no-validate Do not validate the release when creating the jail. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -x | --debug Enable debug mode. + -Z | --zfs-opts zfs,options Comma separated list of ZFS options to create the jail with. This overrides the defaults. EOF exit 1 From 6ef1b2d4e0c542a24c7098bd5fe3466dc0c32b9b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 15:57:29 -0700 Subject: [PATCH 34/36] template: Add HOSTCMD to hooks --- usr/local/share/bastille/template.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index eec08752..2ce60506 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -154,7 +154,7 @@ TARGET="${1}" TEMPLATE="${2}" bastille_template=${bastille_templatesdir}/${TEMPLATE} if [ -z "${HOOKS}" ]; then - HOOKS='LIMITS INCLUDE PRE FSTAB PF PKG OVERLAY CONFIG SYSRC SERVICE CMD RENDER' + HOOKS='LIMITS INCLUDE PRE FSTAB PF PKG OVERLAY CONFIG SYSRC SERVICE CMD RENDER HOSTCMD' fi bastille_root_check @@ -369,6 +369,9 @@ for _jail in ${JAILS}; do ;; fstab|mount) _cmd='mount' ;; + # Execute this command on the host + hostcmd) + eval "${_args}" ;; include) _cmd='template' ;; overlay) From cb5d58e48cd56a514a667d84d6965b4e36bfce01 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 16:01:20 -0700 Subject: [PATCH 35/36] template: Continue after HOSTCMD --- usr/local/share/bastille/template.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 2ce60506..41e37b53 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -371,7 +371,9 @@ for _jail in ${JAILS}; do _cmd='mount' ;; # Execute this command on the host hostcmd) - eval "${_args}" ;; + eval "${_args}" + continue + ;; include) _cmd='template' ;; overlay) From bafda4db1e9834a836acded42ea25dda6d908442 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 16:07:57 -0700 Subject: [PATCH 36/36] docs: Document HOSTCMD --- docs/chapters/template.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index a2a317cf..e7e2f95e 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -33,6 +33,8 @@ Template Automation Hooks +-------------+---------------------+-----------------------------------------+ | CP/OVERLAY | path(s) | etc root usr (one per line) | +-------------+---------------------+-----------------------------------------+ +| HOSTCMD | command | pkg info | ++-------------+---------------------+-----------------------------------------+ | INCLUDE | template path/URL | http?://TEMPLATE_URL or project/path | +-------------+---------------------+-----------------------------------------+ | LIMITS | resource value | memoryuse 1G | @@ -74,6 +76,8 @@ CONFIG - set the specified property and value CP/OVERLAY - copy specified files from template directory to specified path inside jail +HOSTCMD - run the specified command on the host instead of the jail + INCLUDE - specify a template to include. Make sure the template is bootstrapped, or you are using the template url LIMITS - set the specified resource value for the jail