diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index de1019b9..a7b1389c 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -88,16 +88,16 @@ shift 2 set_target "${TARGET}" case "${ACTION}" in - get|remove) + get) if [ "$#" -ne 1 ]; then error_notify 'Too many parameters for [get|remove] operation.' usage fi ;; - set) + set|remove) ;; *) - error_exit 'Only get and set are supported.' + error_exit "[ERROR]: Only set, remove and get are supported." ;; esac @@ -117,32 +117,79 @@ print_jail_conf() { for _jail in ${JAILS}; do # Handle Bastille specific properties - # Currently only 'priority' and 'boot' + # Currently only 'depend' 'priority' and 'boot' if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then + PROPERTY="priority" BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" + if [ "${ACTION}" = "set" ]; then if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" else error_exit "Priority value must be a number." fi - else + elif [ "${ACTION}" = "remove" ]; then + error_exit "[ERROR]: Cannot remove the 'priority' property." + elif [ "${ACTION}" = "get" ]; then sysrc -f "${FILE}" -n "${PROPERTY}" fi + + # Boot property elif [ "${PROPERTY}" = "boot" ]; then + BASTILLE_PROPERTY=1 FILE="${bastille_jailsdir}/${_jail}/boot.conf" + if [ "${ACTION}" = "set" ]; then if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" else error_exit "Boot value must be 'on' or 'off'." fi - else + elif [ "${ACTION}" = "remove" ]; then + error_exit "[ERROR]: Cannot remove the 'boot' property." + elif [ "${ACTION}" = "get" ]; then sysrc -f "${FILE}" -n "${PROPERTY}" fi + + # Depend property + elif [ "${PROPERTY}" = "depend" ] || [ "${PROPERTY}" = "depends" ]; then + + PROPERTY="depends" + BASTILLE_PROPERTY=1 + FILE="${bastille_jailsdir}/${_jail}/settings.conf" + + if [ "${ACTION}" = "set" ]; then + + if [ -z "${VALUE}" ]; then + error_exit "[ERROR]: Adding a jail to the 'depends' property requires a TARGET." + else + set_target "${VALUE}" + fi + + info "\n[${_jail}]:" + + sysrc -f "${FILE}" "${PROPERTY}+=${JAILS}" + + elif [ "${ACTION}" = "remove" ]; then + + if [ -z "${VALUE}" ]; then + error_exit "[ERROR]: Removing a jail from the 'depends' property requires a TARGET." + else + set_target "${VALUE}" + fi + + info "\n[${_jail}]:" + + sysrc -f "${FILE}" "${PROPERTY}-=${JAILS}" + + elif [ "${ACTION}" = "get" ]; then + + sysrc -f "${FILE}" -n "${PROPERTY}" + + fi else FILE="${bastille_jailsdir}/${_jail}/jail.conf" if [ ! -f "${FILE}" ]; then @@ -186,9 +233,15 @@ for _jail in ${JAILS}; do fi elif [ "${ACTION}" = "remove" ]; then if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then + + info "\n[${_jail}]:" + sed -i '' "/.*${PROPERTY}.*/d" "${FILE}" + + echo "Property removed: ${PROPERTY}" + else - error_exit "Value not present in jail.conf: ${PROPERTY}" + error_exit "[ERROR]: Value not present in jail.conf: ${PROPERTY}" fi else # Setting the value. -- cwells if [ -n "${VALUE}" ]; then diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 995b936a..2450022a 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -112,11 +112,22 @@ for _jail in ${JAILS}; do fi fi - info "\n[${_jail}]:" + # Validate that all 'depends' jails are running + _depend_jails="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n depends)" + for _depend_jail in ${_depend_jails}; do + if check_target_is_running; then + continue + else + bastille start ${_depend_jail} + fi + done if check_target_is_running "${_jail}"; then + info "\n[${_jail}]:" error_continue "Jail is already running." fi + + info "\n[${_jail}]:" # Validate interfaces and add IPs to firewall table if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 72d696e1..3f8f7785 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -87,12 +87,25 @@ set_target "${TARGET}" "reverse" for _jail in ${JAILS}; do - info "\n[${_jail}]:" + # Validate that all jails that 'depend' on this one are stopped + for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do + if ! grep -hoqsw "depends=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then + sysrc -q -f ${bastille_jailsdir}/${_depend_jail}/settings.conf depends="" >/dev/null + fi + if [ "${_jail}" = "${_depend_jail}" ]; then + continue + elif grep -hoqsw "${_jail}" "${bastille_jailsdir}/${_depend_jail}/settings.conf"; then + bastille stop ${_depend_jail} + fi + done if check_target_is_stopped "${_jail}"; then + info "\n[${_jail}]:" error_continue "Jail is already stopped." fi + info "\n[${_jail}]:" + # Remove RDR rules if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"