Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-20 09:10:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

depend: Add support for dependant jails

Browse Source
This commit is contained in:
tschettervictor
2025-05-02 08:32:28 -06:00
parent 665ed20d98
commit 5344eb9ba5
3 changed files with 86 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
usr/local/share/bastille/config.sh
View File

@@ -88,16 +88,16 @@ shift 2
set_target "${TARGET}" set_target "${TARGET}"
case "${ACTION}" in case "${ACTION}" in
get|remove) get)
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then
error_notify 'Too many parameters for [get|remove] operation.' error_notify 'Too many parameters for [get|remove] operation.'
usage usage
fi fi
;; ;;
set) set|remove)
;; ;;
*) *)
error_exit 'Only get and set are supported.' error_exit "[ERROR]: Only set, remove and get are supported."
;; ;;
esac esac
@@ -117,32 +117,79 @@ print_jail_conf() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
# Handle Bastille specific properties # Handle Bastille specific properties
# Currently only 'priority' and 'boot' # Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
PROPERTY="priority" PROPERTY="priority"
BASTILLE_PROPERTY=1 BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf" FILE="${bastille_jailsdir}/${_jail}/boot.conf"
if [ "${ACTION}" = "set" ]; then if [ "${ACTION}" = "set" ]; then
if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"
else else
error_exit "Priority value must be a number." error_exit "Priority value must be a number."
fi fi
else elif [ "${ACTION}" = "remove" ]; then
error_exit "[ERROR]: Cannot remove the 'priority' property."
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}" sysrc -f "${FILE}" -n "${PROPERTY}"
fi fi
# Boot property
elif [ "${PROPERTY}" = "boot" ]; then elif [ "${PROPERTY}" = "boot" ]; then
BASTILLE_PROPERTY=1 BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf" FILE="${bastille_jailsdir}/${_jail}/boot.conf"
if [ "${ACTION}" = "set" ]; then if [ "${ACTION}" = "set" ]; then
if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}" sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"
else else
error_exit "Boot value must be 'on' or 'off'." error_exit "Boot value must be 'on' or 'off'."
fi fi
else elif [ "${ACTION}" = "remove" ]; then
error_exit "[ERROR]: Cannot remove the 'boot' property."
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}" sysrc -f "${FILE}" -n "${PROPERTY}"
fi fi
# Depend property
elif [ "${PROPERTY}" = "depend" ] || [ "${PROPERTY}" = "depends" ]; then
PROPERTY="depends"
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/settings.conf"
if [ "${ACTION}" = "set" ]; then
if [ -z "${VALUE}" ]; then
error_exit "[ERROR]: Adding a jail to the 'depends' property requires a TARGET."
else
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
sysrc -f "${FILE}" "${PROPERTY}+=${JAILS}"
elif [ "${ACTION}" = "remove" ]; then
if [ -z "${VALUE}" ]; then
error_exit "[ERROR]: Removing a jail from the 'depends' property requires a TARGET."
else
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
sysrc -f "${FILE}" "${PROPERTY}-=${JAILS}"
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}"
fi
else else
FILE="${bastille_jailsdir}/${_jail}/jail.conf" FILE="${bastille_jailsdir}/${_jail}/jail.conf"
if [ ! -f "${FILE}" ]; then if [ ! -f "${FILE}" ]; then
@@ -186,9 +233,15 @@ for _jail in ${JAILS}; do
fi fi
elif [ "${ACTION}" = "remove" ]; then elif [ "${ACTION}" = "remove" ]; then
if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then
info "\n[${_jail}]:"
sed -i '' "/.*${PROPERTY}.*/d" "${FILE}" sed -i '' "/.*${PROPERTY}.*/d" "${FILE}"
echo "Property removed: ${PROPERTY}"
else else
error_exit "Value not present in jail.conf: ${PROPERTY}" error_exit "[ERROR]: Value not present in jail.conf: ${PROPERTY}"
fi fi
else # Setting the value. -- cwells else # Setting the value. -- cwells
if [ -n "${VALUE}" ]; then if [ -n "${VALUE}" ]; then

13
usr/local/share/bastille/start.sh
View File

@@ -112,11 +112,22 @@ for _jail in ${JAILS}; do
fi fi
fi fi
info "\n[${_jail}]:" # Validate that all 'depends' jails are running
_depend_jails="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n depends)"
for _depend_jail in ${_depend_jails}; do
if check_target_is_running; then
continue
else
bastille start ${_depend_jail}
fi
done
if check_target_is_running "${_jail}"; then if check_target_is_running "${_jail}"; then
info "\n[${_jail}]:"
error_continue "Jail is already running." error_continue "Jail is already running."
fi fi
info "\n[${_jail}]:"
# Validate interfaces and add IPs to firewall table # Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then

15
usr/local/share/bastille/stop.sh
View File

@@ -87,12 +87,25 @@ set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:" # Validate that all jails that 'depend' on this one are stopped
for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depends=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then
sysrc -q -f ${bastille_jailsdir}/${_depend_jail}/settings.conf depends="" >/dev/null
fi
if [ "${_jail}" = "${_depend_jail}" ]; then
continue
elif grep -hoqsw "${_jail}" "${bastille_jailsdir}/${_depend_jail}/settings.conf"; then
bastille stop ${_depend_jail}
fi
done
if check_target_is_stopped "${_jail}"; then if check_target_is_stopped "${_jail}"; then
info "\n[${_jail}]:"
error_continue "Jail is already stopped." error_continue "Jail is already stopped."
fi fi
info "\n[${_jail}]:"
# Remove RDR rules # Remove RDR rules
if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
_ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"