From 09a1d306dcc210eb2219b7c4e1f1e769341ae21e Mon Sep 17 00:00:00 2001 From: Lars Engels Date: Tue, 14 Mar 2023 21:34:07 +0100 Subject: [PATCH 1/6] Add "bastille tags" subcommand to add tag strings to jails --- usr/local/bin/bastille | 5 +- usr/local/share/bastille/tags.sh | 88 ++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 usr/local/share/bastille/tags.sh diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 0542bed8..b9f73c84 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -73,7 +73,7 @@ bastille_perms_check() { bastille_perms_check ## version -BASTILLE_VERSION="0.9.20220714" +BASTILLE_VERSION= usage() { cat << EOF @@ -110,6 +110,7 @@ Available Commands: stop Stop a running container. sysrc Safely edit rc files within targeted container(s). template Apply file templates to targeted container(s). + tags Add or remove tags to targeted container(s). top Display and update information about the top(1) cpu processes. umount Unmount a volume from within the targeted container(s). update Update container base -pX release. @@ -141,7 +142,7 @@ help|-h|--help) bootstrap|create|destroy|export|import|list|rdr|restart|start|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; -clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|template|top|umount|zfs) +clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|tags|template|top|umount|zfs) # Parse the target and ensure it exists. -- cwells if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells PARAMS='help' diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh new file mode 100644 index 00000000..c342855d --- /dev/null +++ b/usr/local/share/bastille/tags.sh @@ -0,0 +1,88 @@ +#!/bin/sh +# +# Copyright (c) 2018-2023, Christer Edwards +# All rights reserved. +# Ressource limits added by Lars Engels github.com/bsdlme +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. /usr/local/share/bastille/common.sh +. /usr/local/etc/bastille/bastille.conf + +usage() { + error_notify "Usage: bastille tags TARGET add tag1,tag2,..." + error_notify " bastille tags TARGET delete tag1,tag2,..." + error_notify " bastille tags TARGET list" + echo -e "Example: bastille tags JAILNAME add database,mysql" + echo -e " bastille tags JAILNAME delete mysql" + exit 1 +} + +# Handle special-case commands first. +case "$1" in +help|-h|--help) + usage + ;; +esac + +if [ $# -lt 1 -o $# -gt 2 ]; then + usage +fi + +ACTION="${1}" +TAGS="${2}" + +for _jail in ${JAILS}; do + bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags" + if [ "${ACTION}" = "list" ]; then + [ -f "${bastille_jail_tags}" ] && cat "${bastille_jail_tags}" + continue + fi + for _tag in $(echo ${TAGS} | tr , ' '); do + case ${ACTION} in + add) + echo ${_tag} >> "${bastille_jail_tags}" + tmpfile="$(mktemp)" + sort "${bastille_jail_tags}" | uniq > "${tmpfile}" + mv "${tmpfile}" "${bastille_jail_tags}" + ;; + del*) + if [ ! -f "${bastille_jail_tags}" ]; then + break + fi + tmpfile="$(mktemp)" + grep -Ev "^${_tag}\$" "${bastille_jail_tags}" > "${tmpfile}" + mv "${tmpfile}" "${bastille_jail_tags}" + # delete tags file if empty + [ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}" + ;; + *) + usage + ;; + esac + done +done + From c94f653e0b0448809a8d6e9158ac924510c87a4d Mon Sep 17 00:00:00 2001 From: Lars Engels Date: Tue, 14 Mar 2023 22:03:16 +0100 Subject: [PATCH 2/6] Refactor --- usr/local/share/bastille/tags.sh | 36 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index c342855d..2cb76b72 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -57,32 +57,32 @@ TAGS="${2}" for _jail in ${JAILS}; do bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags" - if [ "${ACTION}" = "list" ]; then - [ -f "${bastille_jail_tags}" ] && cat "${bastille_jail_tags}" - continue - fi - for _tag in $(echo ${TAGS} | tr , ' '); do - case ${ACTION} in - add) + case ${ACTION} in + add) + for _tag in $(echo ${TAGS} | tr , ' '); do echo ${_tag} >> "${bastille_jail_tags}" tmpfile="$(mktemp)" sort "${bastille_jail_tags}" | uniq > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_tags}" - ;; - del*) - if [ ! -f "${bastille_jail_tags}" ]; then - break - fi + done + ;; + del*) + for _tag in $(echo ${TAGS} | tr , ' '); do + [ ! -f "${bastille_jail_tags}" ] && break # skip if no tags file tmpfile="$(mktemp)" grep -Ev "^${_tag}\$" "${bastille_jail_tags}" > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_tags}" # delete tags file if empty [ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}" - ;; - *) - usage - ;; - esac - done + done + ;; + list) + [ -f "${bastille_jail_tags}" ] && cat "${bastille_jail_tags}" + continue + ;; + *) + usage + ;; + esac done From 91d17687403dcfed60f588eacac7e463debdbb20 Mon Sep 17 00:00:00 2001 From: Lars Engels Date: Tue, 14 Mar 2023 22:04:06 +0100 Subject: [PATCH 3/6] Add "tags" subcommand --- usr/local/man/man8/bastille.8.gz | Bin 1212 -> 1223 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/usr/local/man/man8/bastille.8.gz b/usr/local/man/man8/bastille.8.gz index cfe7efffad4d75a0dc3a58ce829c07af77483151..8f40bcbfdeb3ac59c5c6b5216c0668c1200c15f3 100644 GIT binary patch delta 918 zcmV;H18Mxc3C9TtABzYGso)S~kqATyWxaUk<(U^hH>+mg(NR--PeSxNV#e7QAYOt!A6$~ZK#STX$7f+A%w2e`e&YuzCjmQnpYAG zE2(#|Z`5hGy8c1gW|iF^9l%m@CYR2%urfXXsXT|!p$G&pE@WHdf9+GR-0)9*f?UF2 z{(Ue=`^IulgSS}8rNlbfu8~S&*4a3%WW@(#?JkaF{7J=N9oh+hoi&a$$2)_0iCD`-jdaQhyQfaQSw-F zlONee6w|o80tB~we|Acbo%8WW9~iw6g;+(YrdMSee#%x-c!oQ(y6&v+?eKPXM2xW} z^~6EGm;Plg2RW`gVj zHw^QuR(7=`p_;N;h17;Ie}wxXfxMHXJ-QoNA>$-a{l71Oe@mJXPPqZ|Lwof?RQQq} zzs4JhD=WnkDcyvdBB(Ye>17baPE@J7jxR5qx4!<{Wep%QZ1sYnjt~QPGg9=ThxmYjdliF{a)Fru4g{c)#?08|+gazIzM@ zya^%%Cl?)O=^4(Qs5CTaEWV$f@(_D6KK6>w)Ly>$W{{?qD^BHt`MeQI zx+aG6fqJZ4#KE`2TBsS=rgR!?y=X1#d8h shxZZwMm%}vIzNw;9=%i03!Xw5dZ)H delta 917 zcmV;G18V%o3A_miABzYGPsWg5kqATy#a_Jg^302$*^yN#1%3d>{iBhCDFFeItu6tc zk=#B4e*Kdi0T=-zlQjW0f1g0~Sp`Q(g~wR2Em#JJdDO0y(U_g^%C*KjLd#&bvKz6s z&L($Qb%Dg(LXsD^?rXwTq}(+4C?os+V53WgHdMuvw1d>a5JJ~!{WDKS-=GUD%{vK( zmDD@fH|lg+UH_nLv&!y|4qz!clS^k>SQ#IHRGvfVPy_-PH?pnqfA*uj8Mvf_iWb{9u7{-k0_8}F>4WK7~lt+AsdT(y!n z$jY*%+m;kosBHF;77z>5QTp`y;p*^va-L0fKqsoe>eiVGy@wl#w`6tS;Xj>plsuN) z(2V#4j*Sn#29N* zPaNcX>0j0qNCf20}Vlp8QVv{x@gg)eFO zHQq>ESt*uC=_cG1LAAL_FN5f7x~UecJ=FPy`^V76(v$2uj*rgPTqdcBwc0o-Hr*VE zFiDticxAi3cX87$NiF-Fv>&q_4D8p(SF5v)6E%y+eMi3MOalEizZ_glPA5m@Bxw;R z$>o~ZskO}0f4!(^NY!)t_pY_M)zBDI?*Y^FT~fSX`o6ULl!xyg!vP8uao{WUO;xo03FTNS1N#u%CxnPbih|`o>UlGAKS6q}UEn3`zLB$bN zX@txK6rFd4GL=vT-Hu{Adbi&K7}=jk(jzd(pFfn@e=H@zVd4j(oJH5fa6VAqbc;Cb zRv}pbwkVo-l#~CWH%_#-^;k&nJM>!zldnggW~V#fC);@kqr-gES0~DEWfGx7yZ%OF z^pPBlhB^O@0Ndg2bgz2yf9L~ldiZiSna8Fae>|D-kpHQt!Iz&pOTLE57X|ZiTF%ce zE~C%)SESf6(TcjJdeiM1=6~k=)i!)HI(&KVzjAUX?uPwzIqHL~>})*YF9JygZ!m_3 r_YwX^JbC9jKaZ4_S0Mc_BmK80;O`Hs|7pm)p6>qzmi3U Date: Wed, 15 Mar 2023 15:47:54 +0100 Subject: [PATCH 4/6] Re-work "list" command / output and add "search" command. --- usr/local/share/bastille/tags.sh | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 2cb76b72..7f497eb2 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -35,9 +35,11 @@ usage() { error_notify "Usage: bastille tags TARGET add tag1,tag2,..." error_notify " bastille tags TARGET delete tag1,tag2,..." + error_notify " bastille tags TARGET search tag" error_notify " bastille tags TARGET list" echo -e "Example: bastille tags JAILNAME add database,mysql" echo -e " bastille tags JAILNAME delete mysql" + echo -e " bastille tags ALL search mysql" exit 1 } @@ -76,9 +78,20 @@ for _jail in ${JAILS}; do [ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}" done ;; + search) + [ -n "$(echo ${TAGS} | grep ,)" ] && usage # Only one tag per query + [ ! -f "${bastille_jail_tags}" ] && continue # skip if there is no tags file + grep -qE "^${TAGS}\$" "${bastille_jail_tags}" + if [ $? -eq 0 ]; then + echo "${_jail}" + continue + fi + ;; list) - [ -f "${bastille_jail_tags}" ] && cat "${bastille_jail_tags}" - continue + if [ -f "${bastille_jail_tags}" ]; then + echo -n "${_jail}: " + xargs < "${bastille_jail_tags}" + fi ;; *) usage From 6776427e5a9c45abb028460e4289ac64a0547a2b Mon Sep 17 00:00:00 2001 From: Lars Engels Date: Thu, 16 Mar 2023 18:06:44 +0100 Subject: [PATCH 5/6] Drop "search" in favor of "list" --- usr/local/share/bastille/tags.sh | 35 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 7f497eb2..1442c21d 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -33,13 +33,13 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_notify "Usage: bastille tags TARGET add tag1,tag2,..." - error_notify " bastille tags TARGET delete tag1,tag2,..." - error_notify " bastille tags TARGET search tag" - error_notify " bastille tags TARGET list" + error_notify "Usage: bastille tags TARGET add tag1[,tag2,...]" + error_notify " bastille tags TARGET delete tag1[,tag2,...]" + error_notify " bastille tags TARGET list [tag]" echo -e "Example: bastille tags JAILNAME add database,mysql" echo -e " bastille tags JAILNAME delete mysql" - echo -e " bastille tags ALL search mysql" + echo -e " bastille tags ALL list" + echo -e " bastille tags ALL list mysql" exit 1 } @@ -78,19 +78,20 @@ for _jail in ${JAILS}; do [ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}" done ;; - search) - [ -n "$(echo ${TAGS} | grep ,)" ] && usage # Only one tag per query - [ ! -f "${bastille_jail_tags}" ] && continue # skip if there is no tags file - grep -qE "^${TAGS}\$" "${bastille_jail_tags}" - if [ $? -eq 0 ]; then - echo "${_jail}" - continue - fi - ;; list) - if [ -f "${bastille_jail_tags}" ]; then - echo -n "${_jail}: " - xargs < "${bastille_jail_tags}" + if [ -n "${TAGS}" ]; then + [ -n "$(echo ${TAGS} | grep ,)" ] && usage # Only one tag per query + [ ! -f "${bastille_jail_tags}" ] && continue # skip if there is no tags file + grep -qE "^${TAGS}\$" "${bastille_jail_tags}" + if [ $? -eq 0 ]; then + echo "${_jail}" + continue + fi + else + if [ -f "${bastille_jail_tags}" ]; then + echo -n "${_jail}: " + xargs < "${bastille_jail_tags}" + fi fi ;; *) From 64c3b6045eb3e8889cb27cf58794049f75556ad3 Mon Sep 17 00:00:00 2001 From: Lars Engels Date: Thu, 16 Mar 2023 20:58:11 +0100 Subject: [PATCH 6/6] Allow running bastille and subcomands with help flags as regular user --- usr/local/bin/bastille | 11 ----------- usr/local/share/bastille/bootstrap.sh | 2 ++ usr/local/share/bastille/clone.sh | 2 ++ usr/local/share/bastille/cmd.sh | 2 ++ usr/local/share/bastille/common.sh | 8 ++++++++ usr/local/share/bastille/config.sh | 2 ++ usr/local/share/bastille/console.sh | 2 ++ usr/local/share/bastille/convert.sh | 2 ++ usr/local/share/bastille/cp.sh | 2 ++ usr/local/share/bastille/create.sh | 2 ++ usr/local/share/bastille/destroy.sh | 2 ++ usr/local/share/bastille/edit.sh | 2 ++ usr/local/share/bastille/export.sh | 2 ++ usr/local/share/bastille/htop.sh | 2 ++ usr/local/share/bastille/import.sh | 2 ++ usr/local/share/bastille/limits.sh | 2 ++ usr/local/share/bastille/list.sh | 9 ++++++--- usr/local/share/bastille/mount.sh | 2 ++ usr/local/share/bastille/pkg.sh | 2 ++ usr/local/share/bastille/rdr.sh | 2 ++ usr/local/share/bastille/rename.sh | 2 ++ usr/local/share/bastille/service.sh | 2 ++ usr/local/share/bastille/start.sh | 2 ++ usr/local/share/bastille/stop.sh | 2 ++ usr/local/share/bastille/sysrc.sh | 2 ++ usr/local/share/bastille/tags.sh | 2 ++ usr/local/share/bastille/template.sh | 2 ++ usr/local/share/bastille/top.sh | 2 ++ usr/local/share/bastille/umount.sh | 2 ++ usr/local/share/bastille/update.sh | 2 ++ usr/local/share/bastille/upgrade.sh | 2 ++ usr/local/share/bastille/verify.sh | 2 ++ usr/local/share/bastille/zfs.sh | 2 ++ 33 files changed, 74 insertions(+), 14 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index b9f73c84..34009b37 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -32,17 +32,6 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin . /usr/local/share/bastille/common.sh -## root check first. -bastille_root_check() { - if [ "$(id -u)" -ne 0 ]; then - ## permission denied - error_notify "Bastille: Permission Denied" - error_exit "root / sudo / doas required" - fi -} - -bastille_root_check - ## check for config existance bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index c6acdbb8..b36d9429 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -42,6 +42,8 @@ help|-h|--help) ;; esac +bastille_root_check + #Validate if ZFS is enabled in rc.conf and bastille.conf. if [ "$(sysrc -n zfs_enable)" = "YES" ] && [ ! "${bastille_zfs_enable}" = "YES" ]; then warn "ZFS is enabled in rc.conf but not bastille.conf. Do you want to continue? (N|y)" diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 5630b71d..f39b84d4 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -46,6 +46,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + NEWNAME="${1}" IP="${2}" diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 6bc69610..8047ded7 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -46,6 +46,8 @@ if [ $# -eq 0 ]; then usage fi +bastille_root_check + COUNT=0 RETURN=0 diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index adc1ac21..864c01f6 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -33,6 +33,14 @@ COLOR_GREEN= COLOR_YELLOW= COLOR_RESET= +bastille_root_check() { + if [ "$(id -u)" -ne 0 ]; then + ## permission denied + error_notify "Bastille: Permission Denied" + error_exit "root / sudo / doas required" + fi +} + enable_color() { . /usr/local/share/bastille/colors.pre.sh } diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 8bfa996d..3a089276 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -55,6 +55,8 @@ if [ $# -eq 1 ] || [ $# -gt 3 ]; then usage fi +bastille_root_check + ACTION=$1 shift diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 30c5f0f4..64c4b570 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -46,6 +46,8 @@ if [ $# -gt 1 ]; then usage fi +bastille_root_check + USER="${1}" validate_user() { diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index feb7ce85..dc729734 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + convert_symlinks() { # Work with the symlinks, revert on first cp error if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index a7dabc35..1cfa2835 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -54,6 +54,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + case "${OPTION}" in -q|--quiet) OPTION="-a" diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index bc2cf700..0014c427 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -588,6 +588,8 @@ help|-h|--help) ;; esac +bastille_root_check + if echo "$3" | grep '@'; then BASTILLE_JAIL_IP=$(echo "$3" | awk -F@ '{print $2}') BASTILLE_JAIL_INTERFACES=$( echo "$3" | awk -F@ '{print $1}') diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 91602dac..7126edb2 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -210,6 +210,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + ## check what should we clean case "${TARGET}" in *-CURRENT|*-CURRENT-I386|*-CURRENT-i386|*-current) diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 6b591667..0e6996a4 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -48,6 +48,8 @@ elif [ $# -eq 1 ]; then TARGET_FILENAME="${1}" fi +bastille_root_check + if [ -z "${EDITOR}" ]; then EDITOR=vi fi diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 3bedb9fe..d57854f8 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -71,6 +71,8 @@ if [ $# -gt 5 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + zfs_enable_check() { # Temporarily disable ZFS so we can create a standard backup archive if [ "${bastille_zfs_enable}" = "YES" ]; then diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index a9e50848..b3ecdf72 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index 7044a3da..ce7a4178 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -59,6 +59,8 @@ if [ $# -gt 3 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" OPT_FORCE= USER_IMPORT= diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index ce16e76b..87dde8d9 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -55,6 +55,8 @@ if [ $# -ne 2 ]; then usage fi +bastille_root_check + OPTION="${1}" VALUE="${2}" diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a646b543..a71cbc2e 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -35,6 +35,12 @@ usage() { error_exit "Usage: bastille list [-j|-a] [release [-p]|template|(jail|container)|log|limit|(import|export|backup)]" } +if [ "$1" = help -o "$1" = "-h" -o "$1" = "--help" ]; then + usage +fi + +bastille_root_check + if [ $# -eq 0 ]; then /usr/sbin/jls -N fi @@ -47,9 +53,6 @@ fi if [ $# -gt 0 ]; then # Handle special-case commands first. case "$1" in - help|-h|--help) - usage - ;; all|-a|--all) if [ -d "${bastille_jailsdir}" ]; then DEFAULT_VALUE="-" diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 4e946c66..96bd7689 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -50,6 +50,8 @@ else _fstab="$@" fi +bastille_root_check + ## assign needed variables _hostpath=$(echo "${_fstab}" | awk '{print $1}') _jailpath=$(echo "${_fstab}" | awk '{print $2}') diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 97cabfe2..32a18ef9 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then usage fi +bastille_root_check + errors=0 for _jail in ${JAILS}; do diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index a7e59c2e..86b61e5c 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -46,6 +46,8 @@ if [ $# -lt 2 ]; then usage fi +bastille_root_check + TARGET="${1}" JAIL_NAME="" JAIL_IP="" diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index e48aa7c2..b59ab476 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -56,6 +56,8 @@ if [ $# -ne 1 ]; then usage fi +bastille_root_check + NEWNAME="${1}" update_jailconf() { diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 0217d3bf..f0b58361 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 -o $# -gt 2 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/sbin/service "$@" diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index c681e164..1586b020 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -46,6 +46,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" shift diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 5343d77d..728f2ffd 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -46,6 +46,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do ## test if running if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 20445f83..ba004974 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -45,6 +45,8 @@ if [ $# -lt 1 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/sbin/sysrc "$@" diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 1442c21d..6c8cca62 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -54,6 +54,8 @@ if [ $# -lt 1 -o $# -gt 2 ]; then usage fi +bastille_root_check + ACTION="${1}" TAGS="${2}" diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 9cb94d09..fe963ff2 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -116,6 +116,8 @@ if [ $# -lt 1 ]; then bastille_usage fi +bastille_root_check + ## global variables TEMPLATE="${1}" bastille_template=${bastille_templatesdir}/${TEMPLATE} diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 5f8d5992..6d5535dc 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -45,6 +45,8 @@ if [ $# -ne 0 ]; then usage fi +bastille_root_check + for _jail in ${JAILS}; do info "[${_jail}]:" jexec -l "${_jail}" /usr/bin/top diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index b9513c42..1c210ec9 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -46,6 +46,8 @@ if [ $# -ne 1 ]; then usage fi +bastille_root_check + MOUNT_PATH=$1 for _jail in ${JAILS}; do diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index eeb8325b..fadf6e9b 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -46,6 +46,8 @@ if [ $# -gt 2 ] || [ $# -lt 1 ]; then usage fi +bastille_root_check + TARGET="${1}" OPTION="${2}" diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index eb2a1672..d6f50743 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -46,6 +46,8 @@ if [ $# -gt 3 ] || [ $# -lt 2 ]; then usage fi +bastille_root_check + TARGET="$1" NEWRELEASE="$2" OPTION="$3" diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index be513dad..c1bca9ff 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -154,6 +154,8 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then bastille_usage fi +bastille_root_check + case "$1" in *-RELEASE|*-release|*-RC1|*-rc1|*-RC2|*-rc2) RELEASE=$1 diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 85087d74..5eb79439 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -82,6 +82,8 @@ help|-h|--help) ;; esac +bastille_root_check + ## check ZFS enabled if [ ! "${bastille_zfs_enable}" = "YES" ]; then error_exit "ZFS not enabled."