Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-01-04 03:33:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

clone: change interfaces to start with 1 for VNET

Browse Source 
This is because bastille0 is always used ad the default loopback when using "bastille setup" and interferes when trying to create the first VNET jail on the list. This ensures that VNET jails will have their epairs (non-bridge) start with bastille1 then 2 then 3 etc...
This commit is contained in:
tschettervictor
2025-01-06 08:11:16 -07:00
committed by GitHub
parent 02396f569f
commit 677540aefa
1 changed files with 69 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
usr/local/share/bastille/clone.sh
View File

@@ -103,47 +103,81 @@ update_jailconf() {
update_jailconf_vnet() { update_jailconf_vnet() {
bastille_jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf" bastille_jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf"
# Determine number of interfaces and define a uniq_epair
# Determine number of containers and define an uniq_epair local _if_list="$(grep -Eo 'epair[1-9]+|bastille[1-9]+' ${JAIL_CONFIG} | sort -u)"
local list_jails_num="$(bastille list jails | wc -l | awk '{print $1}')" for _if in ${_if_list}; do
local num_range="$(expr "${list_jails_num}" + 1)" local _epair_if_count="$(grep -Eo 'epair[1-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
jail_list=$(bastille list jail) local _bastille_if_count="$(grep -Eo 'bastille[1-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
for _num in $(seq 0 "${num_range}"); do local epair_num_range=$((_epair_if_count + 1))
if [ -n "${jail_list}" ]; then local bastille_num_range=$((_vnet_if_count + 1))
if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then if echo ${_if} | grep -Eoq 'epair[1-9]+'; then
if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then # Update bridged VNET config
local uniq_epair="bastille${_num}" for _num in $(seq 0 "${epair_num_range}"); do
if ! grep -Eoq "epair${_num}" ${bastille_jailsdir}/*/jail.conf; then
# Update jail.conf epair name
local uniq_epair_bridge="${_num}" local uniq_epair_bridge="${_num}"
# since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix local _if_epaira="$(grep "${_if}" ${JAIL_CONFIG} | grep -Eo -m 1 "epair[1-9]+a")"
local _if_epairb="$(grep "${_if}" ${JAIL_CONFIG} | grep -Eo -m 1 "epair[1-9]+b")"
local _if_vnet="$(grep ${_if_epairb} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[1-9]+")"
sed -i '' "s|${_if}|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}"
# since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix
# we also do not use the main generate_static_mac function here # we also do not use the main generate_static_mac function here
local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" if grep -Eo "${_if}" ${JAIL_CONFIG} | grep -oq ether; then
local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep ${_if} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')"
local macaddr="${macaddr_prefix}:${macaddr_suffix}" local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
# Update the exec.* with uniq_epair when cloning jails. local macaddr="${macaddr_prefix}:${macaddr_suffix}"
# for VNET jails sed -i '' "s|epair${uniq_epair}a ether.*:.*:.*:.*:.*:.*a\";|epair${uniq_epair}a ether ${macaddr}a\";|" "${JAIL_CONFIG}"
sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|epair${uniq_epair}b ether.*:.*:.*:.*:.*:.*b\";|epair${uniq_epair}b ether ${macaddr}b\";|" "${JAIL_CONFIG}"
sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" fi
sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${JAIL_CONFIG}"
sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" # Update /etc/rc.conf
sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|${_if_epairb}_name|epair${uniq_epair_bridge}b_name|" "${bastille_jail_rc_conf}"
sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}" if grep "vnet0" "${bastille_jail_rc_conf}" | grep -q "epair${uniq_epair_bridge}b_name"; then
sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}" if [ "${IP}" = "0.0.0.0" ]; then
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}"
fi
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_${_if_vnet}="SYNCDHCP"
fi
break break
fi fi
fi done
elif echo ${_if} | grep -Eoq 'bastille[0-9]+'; then
# Update VNET config
for _num in $(seq 0 "${bastille_num_range}"); do
if ! grep -Eoq "bastille${_num}" ${bastille_jailsdir}/*/jail.conf; then
# Update jail.conf epair name
local uniq_epair="bastille${_num}"
local _if_vnet="$(grep ${_if} "${bastille_jail_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
sed -i '' "s|${_if}|${uniq_epair}|g" "${JAIL_CONFIG}"
# since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix
# we also do not use the main generate_static_mac function here
if grep -Eo ${_if} ${JAIL_CONFIG} | grep -oq ether; then
local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep ${_if} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')"
local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
local macaddr="${macaddr_prefix}:${macaddr_suffix}"
sed -i '' "s|${uniq_epair} ether.*:.*:.*:.*:.*:.*a\";|${uniq_epair} ether ${macaddr}a\";|" "${JAIL_CONFIG}"
sed -i '' "s|${uniq_epair} ether.*:.*:.*:.*:.*:.*b\";|${uniq_epair} ether ${macaddr}b\";|" "${JAIL_CONFIG}"
fi
sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${JAIL_CONFIG}"
# Update /etc/rc.conf
sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}"
if grep "vnet0" "${bastille_jail_rc_conf}" | grep -q ${uniq_epair}; then
if [ "${IP}" = "0.0.0.0" ]; then
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0=" inet ${IP} "
fi
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_${_if_vnet}="SYNCDHCP"
fi
break
fi
done
fi fi
done done
# Rename interface to new uniq_epair
sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}"
sed -i '' "s|ifconfig_e.*b_${TARGET}_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}"
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${IP}" = "0.0.0.0" ]; then
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}"
fi
} }
update_fstab() { update_fstab() {