From 86e7d5835879f4af1bf0a79d7b53d561d548da8c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:48:17 -0700 Subject: [PATCH 01/17] Allow using template in custom directory --- usr/local/share/bastille/template.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index d9634f5a..51f3206e 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -188,15 +188,17 @@ case ${TEMPLATE} in ;; */*) if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then - if [ ! -d ${TEMPLATE} ]; then error_exit "${TEMPLATE} not found." - else + else bastille_template=${TEMPLATE} - fi fi ;; *) - error_exit "Template name/URL not recognized." + if [ ! -f ${TEMPLATE}/Bastillefile ]; then + error_exit "${TEMPLATE} not found." + else + bastille_template=${TEMPLATE} + fi esac if [ -z "${JAILS}" ]; then From d2dc83d32047b961e3f9640e2980dbc4c7215da0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:21:09 -0700 Subject: [PATCH 02/17] bugfixes and code cleanup --- usr/local/share/bastille/mount.sh | 107 ++++++++++++++++++------------ 1 file changed, 66 insertions(+), 41 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index bb0e6615..11480edb 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -32,96 +32,121 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]" + error_exit "Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -lt 2 ]; then +if [ "$#" -lt 3 ] || [ "$#" -gt 6 ]; then usage -elif [ $# -eq 2 ]; then +fi + +TARGET="${1}" +shift + +if [ "$#" -eq 2 ]; then _fstab="$@ nullfs ro 0 0" else _fstab="$@" fi bastille_root_check +set_target "${TARGET}" -## assign needed variables +# Assign variables _hostpath=$(echo "${_fstab}" | awk '{print $1}') _jailpath=$(echo "${_fstab}" | awk '{print $2}') _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') -## if any variables are empty, bail out +# Exit if any variables are empty if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then error_notify "FSTAB format not recognized." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -# if host path doesn't exist, type is not "nullfs" or are using advanced mount type "tmpfs,linprocfs,linsysfs, fdescfs, -# procfs" +# Exit if host path doesn't exist, type is not "nullfs", or mount is an advanced mount type "tmpfs,linprocfs,linsysfs,fdescfs,procfs" if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \ { [ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ]; } || \ { [ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ]; } || \ { [ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ]; } || \ { [ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; } then warn "Detected advanced mount type ${_hostpath}" -elif [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then - error_notify "Detected invalid host path or incorrect mount type in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" +elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then + error_notify "Invalid host path or incorrect mount type in FSTAB." + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if mount permissions are not "ro" or "rw" +# Mount permissions need to be "ro" or "rw" if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then error_notify "Detected invalid mount permissions in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if check & pass are not "0 0 - 1 1"; bail out +# Dump and pass need to be "0 0 - 1 1" if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then error_notify "Detected invalid fstab options in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi for _jail in ${JAILS}; do + info "[${_jail}]:" - ## aggregate variables into FSTAB entry - _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" - ## Create mount point if it does not exist. -- cwells - if [ ! -d "${_fullpath}" ]; then - if ! mkdir -p "${_fullpath}"; then - error_exit "Failed to create mount point inside jail." - fi + # Check if mount point has already been added + if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + continue fi - ## if entry doesn't exist, add; else show existing entry - if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then - if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to create fstab entry: ${_fstab_entry}" + ## Create mount point if it does not exist + if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then + mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." + elif [ -f "${_hostpath}" ] ; then + _filename="$( basename ${_hostpath} )" + if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi + else + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi fi - echo "Added: ${_fstab_entry}" - else - warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" - fi - mount -F "${bastille_jailsdir}/${_jail}/fstab" -a - echo + fi + + # Add entry to fstab and mount + echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" + mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" + echo "Added: ${_fstab_entry}" done From 341db361034cbf05b426cd17b8efe779e6ccffbe Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:31 -0700 Subject: [PATCH 03/17] set_target and error_continue functions --- usr/local/share/bastille/common.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 9940d9e6..7a98d3e9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -56,6 +56,11 @@ error_notify() { echo -e "${COLOR_RED}$*${COLOR_RESET}" 1>&2 } +error_continue() { + error_notify "$@" + continue +} + # Notify message on error and exit error_exit() { error_notify "$@" @@ -118,6 +123,19 @@ EOF fi } +set_target() { + local _TARGET="${1}" + if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + target_all_jails + else + check_target_exists "${_TARGET}" || exit + JAILS="${_TARGET}" + TARGET="${_TARGET}" + export JAILS + export TARGET + fi +} + checkyesno() { ## copied from /etc/rc.subr -- cedwards (20231125) ## issue #368 (lowercase values should be parsed) From 9d254357d0fa03a2e4ec1cd95c7d99db2ab1dde8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:56 -0700 Subject: [PATCH 04/17] bugfixes and code cleanup --- usr/local/share/bastille/umount.sh | 50 ++++++++++++++++++------------ 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index dfd57664..b7f61e98 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -32,43 +32,55 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille umount TARGET container_path" + error_exit "Usage: bastille umount TARGET JAIL_PATH" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -ne 1 ]; then +if [ "$#" -ne 2 ]; then usage fi -bastille_root_check +TARGET="${1}" +MOUNT_PATH="${2}" -MOUNT_PATH=$1 +bastille_root_check +set_target "${TARGET}" for _jail in ${JAILS}; do + info "[${_jail}]:" +set -x + _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" + _mount="$( mount | grep -ow ${_jailpath} )" + _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" - _jailpath="${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" - - if [ ! -d "${_jailpath}" ]; then - error_exit "The specified mount point does not exist inside the jail." + # Exit if mount point non-existent + if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then + error_continue "The specified mount point does not exist." fi - # Unmount the volume. -- cwells - if ! umount "${_jailpath}"; then - error_exit "Failed to unmount volume: ${MOUNT_PATH}" + # Unmount + if [ -n "${_mount}" ]; then + umount "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - # Remove the entry from fstab so it is not automounted in the future. -- cwells - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to delete fstab entry: ${_fstab_entry}" + # Remove entry from fstab + if [ -n "${_fstab_entry}" ]; then + if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" + fi fi + # Delete if mount point was a file + if [ -f "${_jailpath}" ]; then + rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" + fi + echo "Unmounted: ${MOUNT_PATH}" - echo done From a5de4a93ffe3a0fa58b02c72a6a747c531281ccf Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:25:11 -0700 Subject: [PATCH 05/17] move mount and umount to no actions commands --- usr/local/bin/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..efd7a855 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -147,10 +147,10 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|import|list|rdr|restart|setup|start|update|upgrade|verify) +bootstrap|create|destroy|export|import|list|mount|rdr|restart|setup|start|umount|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; -clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|service|stop|sysrc|tags|template|top|umount|zfs) +clone|config|cmd|console|convert|cp|edit|htop|limits|pkg|rcp|rename|service|stop|sysrc|tags|template|top|zfs) # Parse the target and ensure it exists. -- cwells if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells PARAMS='help' From c8a4d74fb699c0937324c310563b997628e762c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:28:55 -0700 Subject: [PATCH 06/17] shellcheck disable 2104 --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 7a98d3e9..235dacbe 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -58,6 +58,8 @@ error_notify() { error_continue() { error_notify "$@" + # Disabling this shellcheck as we only ever call it inside of a loop + # shellcheck disable=SC2104 continue } From 30aa0c140804b1d5a170688732a2d39235500d5b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:13:38 -0700 Subject: [PATCH 07/17] better error handling --- usr/local/share/bastille/mount.sh | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 11480edb..aa39cf19 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -50,17 +50,19 @@ TARGET="${1}" shift if [ "$#" -eq 2 ]; then - _fstab="$@ nullfs ro 0 0" + _fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')" else - _fstab="$@" + _fstab="$(echo "$*" | sed 's#\\ #\\040#g')" fi bastille_root_check set_target "${TARGET}" # Assign variables -_hostpath=$(echo "${_fstab}" | awk '{print $1}') -_jailpath=$(echo "${_fstab}" | awk '{print $2}') +_hostpath_fstab=$(echo "${_fstab}" | awk '{print $1}') +_hostpath="$(echo "${_hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" +_jailpath_fstab=$(echo "${_fstab}" | awk '{print $2}') +_jailpath="$(echo "${_jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') @@ -107,17 +109,19 @@ for _jail in ${JAILS}; do info "[${_jail}]:" - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" continue fi - ## Create mount point if it does not exist + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." elif [ -f "${_hostpath}" ] ; then @@ -132,8 +136,9 @@ for _jail in ${JAILS}; do continue fi else - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." From 5f8c79d2775bcb11f50ed7734c358463f771f8d3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:14:04 -0700 Subject: [PATCH 08/17] allow mounting directories with spaces --- usr/local/share/bastille/umount.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index b7f61e98..639d7f03 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -55,10 +55,11 @@ set_target "${TARGET}" for _jail in ${JAILS}; do info "[${_jail}]:" -set -x - _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" - _mount="$( mount | grep -ow ${_jailpath} )" - _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" + + _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" + _mount="$( mount | grep -ow "${_jailpath}" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then @@ -72,7 +73,7 @@ set -x # Remove entry from fstab if [ -n "${_fstab_entry}" ]; then - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" fi fi @@ -82,5 +83,6 @@ set -x rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - echo "Unmounted: ${MOUNT_PATH}" + echo "Unmounted: ${_jailpath}" + done From 3dce542d6bff72384b65d36ad503238fdba93fef Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:15:26 -0700 Subject: [PATCH 09/17] add check_target_exists to common.sh --- usr/local/share/bastille/common.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 5066560f..5d02ba24 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -77,6 +77,15 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +check_target_exists() { + local _TARGET="${1}" + if [ ! -d "${bastille_jailsdir}"/"${_TARGET}" ]; then + return 1 + else + return 0 + fi +} + generate_static_mac() { local jail_name="${1}" local external_interface="${2}" @@ -143,7 +152,7 @@ set_target() { if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then target_all_jails else - check_target_exists "${_TARGET}" || exit + check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS From 67185a5a4205c3f9c22c394deccb7df848afd907 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:33:26 -0700 Subject: [PATCH 10/17] fix for multiple spacing in directiry --- usr/local/share/bastille/mount.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index aa39cf19..817268b8 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -114,7 +114,7 @@ for _jail in ${JAILS}; do _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" @@ -127,7 +127,7 @@ for _jail in ${JAILS}; do elif [ -f "${_hostpath}" ] ; then _filename="$( basename ${_hostpath} )" if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else @@ -138,8 +138,8 @@ for _jail in ${JAILS}; do else _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else From 08f5a9a755e5569f6f5ee86ee45ef24f5deab11d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:34:14 -0700 Subject: [PATCH 11/17] fix for multiple spacing --- usr/local/share/bastille/umount.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 639d7f03..ebbb52c5 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -57,8 +57,8 @@ for _jail in ${JAILS}; do info "[${_jail}]:" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" - _mount="$( mount | grep -ow "${_jailpath}" )" - _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')" _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent From 68a808863a1ae0e2c15f852699c903004f14b8fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:56:03 -0700 Subject: [PATCH 12/17] Update docs --- docs/chapters/subcommands/mount.rst | 33 +++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index f7fb0ee3..b4dc38d2 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -6,11 +6,40 @@ To mount storage within the container use `bastille mount`. .. code-block:: shell - ishmael ~ # bastille mount azkaban /storage/foo /media/foo nullfs ro 0 0 + ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 + [azkaban]: + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + +Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. + +It is also possible to mount individual files into a jail as seen below. +Bastille will not mount if a file is already present at the specified mount point. +If you do not specify a file name, bastille will mount the file underneath the specified directory as seen in the second example below. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + +It is also possible (but not recommended) to have spaces in the directories that are mounted. +It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. +It is possible to do the same for the jail path, but again, not recommemded. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 + [azkaban]: + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo Syntax follows standard `/etc/fstab` format: .. code-block:: shell - Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number] + Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number] From 0ebdb36a878409d3ccd6844c0992a54d238d16b1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:59:34 -0700 Subject: [PATCH 13/17] Better docs --- docs/chapters/subcommands/mount.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index b4dc38d2..9add58f0 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -8,10 +8,10 @@ To mount storage within the container use `bastille mount`. ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: - Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 [azkaban]: - Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar nullfs ro 0 0 Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. @@ -23,10 +23,10 @@ If you do not specify a file name, bastille will mount the file underneath the s ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf nullfs ro 0 0 ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf nullfs ro 0 0 It is also possible (but not recommended) to have spaces in the directories that are mounted. It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. @@ -36,7 +36,7 @@ It is possible to do the same for the jail path, but again, not recommemded. ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 [azkaban]: - Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 Syntax follows standard `/etc/fstab` format: From 281fab30e6452cae725d45d6b238923559aad217 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 16:39:33 -0700 Subject: [PATCH 14/17] document unmounting --- docs/chapters/subcommands/umount.rst | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/umount.rst b/docs/chapters/subcommands/umount.rst index f4aaeb49..cdcdabdb 100644 --- a/docs/chapters/subcommands/umount.rst +++ b/docs/chapters/subcommands/umount.rst @@ -8,9 +8,21 @@ To unmount storage from a container use `bastille umount`. ishmael ~ # bastille umount azkaban /media/foo [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo + ishmael ~ # bastille umount azkaban /mnt/etc/rc.conf + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/mnt/etc/rc.conf -Syntax requires only the container path to unmount: +Syntax requires only the jail path to unmount. .. code-block:: shell - Usage: bastille umount TARGET container_path + Usage: bastille umount TARGET JAIL_PATH + +If the directory you are unmounting has spaces, make sure to escape them with a backslash \, and enclode the mount point in quotes "". + +.. code-block:: shell + + ishmael ~ # bastille umount azkaban "/media/foo\ with\ spaces" + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo with spaces From 383f968685c92faec8c14bbf755e97fa54ac6ba0 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sun, 29 Dec 2024 10:29:03 -0500 Subject: [PATCH 15/17] Revert "Merge pull request #770 from tschettervictor/patch-7" This reverts commit 649c337055047b41d4e063febcf16a12b1f30a48, reversing changes made to 7d3ca7b21b30150f9b89fb6d5cf42c4abcdd348a. --- usr/local/share/bastille/template.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 7af0419f..53f50bc0 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -188,17 +188,15 @@ case ${TEMPLATE} in ;; */*) if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then + if [ ! -d ${TEMPLATE} ]; then error_exit "${TEMPLATE} not found." - else + else bastille_template=${TEMPLATE} + fi fi ;; *) - if [ ! -f ${TEMPLATE}/Bastillefile ]; then - error_exit "${TEMPLATE} not found." - else - bastille_template=${TEMPLATE} - fi + error_exit "Template name/URL not recognized." esac if [ -z "${JAILS}" ]; then From 0d5b92c05226b4bbe42fe35913dc0862a69dcbc8 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sun, 29 Dec 2024 15:22:17 -0500 Subject: [PATCH 16/17] Improve bastille.conf handling with user prompt for creation Replaced ineffective default configuration generation logic with a user-interactive prompt. Users can now choose to create the configuration file with default values if it is missing, ensuring better control and clarity. Removed redundant code from the setup script to streamline execution. --- usr/local/bin/bastille | 14 ++++++++++++-- usr/local/share/bastille/setup.sh | 7 ------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..98cd52a1 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -32,10 +32,20 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin . /usr/local/share/bastille/common.sh -## check for config existance +## check for config existence bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then - error_exit "Missing Configuration" + warn "Configuration file not found. Do yu want to create it with default values? [y/N]" + read answer + case "${answer}" in + [Nn][Oo]|[Nn]|"") + error_exit "No configuration file has been generated. Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf + info "Configuration file has been generated. Continuing with default values" + ;; + esac fi } diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index f6153e5b..b069ea32 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -30,13 +30,6 @@ bastille_config="/usr/local/etc/bastille/bastille.conf" . /usr/local/share/bastille/common.sh - -# TODO: This not going to take effect since Bastille checks the file -# before running this subcommand. We will need to check an strategy. -if [ ! -f "${bastille_config}" ]; then - cp /usr/local/etc/bastille/bastille.conf.sample ${bastille_config} -fi - # shellcheck source=/usr/local/etc/bastille/bastille.conf . ${bastille_config} From 9d7b72743218bc0889a3107b7d17264c350166ec Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 31 Dec 2024 12:27:32 -0700 Subject: [PATCH 17/17] minor fix --- usr/local/share/bastille/mount.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 817268b8..95e84071 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -115,12 +115,13 @@ for _jail in ${JAILS}; do # Check if mount point has already been added _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" - if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then + if grep -Eq "[[:blank:]]${_existing_mount}.*[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_existing_mount}" "${bastille_jailsdir}/${_jail}/fstab" continue fi + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point."