Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-24 19:22:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1003 from BastilleBSD/add-depends

Browse Source 
Initial beta support for dependant jails
This commit is contained in:
Barry McCormick
2025-05-02 08:44:01 -07:00
committed by GitHub
parent 665ed20d98 a7c4695642
commit 833bbe4f7f
4 changed files with 90 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
usr/local/share/bastille/config.sh
View File

@@ -88,16 +88,16 @@ shift 2
set_target "${TARGET}"
case "${ACTION}" in
get|remove)
get)
if [ "$#" -ne 1 ]; then
error_notify 'Too many parameters for [get|remove] operation.'
usage
fi
;;
set)
set|remove)
;;
*)
error_exit 'Only get and set are supported.'
error_exit "[ERROR]: Only set, remove and get are supported."
;;
esac
@@ -117,32 +117,79 @@ print_jail_conf() {
for _jail in ${JAILS}; do
# Handle Bastille specific properties
# Currently only 'priority' and 'boot'
# Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
PROPERTY="priority"
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf"
if [ "${ACTION}" = "set" ]; then
if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"
else
error_exit "Priority value must be a number."
fi
else
elif [ "${ACTION}" = "remove" ]; then
error_exit "[ERROR]: Cannot remove the 'priority' property."
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}"
fi
# Boot property
elif [ "${PROPERTY}" = "boot" ]; then
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/boot.conf"
if [ "${ACTION}" = "set" ]; then
if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then
sysrc -f "${FILE}" "${PROPERTY}=${VALUE}"
else
error_exit "Boot value must be 'on' or 'off'."
fi
else
elif [ "${ACTION}" = "remove" ]; then
error_exit "[ERROR]: Cannot remove the 'boot' property."
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}"
fi
# Depend property
elif [ "${PROPERTY}" = "depend" ] || [ "${PROPERTY}" = "depends" ]; then
PROPERTY="depend"
BASTILLE_PROPERTY=1
FILE="${bastille_jailsdir}/${_jail}/settings.conf"
if [ "${ACTION}" = "set" ]; then
if [ -z "${VALUE}" ]; then
error_exit "[ERROR]: Adding a jail to the 'depend' property requires a TARGET."
else
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
sysrc -f "${FILE}" "${PROPERTY}+=${JAILS}"
elif [ "${ACTION}" = "remove" ]; then
if [ -z "${VALUE}" ]; then
error_exit "[ERROR]: Removing a jail from the 'depend' property requires a TARGET."
else
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
sysrc -f "${FILE}" "${PROPERTY}-=${JAILS}"
elif [ "${ACTION}" = "get" ]; then
sysrc -f "${FILE}" -n "${PROPERTY}"
fi
else
FILE="${bastille_jailsdir}/${_jail}/jail.conf"
if [ ! -f "${FILE}" ]; then
@@ -186,9 +233,15 @@ for _jail in ${JAILS}; do
fi
elif [ "${ACTION}" = "remove" ]; then
if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then
info "\n[${_jail}]:"
sed -i '' "/.*${PROPERTY}.*/d" "${FILE}"
echo "Property removed: ${PROPERTY}"
else
error_exit "Value not present in jail.conf: ${PROPERTY}"
error_exit "[ERROR]: Value not present in jail.conf: ${PROPERTY}"
fi
else # Setting the value. -- cwells
if [ -n "${VALUE}" ]; then
@@ -244,4 +297,4 @@ if { [ "${ACTION}" = "set" ] || [ "${ACTION}" = "remove" ]; } && [ -z "${BASTILL
info "A restart is required for the changes to be applied. See 'bastille restart'."
fi
exit 0
exit 0

5
usr/local/share/bastille/create.sh
View File

@@ -576,8 +576,9 @@ create_jail() {
# Set strict permissions on the jail by default
chmod 0700 "${bastille_jailsdir}/${NAME}"
# Apply priority and boot settings before starting jail
# Apply boot, depends and priority settings before starting jail
sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" boot=${BOOT} >/dev/null
sysrc -f "${bastille_jailsdir}/${NAME}/settings.conf" depend="" >/dev/null
sysrc -f "${bastille_jailsdir}/${NAME}/boot.conf" priority="${PRIORITY}" >/dev/null
# Jail must be started before applying the default template. -- cwells
@@ -1041,4 +1042,4 @@ fi
create_jail "${NAME}" "${RELEASE}" "${IP}" "${INTERFACE}"
echo
echo

13
usr/local/share/bastille/start.sh
View File

@@ -112,11 +112,22 @@ for _jail in ${JAILS}; do
fi
fi
info "\n[${_jail}]:"
# Validate that all 'depends' jails are running
_depend_jails="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n depend)"
for _depend_jail in ${_depend_jails}; do
if check_target_is_running; then
continue
else
bastille start ${_depend_jail}
fi
done
if check_target_is_running "${_jail}"; then
info "\n[${_jail}]:"
error_continue "Jail is already running."
fi
info "\n[${_jail}]:"
# Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then

15
usr/local/share/bastille/stop.sh
View File

@@ -87,12 +87,25 @@ set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do
info "\n[${_jail}]:"
# Validate that all jails that 'depend' on this one are stopped
for _depend_jail in $(ls --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then
sysrc -q -f ${bastille_jailsdir}/${_depend_jail}/settings.conf depend="" >/dev/null
fi
if [ "${_jail}" = "${_depend_jail}" ]; then
continue
elif grep -hoqsw "${_jail}" "${bastille_jailsdir}/${_depend_jail}/settings.conf"; then
bastille stop ${_depend_jail}
fi
done
if check_target_is_stopped "${_jail}"; then
info "\n[${_jail}]:"
error_continue "Jail is already stopped."
fi
info "\n[${_jail}]:"
# Remove RDR rules
if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
_ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"