From b294a45bb9e4433b81332a35fea370c862f506f0 Mon Sep 17 00:00:00 2001 From: cynix Date: Thu, 15 Jul 2021 20:52:16 +1000 Subject: [PATCH 1/3] Fix fstab creation for Linux jails --- usr/local/share/bastille/create.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 767425fe..8c34d179 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -264,14 +264,14 @@ create_jail() { if [ ! -f "${bastille_jail_fstab}" ]; then touch "${bastille_jail_fstab}" fi - echo -e "devfs ${bastille_jail_path}/dev devfs rw 0 0" > "${bastille_jail_fstab}" - echo -e "tmpfs ${bastille_jail_path}/dev/shm tmpfs rw,size=1g,mode=1777 0 0" > "${bastille_jail_fstab}" - echo -e "fdescfs ${bastille_jail_path}/dev/fd fdescfs rw,linrdlnk 0 0" > "${bastille_jail_fstab}" - echo -e "linprocfs ${bastille_jail_path}/proc linprocfs rw 0 0" > "${bastille_jail_fstab}" - echo -e "linsysfs ${bastille_jail_path}/sys linsysfs rw 0 0" > "${bastille_jail_fstab}" - echo -e "/tmp ${bastille_jail_path}/tmp nullfs rw 0 0" > "${bastille_jail_fstab}" + echo -e "devfs ${bastille_jail_path}/dev devfs rw 0 0" >> "${bastille_jail_fstab}" + echo -e "tmpfs ${bastille_jail_path}/dev/shm tmpfs rw,size=1g,mode=1777 0 0" >> "${bastille_jail_fstab}" + echo -e "fdescfs ${bastille_jail_path}/dev/fd fdescfs rw,linrdlnk 0 0" >> "${bastille_jail_fstab}" + echo -e "linprocfs ${bastille_jail_path}/proc linprocfs rw 0 0" >> "${bastille_jail_fstab}" + echo -e "linsysfs ${bastille_jail_path}/sys linsysfs rw 0 0" >> "${bastille_jail_fstab}" + echo -e "/tmp ${bastille_jail_path}/tmp nullfs rw 0 0" >> "${bastille_jail_fstab}" ## removed temporarely / only for X11 jails? @hackacad - #echo -e "/home ${bastille_jail_path}/home nullfs rw 0 0" > "${bastille_jail_fstab}" + #echo -e "/home ${bastille_jail_path}/home nullfs rw 0 0" >> "${bastille_jail_fstab}" if [ ! -f "${bastille_jail_conf}" ]; then if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then From 857414f4107d59da8e1a3566968ea9b8292f89b4 Mon Sep 17 00:00:00 2001 From: cynix Date: Thu, 15 Jul 2021 21:26:35 +1000 Subject: [PATCH 2/3] Fix missing redirection --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 8c34d179..63682d95 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -255,7 +255,7 @@ create_jail() { touch "${bastille_jail_path}/dev/shm" touch "${bastille_jail_path}/dev/fd" cp -RPf ${bastille_releasesdir}/${RELEASE}/* ${bastille_jail_path}/ - echo ${NAME} ${bastille_jail_path}/etc/hostname + echo "${NAME}" > ${bastille_jail_path}/etc/hostname if [ ! -d "${bastille_jail_template}" ]; then mkdir -p "${bastille_jail_template}" From 387fe3cf91b42e00949f2f4f684a4f440f1065a2 Mon Sep 17 00:00:00 2001 From: cynix Date: Thu, 15 Jul 2021 23:01:13 +1000 Subject: [PATCH 3/3] Avoid mounting devfs twice --- usr/local/share/bastille/create.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 63682d95..fb3023bc 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -166,8 +166,6 @@ ${NAME} { exec.stop = '/bin/true'; persist; - mount.devfs; - allow.mount; allow.mount.devfs;