From 9984101e1b0f30cebd05f7146eb101f895d1764a Mon Sep 17 00:00:00 2001
From: Jose <joserprg@gmail.com>
Date: Sat, 20 Mar 2021 06:12:07 -0400
Subject: [PATCH] Don't share ports across the jails, just copy them

A security concern into the jail could affect the shared ports for all the child, and/or multiple jails accessing/managing/updating the same source could lead into conflicts.

Due the above mentioned issues, the optional distfiles will be copied to the newly created thinjail if they exist on the base release, thus being secure and more granular management.
---
 usr/local/share/bastille/create.sh | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh
index ce3cf6d1..8aa21263 100644
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -259,17 +259,25 @@ create_jail() {
         echo
 
         if [ -z "${THICK_JAIL}" ]; then
-            LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src"
+            LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share"
             for _link in ${LINK_LIST}; do
                 ln -sf /.bastille/${_link} ${_link}
             done
-            # Properly link shared ports on thin jails in read-write.
+            # Copy optional distfiles if they exist on the base release.
             if [ -d "${bastille_releasesdir}/${RELEASE}/usr/ports" ]; then
                 if [ ! -d "${bastille_jail_path}/usr/ports" ]; then
-                    mkdir ${bastille_jail_path}/usr/ports
+                    info "Copying ports tree..."
+                    cp -a ${bastille_releasesdir}/${RELEASE}/usr/ports ${bastille_jail_path}/usr
                 fi
-                echo -e "${bastille_releasesdir}/${RELEASE}/usr/ports ${bastille_jail_path}/usr/ports nullfs rw 0 0" >> "${bastille_jail_fstab}"
             fi
+            if [ -d "${bastille_releasesdir}/${RELEASE}/usr/src" ]; then
+                if [ ! -d "${bastille_jail_path}/usr/src" ]; then
+                    info "Copying source tree..."
+                    ln -sf usr/src sys
+                    cp -a ${bastille_releasesdir}/${RELEASE}/usr/src ${bastille_jail_path}/usr
+                fi
+            fi
+            echo
         fi
 
         if [ -z "${THICK_JAIL}" ]; then