Added SPDX-License-Identifier to all scripts for better license clarity and compliance. Updated the copyright years from 2024 to 2025 in various files to reflect the current maintenance period.
Hierarchical jails inherit the parent jail's permissions and don't support setting devfs_ruleset to a non-zero value. This update adds a check to determine if the script is running inside a jail. If so, it sets devfs_ruleset to 0 to comply with this constraint.
Accross the code, release names are checked against some variation of
-BETAx / -RCx which are inconsistent in the range of accepted values for
`x`.
As a consequence, some commands cannot be successfuly run while they
are valid, e.g. `bastille create test 14.0-RC4 10.0.0.2` is rejected
because only `*-RC1` and `*-RC2` are accepted as a RC release name.
Find out these lists of specific BETA and RC patterns and adjust them to
allow any one-digit value at the end. We generaly do up to 4 BETA / RC
releases, so a one digit limit is probably enough for the time being.
This is still WIP / PoC and would require documentation changes, opening PR to
gather feedback as this is a first-time contribution.
Important changes:
- instead of relying on 0.0.0.0 to signal DHCP, we now support passing "DHCP" in
the IP parameter.
- we also support "SLAAC" as a value for the IP parameter, which enables
accepting route advertisement
- fixed an oddity in the way the gateway was being handled for IPv6 (in certain
cases it was being passed as the GATEWAY template parameter
- allow passing multiple values to the IP parameter, this would work as a quoted
parameter
- that means that, e.g. bastille create -V test 13.0-RELEASE "SLAAC DHCP" wan is
possible and creates a dual-stack jail
- passing both DHCP, SLAAC and fixed IPs is also possible, but only one IP per
protocol number is supported; last one wins
Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running
`mountpoint /proc`
While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory.
Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible.
There's quite a bit more we could do here, but this hits my basic usage
with vnets. Future work here would be things like ipv6 support or trying
to infer what a custom `interfaces` setting means.
This makes it much easier to understand `ifconfig` when run on the jail host. Not sure how to test this, but manually appyling this via `bastille edit` to an existing vnet jail had the right effects when I restarted the jail.
