mirror of
https://github.com/hackacad/bastille.git
synced 2025-12-25 23:10:33 +01:00
30 lines
1.0 KiB
Plaintext
30 lines
1.0 KiB
Plaintext
# TODO
|
|
|
|
##This is just a place to throw down the ideas of things I need to fix and or
|
|
##improve. In no particular order.
|
|
##
|
|
##+ ZFS or UFS support
|
|
##+ Support for multi-jail templating (create, snapshot, deploy)
|
|
##+ jail.conf validation support in `create`
|
|
##+ Dynamic config support for templating
|
|
##+
|
|
|
|
##Bastille in Bastille
|
|
##--------------------
|
|
## found on mailing list archive. need to research
|
|
|
|
## jail -c name=foo host.hostname=foo allow.raw_sockets children.max=99
|
|
## ip4.addr=10.20.12.68 persist
|
|
## jexec foo /bin/csh
|
|
## foo# jail -c name=bar host.hostname=bar allow.raw_sockets
|
|
## ip4.addr=10.20.12.68 persist
|
|
## foo# jexec bar /bin/csh
|
|
## bar# ping gritton.org
|
|
|
|
## TODO: .ssh/authorized_keys auto-launch into user jail
|
|
## jail_create_login_hook() {
|
|
## echo "permit nopass ${user} cmd /usr/sbin/jexec args ${name} /usr/bin/login -f ${user}" >> /usr/local/etc/doas.conf
|
|
## echo "command='/usr/local/bin/doas /usr/sbin/jexec ${name} /usr/bin/login -f ${user}' ${pubkey}" >> $HOME/.ssh/authorized_keys
|
|
## }
|
|
|