BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

debug

Browse Source 
v0.1
This commit is contained in:
Bike Dude
2021-02-08 22:11:33 +01:00
parent af8d766b0e
commit 519fe77fbb
3 changed files with 139 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
usr/local/share/bastille/bootstrap.sh
View File

@@ -426,6 +426,38 @@ http?://github.com/*/*|http?://gitlab.com/*/*)
BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }') BASTILLE_TEMPLATE_REPO=$(echo "${1}" | awk -F / '{ print $5 }')
bootstrap_template bootstrap_template
;; ;;
ubuntu_bionic|bionic|ubuntu-bionic)
if [ ! "$(sysrc -f /boot/loader.conf -n linprocfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n linsysfs_load)" = "YES" ] && [ ! "$(sysrc -f /boot/loader.conf -n tmpfs_load)" = "YES" ]; then
warn "linprocfs_load, linsysfs_load, tmpfs_load not enabled in /boot/loader.conf or linux_enable not active. Should I do that for you? (N|y)"
read answer
case $answer in
no|No|n|N|"")
error_exit "Exiting."
;;
yes|Yes|y|Y)
sysrc linux_enable=YES
sysrc -f /boot/loader.conf linprocfs_load=YES
sysrc -f /boot/loader.conf linsysfs_load=YES
sysrc -f /boot/loader.conf tmpfs_load=YES
;;
esac
fi
if which -s debootstrap; then
debootstrap --foreign --arch=amd64 --no-check-gpg bionic ${bastille_releasesdir}/Ubuntu_1804
else
warn "Debootstrap not found. Should it be installed? (N|y)"
read answer
case $answer in
no|No|n|N|"")
error_exit "Exiting. You need to install debootstap before boostrapping a Linux jail."
;;
yes|Yes|y|Y)
pkg install debootstrap -y
debootstrap --foreign --arch=amd64 --no-check-gpg bionic ${bastille_releasesdir}/Ubuntu_1804
;;
esac
fi
;;
*) *)
usage usage
;; ;;

101
usr/local/share/bastille/create.sh
View File

@@ -141,6 +141,30 @@ ${NAME} {
EOF EOF
} }
generate_linux_jail_conf() {
cat << EOF > "${bastille_jail_conf}"
${NAME} {
host.hostname = ${NAME};
mount.fstab = ${bastille_jail_fstab};
path = ${bastille_jail_path};
devfs_ruleset = 4;
exec.start = '/bin/true';
exec.stop = '/bin/true';
persist;
mount.devfs;
allow.mount;
allow.mount.devfs;
interface = ${bastille_jail_conf_interface};
${IPX_ADDR} = ${IP};
ip6 = ${IP6_MODE};
}
EOF
}
generate_vnet_jail_conf() { generate_vnet_jail_conf() {
## determine number of containers + 1 ## determine number of containers + 1
## iterate num and grep all jail configs ## iterate num and grep all jail configs
@@ -206,6 +230,47 @@ create_jail() {
fi fi
fi fi
if [ -z "${LINUX_JAIL}" ]; then
if [ ! -d "${bastille_jail_base}" ]; then
mkdir -p "${bastille_jail_base}"
fi
mkdir -p "${bastille_jail_path}/dev"
mkdir -p "${bastille_jail_path}/proc"
mkdir -p "${bastille_jail_path}/sys"
mkdir -p "${bastille_jail_path}/home"
mkdir -p "${bastille_jail_path}/tmp"
touch "${bastille_jail_path}/dev/shm"
touch "${bastille_jail_path}/dev/fd"
cp -R ${bastille_releasesdir}/${RELEASE} ${bastille_jail_path}
if [ ! -d "${bastille_jail_template}" ]; then
mkdir -p "${bastille_jail_template}"
fi
if [ ! -f "${bastille_jail_fstab}" ]; then
touch "${bastille_jail_fstab}"
fi
echo -e "devfs ${bastille_jail_path}/dev devfs rw 0 0" > "${bastille_jail_fstab}"
echo -e "tmpfs ${bastille_jail_path}/dev/shm tmpfs rw,size=1g,mode=1777 0 0" > "${bastille_jail_fstab}"
echo -e "fdescfs ${bastille_jail_path}/dev/fd fdescfs rw,linrdlnk 0 0" > "${bastille_jail_fstab}"
echo -e "linprocfs ${bastille_jail_path}/proc linprocfs rw 0 0" > "${bastille_jail_fstab}"
echo -e "linsysfs ${bastille_jail_path}/sys linsysfs rw 0 0" > "${bastille_jail_fstab}"
echo -e "/tmp ${bastille_jail_path}/tmp nullfs rw 0 0" > "${bastille_jail_fstab}"
echo -e "/home ${bastille_jail_path}/home nullfs rw 0 0" > "${bastille_jail_fstab}"
if [ ! -f "${bastille_jail_conf}" ]; then
if [ -z "${bastille_network_loopback}" ] && [ -n "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_shared}
fi
if [ -n "${bastille_network_loopback}" ] && [ -z "${bastille_network_shared}" ]; then
local bastille_jail_conf_interface=${bastille_network_loopback}
fi
if [ -n "${INTERFACE}" ]; then
local bastille_jail_conf_interface=${INTERFACE}
fi
fi
fi
if [ -z "${EMPTY_JAIL}" ]; then if [ -z "${EMPTY_JAIL}" ]; then
if [ ! -d "${bastille_jail_base}" ]; then if [ ! -d "${bastille_jail_base}" ]; then
mkdir -p "${bastille_jail_base}" mkdir -p "${bastille_jail_base}"
@@ -238,12 +303,7 @@ create_jail() {
local bastille_jail_conf_interface=${INTERFACE} local bastille_jail_conf_interface=${INTERFACE}
fi fi
## generate the jail configuration file generate_linux_jail_conf
if [ -n "${VNET_JAIL}" ]; then
generate_vnet_jail_conf
else
generate_jail_conf
fi
fi fi
## using relative paths here ## using relative paths here
@@ -443,6 +503,10 @@ else
shift shift
EMPTY_JAIL="1" EMPTY_JAIL="1"
;; ;;
-L|--linux|linux)
shift
LINUX_JAIL="1"
;;
-T|--thick|thick) -T|--thick|thick)
shift shift
THICK_JAIL="1" THICK_JAIL="1"
@@ -463,7 +527,7 @@ RELEASE="$2"
IP="$3" IP="$3"
INTERFACE="$4" INTERFACE="$4"
if [ -n "${EMPTY_JAIL}" ]; then if [ -n "${EMPTY_JAIL}"; then
if [ $# -ne 1 ]; then if [ $# -ne 1 ]; then
usage usage
fi fi
@@ -478,6 +542,20 @@ if [ -n "${NAME}" ]; then
validate_name validate_name
fi fi
if [ -z "${LINUX_JAIL}" ]; then
case "${RELEASE}" in
bionic|ubuntu_bionic|ubuntu|ubuntu-bionic)
## check for FreeBSD releases name
NAME_VERIFY=ubuntu_bionic
;;
*)
error_notify "Unknown Linux."
usage
;;
esac
fi
if [ -z "${EMPTY_JAIL}" ]; then if [ -z "${EMPTY_JAIL}" ]; then
## verify release ## verify release
case "${RELEASE}" in case "${RELEASE}" in
@@ -516,6 +594,10 @@ if [ -z "${EMPTY_JAIL}" ]; then
NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g') NAME_VERIFY=$(echo "${RELEASE}" | grep -iwE '(current-build-latest)' | sed 's/CURRENT/current/g' | sed 's/build/BUILD/g' | sed 's/latest/LATEST/g')
validate_release validate_release
;; ;;
ubuntu_bionic|bionic|ubuntu-bionic)
NAME_VERIFY=Ubuntu_1804
validate_release
;;
*) *)
error_notify "Unknown Release." error_notify "Unknown Release."
usage usage
@@ -577,6 +659,9 @@ fi
if [ -z ${bastille_template_empty+x} ]; then if [ -z ${bastille_template_empty+x} ]; then
bastille_template_empty='default/empty' bastille_template_empty='default/empty'
fi fi
if [ -z ${bastille_template_linux+x} ]; then
bastille_template_empty='default/linux'
fi
if [ -z ${bastille_template_thick+x} ]; then if [ -z ${bastille_template_thick+x} ]; then
bastille_template_thick='default/thick' bastille_template_thick='default/thick'
fi fi
@@ -587,4 +672,4 @@ if [ -z ${bastille_template_vnet+x} ]; then
bastille_template_vnet='default/vnet' bastille_template_vnet='default/vnet'
fi fi
create_jail "${NAME}" "${RELEASE}" "${IP}" "${INTERFACE}" create_jail "${NAME}" "${RELEASE}" "${IP}" "${INTERFACE}"

14
usr/local/share/bastille/templates/default/linux/Bastillefile Normal file
View File

@@ -0,0 +1,14 @@
PRE mkdir -p home
PRE mkdir -p tmp
FSTAB devfs root/dev devfs rw 0 0
FSTAB tmpfs dev/shm tmpfs rw,size=1g,mode=1777 0 0
FSTAB fdescfs dev/fd fdescfs rw,linrdlnk 0 0
FSTAB linprocfs proc linprocfs rw 0 0
FSTAB linsysfs sys linsysfs rw 0 0
FSTAB /tmp tmp nullfs rw 0 0
FSTAB /home home nullfs rw 0 0
CMD mkdir etc/apt/apt.conf.d/00aptitude
CMD echo "APT::Cache-Start 251658240;" > etc/apt/apt.conf.d/00aptitude