BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Merge pull request #215 from JRGTH/master

Browse Source 
Option to force destroy jail in ZFS
This commit is contained in:
Christer Edwards
2020-06-19 08:45:36 -06:00
committed by GitHub
parent 3fccba30d6 932f1afae1
commit 99bd323897
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
usr/local/bin/bastille
+12 -5
View File
@@ -28,14 +28,17 @@
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
bastille_colors_pre() {
## so we can make it colorful
. /usr/local/share/bastille/colors.pre.sh
}
## root check first. ## root check first.
bastille_root_check() { bastille_root_check() {
if [ "$(id -u)" -ne 0 ]; then if [ "$(id -u)" -ne 0 ]; then
## so we can make it colorful bastille_colors_pre
. /usr/local/share/bastille/colors.pre.sh
## permission denied ## permission denied
echo -e "${COLOR_RED}Bastille: Permission Denied${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}Bastille: Permission Denied${COLOR_RESET}" 1>&2
echo -e "${COLOR_RED}root / sudo / doas required${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}root / sudo / doas required${COLOR_RESET}" 1>&2
@@ -47,7 +50,8 @@ bastille_root_check
## check for config existance ## check for config existance
bastille_conf_check() { bastille_conf_check() {
if [ ! -r /usr/local/etc/bastille/bastille.conf ]; then if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then
bastille_colors_pre
echo -e "${COLOR_RED}Missing Configuration${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}Missing Configuration${COLOR_RESET}" 1>&2
exit 1 exit 1
fi fi
@@ -64,6 +68,7 @@ bastille_perms_check() {
if [ -d "${bastille_prefix}" ]; then if [ -d "${bastille_prefix}" ]; then
BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}") BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
bastille_colors_pre
echo -e "${COLOR_RED}Insecure permissions on ${bastille_prefix}${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}Insecure permissions on ${bastille_prefix}${COLOR_RESET}" 1>&2
echo -e "${COLOR_RED}Try: chmod 0750 ${bastille_prefix}${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}Try: chmod 0750 ${bastille_prefix}${COLOR_RESET}" 1>&2
echo echo
@@ -132,6 +137,7 @@ shift
# Handle special-case commands first. # Handle special-case commands first.
case "${CMD}" in case "${CMD}" in
version|-v|--version) version|-v|--version)
bastille_colors_pre
echo -e "${COLOR_GREEN}${BASTILLE_VERSION}${COLOR_RESET}" echo -e "${COLOR_GREEN}${BASTILLE_VERSION}${COLOR_RESET}"
exit 0 exit 0
;; ;;
@@ -164,5 +170,6 @@ if [ -f "${SCRIPTPATH}" ]; then
exec "${SH}" "${SCRIPTPATH}" "$@" exec "${SH}" "${SCRIPTPATH}" "$@"
else else
bastille_colors_pre
echo -e "${COLOR_RED}${SCRIPTPATH} not found.${COLOR_RESET}" 1>&2 echo -e "${COLOR_RED}${SCRIPTPATH} not found.${COLOR_RESET}" 1>&2
fi fi
usr/local/share/bastille/destroy.sh
+6 -1
View File
@@ -37,6 +37,7 @@ usage() {
} }
destroy_jail() { destroy_jail() {
local OPTIONS
bastille_jail_base="${bastille_jailsdir}/${TARGET}" ## dir bastille_jail_base="${bastille_jailsdir}/${TARGET}" ## dir
bastille_jail_log="${bastille_logsdir}/${TARGET}_console.log" ## file bastille_jail_log="${bastille_logsdir}/${TARGET}_console.log" ## file
@@ -60,8 +61,12 @@ destroy_jail() {
if [ "${bastille_zfs_enable}" = "YES" ]; then if [ "${bastille_zfs_enable}" = "YES" ]; then
if [ -n "${bastille_zfs_zpool}" ]; then if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${TARGET}" ]; then if [ -n "${TARGET}" ]; then
OPTIONS="-r"
if [ "${FORCE}" = "1" ]; then
OPTIONS="-rf"
fi
## remove jail zfs dataset recursively ## remove jail zfs dataset recursively
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}" zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}"
fi fi
fi fi
fi fi