From 4634dc691018933ee5036a314ffc3590e1187eb1 Mon Sep 17 00:00:00 2001 From: vrachnis Date: Sat, 16 Mar 2024 01:31:52 +0000 Subject: [PATCH 01/91] Fix alignment when listing jails with more than one IP address When a VNET jail has more than IP address configured on its primary interface, invoking "bastille list -a" will now display all addresses vertically aligned. --- usr/local/share/bastille/list.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index c5c346a5..df4db24f 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -150,7 +150,22 @@ list_all(){ JAIL_HOSTNAME=${JAIL_HOSTNAME:-${DEFAULT_VALUE}} JAIL_RELEASE=${JAIL_RELEASE:-${DEFAULT_VALUE}} JAIL_PATH=${JAIL_PATH:-${DEFAULT_VALUE}} - printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l) + if [ ${JAIL_IP_COUNT} -gt 1 ]; then + # vnet0 has more than one IPs assigned. + # Put each IP in its own line below the jails first address. For instance: + # JID State IP Address Published Ports Hostname Release Path + # foo Up 10.10.10.10 - foo 14.0-RELEASE-p5 /usr/local/bastille/jails/foo/root + # 10.10.10.11 + # 10.10.10.12 + FIRST_IP="$(echo "${JAIL_IP}" | head -n 1)" + printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${FIRST_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#FIRST_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + for IP in $(echo "${JAIL_IP}" | tail -n +2); do + printf "%*s %*s${IP}\n" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER}))" "" "$((5 + ${SPACER}))" "" + done + else + printf " ${JAIL_NAME}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" + fi fi done else From 0961165d36d9779196377d22ceaa57e0ffd12ebd Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:21:28 -0600 Subject: [PATCH 02/91] add support for static mac address for jails This commit will generate a static MAC address for each jail, based on the name of the jail. It will use the first half (xx:xx:xx) of the host MAC to avoid network clashes, and generate a random HEX string from the hashed name of the jail. It will then add that random 5 character HEX string in MAC format, and add an "a" and "b" for the host and jail respectively. This way a jail can retain it's MAC ID even if it is deleted and reinstalled, as long as the same name is retained. --- usr/local/share/bastille/common.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 1295799a..e2fd8f22 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -94,6 +94,9 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi + # generate static MAC for jail using host prefix (first half of host MAC) + local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF @@ -103,6 +106,8 @@ generate_vnet_jail_netblock() { exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; + exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}a"; + exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}b"; exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; EOF From 2560b436022eeb37b4472ee34819b7a0b1fc15fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:32:52 -0600 Subject: [PATCH 03/91] support for -V option also --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index e2fd8f22..e8234d24 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -118,6 +118,8 @@ EOF vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; + exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; + exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; exec.poststop += "jib destroy ${uniq_epair}"; EOF fi From cc75f454b44ff180686a0349592ce1f1cea5c4ce Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:35:01 -0600 Subject: [PATCH 04/91] spacing edit --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index e8234d24..28764a8a 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -96,7 +96,7 @@ generate_vnet_jail_netblock() { fi # generate static MAC for jail using host prefix (first half of host MAC) local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF From a9c1bae0ca2534bd3138af318901171154fac20b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:47:46 -0600 Subject: [PATCH 05/91] beginning work to allow cloned jail with new static MAC feature Current implementation allows for cloning jails that were created using a static MAC. Also removed some unnecessary sed strings. These were simplified. --- usr/local/share/bastille/clone.sh | 39 ++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 1ebea6c4..9f68277e 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,12 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" - sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" + #sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + #sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + #sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + #sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + #sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -110,13 +110,25 @@ update_jailconf_vnet() { for _num in $(seq 0 "${num_range}"); do if [ -n "${jail_list}" ]; then if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then - uniq_epair="bastille${_num}" - # Update the exec.* with uniq_epair when cloning jails. - sed -i '' "s|vnet.interface = e0b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair}|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille[0-9].*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - break + if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then + local uniq_epair="bastille${_num}" + local uniq_epair_bridge="${_num}" + local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" + local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # Update the exec.* with uniq_epair when cloning jails. + #sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" + # for bridged jails + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|.*a_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}a_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|.*b_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}b_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}b\";|" "${JAIL_CONFIG}" + break + fi fi fi done @@ -208,3 +220,4 @@ else fi clone_jail + From ee21616e810ecf136988bd18e0ad302cb3543b13 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:05:49 -0600 Subject: [PATCH 06/91] Uncomment for non-VNET jails --- usr/local/share/bastille/clone.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 9f68277e..621ecbd9 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,12 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - #sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - #sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - #sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - #sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" - #sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" + sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -114,14 +114,14 @@ update_jailconf_vnet() { local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" - # Update the exec.* with uniq_epair when cloning jails. - #sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - # for bridged jails - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # Update the exec.* with uniq_epair when cloning jails. + sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" + # for bridged VNET jails + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" From 5fab649266e7994ba9996ae82d2befa6df622226 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:15:52 -0600 Subject: [PATCH 07/91] Add see command to rename bridges interface --- usr/local/share/bastille/clone.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 621ecbd9..de9cb9e2 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -135,7 +135,8 @@ update_jailconf_vnet() { # Rename interface to new uniq_epair sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" - + sed -i '' "s|ifconfig_e.*b.*_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" + # If 0.0.0.0 set DHCP, else set static IP address if [ "${IP}" == "0.0.0.0" ]; then sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP" From ca66263ee21e9369c45b9a7f28f1aa15fb096112 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 11:30:09 -0600 Subject: [PATCH 08/91] support cloning of bridged VNET jails + static MAC jails - fixed cloning of VNET bridged jails - added support for regenerating static MAC on cloned jails - simplified some sed commands to edit cloned jail.conf file Tested with bridged VNET, VNET, and loopback jails --- usr/local/share/bastille/clone.sh | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index de9cb9e2..58061e97 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,11 +86,7 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -116,17 +112,13 @@ update_jailconf_vnet() { local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" # Update the exec.* with uniq_epair when cloning jails. - sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - # for bridged VNET jails - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" - sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|.*a_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}a_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}a\";|" "${JAIL_CONFIG}" - sed -i '' "s|.*b_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}b_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}b\";|" "${JAIL_CONFIG}" + # for VNET jails + sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" + sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${host_mac_prefix}:${jail_mac_suffix}a|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${host_mac_prefix}:${jail_mac_suffix}b|" "${JAIL_CONFIG}" break fi fi @@ -135,7 +127,7 @@ update_jailconf_vnet() { # Rename interface to new uniq_epair sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" - sed -i '' "s|ifconfig_e.*b.*_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" + sed -i '' "s|ifconfig_e.*b_${TARGET}_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" # If 0.0.0.0 set DHCP, else set static IP address if [ "${IP}" == "0.0.0.0" ]; then @@ -221,4 +213,3 @@ else fi clone_jail - From 55203b2298e379a36f6417274b0792b4fe00d9db Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 11:31:54 -0600 Subject: [PATCH 09/91] add support for static MAC on VNET jails - support static MAC on bridged and VNET jails - remove quotes around vnet.interface --- usr/local/share/bastille/common.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 28764a8a..b1df86f9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -94,14 +94,13 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi - # generate static MAC for jail using host prefix (first half of host MAC) - local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF vnet; - vnet.interface = "e${uniq_epair_bridge}b_${jail_name}"; + vnet.interface = e${uniq_epair_bridge}b_${jail_name}; exec.prestart += "ifconfig epair${uniq_epair_bridge} create"; exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; @@ -117,9 +116,9 @@ EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; - exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.poststop += "jib destroy ${uniq_epair}"; EOF fi From 0a1e9df9480235c40f3eb51e4f015583457ca5fb Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:18:03 -0700 Subject: [PATCH 10/91] Update clone.sh - revert jail config edit This reverts some changes the the "update_jailconf" function. The reason behind this revert is that if a jail somehow has the same name as a directory, then the previous commit would have changed the directory name as well, which would break stuff. The current code avoids all that and only replaces the necessary jail name value. --- usr/local/share/bastille/clone.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 58061e97..556d9274 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,7 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi From 9a157f2fc8ff7913cc377bd49ca4feeddab7d60e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:18:53 -0700 Subject: [PATCH 11/91] Update clone.sh - remove duplicate line --- usr/local/share/bastille/clone.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 556d9274..e31308d1 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -92,7 +92,6 @@ update_jailconf() { sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" - sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi From 203af6c8ade7556e6298bc2c6d63925d4b4348b7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:39:10 -0700 Subject: [PATCH 12/91] Update common.sh - move generation of static mac to main functions --- usr/local/share/bastille/common.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index b1df86f9..55e54206 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -70,6 +70,14 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +generate_static_mac() { + local jail_name="${1}" + local external_interface="${2}" + local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + macaddr="${macaddr_prefix}:${macaddr_suffix}" +} + generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" From e055c87d0f07d5a22ac192abd317967db9f59e02 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:42:50 -0700 Subject: [PATCH 13/91] Update common.sh - clean up static mac code --- usr/local/share/bastille/common.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 55e54206..89d3a962 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -82,6 +82,7 @@ generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" local external_interface="$3" + generate_static_mac "${jail_name}" "${external_interface}" ## determine number of containers + 1 ## iterate num and grep all jail configs ## define uniq_epair @@ -102,8 +103,6 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi - local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF @@ -113,8 +112,8 @@ generate_vnet_jail_netblock() { exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; - exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}a"; - exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${macaddr}a"; + exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${macaddr}b"; exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; EOF @@ -124,8 +123,8 @@ EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; - exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; - exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e0a_${uniq_epair} ether ${macaddr}a"; + exec.prestart += "ifconfig e0b_${uniq_epair} ether ${macaddr}b"; exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.poststop += "jib destroy ${uniq_epair}"; EOF From 6a3d675e5fd59802496351a8eeb99a883ec14584 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:18:17 -0700 Subject: [PATCH 14/91] Update clone.sh - final commit for static mac cleanup --- usr/local/share/bastille/clone.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index e31308d1..e8b0cab3 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -113,16 +113,19 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # we also do not use the main generate_static_mac function here + local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" + local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr="${macaddr_prefix}:${macaddr_suffix}" # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${host_mac_prefix}:${jail_mac_suffix}a|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${host_mac_prefix}:${jail_mac_suffix}b|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break fi fi From 3b7d4f1b52a86c8b5a9b010dfdd57642710a590c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 8 Dec 2024 14:41:50 -0700 Subject: [PATCH 15/91] Update template.sh - bugfix for cmd --- usr/local/share/bastille/template.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index d9634f5a..7a023890 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -299,7 +299,7 @@ for _jail in ${JAILS}; do # Escape single-quotes in the command being executed. -- cwells _args=$(echo "${_args}" | sed "s/'/'\\\\''/g") # Allow redirection within the jail. -- cwells - _args="sh -c '${_args}'" + _args="sh -c \"${_args}\"" ;; cp|copy) _cmd='cp' From aa17f5c4f91a1bc3779d86fe616c92f7823e858b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:51:29 -0700 Subject: [PATCH 16/91] Fix pfctl being invoked when NAT is not used + change ip var to ip4 for future ip6 implementation --- usr/local/share/bastille/stop.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index a3a8dfbe..ade6f9a6 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -52,10 +52,10 @@ for _jail in ${JAILS}; do ## test if running if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then ## Capture ip4.addr address while still running - _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)" + _ip4="$( bastille config ${_jail} get ip4.addr )" # Check if pfctl is present - if which -s pfctl; then + if [ which -s pfctl ] && [ "${_ip4}" != "not set" ]; then if [ "$(bastille rdr ${_jail} list)" ]; then bastille rdr ${_jail} clear fi @@ -73,9 +73,9 @@ for _jail in ${JAILS}; do jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" ## remove (captured above) ip4.addr from firewall table - if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then + if [ -n "${bastille_network_loopback}" ] && [ "${_ip4}" != "not set" ]; then if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip4}" fi fi fi From 42a5a38334229def87a0e02018607a57d4052765 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:59:02 -0700 Subject: [PATCH 17/91] fix start.sh also --- usr/local/share/bastille/start.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index f9e5a180..2eeb9e49 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -79,14 +79,14 @@ for _jail in ${JAILS}; do fi ## warn if matching configured (but not online) ip4.addr, ignore if there's no ip4.addr entry - ip=$(bastille config "${_jail}" get ip4.addr) - if [ -n "${ip}" ]; then - if ifconfig | grep -wF "${ip}" >/dev/null; then - error_notify "Error: IP address (${ip}) already in use." + _ip4=$(bastille config "${_jail}" get ip4.addr) + if [ "${_ip4}" != "not set" ]; then + if ifconfig | grep -wF "${_ip4}" >/dev/null; then + error_notify "Error: IP address (${_ip4}) already in use." continue fi ## add ip4.addr to firewall table - pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}" + pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip4}" fi ## start the container From 2a8a0702516be30f90024bbe0d21aad456a50639 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 15:04:27 -0700 Subject: [PATCH 18/91] remove "which pfctl" We assume that if the jail has an ip4.addr value, then pfctl is obviously installed. It is also not invoked by start, so stop should not need it either. --- usr/local/share/bastille/stop.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index ade6f9a6..d61d7ed6 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -55,7 +55,7 @@ for _jail in ${JAILS}; do _ip4="$( bastille config ${_jail} get ip4.addr )" # Check if pfctl is present - if [ which -s pfctl ] && [ "${_ip4}" != "not set" ]; then + if [ "${_ip4}" != "not set" ]; then if [ "$(bastille rdr ${_jail} list)" ]; then bastille rdr ${_jail} clear fi From 108227f72ee977d2cd7df1096caf72db23718675 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 15:07:29 -0700 Subject: [PATCH 19/91] remove padding --- usr/local/share/bastille/stop.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index d61d7ed6..6c4b7c1d 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -52,7 +52,7 @@ for _jail in ${JAILS}; do ## test if running if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then ## Capture ip4.addr address while still running - _ip4="$( bastille config ${_jail} get ip4.addr )" + _ip4="$(bastille config ${_jail} get ip4.addr)" # Check if pfctl is present if [ "${_ip4}" != "not set" ]; then From 86e7d5835879f4af1bf0a79d7b53d561d548da8c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:48:17 -0700 Subject: [PATCH 20/91] Allow using template in custom directory --- usr/local/share/bastille/template.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index d9634f5a..51f3206e 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -188,15 +188,17 @@ case ${TEMPLATE} in ;; */*) if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then - if [ ! -d ${TEMPLATE} ]; then error_exit "${TEMPLATE} not found." - else + else bastille_template=${TEMPLATE} - fi fi ;; *) - error_exit "Template name/URL not recognized." + if [ ! -f ${TEMPLATE}/Bastillefile ]; then + error_exit "${TEMPLATE} not found." + else + bastille_template=${TEMPLATE} + fi esac if [ -z "${JAILS}" ]; then From b12719372cbec232c2707d5b78ed2451cac765df Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 09:50:01 -0700 Subject: [PATCH 21/91] typo --- usr/local/share/bastille/clone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index cfd8a5e5..3d1e2d3d 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADRESS]" + error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADDRESS]" } # Handle special-case commands first From e4fb6e3ca6d184b0213a427610dc9d36b6d36840 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:18:40 -0700 Subject: [PATCH 22/91] begin moving functions to common.sh --- usr/local/share/bastille/common.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 9940d9e6..012259e6 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -70,6 +70,36 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +# This is where I am placing all new functions. +check_if_jail_exists() { + TARGET="${1}" + JAILS="" + if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + JAILS="${TARGET}" + return 0 + else + error_exit "Jail not found." + fi +} + +check_target_is_running() { + TARGET="${1}" + if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then + error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." + fi +} + +target_all_jails() { + _JAILS=$(/usr/sbin/jls name) + JAILS="" + for _jail in ${_JAILS}; do + _JAILPATH=$(/usr/sbin/jls -j "${_jail}" path) + if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then + JAILS="${JAILS} ${_jail}" + fi + done +} + generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" From e4487077c9341b8495c8bbb7de86bb180b136bbc Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:19:09 -0700 Subject: [PATCH 23/91] rename to be consistent --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 012259e6..8d2faa4e 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -71,7 +71,7 @@ warn() { } # This is where I am placing all new functions. -check_if_jail_exists() { +check_jail_exists() { TARGET="${1}" JAILS="" if [ -d "${bastille_jailsdir}/${TARGET}" ]; then From 5bc7cd8c738d9c70c1938a804e94381a48ab59ca Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:24:46 -0700 Subject: [PATCH 24/91] begin function define in top --- usr/local/share/bastille/top.sh | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 1e8cbb9c..7c319ed3 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -35,12 +35,22 @@ usage() { } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac +TARGET="${1}" +shift + +if [ "${TARGET}" = "ALL" ]; then + target_all_jails +else + check_jail_exists "${TARGET}" + check_target_is_running "${TARGET}" +fi + if [ $# -ne 0 ]; then usage fi From e0dfc33e4611705d8144b3419ec6f06467372b51 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:26:46 -0700 Subject: [PATCH 25/91] move jail running check to for loop --- usr/local/share/bastille/top.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 7c319ed3..029b88d7 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -47,8 +47,7 @@ shift if [ "${TARGET}" = "ALL" ]; then target_all_jails else - check_jail_exists "${TARGET}" - check_target_is_running "${TARGET}" + check_target_exists "${TARGET}" fi if [ $# -ne 0 ]; then @@ -58,6 +57,7 @@ fi bastille_root_check for _jail in ${JAILS}; do + check_target_is_running "${TARGET}" info "[${_jail}]:" jexec -l "${_jail}" /usr/bin/top echo -e "${COLOR_RESET}" From 0e3f7a5c0c6d89f7df3c3731de7be12336335540 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:27:07 -0700 Subject: [PATCH 26/91] rename function to target --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 8d2faa4e..945810e8 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -71,7 +71,7 @@ warn() { } # This is where I am placing all new functions. -check_jail_exists() { +check_target_exists() { TARGET="${1}" JAILS="" if [ -d "${bastille_jailsdir}/${TARGET}" ]; then From 63314675afec37043929a5a7e3e3479c72304215 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:29:00 -0700 Subject: [PATCH 27/91] htop function add --- usr/local/share/bastille/htop.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index de82387b..9c8a9913 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -37,11 +37,20 @@ usage() { # Handle special-case commands first. case "$1" in -help|-h|--help) - usage - ;; + help|-h|--help) + usage + ;; esac +TARGET="${1}" +shift + +if [ "${TARGET}" = "ALL" ]; then + target_all_jails +else + check_target_exists "${TARGET}" +fi + if [ $# -ne 0 ]; then usage fi @@ -49,6 +58,7 @@ fi bastille_root_check for _jail in ${JAILS}; do + check_target_is_running "${_jail}" bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then error_notify "htop not found on ${_jail}." From 3c927338c8cffd38c3a32f52ded35561105e7b0d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:29:09 -0700 Subject: [PATCH 28/91] Update top.sh --- usr/local/share/bastille/top.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 029b88d7..f3cddd9a 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -57,7 +57,7 @@ fi bastille_root_check for _jail in ${JAILS}; do - check_target_is_running "${TARGET}" + check_target_is_running "${_jail}" info "[${_jail}]:" jexec -l "${_jail}" /usr/bin/top echo -e "${COLOR_RESET}" From dc5588188967f63878c340fb921045fd2c9979df Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:44:05 -0700 Subject: [PATCH 29/91] source config from common.sh --- usr/local/share/bastille/common.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 945810e8..35d4ff0d 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -28,6 +28,9 @@ # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# Source config file +. /usr/local/etc/bastille/bastille.conf + COLOR_RED= COLOR_GREEN= COLOR_YELLOW= @@ -74,7 +77,7 @@ warn() { check_target_exists() { TARGET="${1}" JAILS="" - if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + if [ -d "${bastille_jailsdir}"/"${TARGET}" ]; then JAILS="${TARGET}" return 0 else From 538ec8159dcfff381686652a43ca11dcd4043619 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:45:13 -0700 Subject: [PATCH 30/91] move top and htop to no action command --- usr/local/bin/bastille | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..49d27950 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -147,10 +147,10 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|import|list|rdr|restart|setup|start|update|upgrade|verify) +bootstrap|create|destroy|export|htop|import|list|rdr|restart|setup|start|top|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; -clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|service|stop|sysrc|tags|template|top|umount|zfs) +clone|config|cmd|console|convert|cp|edit|limits|mount|pkg|rcp|rename|service|stop|sysrc|tags|template|umount|zfs) # Parse the target and ensure it exists. -- cwells if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells PARAMS='help' @@ -195,7 +195,7 @@ clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|servic fi case "${CMD}" in - cmd|console|htop|pkg|service|stop|sysrc|template|top) + cmd|console|pkg|service|stop|sysrc|template) check_target_is_running ;; convert|rename) From fe029c034492cdb9256b667aae344d8383bd57fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:48:09 -0700 Subject: [PATCH 31/91] exit if no args --- usr/local/share/bastille/top.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index f3cddd9a..20a039fb 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -41,8 +41,12 @@ case "${1}" in ;; esac -TARGET="${1}" -shift +if [ $# -eq 0 ]; then + usage +else + TARGET="${1}" + shift +fi if [ "${TARGET}" = "ALL" ]; then target_all_jails From d2943bdf3f103d97db9a401ac6ce6f96c49fa56e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:48:23 -0700 Subject: [PATCH 32/91] exit if no args --- usr/local/share/bastille/htop.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 9c8a9913..3dc9dbe6 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -42,8 +42,12 @@ case "$1" in ;; esac -TARGET="${1}" -shift +if [ $# -eq 0 ]; then + usage +else + TARGET="${1}" + shift +fi if [ "${TARGET}" = "ALL" ]; then target_all_jails From 6d2e9c2ec9bc2b5c7de47784373c3d8489438920 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:49:11 -0700 Subject: [PATCH 33/91] also source config file --- usr/local/share/bastille/top.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 20a039fb..088ece5c 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -29,6 +29,7 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . /usr/local/share/bastille/common.sh +. /usr/local/etc/bastille/bastille.conf usage() { error_exit "Usage: bastille top TARGET" From 1fce1925a6d61a23b7d05fdc82e8882db9f07bc3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 16:58:41 -0700 Subject: [PATCH 34/91] spacing --- usr/local/share/bastille/common.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 35d4ff0d..85310110 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -87,20 +87,20 @@ check_target_exists() { check_target_is_running() { TARGET="${1}" - if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then - error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." - fi + if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then + error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." + fi } target_all_jails() { - _JAILS=$(/usr/sbin/jls name) - JAILS="" - for _jail in ${_JAILS}; do - _JAILPATH=$(/usr/sbin/jls -j "${_jail}" path) - if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then - JAILS="${JAILS} ${_jail}" - fi - done + _JAILS=$(/usr/sbin/jls name) + JAILS="" + for _jail in ${_JAILS}; do + _JAILPATH=$(/usr/sbin/jls -j "${_jail}" path) + if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then + JAILS="${JAILS} ${_jail}" + fi + done } generate_vnet_jail_netblock() { From 31cc087ef30d801ea402e0ed615d2db0ed8b006d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:44:36 -0700 Subject: [PATCH 35/91] Add set_target function --- usr/local/share/bastille/common.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 85310110..42eb4b66 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -92,6 +92,15 @@ check_target_is_running() { fi } +set_target() { + if [ "{1}" = ALL ] || [ "{1}" = all]; then + target_all_jails + else + TARGET="{1}" + check_target_exists "{TARGET}" + fi +} + target_all_jails() { _JAILS=$(/usr/sbin/jls name) JAILS="" From 0ddd4d98cf2e12c52de38d53926dd2331bb93122 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:48:21 -0700 Subject: [PATCH 36/91] Fox vars --- usr/local/share/bastille/common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 42eb4b66..be7a656a 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -93,10 +93,10 @@ check_target_is_running() { } set_target() { - if [ "{1}" = ALL ] || [ "{1}" = all]; then + if [ "${1}" = ALL ] || [ "${1}" = all ]; then target_all_jails else - TARGET="{1}" + TARGET="${1}" check_target_exists "{TARGET}" fi } From 0874e02f18c51604db6396c7b974856542153abb Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:50:35 -0700 Subject: [PATCH 37/91] Update common.sh --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index be7a656a..c8d1b621 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -97,7 +97,7 @@ set_target() { target_all_jails else TARGET="${1}" - check_target_exists "{TARGET}" + check_target_exists "${TARGET}" fi } From 42a6a29b8e874bf01fcd7ecc0b9f1e18e7f6ef53 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:05:35 -0700 Subject: [PATCH 38/91] only accept one target for top --- usr/local/share/bastille/top.sh | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 088ece5c..d7567f8b 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -42,26 +42,15 @@ case "${1}" in ;; esac -if [ $# -eq 0 ]; then - usage -else - TARGET="${1}" - shift -fi - -if [ "${TARGET}" = "ALL" ]; then - target_all_jails -else - check_target_exists "${TARGET}" -fi - -if [ $# -ne 0 ]; then +# Accept only one argument +if [ $# -eq 0 ] || [ $# -gt 1 ]; then usage fi +set_target_single "${1}" bastille_root_check -for _jail in ${JAILS}; do +for _jail in "${JAILS}"; do check_target_is_running "${_jail}" info "[${_jail}]:" jexec -l "${_jail}" /usr/bin/top From 9e8cd7bec5fc9f1ec9b39a71722c82b9448802ad Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:08:26 -0700 Subject: [PATCH 39/91] accept only one arg on htop --- usr/local/share/bastille/htop.sh | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 3dc9dbe6..685d59d4 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -42,33 +42,22 @@ case "$1" in ;; esac -if [ $# -eq 0 ]; then - usage -else - TARGET="${1}" - shift -fi - -if [ "${TARGET}" = "ALL" ]; then - target_all_jails -else - check_target_exists "${TARGET}" -fi - -if [ $# -ne 0 ]; then +# Accept only one argument. +if [ $# -eq 0 ] || [ $# -gt 1 ]; then usage fi +set_target_single "${1}" bastille_root_check -for _jail in ${JAILS}; do +for _jail in "${JAILS}"; do check_target_is_running "${_jail}" - bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) + bastille_jail_path="$(/usr/sbin/jls -j "${_jail}" path)" if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then error_notify "htop not found on ${_jail}." elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then info "[${_jail}]:" - jexec -l ${_jail} /usr/local/bin/htop + jexec -l "${_jail}" /usr/local/bin/htop fi echo -e "${COLOR_RESET}" done From b22532078fdc9cf827774bb6dee242164ece1e9b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:12:34 -0700 Subject: [PATCH 40/91] accept only one arg with htop --- usr/local/share/bastille/htop.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 685d59d4..7b6084b6 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -1,3 +1,4 @@ + #!/bin/sh # # Copyright (c) 2018-2024, Christer Edwards @@ -47,17 +48,16 @@ if [ $# -eq 0 ] || [ $# -gt 1 ]; then usage fi -set_target_single "${1}" +TARGET="${1}" +set_target_single "${TARGET}" bastille_root_check +check_target_is_running "${TARGET}" -for _jail in "${JAILS}"; do - check_target_is_running "${_jail}" - bastille_jail_path="$(/usr/sbin/jls -j "${_jail}" path)" - if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - error_notify "htop not found on ${_jail}." - elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - info "[${_jail}]:" - jexec -l "${_jail}" /usr/local/bin/htop - fi - echo -e "${COLOR_RESET}" -done +bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" +if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then + error_notify "htop not found on ${_jail}." +elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then + info "[${_jail}]:" + jexec -l "${_jail}" /usr/local/bin/htop +fi +echo -e "${COLOR_RESET}" From bff6b936f88ae5fb7827106ca1896265fa0f6549 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:13:50 -0700 Subject: [PATCH 41/91] Update top.sh --- usr/local/share/bastille/top.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index d7567f8b..c87cf786 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -47,12 +47,11 @@ if [ $# -eq 0 ] || [ $# -gt 1 ]; then usage fi -set_target_single "${1}" +TARGET="${1}" +set_target_single "${TARGET}" bastille_root_check +check_target_is_running "${_jail}" -for _jail in "${JAILS}"; do - check_target_is_running "${_jail}" - info "[${_jail}]:" - jexec -l "${_jail}" /usr/bin/top - echo -e "${COLOR_RESET}" -done +info "[${_jail}]:" +jexec -l "${_jail}" /usr/bin/top +echo -e "${COLOR_RESET}" From 1bcd44cbb38f64cdee87cad56a034d1b8075bd05 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:16:49 -0700 Subject: [PATCH 42/91] add set_target_single function to only allow single jail targetting --- usr/local/share/bastille/common.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index c8d1b621..da92ff5a 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -73,12 +73,9 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } -# This is where I am placing all new functions. check_target_exists() { - TARGET="${1}" - JAILS="" + local TARGET="${1}" if [ -d "${bastille_jailsdir}"/"${TARGET}" ]; then - JAILS="${TARGET}" return 0 else error_exit "Jail not found." @@ -95,6 +92,14 @@ check_target_is_running() { set_target() { if [ "${1}" = ALL ] || [ "${1}" = all ]; then target_all_jails + else + TARGET="${1}" + fi +} + +set_target_single() { + if [ "${1}" = ALL ] || [ "${1}" = all ]; then + error_exit "[all|ALL] not supported with this command." else TARGET="${1}" check_target_exists "${TARGET}" From ac30b36b57dc6ef9d37c9a8f694c6b2eb2281af1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:18:24 -0700 Subject: [PATCH 43/91] only set target with set_target_single --- usr/local/share/bastille/common.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index da92ff5a..94e95555 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -102,7 +102,6 @@ set_target_single() { error_exit "[all|ALL] not supported with this command." else TARGET="${1}" - check_target_exists "${TARGET}" fi } From 1b23c044de1be0f167b19b92aa22306773b7bb2e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:19:20 -0700 Subject: [PATCH 44/91] Update top.sh --- usr/local/share/bastille/top.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index c87cf786..351a2dfe 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -48,10 +48,11 @@ if [ $# -eq 0 ] || [ $# -gt 1 ]; then fi TARGET="${1}" -set_target_single "${TARGET}" bastille_root_check -check_target_is_running "${_jail}" +set_target_single "${TARGET}" +check_target_exists "${TARGET}" +check_target_is_running "${TARGET}" -info "[${_jail}]:" -jexec -l "${_jail}" /usr/bin/top +info "[${TARGET}]:" +jexec -l "${TARGET}" /usr/bin/top echo -e "${COLOR_RESET}" From f86ad1ff891c343eb120324cd2617759cb06df6a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:20:22 -0700 Subject: [PATCH 45/91] Update htop.sh --- usr/local/share/bastille/htop.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 7b6084b6..c7e255a0 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -49,15 +49,16 @@ if [ $# -eq 0 ] || [ $# -gt 1 ]; then fi TARGET="${1}" -set_target_single "${TARGET}" bastille_root_check +set_target_single "${TARGET}" +check_target_exists "${TARGET}" check_target_is_running "${TARGET}" bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - error_notify "htop not found on ${_jail}." + error_notify "htop not found on ${TARGET}." elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - info "[${_jail}]:" - jexec -l "${_jail}" /usr/local/bin/htop + info "[${TARGET}]:" + jexec -l "${TARGET}" /usr/local/bin/htop fi echo -e "${COLOR_RESET}" From 0d9a793ed9026febf56907e9c2a37401cda97e13 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:21:17 -0700 Subject: [PATCH 46/91] Update top.sh --- usr/local/share/bastille/top.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 351a2dfe..7cc4713a 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -53,6 +53,11 @@ set_target_single "${TARGET}" check_target_exists "${TARGET}" check_target_is_running "${TARGET}" -info "[${TARGET}]:" -jexec -l "${TARGET}" /usr/bin/top +bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" +if [ ! -x "${bastille_jail_path}/usr/local/bin/top" ]; then + error_notify "top not found on ${TARGET}." +elif [ -x "${bastille_jail_path}/usr/local/bin/top" ]; then + info "[${TARGET}]:" + jexec -l "${TARGET}" /usr/local/bin/htop +fi echo -e "${COLOR_RESET}" From 4248ea9b0b2c560cb0e4bf3ae6d5f99353af946c Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:22:46 -0700 Subject: [PATCH 47/91] Update common.sh --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 94e95555..6de5d62b 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -86,6 +86,8 @@ check_target_is_running() { TARGET="${1}" if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." + else + return 0 fi } From 4276e63de86c7cb1ef357e03ca3e1bbf4af7142b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:24:35 -0700 Subject: [PATCH 48/91] Update htop.sh --- usr/local/share/bastille/htop.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index c7e255a0..fb0ece2a 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -1,4 +1,3 @@ - #!/bin/sh # # Copyright (c) 2018-2024, Christer Edwards From 9da73d6cf090fe624c0570425c055ef4241e2084 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:28:50 -0700 Subject: [PATCH 49/91] set TARGET to local only for some functions --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 6de5d62b..22531c85 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -83,7 +83,7 @@ check_target_exists() { } check_target_is_running() { - TARGET="${1}" + local TARGET="${1}" if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." else From cbcd3881b10007b020ec57fe2392618088f56a09 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:55:01 -0700 Subject: [PATCH 50/91] organize functions in alphabetical order --- usr/local/share/bastille/common.sh | 128 ++++++++++++++++++----------- 1 file changed, 80 insertions(+), 48 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 22531c85..ebe66325 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -54,7 +54,7 @@ if [ -z "${NO_COLOR}" ] && [ -t 1 ]; then enable_color fi -# Notify message on error, but do not exit +# Error/Info functions error_notify() { echo -e "${COLOR_RED}$*${COLOR_RESET}" 1>&2 } @@ -73,49 +73,56 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +# Main functions check_target_exists() { - local TARGET="${1}" - if [ -d "${bastille_jailsdir}"/"${TARGET}" ]; then - return 0 + local _TARGET="${1}" + if [ ! -d "${bastille_jailsdir}"/"${_TARGET}" ]; then + error_notify "Jail not found \"${_TARGET}\"" + return 1 else - error_exit "Jail not found." + return 0 fi } check_target_is_running() { - local TARGET="${1}" - if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then - error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'." + local _TARGET="${1}" + if [ ! "$(/usr/sbin/jls name | awk "/^${_TARGET}$/")" ]; then + error_notify "[${_TARGET}]: Not started. See 'bastille start ${_TARGET}'." + return 1 else return 0 fi } -set_target() { - if [ "${1}" = ALL ] || [ "${1}" = all ]; then - target_all_jails +check_target_is_stopped() { + local _TARGET="${1}" + if [ "$(/usr/sbin/jls name | awk "/^${_TARGET}$/")" ]; then + error_notify "${_TARGET} is running. See 'bastille stop ${_TARGET}'." + return 1 else - TARGET="${1}" + return 0 fi } -set_target_single() { - if [ "${1}" = ALL ] || [ "${1}" = all ]; then - error_exit "[all|ALL] not supported with this command." - else - TARGET="${1}" - fi -} - -target_all_jails() { - _JAILS=$(/usr/sbin/jls name) - JAILS="" - for _jail in ${_JAILS}; do - _JAILPATH=$(/usr/sbin/jls -j "${_jail}" path) - if [ -z ${_JAILPATH##${bastille_jailsdir}*} ]; then - JAILS="${JAILS} ${_jail}" - fi - done +checkyesno() { + ## copied from /etc/rc.subr -- cedwards (20231125) + ## issue #368 (lowercase values should be parsed) + ## now used for all bastille_zfs_enable=YES|NO tests + ## example: if checkyesno bastille_zfs_enable; then ... + ## returns 0 for enabled; returns 1 for disabled + eval _value=\$${1} + case $_value in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + return 0 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + return 1 + ;; + *) + warn "\$${1} is not set properly - see rc.conf(5)." + return 1 + ;; + esac } generate_vnet_jail_netblock() { @@ -166,23 +173,48 @@ EOF fi } -checkyesno() { - ## copied from /etc/rc.subr -- cedwards (20231125) - ## issue #368 (lowercase values should be parsed) - ## now used for all bastille_zfs_enable=YES|NO tests - ## example: if checkyesno bastille_zfs_enable; then ... - ## returns 0 for enabled; returns 1 for disabled - eval _value=\$${1} - case $_value in - [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) - return 0 - ;; - [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) - return 1 - ;; - *) - warn "\$${1} is not set properly - see rc.conf(5)." - return 1 - ;; - esac +set_target() { + if [ "${1}" = ALL ] || [ "${1}" = all ]; then + target_all_jails + else + TARGET="${1}" + fi +} + +set_target() { + local _TARGET="${1}" + if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + target_all_jails + else + check_target_exists "${_TARGET}" + JAILS="${_TARGET}" + TARGET="${_TARGET}" + export JAILS + export TARGET + fi +} + +set_target_single() { + local _TARGET="${1}" + if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + error_notify "[all|ALL] not supported with this command." + return 1 + else + check_target_exists "${_TARGET}" + JAILS="${_TARGET}" + TARGET="${_TARGET}" + export JAILS + export TARGET + fi +} + +target_all_jails() { + local _JAILS="$(bastille list jails)" + JAILS="" + for _jail in ${_JAILS}; do + if [ -d "${bastille_jailsdir}/${_jail}" ]; then + JAILS="${JAILS} ${_jail}" + fi + done + export JAILS } From 76e6113962a791e1f9295cde1e0bf2c4a1410d85 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:57:36 -0700 Subject: [PATCH 51/91] error handling --- usr/local/share/bastille/htop.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index fb0ece2a..15ff7584 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -42,16 +42,15 @@ case "$1" in ;; esac -# Accept only one argument. -if [ $# -eq 0 ] || [ $# -gt 1 ]; then +if [ $# -ne 1 ]; then usage fi TARGET="${1}" + bastille_root_check set_target_single "${TARGET}" -check_target_exists "${TARGET}" -check_target_is_running "${TARGET}" +check_target_is_running "${TARGET}" || exit 0 bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then From 5b68630df94601cb1ebac1318822069a89f4d30e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:58:35 -0700 Subject: [PATCH 52/91] remove 0 --- usr/local/share/bastille/htop.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 15ff7584..8b79906b 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -50,7 +50,7 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -check_target_is_running "${TARGET}" || exit 0 +check_target_is_running "${TARGET}" || exit bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then From 200321cf9b01aa057182c27005542ce33e73ca38 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 16:59:41 -0700 Subject: [PATCH 53/91] error handling --- usr/local/share/bastille/top.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 7cc4713a..34f7fa71 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -42,16 +42,15 @@ case "${1}" in ;; esac -# Accept only one argument -if [ $# -eq 0 ] || [ $# -gt 1 ]; then +if [ $# -ne 1 ]; then usage fi TARGET="${1}" + bastille_root_check set_target_single "${TARGET}" -check_target_exists "${TARGET}" -check_target_is_running "${TARGET}" +check_target_is_running "${TARGET}" || exit bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" if [ ! -x "${bastille_jail_path}/usr/local/bin/top" ]; then From 3f0a43046e11110854dee4729dc664f757110b68 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 18:45:55 -0700 Subject: [PATCH 54/91] Update clone.sh --- usr/local/share/bastille/clone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 3d1e2d3d..b8cbbae5 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -117,7 +117,7 @@ update_jailconf_vnet() { # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" # Update the exec.* with uniq_epair when cloning jails. # for VNET jails From 54e886f6825d192aabc30ee8d0b1e9ac7a1684a5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 07:23:06 -0700 Subject: [PATCH 55/91] missing sed command to add new description --- usr/local/share/bastille/clone.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index b8cbbae5..69f0c400 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -125,6 +125,7 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From 6b4a897f62639a22e65687b14537afb815776bb0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 08:51:46 -0700 Subject: [PATCH 56/91] Spacing --- usr/local/share/bastille/clone.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 69f0c400..d1171ddd 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -114,18 +114,18 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" - # Update the exec.* with uniq_epair when cloning jails. + # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From 76983fa48c94e6fc031dc43aef2de648edfece79 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 08:53:56 -0700 Subject: [PATCH 57/91] spacing --- usr/local/share/bastille/clone.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index d1171ddd..acdddae6 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADDRESS]" + error_exit "Usage: bastille clone TARGET NEW_NAME IPADDRESS" } # Handle special-case commands first @@ -114,18 +114,18 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" - # Update the exec.* with uniq_epair when cloning jails. + # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From d458ed8ee16b768a323eab96c554d24d141c60ca Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:39:53 -0700 Subject: [PATCH 58/91] Update common.sh --- usr/local/share/bastille/common.sh | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index ebe66325..f6eaedb0 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -173,20 +173,12 @@ EOF fi } -set_target() { - if [ "${1}" = ALL ] || [ "${1}" = all ]; then - target_all_jails - else - TARGET="${1}" - fi -} - set_target() { local _TARGET="${1}" if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then target_all_jails else - check_target_exists "${_TARGET}" + check_target_exists "${_TARGET}" || exit JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS @@ -197,10 +189,9 @@ set_target() { set_target_single() { local _TARGET="${1}" if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then - error_notify "[all|ALL] not supported with this command." - return 1 + error_exit "[all|ALL] not supported with this command." else - check_target_exists "${_TARGET}" + check_target_exists "${_TARGET}" || exit JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS From 4a93f61c2aea370a940f34b706275ef1cffb4895 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:41:00 -0700 Subject: [PATCH 59/91] Update htop.sh --- usr/local/share/bastille/htop.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index 8b79906b..d9741d15 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -36,7 +36,7 @@ usage() { } # Handle special-case commands first. -case "$1" in +case "${1}" in help|-h|--help) usage ;; @@ -52,11 +52,11 @@ bastille_root_check set_target_single "${TARGET}" check_target_is_running "${TARGET}" || exit -bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" +bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - error_notify "htop not found on ${TARGET}." + error_notify "htop not found on ${_jail}." elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - info "[${TARGET}]:" - jexec -l "${TARGET}" /usr/local/bin/htop + info "[${_jail}]:" + jexec -l ${_jail} /usr/local/bin/htop fi echo -e "${COLOR_RESET}" From 5913fcc6890ad9291746f8a4fbf2843fe9ac4ef9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:41:18 -0700 Subject: [PATCH 60/91] Update top.sh --- usr/local/share/bastille/top.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 34f7fa71..f7d97ee6 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -52,11 +52,7 @@ bastille_root_check set_target_single "${TARGET}" check_target_is_running "${TARGET}" || exit -bastille_jail_path="$(/usr/sbin/jls -j "${TARGET}" path)" -if [ ! -x "${bastille_jail_path}/usr/local/bin/top" ]; then - error_notify "top not found on ${TARGET}." -elif [ -x "${bastille_jail_path}/usr/local/bin/top" ]; then - info "[${TARGET}]:" - jexec -l "${TARGET}" /usr/local/bin/htop -fi + +info "[${TARGET}]:" +jexec -l "${TARGET}" /usr/bin/top echo -e "${COLOR_RESET}" From 0413a94896f592cee8ad66cfab1f2e3cfdb5c2e5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 21 Dec 2024 21:45:27 -0700 Subject: [PATCH 61/91] spacing --- usr/local/share/bastille/top.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index f7d97ee6..9a8a6ba2 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -52,7 +52,6 @@ bastille_root_check set_target_single "${TARGET}" check_target_is_running "${TARGET}" || exit - info "[${TARGET}]:" jexec -l "${TARGET}" /usr/bin/top echo -e "${COLOR_RESET}" From d2dc83d32047b961e3f9640e2980dbc4c7215da0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:21:09 -0700 Subject: [PATCH 62/91] bugfixes and code cleanup --- usr/local/share/bastille/mount.sh | 107 ++++++++++++++++++------------ 1 file changed, 66 insertions(+), 41 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index bb0e6615..11480edb 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -32,96 +32,121 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number]" + error_exit "Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -lt 2 ]; then +if [ "$#" -lt 3 ] || [ "$#" -gt 6 ]; then usage -elif [ $# -eq 2 ]; then +fi + +TARGET="${1}" +shift + +if [ "$#" -eq 2 ]; then _fstab="$@ nullfs ro 0 0" else _fstab="$@" fi bastille_root_check +set_target "${TARGET}" -## assign needed variables +# Assign variables _hostpath=$(echo "${_fstab}" | awk '{print $1}') _jailpath=$(echo "${_fstab}" | awk '{print $2}') _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') -## if any variables are empty, bail out +# Exit if any variables are empty if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then error_notify "FSTAB format not recognized." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -# if host path doesn't exist, type is not "nullfs" or are using advanced mount type "tmpfs,linprocfs,linsysfs, fdescfs, -# procfs" +# Exit if host path doesn't exist, type is not "nullfs", or mount is an advanced mount type "tmpfs,linprocfs,linsysfs,fdescfs,procfs" if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \ { [ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ]; } || \ { [ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ]; } || \ { [ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ]; } || \ { [ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; } then warn "Detected advanced mount type ${_hostpath}" -elif [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then - error_notify "Detected invalid host path or incorrect mount type in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" +elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then + error_notify "Invalid host path or incorrect mount type in FSTAB." + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if mount permissions are not "ro" or "rw" +# Mount permissions need to be "ro" or "rw" if [ "${_perms}" != "ro" ] && [ "${_perms}" != "rw" ]; then error_notify "Detected invalid mount permissions in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi -## if check & pass are not "0 0 - 1 1"; bail out +# Dump and pass need to be "0 0 - 1 1" if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then error_notify "Detected invalid fstab options in FSTAB." - warn "Format: /host/path jail/path nullfs ro 0 0" + warn "Format: /host/path /jail/path nullfs ro 0 0" warn "Read: ${_fstab}" - exit 1 + usage fi for _jail in ${JAILS}; do + info "[${_jail}]:" - ## aggregate variables into FSTAB entry - _fullpath="${bastille_jailsdir}/${_jail}/root/${_jailpath}" + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" - ## Create mount point if it does not exist. -- cwells - if [ ! -d "${_fullpath}" ]; then - if ! mkdir -p "${_fullpath}"; then - error_exit "Failed to create mount point inside jail." - fi + # Check if mount point has already been added + if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + continue fi - ## if entry doesn't exist, add; else show existing entry - if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then - if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to create fstab entry: ${_fstab_entry}" + ## Create mount point if it does not exist + if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then + mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." + elif [ -f "${_hostpath}" ] ; then + _filename="$( basename ${_hostpath} )" + if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi + else + _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + if [ ! -f "${_fullpath}" ]; then + touch "${_fullpath}" || error_continue "Failed to create mount point." + else + error_notify "Failed. File exists at mount point." + warn "${_fullpath}" + continue + fi fi - echo "Added: ${_fstab_entry}" - else - warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" - fi - mount -F "${bastille_jailsdir}/${_jail}/fstab" -a - echo + fi + + # Add entry to fstab and mount + echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" + mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" + echo "Added: ${_fstab_entry}" done From 341db361034cbf05b426cd17b8efe779e6ccffbe Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:31 -0700 Subject: [PATCH 63/91] set_target and error_continue functions --- usr/local/share/bastille/common.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 9940d9e6..7a98d3e9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -56,6 +56,11 @@ error_notify() { echo -e "${COLOR_RED}$*${COLOR_RESET}" 1>&2 } +error_continue() { + error_notify "$@" + continue +} + # Notify message on error and exit error_exit() { error_notify "$@" @@ -118,6 +123,19 @@ EOF fi } +set_target() { + local _TARGET="${1}" + if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + target_all_jails + else + check_target_exists "${_TARGET}" || exit + JAILS="${_TARGET}" + TARGET="${_TARGET}" + export JAILS + export TARGET + fi +} + checkyesno() { ## copied from /etc/rc.subr -- cedwards (20231125) ## issue #368 (lowercase values should be parsed) From 9d254357d0fa03a2e4ec1cd95c7d99db2ab1dde8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:23:56 -0700 Subject: [PATCH 64/91] bugfixes and code cleanup --- usr/local/share/bastille/umount.sh | 50 ++++++++++++++++++------------ 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index dfd57664..b7f61e98 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -32,43 +32,55 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille umount TARGET container_path" + error_exit "Usage: bastille umount TARGET JAIL_PATH" } # Handle special-case commands first. -case "$1" in -help|-h|--help) - usage - ;; +case "${1}" in + help|-h|--help) + usage + ;; esac -if [ $# -ne 1 ]; then +if [ "$#" -ne 2 ]; then usage fi -bastille_root_check +TARGET="${1}" +MOUNT_PATH="${2}" -MOUNT_PATH=$1 +bastille_root_check +set_target "${TARGET}" for _jail in ${JAILS}; do + info "[${_jail}]:" +set -x + _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" + _mount="$( mount | grep -ow ${_jailpath} )" + _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" - _jailpath="${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" - - if [ ! -d "${_jailpath}" ]; then - error_exit "The specified mount point does not exist inside the jail." + # Exit if mount point non-existent + if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then + error_continue "The specified mount point does not exist." fi - # Unmount the volume. -- cwells - if ! umount "${_jailpath}"; then - error_exit "Failed to unmount volume: ${MOUNT_PATH}" + # Unmount + if [ -n "${_mount}" ]; then + umount "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - # Remove the entry from fstab so it is not automounted in the future. -- cwells - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then - error_exit "Failed to delete fstab entry: ${_fstab_entry}" + # Remove entry from fstab + if [ -n "${_fstab_entry}" ]; then + if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" + fi fi + # Delete if mount point was a file + if [ -f "${_jailpath}" ]; then + rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" + fi + echo "Unmounted: ${MOUNT_PATH}" - echo done From a5de4a93ffe3a0fa58b02c72a6a747c531281ccf Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:25:11 -0700 Subject: [PATCH 65/91] move mount and umount to no actions commands --- usr/local/bin/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..efd7a855 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -147,10 +147,10 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|import|list|rdr|restart|setup|start|update|upgrade|verify) +bootstrap|create|destroy|export|import|list|mount|rdr|restart|setup|start|umount|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; -clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rcp|rename|service|stop|sysrc|tags|template|top|umount|zfs) +clone|config|cmd|console|convert|cp|edit|htop|limits|pkg|rcp|rename|service|stop|sysrc|tags|template|top|zfs) # Parse the target and ensure it exists. -- cwells if [ $# -eq 0 ]; then # No target was given, so show the command's help. -- cwells PARAMS='help' From c8a4d74fb699c0937324c310563b997628e762c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:28:55 -0700 Subject: [PATCH 66/91] shellcheck disable 2104 --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 7a98d3e9..235dacbe 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -58,6 +58,8 @@ error_notify() { error_continue() { error_notify "$@" + # Disabling this shellcheck as we only ever call it inside of a loop + # shellcheck disable=SC2104 continue } From d293db2c54dd2f0cb1542f738ea17cb6e5b87c05 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 24 Dec 2024 07:39:26 -0700 Subject: [PATCH 67/91] move help into options block --- usr/local/share/bastille/top.sh | 42 ++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 9a8a6ba2..d787ead2 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -32,17 +32,37 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille top TARGET" + error_exit "Usage: bastille top [options(s)] TARGET" + cat << EOF + Options: + + -f | --force -- Start the jail if it is stopped. + +EOF + exit 1 } -# Handle special-case commands first. -case "${1}" in - help|-h|--help) - usage - ;; -esac +# Handle options. +FORCE=0 +while [ "$#" -gt 0 ]; do + case "${1}" in + -h|--help|help) + usage + ;; + -f|--force) + FORCE=1 + shift + ;; + -*) + error_exit "Unknown option: \"${1}\"" + ;; + *) + break + ;; + esac +done -if [ $# -ne 1 ]; then +if [ "$#" -ne 1 ]; then usage fi @@ -50,7 +70,11 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -check_target_is_running "${TARGET}" || exit +check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then + bastille start "${TARGET}" +else + exit +fi info "[${TARGET}]:" jexec -l "${TARGET}" /usr/bin/top From 54bf9d6d53d0df695d61f31e46a5fb3eb709fc76 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 24 Dec 2024 07:40:02 -0700 Subject: [PATCH 68/91] move help into options block --- usr/local/share/bastille/htop.sh | 55 ++++++++++++++++++++++---------- 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index d9741d15..c706cf17 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -32,15 +32,35 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille htop TARGET" + error_exit "Usage: bastille htop [option(s)] TARGET" + cat << EOF + Options: + + -f | --force -- Start the jail if it is stopped. + +EOF + exit 1 } -# Handle special-case commands first. -case "${1}" in - help|-h|--help) - usage - ;; -esac +# Handle options. +FORCE=0 +while [ "$#" -gt 0 ]; do + case "${1}" in + -h|--help|help) + usage + ;; + -f|--force) + FORCE=1 + shift + ;; + -*) + error_exit "Unknown option: \"${1}\"" + ;; + *) + break + ;; + esac +done if [ $# -ne 1 ]; then usage @@ -50,13 +70,16 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -check_target_is_running "${TARGET}" || exit - -bastille_jail_path=$(/usr/sbin/jls -j "${_jail}" path) -if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - error_notify "htop not found on ${_jail}." -elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - info "[${_jail}]:" - jexec -l ${_jail} /usr/local/bin/htop +check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then + bastille start "${TARGET}" +else + exit +fi + +bastille_jail_path="${bastille_jailsdir}/${TARGET}/root" +if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then + error_notify "htop not found on ${TARGET}." +elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then + info "[${TARGET}]:" + jexec -l ${TARGET} /usr/local/bin/htop fi -echo -e "${COLOR_RESET}" From 0dd2fae1c14e706a2f72bb9137d65a926af67939 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 25 Dec 2024 21:35:14 -0700 Subject: [PATCH 69/91] bugfix for hashed name ending with b --- usr/local/share/bastille/clone.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index acdddae6..6e0365e9 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -126,8 +126,8 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a |ether ${macaddr}a |" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b |ether ${macaddr}b |" "${JAIL_CONFIG}" break fi fi From a6e4902d263321040097693a892ab72aea1d1725 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 26 Dec 2024 08:40:27 -0700 Subject: [PATCH 70/91] Merge changes from previous PR --- usr/local/share/bastille/clone.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 6e0365e9..f26f460a 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -150,15 +150,6 @@ update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" if [ -f "${FSTAB_CONFIG}" ]; then - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9]|-BETA[1-9]|-CURRENT)|([0-9]{1,2}(-stable-build-[0-9]{1,3}|-stable-LAST))|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq) - FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}") - FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" - if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then - # If both variables are set, update as needed - if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" "${FSTAB_CONFIG}"; then - sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}" - fi - fi # Update additional fstab paths with new jail path sed -i '' "s|${bastille_jailsdir}/${TARGET}/root/|${bastille_jailsdir}/${NEWNAME}/root/|" "${FSTAB_CONFIG}" fi From db0f5c5e09997766b67ab9643ebac3f0ac33a277 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 08:16:38 -0700 Subject: [PATCH 71/91] minor tweak --- usr/local/share/bastille/common.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index f6eaedb0..b6001610 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -178,7 +178,7 @@ set_target() { if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then target_all_jails else - check_target_exists "${_TARGET}" || exit + check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS @@ -191,7 +191,7 @@ set_target_single() { if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then error_exit "[all|ALL] not supported with this command." else - check_target_exists "${_TARGET}" || exit + check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS @@ -209,3 +209,4 @@ target_all_jails() { done export JAILS } + From 82a8d5479b2d9be36c94ecf3e1c4e94f86250d68 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 08:17:49 -0700 Subject: [PATCH 72/91] minor tweak --- usr/local/share/bastille/htop.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index c706cf17..10795da1 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -62,7 +62,7 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -ne 1 ]; then +if [ "$#" -ne 1 ]; then usage fi @@ -70,16 +70,18 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" + +info "[${TARGET}]:" check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then bastille start "${TARGET}" -else - exit +else + error_notify "Jail is not running." + error_continue "Use [-f|--force] to force start the jail." fi bastille_jail_path="${bastille_jailsdir}/${TARGET}/root" if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then error_notify "htop not found on ${TARGET}." elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then - info "[${TARGET}]:" jexec -l ${TARGET} /usr/local/bin/htop fi From 9b354c1a2fbdaac7481a34a0809f9a3a87910600 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 08:18:33 -0700 Subject: [PATCH 73/91] minor tweak --- usr/local/share/bastille/top.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index d787ead2..669c1164 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille top [options(s)] TARGET" + error_notify "Usage: bastille top [options(s)] TARGET" cat << EOF Options: @@ -70,12 +70,12 @@ TARGET="${1}" bastille_root_check set_target_single "${TARGET}" -check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then - bastille start "${TARGET}" -else - exit -fi info "[${TARGET}]:" +check_target_is_running "${TARGET}" || if [ "${FORCE}" -eq 1 ]; then + bastille start "${TARGET}" +else + error_notify "Jail is not running." + error_continue "Use [-f|--force] to force start the jail." +fi jexec -l "${TARGET}" /usr/bin/top -echo -e "${COLOR_RESET}" From 30aa0c140804b1d5a170688732a2d39235500d5b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:13:38 -0700 Subject: [PATCH 74/91] better error handling --- usr/local/share/bastille/mount.sh | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 11480edb..aa39cf19 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -50,17 +50,19 @@ TARGET="${1}" shift if [ "$#" -eq 2 ]; then - _fstab="$@ nullfs ro 0 0" + _fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')" else - _fstab="$@" + _fstab="$(echo "$*" | sed 's#\\ #\\040#g')" fi bastille_root_check set_target "${TARGET}" # Assign variables -_hostpath=$(echo "${_fstab}" | awk '{print $1}') -_jailpath=$(echo "${_fstab}" | awk '{print $2}') +_hostpath_fstab=$(echo "${_fstab}" | awk '{print $1}') +_hostpath="$(echo "${_hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" +_jailpath_fstab=$(echo "${_fstab}" | awk '{print $2}') +_jailpath="$(echo "${_jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" _type=$(echo "${_fstab}" | awk '{print $3}') _perms=$(echo "${_fstab}" | awk '{print $4}') _checks=$(echo "${_fstab}" | awk '{print $5" "$6}') @@ -107,17 +109,19 @@ for _jail in ${JAILS}; do info "[${_jail}]:" - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - if grep -Eq "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab"; then + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -E "[[:blank:]]${_fullpath}" "${bastille_jailsdir}/${_jail}/fstab" + grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" continue fi - ## Create mount point if it does not exist + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." elif [ -f "${_hostpath}" ] ; then @@ -132,8 +136,9 @@ for _jail in ${JAILS}; do continue fi else - _fullpath="$( echo ${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename} 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}" + _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" + _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." From 5f8c79d2775bcb11f50ed7734c358463f771f8d3 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:14:04 -0700 Subject: [PATCH 75/91] allow mounting directories with spaces --- usr/local/share/bastille/umount.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index b7f61e98..639d7f03 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -55,10 +55,11 @@ set_target "${TARGET}" for _jail in ${JAILS}; do info "[${_jail}]:" -set -x - _jailpath="$( echo ${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH} 2>/dev/null | sed 's#//#/#' )" - _mount="$( mount | grep -ow ${_jailpath} )" - _fstab_entry="$( cat ${bastille_jailsdir}/${_jail}/fstab | grep -ow ${_jailpath} )" + + _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" + _mount="$( mount | grep -ow "${_jailpath}" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then @@ -72,7 +73,7 @@ set -x # Remove entry from fstab if [ -n "${_fstab_entry}" ]; then - if ! sed -E -i '' "\, +${_jailpath} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then error_continue "Failed to delete fstab entry: ${MOUNT_PATH}" fi fi @@ -82,5 +83,6 @@ set -x rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - echo "Unmounted: ${MOUNT_PATH}" + echo "Unmounted: ${_jailpath}" + done From 3dce542d6bff72384b65d36ad503238fdba93fef Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:15:26 -0700 Subject: [PATCH 76/91] add check_target_exists to common.sh --- usr/local/share/bastille/common.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 5066560f..5d02ba24 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -77,6 +77,15 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +check_target_exists() { + local _TARGET="${1}" + if [ ! -d "${bastille_jailsdir}"/"${_TARGET}" ]; then + return 1 + else + return 0 + fi +} + generate_static_mac() { local jail_name="${1}" local external_interface="${2}" @@ -143,7 +152,7 @@ set_target() { if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then target_all_jails else - check_target_exists "${_TARGET}" || exit + check_target_exists "${_TARGET}" || error_exit "Jail not found \"${_TARGET}\"" JAILS="${_TARGET}" TARGET="${_TARGET}" export JAILS From 67185a5a4205c3f9c22c394deccb7df848afd907 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:33:26 -0700 Subject: [PATCH 77/91] fix for multiple spacing in directiry --- usr/local/share/bastille/mount.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index aa39cf19..817268b8 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -114,7 +114,7 @@ for _jail in ${JAILS}; do _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" # Check if mount point has already been added - _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#')" + _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" @@ -127,7 +127,7 @@ for _jail in ${JAILS}; do elif [ -f "${_hostpath}" ] ; then _filename="$( basename ${_hostpath} )" if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else @@ -138,8 +138,8 @@ for _jail in ${JAILS}; do else _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath_fstab} ${_fullpath} ${_type} ${_perms} ${_checks}" - mkdir -p "$( dirname ${_fullpath} )" || error_continue "Failed to create mount point." + _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" + mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." if [ ! -f "${_fullpath}" ]; then touch "${_fullpath}" || error_continue "Failed to create mount point." else From 08f5a9a755e5569f6f5ee86ee45ef24f5deab11d Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:34:14 -0700 Subject: [PATCH 78/91] fix for multiple spacing --- usr/local/share/bastille/umount.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 639d7f03..ebbb52c5 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -57,8 +57,8 @@ for _jail in ${JAILS}; do info "[${_jail}]:" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" - _mount="$( mount | grep -ow "${_jailpath}" )" - _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#' | sed 's#\\ #\\\\040#g')" + _mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )" + _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')" _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" # Exit if mount point non-existent From 68a808863a1ae0e2c15f852699c903004f14b8fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:56:03 -0700 Subject: [PATCH 79/91] Update docs --- docs/chapters/subcommands/mount.rst | 33 +++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index f7fb0ee3..b4dc38d2 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -6,11 +6,40 @@ To mount storage within the container use `bastille mount`. .. code-block:: shell - ishmael ~ # bastille mount azkaban /storage/foo /media/foo nullfs ro 0 0 + ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 + [azkaban]: + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + +Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. + +It is also possible to mount individual files into a jail as seen below. +Bastille will not mount if a file is already present at the specified mount point. +If you do not specify a file name, bastille will mount the file underneath the specified directory as seen in the second example below. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 + [azkaban]: + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + +It is also possible (but not recommended) to have spaces in the directories that are mounted. +It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. +It is possible to do the same for the jail path, but again, not recommemded. + +.. code-block:: shell + + ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 + [azkaban]: + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo Syntax follows standard `/etc/fstab` format: .. code-block:: shell - Usage: bastille mount TARGET host_path container_path [filesystem_type options dump pass_number] + Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number] From 0ebdb36a878409d3ccd6844c0992a54d238d16b1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 13:59:34 -0700 Subject: [PATCH 80/91] Better docs --- docs/chapters/subcommands/mount.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index b4dc38d2..9add58f0 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -8,10 +8,10 @@ To mount storage within the container use `bastille mount`. ishmael ~ # bastille mount azkaban /storage/foo media/foo nullfs ro 0 0 [azkaban]: - Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo + Added: /media/foo /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 ishmael ~ # bastille mount azkaban /storage/bar /media/bar nullfs ro 0 0 [azkaban]: - Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar + Added: /media/bar /usr/local/bastille/jails/azkaban/root/media/bar nullfs ro 0 0 Notice the JAIL_PATH format can be /media/foo or simply media/bar. The leading slash / is optional. The HOST_PATH howerver, must be the full path including the leading slash /. @@ -23,10 +23,10 @@ If you do not specify a file name, bastille will mount the file underneath the s ishmael ~ # bastille mount azkaban /etc/rc.conf /mnt/etc/rc.conf nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf + Added: /etc/rc.conf /usr/local/bastille/jails/azkaban/root/mnt/etc/rc.conf nullfs ro 0 0 ishmael ~ # bastille mount azkaban /etc/rc.conf /media/bar nullfs ro 0 0 [azkaban]: - Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf + Added: /etc/rc.conf usr/local/bastille/jails/azkaban/root/media/bar/rc.conf nullfs ro 0 0 It is also possible (but not recommended) to have spaces in the directories that are mounted. It is necessary to escape each space with a backslash \ and enclose the mount point in quotes "" as seen below. @@ -36,7 +36,7 @@ It is possible to do the same for the jail path, but again, not recommemded. ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 [azkaban]: - Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo + Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 Syntax follows standard `/etc/fstab` format: From 281fab30e6452cae725d45d6b238923559aad217 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 27 Dec 2024 16:39:33 -0700 Subject: [PATCH 81/91] document unmounting --- docs/chapters/subcommands/umount.rst | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/chapters/subcommands/umount.rst b/docs/chapters/subcommands/umount.rst index f4aaeb49..cdcdabdb 100644 --- a/docs/chapters/subcommands/umount.rst +++ b/docs/chapters/subcommands/umount.rst @@ -8,9 +8,21 @@ To unmount storage from a container use `bastille umount`. ishmael ~ # bastille umount azkaban /media/foo [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo + ishmael ~ # bastille umount azkaban /mnt/etc/rc.conf + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/mnt/etc/rc.conf -Syntax requires only the container path to unmount: +Syntax requires only the jail path to unmount. .. code-block:: shell - Usage: bastille umount TARGET container_path + Usage: bastille umount TARGET JAIL_PATH + +If the directory you are unmounting has spaces, make sure to escape them with a backslash \, and enclode the mount point in quotes "". + +.. code-block:: shell + + ishmael ~ # bastille umount azkaban "/media/foo\ with\ spaces" + [azkaban]: + Unmounted: /usr/local/bastille/jails/jail4/root/media/foo with spaces From 383f968685c92faec8c14bbf755e97fa54ac6ba0 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sun, 29 Dec 2024 10:29:03 -0500 Subject: [PATCH 82/91] Revert "Merge pull request #770 from tschettervictor/patch-7" This reverts commit 649c337055047b41d4e063febcf16a12b1f30a48, reversing changes made to 7d3ca7b21b30150f9b89fb6d5cf42c4abcdd348a. --- usr/local/share/bastille/template.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 7af0419f..53f50bc0 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -188,17 +188,15 @@ case ${TEMPLATE} in ;; */*) if [ ! -d "${bastille_templatesdir}/${TEMPLATE}" ]; then + if [ ! -d ${TEMPLATE} ]; then error_exit "${TEMPLATE} not found." - else + else bastille_template=${TEMPLATE} + fi fi ;; *) - if [ ! -f ${TEMPLATE}/Bastillefile ]; then - error_exit "${TEMPLATE} not found." - else - bastille_template=${TEMPLATE} - fi + error_exit "Template name/URL not recognized." esac if [ -z "${JAILS}" ]; then From cfadb2537e243c19dd4fcc457c574f0015ea3649 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 29 Dec 2024 11:43:35 -0700 Subject: [PATCH 83/91] bugfix for cloneing new mac --- usr/local/share/bastille/clone.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index f26f460a..e11bd701 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -126,8 +126,8 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a |ether ${macaddr}a |" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b |ether ${macaddr}b |" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a\";|ether ${macaddr}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b\";|ether ${macaddr}b\";|" "${JAIL_CONFIG}" break fi fi From 0d5b92c05226b4bbe42fe35913dc0862a69dcbc8 Mon Sep 17 00:00:00 2001 From: Juan David Hurtado G Date: Sun, 29 Dec 2024 15:22:17 -0500 Subject: [PATCH 84/91] Improve bastille.conf handling with user prompt for creation Replaced ineffective default configuration generation logic with a user-interactive prompt. Users can now choose to create the configuration file with default values if it is missing, ensuring better control and clarity. Removed redundant code from the setup script to streamline execution. --- usr/local/bin/bastille | 14 ++++++++++++-- usr/local/share/bastille/setup.sh | 7 ------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index dd9cbb25..98cd52a1 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -32,10 +32,20 @@ PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin . /usr/local/share/bastille/common.sh -## check for config existance +## check for config existence bastille_conf_check() { if [ ! -r "/usr/local/etc/bastille/bastille.conf" ]; then - error_exit "Missing Configuration" + warn "Configuration file not found. Do yu want to create it with default values? [y/N]" + read answer + case "${answer}" in + [Nn][Oo]|[Nn]|"") + error_exit "No configuration file has been generated. Exiting." + ;; + [Yy][Ee][Ss]|[Yy]) + cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf + info "Configuration file has been generated. Continuing with default values" + ;; + esac fi } diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index f6153e5b..b069ea32 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -30,13 +30,6 @@ bastille_config="/usr/local/etc/bastille/bastille.conf" . /usr/local/share/bastille/common.sh - -# TODO: This not going to take effect since Bastille checks the file -# before running this subcommand. We will need to check an strategy. -if [ ! -f "${bastille_config}" ]; then - cp /usr/local/etc/bastille/bastille.conf.sample ${bastille_config} -fi - # shellcheck source=/usr/local/etc/bastille/bastille.conf . ${bastille_config} From d3fd055b67a0ed0de62c01269770f84450683e37 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 30 Dec 2024 12:16:26 -0700 Subject: [PATCH 85/91] more random mac --- usr/local/share/bastille/common.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index ed9e5a6a..316e8718 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -74,8 +74,12 @@ generate_static_mac() { local jail_name="${1}" local external_interface="${2}" local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n "${external_interface}${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then + error_notify "Failed to generate MAC address." + fi macaddr="${macaddr_prefix}:${macaddr_suffix}" + export macaddr } generate_vnet_jail_netblock() { From 3c60a4b26b7db8773e56dc8436aebb096f59efc7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 30 Dec 2024 16:49:34 -0700 Subject: [PATCH 86/91] hash mac of host for prefix --- usr/local/share/bastille/common.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 316e8718..38181b5e 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -73,8 +73,9 @@ warn() { generate_static_mac() { local jail_name="${1}" local external_interface="${2}" - local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local macaddr_suffix="$(echo -n "${external_interface}${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | sed 's#:##g')" + local macaddr_prefix="$(echo -n "${external_interface_mac}" | sha256 | cut -b -6 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n "${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then error_notify "Failed to generate MAC address." fi From 9d7b72743218bc0889a3107b7d17264c350166ec Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 31 Dec 2024 12:27:32 -0700 Subject: [PATCH 87/91] minor fix --- usr/local/share/bastille/mount.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 817268b8..95e84071 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -115,12 +115,13 @@ for _jail in ${JAILS}; do # Check if mount point has already been added _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" - if grep -Eoq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then + if grep -Eq "[[:blank:]]${_existing_mount}.*[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -Eo "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" + grep -E "[[:blank:]]${_existing_mount}" "${bastille_jailsdir}/${_jail}/fstab" continue fi + # Create mount point if it does not exist if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." From 4bc76d5064e81b785ae2a69ba23dd994fbc89c67 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 31 Dec 2024 15:00:12 -0700 Subject: [PATCH 88/91] fix brace --- usr/local/share/bastille/common.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 2d6038f8..006f4a1d 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -205,6 +205,7 @@ target_all_jails() { fi done export JAILS +} checkyesno() { ## copied from /etc/rc.subr -- cedwards (20231125) From fedc7aa60c58a35a7c99d792a1d2b6997d26684e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 31 Dec 2024 15:27:45 -0700 Subject: [PATCH 89/91] Remove message on return 1 --- usr/local/share/bastille/common.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 006f4a1d..da03dc3f 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -92,7 +92,6 @@ check_target_exists() { check_target_is_running() { local _TARGET="${1}" if [ ! "$(/usr/sbin/jls name | awk "/^${_TARGET}$/")" ]; then - error_notify "[${_TARGET}]: Not started. See 'bastille start ${_TARGET}'." return 1 else return 0 @@ -102,7 +101,6 @@ check_target_is_running() { check_target_is_stopped() { local _TARGET="${1}" if [ "$(/usr/sbin/jls name | awk "/^${_TARGET}$/")" ]; then - error_notify "${_TARGET} is running. See 'bastille stop ${_TARGET}'." return 1 else return 0 From 43992f346961b97558ab1259b9887e756b7fce54 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 3 Jan 2025 07:23:46 -0700 Subject: [PATCH 90/91] template: awk remove spaces from multiple blank lines Awk appears to remove multiple adjacent spaces from lines within a template. Adding "-F '[ ]'" makes sure field splitting is done on every space, thus preserving them. #400 --- usr/local/share/bastille/template.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index aad4e88a..2f12219f 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -281,7 +281,7 @@ for _jail in ${JAILS}; do # First word converted to lowercase is the Bastille command. -- cwells _cmd=$(echo "${_line}" | awk '{print tolower($1);}') # Rest of the line with "arg" variables replaced will be the arguments. -- cwells - _args=$(echo "${_line}" | awk '{$1=""; sub(/^ */, ""); print;}' | eval "sed ${ARG_REPLACEMENTS}") + _args=$(echo "${_line}" | awk -F '[ ]' '{$1=""; sub(/^ */, ""); print;}' | eval "sed ${ARG_REPLACEMENTS}") # Apply overrides for commands/aliases and arguments. -- cwells case $_cmd in From 6a3fbf2aeb3cf742b977759c13658a42633b20b9 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sat, 4 Jan 2025 10:31:11 -0700 Subject: [PATCH 91/91] Revert "Update template.sh - bugfix for cmd" --- usr/local/share/bastille/template.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index aad4e88a..53f50bc0 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -299,7 +299,7 @@ for _jail in ${JAILS}; do # Escape single-quotes in the command being executed. -- cwells _args=$(echo "${_args}" | sed "s/'/'\\\\''/g") # Allow redirection within the jail. -- cwells - _args="sh -c \"${_args}\"" + _args="sh -c '${_args}'" ;; cp|copy) _cmd='cp'