Allows to copy files from a single jail back to the host.
Usuful when building jails ad-hoc, to get back to the host files you create directly inside the jail.
This is still WIP / PoC and would require documentation changes, opening PR to
gather feedback as this is a first-time contribution.
Important changes:
- instead of relying on 0.0.0.0 to signal DHCP, we now support passing "DHCP" in
the IP parameter.
- we also support "SLAAC" as a value for the IP parameter, which enables
accepting route advertisement
- fixed an oddity in the way the gateway was being handled for IPv6 (in certain
cases it was being passed as the GATEWAY template parameter
- allow passing multiple values to the IP parameter, this would work as a quoted
parameter
- that means that, e.g. bastille create -V test 13.0-RELEASE "SLAAC DHCP" wan is
possible and creates a dual-stack jail
- passing both DHCP, SLAAC and fixed IPs is also possible, but only one IP per
protocol number is supported; last one wins
jail.conf has a few tricky things about it's format (such as supporting
variable expansion) so it is easiest to get jail to do the parsing for us.
The changes to get required changes to set as well as we no longer are calling
grep so that became a single awk script as well.
Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running
`mountpoint /proc`
While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory.
Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible.
PF allows us to log rdr rules. The syntax to enable this is found in
pf.conf under the syntax grammar section for rdr-rule.
This commit extends Bastille's command line interface to allow users
to choose to log their rdr rules using the pf.conf syntax -
``````````````````````````````````````````````````````
tcp|udp host_port jail_port [log ['(' logopts ')'] ]
``````````````````````````````````````````````````````
Here, the syntax after jail_port is optional. This is sufficient to
provide backwards compatibility. The keyword 'log' enables logging with
the default options. The user can also provide custom options -
logopts - whose the syntax and allowed keywords are defined in pf.conf.
It's left to the user to supply correct logopts as the code does not
verify those values or their syntax.
