Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-25 05:10:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #643 from draga79/master

Browse Source 
Adjust devfs_ruleset for hierarchical jails compatibility
This commit is contained in:
Juan David Hurtado G
2024-07-14 09:00:54 -05:00
committed by GitHub
parent 9f2cf6651b 7750a1b927
commit 9aeb0ea10c
1 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
usr/local/share/bastille/create.sh
View File

@@ -165,10 +165,15 @@ EOF
}
generate_jail_conf() {
if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
devfs_ruleset_value=0
else
devfs_ruleset_value=4
fi
cat << EOF > "${bastille_jail_conf}"
${NAME} {
devfs_ruleset = 4;
enforce_statfs = 2;
devfs_ruleset = ${devfs_ruleset_value};
exec.clean;
exec.consolelog = ${bastille_jail_log};
exec.start = '/bin/sh /etc/rc';
@@ -189,12 +194,17 @@ EOF
}
generate_linux_jail_conf() {
if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
devfs_ruleset_value=0
else
devfs_ruleset_value=4
fi
cat << EOF > "${bastille_jail_conf}"
${NAME} {
host.hostname = ${NAME};
mount.fstab = ${bastille_jail_fstab};
path = ${bastille_jail_path};
devfs_ruleset = 4;
devfs_ruleset = ${devfs_ruleset_value};
enforce_statfs = 1;
exec.start = '/bin/true';
@@ -212,11 +222,16 @@ EOF
}
generate_vnet_jail_conf() {
if [ "$(sysctl -n security.jail.jailed)" -eq 1 ]; then
devfs_ruleset_value=0
else
devfs_ruleset_value=13
fi
NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}")
cat << EOF > "${bastille_jail_conf}"
${NAME} {
devfs_ruleset = 13;
enforce_statfs = 2;
devfs_ruleset = ${devfs_ruleset_value};
exec.clean;
exec.consolelog = ${bastille_jail_log};
exec.start = '/bin/sh /etc/rc';