Merge branch 'master' into multiple-interfaces

AUTHORS.md

@@ -28,6 +28,7 @@ Christer Edwards [christer.edwards@gmail.com]
 - Niketh Murali
 - Eric Borisch
 - Kevet Duncombe
+- Victor Tschetter
 
 ### Special thanks
 Software doesn't happen in a vacuum. Thank you to the following people who may

README.md

@@ -62,20 +62,21 @@ Available Commands:
   config      Get or set a config value for the targeted container(s).
   console     Console into a running container.
   convert     Convert a Thin container into a Thick container.
-  cp          cp(1) files from host to targeted container(s).
+  cp          cp(1) files from host or container to host or targeted container(s).
   create      Create a new thin container or a thick container if -T|--thick option specified.
   destroy     Destroy a stopped container or a FreeBSD release.
   edit        Edit container configuration files (advanced).
   export      Exports a specified container.
   help        Help about any command.
   htop        Interactive process viewer (requires htop).
   import      Import a specified container.
+  jcp         cp(1) files from a jail to jail(s).
   limits      Apply resources limits to targeted container(s). See rctl(8).
   list        List containers (running).
   mount       Mount a volume inside the targeted container(s).
   pkg         Manipulate binary packages within targeted container(s). See pkg(8).
+  rcp         cp(1) files from a jail to host.
   rdr         Redirect host port to container port.
-  rcp         reverse cp(1) files from a single container to the host.
   rename      Rename a container.
   restart     Restart a running container.
   service     Manage services within targeted container(s).
@@ -97,7 +98,7 @@ Use "bastille command -h|--help" for more information about a command.
 
 ```
 
-## 0.12-beta
+## 0.13-beta
 This document outlines the basic usage of the Bastille container management
 framework. This release is still considered beta.
 

docs/chapters/installation.rst

@@ -4,7 +4,7 @@ Bastille is available in the official FreeBSD ports tree at
 `sysutils/bastille`. Binary packages available in `quarterly` and `latest`
 repositories.
 
-Current version is `0.12.20250111`.
+Current version is `0.13.20250126`.
 
 To install from the FreeBSD package repository:
 

docs/chapters/subcommands/config.rst

@@ -0,0 +1,32 @@
+=======
+config
+=======
+
+Gets or sets properties for a target container.
+
+.. code-block:: shell
+
+  Usage: bastille config TARGET get|set propertyName [newValue]
+
+Getting a property that *is* defined in jail.conf:
+
+.. code-block:: shell
+
+  ishmael ~ # bastille config azkaban get ip4.addr
+  192.168.2.23
+
+Getting a property that *is not* defined in jail.conf
+
+.. code-block:: shell
+
+  ishmael ~ # bastille config azkaban get notaproperty
+  not set
+
+Setting a property:
+
+.. code-block:: shell
+
+  ishmael ~ # bastille config azkaban set ip4.addr 192.168.2.24
+  A restart is required for the changes to be applied. See 'bastille restart azkaban'.
+
+The restart message will appear every time a property is set.

docs/chapters/subcommands/console.rst

@@ -2,15 +2,33 @@
 console
 =======
 
-This sub-command launches a login shell into the container. Default is password-less
-root login.
+This sub-command launches a login shell into the container. Default is password-less root login.
 
 .. code-block:: shell
 
   ishmael ~ # bastille console folsom
   [folsom]:
   root@folsom:~ #
 
+TARGET can also be a running jails JID value.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille list
+   JID  IP Address      Hostname                      Path
+     1  10.1.2.3        ishmael                       /usr/local/bastille/jails/ishmael/root
+  ishmael ~ # bastille console 1
+  [ishmael]:
+  root@ishmael:~ #
+
 At this point you are logged in to the container and have full shell access.  The
 system is yours to use and/or abuse as you like. Any changes made inside the
 container are limited to the container.
+
+.. code-block:: shell
+
+  "Usage: bastille console [option(s)] TARGET [user]"
+  Options:
+
+    -a | --auto           Auto mode. Start/stop jail(s) if required.
+    -x | --debug          Enable debug mode.

docs/chapters/subcommands/cp.rst

@@ -2,21 +2,31 @@
 cp
 ==
 
-This command allows efficiently copying files from host to container(s).
+This command allows copying files from host to jail(s).
 
 .. code-block:: shell
 
-  ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf
+  ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf /etc/resolv.conf
   [bastion]:
-
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/bastion/root/etc/resolv.conf
   [unbound0]:
-
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound0/root/etc/resolv.conf
   [unbound1]:
-
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound1/root/etc/resolv.conf
   [squid]:
-
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/squid/root/etc/resolv.conf
   [nginx]:
-
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/nginx/root/etc/resolv.conf
   [folsom]:
+  /tmp/resolv.conf-cf -> /usr/local/bastille/jails/folsom/root/etc/resolv.conf
 
 Unless you see errors reported in the output the `cp` was successful.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille cp help
+  Usage: bastille cp [option(s)] TARGET HOST_PATH JAIL_PATH
+    Options:
+
+    -q | --quiet          Suppress output.
+    -x | --debug          Enable debug mode.

docs/chapters/subcommands/htop.rst

@@ -2,8 +2,8 @@
 htop
 ====
 
-This one runs `htop` inside the container.
-note: won't work if you don't have htop installed in the container.
+This command runs `htop` in the targeted jail.
+Requires htop to be installed in the jail.
 
 
 .. image:: ../../images/htop.png

docs/chapters/subcommands/jcp.rst

@@ -0,0 +1,30 @@
+===
+jcp
+===
+
+This command allows copying files from jail to jail(s).
+
+.. code-block:: shell
+
+  ishmael ~ # bastille jcp bastion /tmp/resolv.conf-cf ALL /etc/resolv.conf
+  [unbound0]:
+  /usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound0/root/etc/resolv.conf
+  [unbound1]:
+  /usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/unbound1/root/etc/resolv.conf
+  [squid]:
+  /usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/squid/root/etc/resolv.conf
+  [nginx]:
+  /usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/nginx/root/etc/resolv.conf
+  [folsom]:
+  /usr/local/bastille/jails/bastion/root/tmp/resolv.conf-cf -> /usr/local/bastille/jails/folsom/root/etc/resolv.conf
+
+Unless you see errors reported in the output the `jcp` was successful.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille jcp help
+  Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH
+    Options:
+
+    -q | --quiet          Suppress output.
+    -x | --debug          Enable debug mode.

docs/chapters/subcommands/mount.rst

@@ -10,7 +10,7 @@ Syntax follows standard `/etc/fstab` format:
 
   Usage: bastille mount TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]
 
-The 'options' string can include a comma-separated list of mount options, but must start with 'ro' or 'rw'.
+The 'options' string can include a comma-separated list of mount options, but must include one of (rw,ro,rq,sw,xx) according to fstab documentation.
 
 Example: Mount a tmpfs filesystem with options.
 .. code-block:: shell

docs/chapters/subcommands/rcp.rst

@@ -0,0 +1,22 @@
+===
+rcp
+===
+
+This command allows copying files from jail to host.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille rcp bastion /test/testfile.txt /tmp/testfile.txt
+  [bastion]:
+  /usr/local/bastille/jails/bastion/root/test/testfile.txt -> /tmp/testfile.txt
+
+Unless you see errors reported in the output the `rcp` was successful.
+
+.. code-block:: shell
+
+  ishmael ~ # bastille rcp help
+  Usage: bastille rcp [option(s)] TARGET JAIL_PATH HOST_PATH
+    Options:
+
+    -q | --quiet          Suppress output.
+    -x | --debug          Enable debug mode.

docs/chapters/subcommands/top.rst

@@ -2,7 +2,7 @@
 top
 ===
 
-This one runs `top` in that container.
+This command runs `top` in the targeted jail.
 
 
 .. image:: ../../images/top.png

docs/conf.py

@@ -12,9 +12,9 @@
 author = 'Christer Edwards'
 
 # The short X.Y version
-version = '0.12.20250111'
+version = '0.13.20250126'
 # The full version, including alpha/beta/rc tags
-release = '0.12.20250111-beta'
+release = '0.13.20250126-beta'
 
 
 # -- General configuration ---------------------------------------------------

usr/local/share/bastille/console.sh

@@ -34,30 +34,70 @@
 . /usr/local/etc/bastille/bastille.conf
 
 usage() {
-    error_exit "Usage: bastille console TARGET [user]"
+    error_notify "Usage: bastille console [option(s)] TARGET [user]"
+    cat << EOF
+    Options:
+
+    -a | --auto           Auto mode. Start/stop jail(s) if required.
+    -x | --debug          Enable debug mode.
+
+EOF
+    exit 1
 }
 
-# Handle special-case commands first.
-case "$1" in
-help|-h|--help)
-    usage
-    ;;
-esac
+# Handle options.
+AUTO=0
+while [ "$#" -gt 0 ]; do
+    case "${1}" in
+        -h|--help|help)
+            usage
+            ;;
+        -a|--auto)
+            AUTO=1
+            shift
+            ;;
+        -x|--debug)
+            enable_debug
+            shift
+            ;;
+        -*)
+            for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
+                case ${_opt} in
+                    x) enable_debug ;;
+                    a) AUTO=1 ;;
+                    *) error_exit "Unknown Option: \"${1}\"" ;; 
+                esac
+            done
+            shift
+            ;;
+        *)
+            break
+            ;;
+    esac
+done
 
-if [ $# -gt 1 ]; then
+if [ "$#" -lt 1 ] || [ "$#" -gt 2 ]; then
     usage
 fi
 
-bastille_root_check
+TARGET="${1}"
+USER="${2}"
 
-USER="${1}"
+bastille_root_check
+set_target_single "${TARGET}"
+check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
+    bastille start "${TARGET}"
+else
+    error_notify "Jail is not running."
+    error_exit "Use [-a|--auto] to auto-start the jail."
+fi
 
 validate_user() {
-    if jexec -l "${_jail}" id "${USER}" >/dev/null 2>&1; then
-        USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
+    if jexec -l "${TARGET}" id "${USER}" >/dev/null 2>&1; then
+        USER_SHELL="$(jexec -l "${TARGET}" getent passwd "${USER}" | cut -d: -f7)"
         if [ -n "${USER_SHELL}" ]; then
-            if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
-                jexec -l "${_jail}" $LOGIN -f "${USER}"
+            if jexec -l "${TARGET}" grep -qwF "${USER_SHELL}" /etc/shells; then
+                jexec -l "${TARGET}" $LOGIN -f "${USER}"
             else
                 echo "Invalid shell for user ${USER}"
             fi
@@ -70,23 +110,20 @@ validate_user() {
 }
 
 check_fib() {
-    fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
+    fib=$(grep 'exec.fib' "${bastille_jailsdir}/${TARGET}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
         if [ -n "${fib}" ]; then
             _setfib="setfib -F ${fib}"
         else
             _setfib=""
         fi
 }
 
-for _jail in ${JAILS}; do
-    info "[${_jail}]:"
-    LOGIN="$(jexec -l "${_jail}" which login)"
-    if [ -n "${USER}" ]; then
-        validate_user
-    else
-        check_fib
-        LOGIN="$(jexec -l "${_jail}" which login)"
-        ${_setfib} jexec -l "${_jail}" $LOGIN -f root
-    fi
-    echo
-done
+info "[${TARGET}]:"
+LOGIN="$(jexec -l "${TARGET}" which login)"
+if [ -n "${USER}" ]; then
+    validate_user
+else
+    check_fib
+    LOGIN="$(jexec -l "${TARGET}" which login)"
+    ${_setfib} jexec -l "${TARGET}" $LOGIN -f root
+fi