integrate latest PRs

usr/local/share/bastille/destroy.sh

@@ -60,6 +60,12 @@ destroy_jail() {
     fi
 
     if [ -d "${bastille_jail_base}" ]; then
+	    ## make sure no filesystem is currently mounted in the jail directory
+        mount_points="$(mount | cut -d ' ' -f 3 | grep "${bastille_jail_base}"/root/)"
+        if [ "$?" -eq 0 ]; then
+            error_notify "Failed to destroy jail: ${TARGET}"
+            error_exit "Jail has mounted filesystems:\n$mount_points"
+        fi
         info "Deleting Jail: ${TARGET}."
         if checkyesno bastille_zfs_enable; then
             if [ -n "${bastille_zfs_zpool}" ]; then

usr/local/share/bastille/mount.sh

@@ -83,7 +83,7 @@ if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \
     warn "Detected advanced mount type ${_hostpath}"
 elif [ ! -d "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
     error_notify "Detected invalid host path or incorrect mount type in FSTAB."
-    warn "Format: /host/path jail/path nullfs ro 0 0"
+    warn "Format: /host/path /jail/path nullfs ro 0 0"
     warn "Read: ${_fstab}"
     exit 1
 fi
@@ -108,7 +108,7 @@ for _jail in ${JAILS}; do
     info "[${_jail}]:"
 
     ## aggregate variables into FSTAB entry
-    _fullpath="${bastille_jailsdir}${_jail}/root/${_jailpath}"
+    _fullpath="${bastille_jailsdir}/${_jail}/root${_jailpath}"
     _fstab_entry="${_hostpath} ${_fullpath} ${_type} ${_perms} ${_checks}"
 
     ## Create mount point if it does not exist. -- cwells
@@ -119,15 +119,15 @@ for _jail in ${JAILS}; do
     fi
 
     ## if entry doesn't exist, add; else show existing entry
-    if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}${_jail}/fstab" 2> /dev/null; then
-        if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}${_jail}/fstab"; then
+    if ! egrep -q "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab" 2> /dev/null; then
+        if ! echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab"; then
             error_exit "Failed to create fstab entry: ${_fstab_entry}"
         fi
         echo "Added: ${_fstab_entry}"
     else
-        warn "Mountpoint already present in ${bastille_jailsdir}${_jail}/fstab"
-        egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}${_jail}/fstab"
+        warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab"
+        egrep "[[:blank:]]${_fullpath}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"
     fi
-    mount -F "${bastille_jailsdir}${_jail}/fstab" -a
+    mount -F "${bastille_jailsdir}/${_jail}/fstab" -a
     echo
 done

usr/local/share/bastille/start.sh

@@ -63,14 +63,14 @@ for _jail in ${JAILS}; do
     fi
 
     ## warn if matching configured (but not online) ip4.addr, ignore if there's no ip4.addr entry
-    _ip="$(bastille config "${_jail}" get ip4.addr)"
-    if [ "${_ip}" != "not set" ]; then
-        if ifconfig | grep -wF "${_ip}" >/dev/null; then
-            error_notify "Error: IP address (${_ip}) already in use."
+    _ip4="$(bastille config "${_jail}" get ip4.addr)"
+    if [ "${_ip4}" != "not set" ]; then
+        if ifconfig | grep -wF "${_ip4}" >/dev/null; then
+            error_notify "Error: IP address (${_ip4}) already in use."
             continue
         fi
         ## add ip4.addr to firewall table
-        pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
+        pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip4}"
     fi
 
     ## start the container

usr/local/share/bastille/stop.sh

@@ -54,13 +54,11 @@ set_target "${TARGET}"
 for _jail in ${JAILS}; do
     check_target_is_running "${_jail}" || continue
     ## Capture ip4.addr address while still running
-    if [ "$(bastille config "${_jail}" get ip4.addr)" != "not set" ]; then
-        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
-    fi
+    _ip4="$(bastille config ${_jail} get ip4.addr)"
 
     # Check if pfctl is present
     # Do not invoke pfctl if no ip4.addr found
-    if [ -n "${_ip}" ]; then
+    if [ "${_ip4}" != "not set" ]; then
         if which -s pfctl; then
             if [ "$(bastille rdr ${_jail} list)" ]; then
                 bastille rdr ${_jail} clear
@@ -80,9 +78,9 @@ for _jail in ${JAILS}; do
     jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
 
     ## remove (captured above) ip4.addr from firewall table
-    if [ -n "${bastille_network_loopback}" ] && [ ! -z "${_ip}" ]; then
+    if [ -n "${bastille_network_loopback}" ] && [ "${_ip4}" != "not set" ]; then
         if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
-            pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+            pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip4}"
         fi
     fi
 done

usr/local/share/bastille/template.sh

@@ -198,7 +198,11 @@ case ${TEMPLATE} in
         fi
         ;;
     *)
-        error_exit "Template name/URL not recognized."
+        if [ ! -f ${TEMPLATE}/Bastillefile ]; then
+            error_exit "${TEMPLATE} not found."
+        else
+            bastille_template=${TEMPLATE}
+        fi
 esac
 
 if [ -z "${JAILS}" ]; then
@@ -301,7 +305,7 @@ for _jail in ${JAILS}; do
                     # Escape single-quotes in the command being executed. -- cwells
                     _args=$(echo "${_args}" | sed "s/'/'\\\\''/g")
                     # Allow redirection within the jail. -- cwells
-                    _args="sh -c ${_args}"
+                    _args="sh -c \"${_args}\""
                     ;;
                 cp|copy)
                     _cmd='cp'

usr/local/share/bastille/umount.sh

@@ -54,7 +54,7 @@ set_target "${TARGET}"
 
 for _jail in ${JAILS}; do
     info "[${_jail}]:"
-    _jailpath="${bastille_jailsdir}${_jail}/root${MOUNT_PATH}"
+    _jailpath="${bastille_jailsdir}/${_jail}/root${MOUNT_PATH}"
 
     if [ ! -d "${_jailpath}" ]; then
         error_exit "The specified mount point does not exist inside the jail."