This release is dedicated to everyone around the world quarantined by the COVID-19 pandemic.
"We really need to apologize to 2019 for the things we said about it." -- Everyone in 2020
- bastille edit TARGET
- bastille rename TARGET new-name
- bastille import (iocage|ezjail)
- bastille clone TARGET
- HardenedBSD bootstrap improvements
- bastille import ARCHIVE
- man page expanded
Bastille now supports VNET containers in both static and DHCP configurations. VNET is achieved by connecting the host's external interface and container virtual interface(s) to a virtual switch (bridge). When creating a VNET container the interface argument refers to the host interface to be added to the virtual switch along with the container's interface.
bastille create -V folsom 12.1-RELEASE 10.17.89.13/24 em0
In the above example the "folsom" container will use 12.1-RELEASE and assign 10.17.89.13/24 as a static assignment to the container's vnet0 interface. The other end of the container's epair interface will be added to an "em0bridge" interface along with em0.
To configure the container to use DHCP instead of a static assignment use the address 0.0.0.0. When this is used Bastille will trigger DHCP active for that container's interface.
Using the new -V option is supported alongside the existing -T (thick).
bastille create -T -V folsom 12.1-RELEASE 10.17.89.13/24 em0
The create sub-command now supports: [-V|-T|--vnet|--thick|vnet|thick].
VNET requires the addition (or creation) of /etc/devfs.rules (NOT .conf!). Use the following example ruleset if you require VNET.
[bastille_vnet=13] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add include $devfsrules_jail add path 'bpf*' unhide
Bastille now supports IPV6 addresses in addition to IPv4. An IPV6 container is created using the same syntax but using an IPV6 address instead.
bastille create folsom 12.1-RELEASE fd29:e90c:3a81:9a9a::13
This release introduces a new edit sub-command allowing you to manually edit container configuration files. This feature is suggested for intermediate to advanced users. It is fully possible to break your containers if you're unfamiliar with these configurations.
By default the edit sub-command requires a target container and will open the jail.conf using vi. If you'd prefer to use a different editor simply set a variable EDITOR=foo (ie; vim, etc). Lastly, optional arguments include additional container configuration files such as fstab, rctl.conf.
export EDITOR=vim (define in .bashrc or equivalent to persist)
bastille edit TARGET (jail.conf by default)
bastille edit TARGET fstab
bastille edit TARGET rctl.conf
In the first half of the 0.6 series we included the ability to import and export containers. It quickly became apparent that we should include a simple method of renaming containers.
bastille rename TARGET new-name
Bastille now supports importing container archives exported from iocage or ezjail. These archives can be placed in the bastille/backups directory or passed as a final argument to the import command.
bastille import filename.ext
bastille import /path/to/filename.ext
The import command supports importing from other Bastille systems, iocage and/or ezjail automatically.
Cloning containers is now possible allowing you to build once using template automation and clone copies of the finished build.
bootstrap improvements for HardenedBSD
import improvements for ZFS imports
import improvements for foreign imports (eg; iocage and ezjail)