Bastille has evolved over the years from a small collection of personal shell scripts into a secure container automation toolkit used on hardware ranging from the tiny Raspberry Pi to powerful servers in the Data Center and Cloud.
The early scripts were informed by concepts used in ezjail and iocage, both
FreeBSD innovations during their time. Bastille would not exist if it were not
for those that came before. Thank you.
Many of the automation concepts in Bastille come from lessons learned over a
decade as a SaltStack contributor and FreeBSDs sysutils/py-salt package
maintainer (now retired).
These automation concepts evolved into the Bastillefile template system and
then into our sister project, Rocinante in 2021.
Bastille integrates security concepts taken from real-world experience and industry best practices.
Combining these security and automation best practices with FreeBSD’s production tested solution and you have Bastille.
Over the past seven years Bastille has seen improvements from open-source contributors around the world, making it more robust, more mature and better able to handle a wide range of use cases.
To everyone that has contributed to Bastille, thank you!
CONTRIBUTORS
Christer Edwards
Software doesn’t happen in a vacuum. Thank you to the following people who may not be found in the commit history but have influenced Bastille’s development in some way.
Bastille has seen contributions from the following places (locations are self-reported):
BastilleBSD version 0.14.20250420 introduces several new features and improvements, alongside important bug fixes.
Features and Improvements:
Key new features include options for startup delays between jails, support for custom releases and user-based configurations, and the introduction of auto and debug modes for various subcommands. Users can now specify multiple targets, utilize ZFS options for jail creation, and configure VLAN settings for VNET jails. The release also brings new functions for destroy and a new network subcommand, allowing the addition or removal of multiple interfaces in jails. Improvements include allowing inheritng ip/hostname as IP options, a new style for cloning, and robust error handling that prevents deletion of jail content if creation fails.
Fixes:
Bug fixes address issues such as epair numbering, incorrect binary
location for htop, variable name inconsistencies, log update problems for
limits, and issues with JSON listing and jail IP listing. Problems with
variables in rdr commands have also been resolved.
See the full release notes for details.
BastilleBSD version 0.13.20250126 introduces new subcommands and various improvements, along with important bug fixes.
Features and Improvements:
New features include the beta version of etcupdate, the jcp subcommand for copying files and directories between jails, and autocomplete functionality for jail names. Improvements have been made to top/htop with updated auto-mode and documentation. The update command now includes -d and -f options for release and thick jail updates. Other improvements cover bridge epair naming for longer characters, a typo fix in the clone usage block, and enhancements to the console subcommand.
Fixes:
Several bug fixes have been implemented, addressing issues such as “grep: no such file” errors in list, regex problems for the fstab hook in mount, and ensuring that mount allows [ro|rw|rq|sw|xx] as available mount options. The release also includes refactoring for static MAC options in create and deprecates RELEASE upgrade in favor of fixes for thick/thin jail upgrades. Additionally, documentation for config.rst has been created.
See the full release notes for details.
BastilleBSD version 0.12.20250111 brings new features, various improvements, and essential bug fixes.
Features and Improvements:
New features include the integration of Shellcheck with a GitHub action to run it, and added support for static MAC addresses along with fixes for cloning VNET jails. Improvements focus on enhanced bastille.conf handling, prompting users for its creation, and refining template awk to remove spaces from blank lines. The destroy.sh script now prevents the destruction of jails with mounted file systems, and mounting with options behind permissions is now allowed. Additionally, there’s an ongoing refactoring effort to move functions to common.sh, specifically for top and htop.
Fixes:
Bug fixes in this release address pfctl errors when no rules are returned, alignment problems when listing jails with multiple IP addresses, and pfctl invocation issues when NAT is not in use, with the IP variable being changed to ip4. Critical mount/umount issues have been resolved, and all mount points are now correctly adjusted during renaming. The release also fixes the matching of valueless parameters in configurations, ensures list correctly prints JID instead of JAILNAME, and includes fixes for new shell checks.
See the full release notes for details.
Bastille 0.12.20241124 is a maintenance release that focuses on several fixes and improvements.
Improvements:
This release includes an update to the .gitignore file and the BASTILLE_VERSION string. Documentation for bastille_zfs_prefix has been added, and Shellcheck has been set up. The documentation now clearly states that –xz is for ZFS systems, and warnings regarding the deprecation of the bastille0 option have been updated.
Fixes:
Key fixes address an issue with bastille_zfs_prefix carried over from the previous release, and a change in loopback creation within setup.sh.
See the full release notes for details.
Bastille 0.11.20241022 is a release focused on addressing various fixes and implementing a key improvement.
Improvements:
A notable improvement in this version is the adjustment of devfs_ruleset to ensure compatibility with hierarchical jails.
Fixes:
This release includes several fixes, such as updates to the Bastille rc script to properly handle jail closes, a correction for a spelling mistake, and accurate checking of ZFS on/off status. The check_fib() call has been restored, and errors in setup.sh and bootstrap.sh were resolved through diff patches. Additionally, rcorder startup issues have been fixed, cp and rcp commands now correctly handle the quiet option, and bastille_zfs_prefix is now properly utilized to work with pools other than ‘zroot’.
See the full release notes for details.
Bastille 0.10.20231125 introduces significant features and improvements, alongside several important fixes.
Features and Improvements:
This release adds support for bootstrapping and testing FreeBSD BETA and RC branches, and extends support for bootstrapping End-of-Life (EOL) releases all the way back to FreeBSD 9.0-RELEASE. The Bastille startup script now supports an alternative startup/shutdown ordering of jails using rcorder. A new rcp sub-command is included for reverse-copying files from containers back to the host. For new containers, osrelease = ${RELEASE}; is now set in jail.conf, ensuring uname -r reports the correct FreeBSD release version for the jail. Bastille now supports combining create options, and the setup process populates an /etc/devfs.rules file for VNET jails. The codebase now uses a standard checkyesno function for testing. Additionally, the documentation has been upgraded with examples for iocage migration, notes on container MOTD and .hushlogin, examples for compiling ports, the official container upgrade/downgrade process, and details on bootstrapping EOL FreeBSD releases.
Fixes:
Key fixes address issues such as correcting JID instead of jail name in list printouts, rectifying generated interface names in rc.conf for VNET jails, ensuring configure_zfs() properly returns the status of the zfs module, and applying a fix for recent EOL support patches. Readthedocs build information has also been corrected.
See the full release notes for details.
Bastille version 0.10.20231013 brings a range of significant improvements and new features.
Features and Improvements:
This release introduces Dual Stack Networking, enabling the creation of containers with both IPv4 and IPv6 stacks, along with added DHCP support. A new bastille setup command automates initial configuration for firewall settings, networking, and ZFS storage. Linux container support is extended to include Ubuntu Jammy (22.04) and Debian 12 “Bookworm,” while support for Debian 9 “Stretch” has been dropped. The tags sub-command is introduced for tagging containers, and the pkg sub-command can now leverage the host’s package manager. Other enhancements include improved version tracking for source code installations and updates to the documentation.
See the full release notes for details.
Bastille Day 2022 release (version 0.9.20220714) includes five months of community contributions, focusing on fixes and improvements across various aspects, including IPv6 support, documentation, and VNET.
Features and Improvements:
This release introduces the JAIL_IP6 variable for accessing ip6.addr in templates and extends RDR to support logging. It now permits outgoing network connections during the stop action and allows bastille cmd to be used on Linux jails.
Fixes:
Key fixes in this version include improved IPv6 support, resolution of non-unique epair creation when using VNET, and enabling Linux jails to properly see their mount points. Documentation tables have been repaired, and incorrect descriptions have been fixed. Additionally, the release prevents the creation of cache/RELEASE directories on Linux jails and corrects an inconsistency where the text mentioned defining an OVERLAY but the example used CP.
See the full release notes for details.
BastilleBSD version 0.9.20220216 introduces several new features, notable improvements, and important fixes.
Features and Improvements:
Key additions include support for ZFS clone jails, which can be created using the bastille create -C command. The bastille list release command now has a -p option to include point releases in the list. This version also enables the import of iocage basejails as Bastille thin jails and adds bootstrap support for aarch64/arm64 Debian/Ubuntu.
Fixes:
Several issues have been addressed, including a regression in VNET creation and the prevention of double directory creation when bootstrapping Linux. An issue that prevented 32-bit base releases from being updated has been fixed. Additionally, Linux jail name entries are now updated upon jail renaming, and fstab paths have been corrected to reflect the new jail path.
See the full release notes for details.
Bastille 0.9.20211225 is a significant release bringing experimental Linux support, enhanced VNET capabilities, and various other improvements and fixes.
Features and Improvements:
This version introduces experimental support for Debian 11 “Bullseye,” 10 “Buster,” 9 “Stretch,” and Ubuntu 18.04 “Bionic” and 20.04 “Focal.” The CMD and PKG sub-commands now support these Linux releases, enabling initial template usage with Linux containers. The pkg subcommand transparently uses apt for Ubuntu and Debian containers, with optional support for the host’s package manager. CMD now returns exit codes for individual and all jails, ensuring a non-zero exit code if any jail encounters an error. Bastille will now use the host’s timezone unless specified otherwise in bastille.conf. VNET improvements include more options, support for attaching VNET containers to existing bridge interfaces using the create -B option, and interface descriptions that include the container name. Template improvements mean bastille verify now recursively verifies all templates in an INCLUDE chain, and templates can now be updated using bastille update.
Fixes:
Several issues have been addressed, including fixes for Linux jail creation, ensuring the bastille cmd exit code is respected, and resolving an overloaded variable in the mount command. The image path for the ZFS support screenshot was corrected, along with a documentation conflict (with docutils v0.18) and issue #403. Additionally, update_fstab() in clone.sh was fixed, a hotfix was applied for the VNET interface description patch, and an accidental jail name in a run test was corrected.
See the full release notes for details.
Bastille Day 2021 release introduces several new features and important fixes.
Features:
This release brings initial support for Ubuntu 18.04 and 20.04, along with support for the NO_COLOR environment variable. Preliminary support for MidnightBSD has been added. The list command has been extended to display the Up/Down state, Published Ports, and container release.
Fixes:
Key fixes include the CP sub-command now supporting the quiet (-q) option, improvements to the import and export commands, a fix to properly use the jailed root environment for CMD, and a fix addressing a BSD grep change in FreeBSD 13.0.
See the full release notes for details.
Bastille 0.8.20210115 is a bug-fix release addressing issues found in the New Years release.
Improvements:
This release includes associated code cleanup. Users are advised to merge these changes into their bastille.conf file.
Fixes:
The primary fixes ensure that rdr persists by default, and that empty jails are prevented from starting by default.
See the full release notes for details.
Bastille 0.8.20210101 marks a version increment from 0.7.x to 0.8.x, bringing a range of new features, significant improvements, and numerous bug fixes, along with a change to the bastille.conf file.
Features and Improvements:
This release introduces fully native Bastille templates, automatically applied to new containers. Default templates now include base, empty, thick, thin, and vnet. Bastille now supports bootstrapping 13-CURRENT releases for development and allows bootstrapping and running 32-bit (i386) containers on 64-bit (amd64) hosts. Templates now support dynamic variable definition (Template ARGS), and a new config sub-command allows getting or setting values in jail.conf. A bastille template –convert tool is included to generate a Bastillefile from existing legacy hook files. New and upgraded documents include iocage migration example, notes regarding container MOTD, uname and the use of .hushlogin, examples on how to compile ports inside containers, documented the “official” container upgrade/downgrade process, bootstrap EOL releases of FreeBSD (>=9.0-RELEASE).
Fixes:
Numerous bug fixes are included, such as resolving rctl limits, logging rctl events to /var/log/messages, respecting exec.fib in the bastille console command, and supporting 32-bit bootstrap on 64-bit hosts. The release addresses a bug in Makefile installation, an overlay hook in Bastillefile, and improves Bastillefile support for mount|fstab and copy|cp. Template verification now supports Bastillefile, and rdr rules are now persistent between restarts. Other fixes include correcting the limits sub-command argument check, improving template failure reporting, fixing a bootstrap + update regression, and creating global error functions. Improvements were also made to upgrading thick jails and template error reporting, and pf documentation now properly supports multi-IP hosts.
See the full release notes for details.
Bastille version 0.7.20200714 marks the project’s maturation from 0.6.x to 0.7.x, incorporating ongoing testing and bug fixes to enhance its capabilities for diverse use-cases.
Features and Improvements:
This release introduces the Bastillefile, a new template syntax that offers more flexible automation by allowing template hooks to be used in any order. An experimental empty container feature is included, enabling users to create Linux containers. New mount and umount sub-commands allow for dynamic addition and removal of storage from containers. The template sub-command now utilizes native sub-commands for automation execution. Additionally, the bastille.conf file now describes the bootstrap_archives options.
Fixes:
Key bug fixes include bastille_logsdir now pointing to /var/log/bastille for new jails. A Vagrantfile has been added to the repository for quick testing. Improvements were made to fstab entry deduplication and full path validation, along with general code cleanup and formatting.
See the full release notes for details.
Bastille 0.6.20200414 is primarily a bug-fix release addressing various reported issues. The release notes extend gratitude to all who contributed bug reports and fixes.
Improvements:
This release includes general whitespace cleanup and formatting improvements within the documentation.
Fixes:
Key fixes address the VNET DHCP hook, updating it from “DHCP” to “SYNCDHCP.” The SERVICE hook has been updated to remove extra quotes, and the ports Makefile has been adjusted to prevent clobbering the configuration. Other fixes include correcting the path to the default timezone (Etc/UTC), resolving route auto-detection in VNET, and fixing pf reload issues on non-loopback containers.
See the full release notes for details.
Bastille 0.6.20200412 introduces several new features and key improvements.
Features and Improvements:
This release brings significant new features, including VNET and IPv6 support. Users can now manually edit container configuration files using bastille edit TARGET and rename containers with bastille rename TARGET new-name. The ability to import container archives from iocage or ezjail is introduced via bastille import (iocage|ezjail), and containers can now be cloned using bastille clone TARGET. Improvements in this version include enhanced HardenedBSD bootstrap, a more robust bastille import ARCHIVE process, and an expanded man page for better documentation.
See the full release notes for details.
Bastille version 0.6.20200202, known as “Groundhog Day,” introduces several significant new features, improvements, and important bug fixes. Bastille is an open-source system designed for automating the deployment and management of containerized applications on FreeBSD.
New Features: This release adds Import & Export functionality, allowing containers to be exported into compressed archives for backup or deployment. The Convert feature is introduced, enabling the conversion of “thin” containers to “thick” containers. Rdr now supports dynamic rules for redirecting host ports to container ports, and Limits provides initial support for dynamically setting resource controls on containers.
Improvements:
The FSTAB Template Hook now allows auto-mounting directories from the host into containers in read-only or read-write modes. Template Validation is enhanced with the verify sub-command, which parses template files and displays a read-only overview of actions. The update sub-command can now be used on “thick” containers, simplifying their upgrade process. Minor improvements were made to the targeting capability of the start and stop commands. The list command now supports JSON output. The create sub-command sees improvements in tests and validation, and the bootstrap sub-command performs additional checks on storage and network configurations to ensure a working state.
Fixes:
A bug in the console sub-command that could cause a user to become “stuck” when trying to log in as a non-existent user has been fixed. Additionally, Bastille now installs a man page for built-in documentation.
See the full release notes for details.
BastilleBSD’s Thanksgiving 2019 release (version 0.5.20191128) is a minor bug-fix release focused on improving container reliability and network configurations.
Improvements:
This release enhances the reliability of containers utilizing loopback-based networking. It also incorporates safeguards against invalid network configurations and includes minor cosmetic improvements. Public documentation has been updated to reflect new methods for firewall configuration.
Fixes:
The release includes a change to the pf.conf firewall configuration to avoid a previously reported issue and ensure firewall state is retained. Users are advised to update their firewall settings according to the provided steps.
See the full release notes for details.
BastilleBSD’s 0.5.20191125 release introduces new features, improvements, and fixes for reported issues.
Features and Improvements:
This release introduces support for read-write containers using the -T|–thick option with the create sub-command, allowing containers to manage their FreeBSD version independently. Template testing has been enhanced, with automation templates moved to GitLab to leverage automated CI/CD testing, and pipeline status now displayed in each template’s README. template.sh boasts more verbose output and stricter testing, stopping if any part exits with a non-zero status and displaying the exit code during template application. bootstrap.sh now includes an update argument, enabling release updates during bootstrapping. The BastilleBSD project has also been updated to reflect this release.
Bug Fixes:
Key bug fixes address an issue with creating 12.1-RELEASE containers and correct the mistaken copying of usr/obj and usr/test to the wrong path. Improvements were made to the jail.conf generation template, and release filtering and validation code has been cleaned up. Template output is now silent when no template is found, and documentation has been updated to avoid pf.conf inconsistency. Lastly, BastilleBSD documentation has been updated.
See the full release notes for details.
BastilleBSD version 0.4.20191025 introduces new features and addresses fixes to existing components.
Features:
This release adds support for FreeBSD 11.3-RELEASE, 12.1-RC1, 12.1-RC2, and 12.1-RELEASE. Users now have the option to assign a network interface during jail creation, with Bastille defaulting to the config file if left empty. NIC and IP validation have been improved. The ability to destroy regex-matching base releases has been added (though cached content remains unaffected), and validation for ZFS parameters has been implemented.
Fixes:
Key fixes include improvements to jail and releases output listing, prevention of double distfile.txz file extraction on bootstrap, and correction of missing subsequent directory creation for cache/-RELEASE and releases/-RELEASE. This version also addresses chflags removal and ensures proper jail/release directory deletion if they exist. Additionally, minor code fixes have been applied.
See the full release notes for details.
BastilleBSD release version 0.4.20190714 includes several new features and improvements.
Features and Improvements:
This update now supports the optional ip@interface syntax during bastille create. The template system has been enhanced to support INCLUDE (a line-delimited list of template URLs) and SERVICE template hooks, which execute /usr/sbin/service within the jail. The /usr/local/bastille directory now has permissions set to 0750 to restrict access for unprivileged users. The CONFIG template hook has been renamed to OVERLAY but remains supported for backward compatibility.
Additionally, the update includes a check for uid=0 for all Bastille commands. Internal usage documentation has been updated with the latest sub-commands, and sub-command file validation now occurs before execution. Network bootstrapping is supported with new configuration values, and there’s support for listing jails, templates, logs, and releases. The firewall is only reloaded on start/stop if loopback networking is used. Finally, ZFS sub-command additions include get, set, and snapshot.
See the full release notes for details.
BastilleBSD’s 0.4.2019062202 release is a minor but suggested patch focusing on ZFS attribute control.
Features and Improvements: This update introduces a new zfs.sh sub-command for BastilleBSD, which provides control over ZFS attributes.
Fixes: No specific fixes are detailed in this release summary.
See the full release notes for details.
BastilleBSD 0.3.20190522 release focuses on initial support for HardenedBSD as a platform.
Features and Improvements:
This release includes initial functional testing of the bootstrap and create functions. Users can now configure default nameservers and default timezones, and add custom DNS options.
Unsupported Functions:
The update, upgrade, and verify functions are not yet supported for HardenedBSD releases in this version.
See the full release notes for details.
BastilleBSD 0.3.20181113 release focuses on the introduction of working templates.
Features: This release adds support for basic templates in Bastille, enabling more streamlined container management.
Improvements and Fixes: No specific improvements or fixes are detailed in this summary. Users are advised to consult the README file for more details.
See the full release notes for details.