Commit | Line | Data |
---|---|---|
3e5b03e2 MW |
1 | #! /bin/sh -e |
2 | ### | |
3 | ### Make build trees private to the invoking group | |
4 | ### | |
5 | ### (c) 2018 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This file is part of the distorted.org.uk chroot maintenance tools. | |
11 | ### | |
12 | ### distorted-chroot is free software: you can redistribute it and/or | |
13 | ### modify it under the terms of the GNU General Public License as | |
14 | ### published by the Free Software Foundation; either version 2 of the | |
15 | ### License, or (at your option) any later version. | |
16 | ### | |
17 | ### distorted-chroot is distributed in the hope that it will be useful, | |
18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
20 | ### General Public License for more details. | |
21 | ### | |
22 | ### You should have received a copy of the GNU General Public License | |
23 | ### along with distorted-chroot. If not, write to the Free Software | |
24 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
25 | ### USA. | |
26 | ||
27 | ### Make a build tree private to the invoking user. Also, make a `/private' | |
28 | ### directory in the chroot which is exclusive to the creating user. | |
29 | ||
30 | ## Make sure everything is good. | |
31 | case $1 in setup-start) ;; *) exit 0 ;; esac | |
32 | case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac | |
33 | case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac | |
34 | case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac | |
35 | case $CHROOT_MOUNT_LOCATION in | |
36 | "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;; | |
37 | esac | |
38 | ||
39 | ## Make the directory private to the invoking user's group. This is a | |
40 | ## somewhat troublesome compromise between keeping the chroot tree private | |
41 | ## from other system users on the one hand, and maintaining system security | |
42 | ## on the other. | |
43 | ## | |
44 | ## This assumes that the device root directory's permissions are already | |
45 | ## restricted to privileged users only. | |
46 | cd $CHROOT_MOUNT_LOCATION | |
47 | chown root:$AUTH_RGROUP . | |
48 | chmod 750 . | |
49 | ||
50 | ## Make an actually-private place for temporary things to be stored. | |
51 | mkdir -p $CHROOT_PATH/private | |
52 | mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \ | |
53 | private $CHROOT_PATH/private |