~mdw / distorted-chroot / blame
| Commit | Line | Data |
|---|---|---|
| 3e5b03e2 MW |
1 | #! /bin/sh -e |
| 2 | ### | |
| 3 | ### Make build trees private to the invoking group | |
| 4 | ### | |
| 5 | ### (c) 2018 Mark Wooding | |
| 6 | ### | |
| 7 | ||
| 8 | ###----- Licensing notice --------------------------------------------------- | |
| 9 | ### | |
| 10 | ### This file is part of the distorted.org.uk chroot maintenance tools. | |
| 11 | ### | |
| 12 | ### distorted-chroot is free software: you can redistribute it and/or | |
| 13 | ### modify it under the terms of the GNU General Public License as | |
| 14 | ### published by the Free Software Foundation; either version 2 of the | |
| 15 | ### License, or (at your option) any later version. | |
| 16 | ### | |
| 17 | ### distorted-chroot is distributed in the hope that it will be useful, | |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 20 | ### General Public License for more details. | |
| 21 | ### | |
| 22 | ### You should have received a copy of the GNU General Public License | |
| 23 | ### along with distorted-chroot. If not, write to the Free Software | |
| 24 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
| 25 | ### USA. | |
| 26 | ||
| 27 | ### Make a build tree private to the invoking user. Also, make a `/private' | |
| 28 | ### directory in the chroot which is exclusive to the creating user. | |
| 29 | ||
| 30 | ## Make sure everything is good. | |
| 31 | case $1 in setup-start) ;; *) exit 0 ;; esac | |
| 32 | case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac | |
| 33 | case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac | |
| 34 | case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac | |
| 35 | case $CHROOT_MOUNT_LOCATION in | |
| 36 | "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;; | |
| 37 | esac | |
| 38 | ||
| 39 | ## Make the directory private to the invoking user's group. This is a | |
| 40 | ## somewhat troublesome compromise between keeping the chroot tree private | |
| 41 | ## from other system users on the one hand, and maintaining system security | |
| 42 | ## on the other. | |
| 43 | ## | |
| 44 | ## This assumes that the device root directory's permissions are already | |
| 45 | ## restricted to privileged users only. | |
| 46 | cd $CHROOT_MOUNT_LOCATION | |
| 47 | chown root:$AUTH_RGROUP . | |
| 48 | chmod 750 . | |
| 49 | ||
| 50 | ## Make an actually-private place for temporary things to be stored. | |
| 51 | mkdir -p $CHROOT_PATH/private | |
| 52 | mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \ | |
| 53 | private $CHROOT_PATH/private |