Commit | Line | Data |
---|---|---|
fd0f20e1 MW |
1 | #! /bin/sh -e |
2 | ### | |
3 | ### Make a build tree private to the invoking user. Also, make a `/private' | |
4 | ### directory in the chroot which is exclusive to the creating user. | |
5 | ||
6 | ## Make sure everything is good. | |
7 | case $1 in setup-start) ;; *) exit 0 ;; esac | |
8 | case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac | |
9 | case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac | |
10 | case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac | |
11 | case $CHROOT_MOUNT_LOCATION in | |
12 | "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;; | |
13 | esac | |
14 | ||
15 | ## Make the directory private to the invoking user's group. This is a | |
16 | ## somewhat troublesome compromise between keeping the chroot tree private | |
17 | ## from other system users on the one hand, and maintaining system security | |
18 | ## on the other. | |
19 | ## | |
20 | ## This assumes that the device root directory's permissions are already | |
21 | ## restricted to privileged users only. | |
22 | cd $CHROOT_MOUNT_LOCATION | |
23 | chown root:$AUTH_RGROUP . | |
24 | chmod 750 . | |
25 | ||
26 | ## Make an actually-private place for temporary things to be stored. | |
27 | mkdir -p $CHROOT_PATH/private | |
28 | mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \ | |
29 | private $CHROOT_PATH/private |