~mdw / distorted-chroot / blame
| Commit | Line | Data |
|---|---|---|
| fd0f20e1 MW |
1 | #! /bin/sh -e |
| 2 | ### | |
| 3 | ### Make a build tree private to the invoking user. Also, make a `/private' | |
| 4 | ### directory in the chroot which is exclusive to the creating user. | |
| 5 | ||
| 6 | ## Make sure everything is good. | |
| 7 | case $1 in setup-start) ;; *) exit 0 ;; esac | |
| 8 | case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac | |
| 9 | case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac | |
| 10 | case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac | |
| 11 | case $CHROOT_MOUNT_LOCATION in | |
| 12 | "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;; | |
| 13 | esac | |
| 14 | ||
| 15 | ## Make the directory private to the invoking user's group. This is a | |
| 16 | ## somewhat troublesome compromise between keeping the chroot tree private | |
| 17 | ## from other system users on the one hand, and maintaining system security | |
| 18 | ## on the other. | |
| 19 | ## | |
| 20 | ## This assumes that the device root directory's permissions are already | |
| 21 | ## restricted to privileged users only. | |
| 22 | cd $CHROOT_MOUNT_LOCATION | |
| 23 | chown root:$AUTH_RGROUP . | |
| 24 | chmod 750 . | |
| 25 | ||
| 26 | ## Make an actually-private place for temporary things to be stored. | |
| 27 | mkdir -p $CHROOT_PATH/private | |
| 28 | mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \ | |
| 29 | private $CHROOT_PATH/private |