| 1 | #! /bin/sh -e |
| 2 | ### |
| 3 | ### Make build trees private to the invoking group |
| 4 | ### |
| 5 | ### (c) 2018 Mark Wooding |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This file is part of the distorted.org.uk chroot maintenance tools. |
| 11 | ### |
| 12 | ### distorted-chroot is free software: you can redistribute it and/or |
| 13 | ### modify it under the terms of the GNU General Public License as |
| 14 | ### published by the Free Software Foundation; either version 2 of the |
| 15 | ### License, or (at your option) any later version. |
| 16 | ### |
| 17 | ### distorted-chroot is distributed in the hope that it will be useful, |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 20 | ### General Public License for more details. |
| 21 | ### |
| 22 | ### You should have received a copy of the GNU General Public License |
| 23 | ### along with distorted-chroot. If not, write to the Free Software |
| 24 | ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
| 25 | ### USA. |
| 26 | |
| 27 | ### Make a build tree private to the invoking user. Also, make a `/private' |
| 28 | ### directory in the chroot which is exclusive to the creating user. |
| 29 | |
| 30 | ## Make sure everything is good. |
| 31 | case $1 in setup-start) ;; *) exit 0 ;; esac |
| 32 | case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac |
| 33 | case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac |
| 34 | case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac |
| 35 | case $CHROOT_MOUNT_LOCATION in |
| 36 | "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;; |
| 37 | esac |
| 38 | |
| 39 | ## Make the directory private to the invoking user's group. This is a |
| 40 | ## somewhat troublesome compromise between keeping the chroot tree private |
| 41 | ## from other system users on the one hand, and maintaining system security |
| 42 | ## on the other. |
| 43 | ## |
| 44 | ## This assumes that the device root directory's permissions are already |
| 45 | ## restricted to privileged users only. |
| 46 | cd $CHROOT_MOUNT_LOCATION |
| 47 | chown root:$AUTH_RGROUP . |
| 48 | chmod 750 . |
| 49 | |
| 50 | ## Make an actually-private place for temporary things to be stored. |
| 51 | mkdir -p $CHROOT_PATH/private |
| 52 | mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \ |
| 53 | private $CHROOT_PATH/private |