mdw@git.distorted.org.uk Git - distorted-chroot/blob - etc/schroot-scripts/11private

   1 #! /bin/sh -e
   2 ###
   3 ### Make build trees private to the invoking group
   4 ###
   5 ### (c) 2018 Mark Wooding
   6 ###
   7
   8 ###----- Licensing notice ---------------------------------------------------
   9 ###
  10 ### This file is part of the distorted.org.uk chroot maintenance tools.
  11 ###
  12 ### distorted-chroot is free software: you can redistribute it and/or
  13 ### modify it under the terms of the GNU General Public License as
  14 ### published by the Free Software Foundation; either version 2 of the
  15 ### License, or (at your option) any later version.
  16 ###
  17 ### distorted-chroot is distributed in the hope that it will be useful,
  18 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
  19 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  20 ### General Public License for more details.
  21 ###
  22 ### You should have received a copy of the GNU General Public License
  23 ### along with distorted-chroot.  If not, write to the Free Software
  24 ### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
  25 ### USA.
  26
  27 ### Make a build tree private to the invoking user.  Also, make a `/private'
  28 ### directory in the chroot which is exclusive to the creating user.
  29
  30 ## Make sure everything is good.
  31 case $1 in setup-start) ;; *) exit 0 ;; esac
  32 case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac
  33 case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac
  34 case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac
  35 case $CHROOT_MOUNT_LOCATION in
  36   "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;;
  37 esac
  38
  39 ## Make the directory private to the invoking user's group.  This is a
  40 ## somewhat troublesome compromise between keeping the chroot tree private
  41 ## from other system users on the one hand, and maintaining system security
  42 ## on the other.
  43 ##
  44 ## This assumes that the device root directory's permissions are already
  45 ## restricted to privileged users only.
  46 cd $CHROOT_MOUNT_LOCATION
  47 chown root:$AUTH_RGROUP .
  48 chmod 750 .
  49
  50 ## Make an actually-private place for temporary things to be stored.
  51 mkdir -p $CHROOT_PATH/private
  52 mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \
  53   private $CHROOT_PATH/private