#! /bin/sh -e
###
### Make build trees private to the invoking group
###
### (c) 2018 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk chroot maintenance tools.
###
### distorted-chroot is free software: you can redistribute it and/or
### modify it under the terms of the GNU General Public License as
### published by the Free Software Foundation; either version 2 of the
### License, or (at your option) any later version.
###
### distorted-chroot is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
### General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-chroot.  If not, write to the Free Software
### Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
### USA.

### Make a build tree private to the invoking user.  Also, make a `/private'
### directory in the chroot which is exclusive to the creating user.

## Make sure everything is good.
case $1 in setup-start) ;; *) exit 0 ;; esac
case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac
case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac
case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac
case $CHROOT_MOUNT_LOCATION in
  "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;;
esac

## Make the directory private to the invoking user's group.  This is a
## somewhat troublesome compromise between keeping the chroot tree private
## from other system users on the one hand, and maintaining system security
## on the other.
##
## This assumes that the device root directory's permissions are already
## restricted to privileged users only.
cd $CHROOT_MOUNT_LOCATION
chown root:$AUTH_RGROUP .
chmod 750 .

## Make an actually-private place for temporary things to be stored.
mkdir -p $CHROOT_PATH/private
mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \
  private $CHROOT_PATH/private