#! /bin/sh -e
###
### Make a build tree private to the invoking user.  Also, make a `/private'
### directory in the chroot which is exclusive to the creating user.

## Make sure everything is good.
case $1 in setup-start) ;; *) exit 0 ;; esac
case $CHROOT_SESSION_PURGE in true) ;; *) exit 0 ;; esac
case $CHROOT_PROFILE in sbuild | scratchbox) ;; *) exit 0 ;; esac
case $CHROOT_TYPE in *-snapshot) ;; *) exit 0 ;; esac
case $CHROOT_MOUNT_LOCATION in
  "" | /) echo >&2 "$0: not clobbering root dir"; exit 127 ;;
esac

## Make the directory private to the invoking user's group.  This is a
## somewhat troublesome compromise between keeping the chroot tree private
## from other system users on the one hand, and maintaining system security
## on the other.
##
## This assumes that the device root directory's permissions are already
## restricted to privileged users only.
cd $CHROOT_MOUNT_LOCATION
chown root:$AUTH_RGROUP .
chmod 750 .

## Make an actually-private place for temporary things to be stored.
mkdir -p $CHROOT_PATH/private
mount -ttmpfs -omode=700,uid=$AUTH_RUID,gid=$AUTH_RGID \
  private $CHROOT_PATH/private