OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
419 Commits
1 Branch
0 Tags
34 MiB
 
 
 
 
 
 
Tree: 1288a4f971
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1288a4f971'
${ noResults }
rocklinux/misc/jailing/jail-functions

185 lines
4.7 KiB
Raw Blame History

jail_lib_needed() {
### $1 dirtree to search for +x files (usually $jail)
### $2 lib list file to add needed libs to
tmplib=`mktemp`
cp $2 $tmplib
# Using ldd is not perfect (as I learned from Clifford) but
# it's simple, usually works and extra libs and bins can be
# hand added in specific_postmake
find $1 -perm +111 -type f -exec ldd {} \; | grep -v 'not' | \
grep -v "$1" | cut -d' ' -f3 >> $tmplib
# Always needed
echo /lib/libnss_files.so.2 >> $tmplib
echo /lib/libnss_dns.so.2 >> $tmplib
# Sorting to remove duplications (very high)
sort -u $tmplib > $2
rm -f $tmplib
unset tmplib
}
jail_create() {
### Pseudo 00-dirtree
# Path for external binaries
[ -a $root/$jail/bin ] || mkdir -p $root/$jail/bin
# Path for external libraries
[ -a $root/$jail/lib ] || mkdir -p $root/$jail/lib
[ -a $root/$jail/etc ] || mkdir -p $root/$jail/etc
[ -a $root/$jail/var ] || mkdir -p $root/$jail/var
[ -a $root/$jail/tmp ] || mkdir -p $root/$jail/tmp
chmod 1777 $root/$jail/tmp
[ -a $root/$jail/dev ] || mkdir -p $root/$jail/dev
[ -a $root/$jail/dev/null ] || mknod -m 666 $root/$jail/dev/null c 1 3
[ -a $root/$jail/dev/random ] || mknod -m 444 $root/$jail/dev/random c 1 8
[ -a $root/$jail/dev/urandom ] || mknod -m 444 $root/$jail/dev/urandom c 1 9
[ -a $root/$docdir ] || mkdir -p $root/$docdir
### END Pseudo 00-dirtree
### Make some base etc configuration if not already present
if [ ! -f $root/$jail/etc/ld.so.conf ] ; then
cat <<- EOT > $root/$jail/etc/ld.so.conf
/lib
/usr/lib
EOT
fi
if [ ! -f $root/$jail/etc/nsswitch.conf ] ; then
cat <<- EOT > $root/$jail/etc/nsswitch.conf
passwd: files
group: files
shadow: files
hosts: files dns
EOT
fi
### END Make some base etc configuration
}
jail_copy_needed_libs() {
### Copy needed libs in $root/$jail/lib if not already present
tmp=`mktemp`
jail_lib_needed $root/$jail $tmp
if [ "$ROCKCFG_JAILING_LIBSAFE" = 1 -a \
"$pkg_libsafe_support" = 1 ] ; then
echo "/lib/libsafe.so.2" >> $tmp
grep "/lib/libsafe.so.2" $root/$jail/etc/ld.so.preload > \
/dev/null 2>&1 || echo "/lib/libsafe.so.2" >> \
$root/$jail/etc/ld.so.preload
fi
for x in `grep -v $jail $tmp` ; do
[ -f $root/$jail/lib/${x##*/} ] || cp -vf $x $root/$jail/lib
done
rm -f $tmp
unset tmp x
ldconfig -r $root/$jail
### END Copy needed libs
}
# Ensure given users are present in jail and if not add them
# needed groups are added too.
jail_ensure_users() {
if [ "$jail" ] ; then
for user_name in "$@" ; do
if ! grep "^$user_name:" $root/$jail/etc/passwd \
> /dev/null 2>&1 ; then
# Add group to jail
grep "^$user_name:" /etc/passwd >> \
$root/$jail/etc/passwd || true
jail_ensure_gids `grep "^$user_name:" /etc/passwd | cut -d":" -f4`
fi
done
fi
unset user_name
}
# Ensure given groups gid are present in jail and if not add them.
jail_ensure_groups() {
if [ "$jail" ] ; then
for group_name in "$@" ; do
if ! grep "^$group_name:" $root/$jail/etc/group \
> /dev/null 2>&1 ; then
# Add group to jail
grep "^$group_name:" /etc/group >> \
$root/$jail/etc/group || true
fi
done
fi
unset group_name
}
# Ensure given groups gid are present in jail and if not add them.
jail_ensure_gids() {
if [ "$jail" ] ; then
for gid in "$@" ; do
if ! grep ":$gid:" $root/$jail/etc/group \
> /dev/null 2>&1 ; then
# Add group to jail
grep ":$gid:" /etc/group >> \
$root/$jail/etc/group || true
fi
done
fi
unset gid
}
# This function sets the 'confopt' and some other variables.
#
jail_set_confopt() {
bindir="$root/$jail/usr/bin"
sbindir="$root/$jail/usr/sbin"
libdir="$root/$jail/usr/lib"
docdir="$root/$jail/usr/doc/$pkg"
datadir="$root/$jail/usr/share"
infodir="$root/$jail/usr/info"
mandir="$root/$jail/usr/man"
sysconfdir="$root/$jail/etc"
localstatedir="$root/$jail/var"
if [ "$destvar" ] ; then
prefix=/usr
else
prefix="$root/$jail/usr"
fi
confopt="--prefix=$root/$prefix"
confopt="$confopt --bindir=$prefix/bin"
confopt="$confopt --sbindir=$prefix/sbin"
confopt="$confopt --libdir=$prefix/lib"
confopt="$confopt --datadir=$prefix/share"
confopt="$confopt --infodir=$prefix/info"
confopt="$confopt --mandir=$prefix/man"
confopt="$confopt --sysconfdir=${prefix%/usr}/etc"
confopt="$confopt --localstatedir=${prefix%/usr}/var"
if [ "$ROCKCFG_CONFIGURE_OPTS" ] ; then
confopt="$confopt $ROCKCFG_CONFIGURE_OPTS"
fi
if [ "$ROCKCFG_STRIP" != 0 ] ; then
confopt="$confopt --disable-debug"
else
confopt="$confopt --enable-debug"
fi
if [ "$stagelevel" -le 1 -o "$ROCKCFG_DISABLE_NLS" = 1 ] ; then
confopt="${confopt//--enable-nls/} --disable-nls"
fi
confopt="$confopt \$extraconfopt"
confopt="$confopt --build=\$arch_build --host=\$arch_target"
}