blob: bd8bd5dd01bb9bc7dde6492f10833414d800a2af (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/bin/bash
homejail=/home/bocajail
[ "$1" != "" ] && homejail=$1
echo "================================================================================="
echo "============= CREATING $homejail (this might take some time) ==============="
echo "================================================================================="
for i in setquota ln id chown chmod dirname useradd mkdir cp rm mv apt-get dpkg uname debootstrap schroot; do
p=`which $i`
if [ -x "$p" ]; then
echo -n ""
else
echo command "$i" not found
exit 1
fi
done
if [ "`id -u`" != "0" ]; then
echo "Must be run as root"
exit 1
fi
if [ ! -r /etc/lsb-release ]; then
echo "File /etc/lsb-release not found. Is this a ubuntu or debian-like distro?"
echo "If so, execute the command"
echo ""
echo "DISTRIB_CODENAME=WXYZ > /etc/lsb-release"
echo ""
echo "to save the release name to that file (replace WXYZ with your distro codename)"
exit 1
fi
. /etc/lsb-release
if [ -d /bocajail/ ]; then
echo "You seem to have already a /bocajail installed"
echo "If you want to reinstall, remove it first (e.g. rm /bocajail) and then run /etc/icpc/createbocajail.sh"
exit 1
fi
if [ -f $homejail/proc/cpuinfo ]; then
echo "You seem to have already installed /bocajail and the /bocajail/proc seems to be mounted"
chroot $homejail umount /sys >/dev/nul 2>/dev/null
chroot $homejail umount /proc >/dev/nul 2>/dev/null
echo "Please reboot the system to remove such mounted point"
exit 1
fi
id -u bocajail >/dev/null 2>/dev/null
if [ $? != 0 ]; then
useradd -m -s /bin/bash -d $homejail -g users bocajail
if [ -d /etc/gdm ]; then
echo -e "[greeter]\nExclude=bocajail,nobody\n" >> /etc/gdm/custom.conf
fi
sleep 1
else
echo "user bocajail already exists"
echo "if you want to proceed, first remove it (e.g. userdel bocajail) and then run /etc/icpc/createbocajail.sh"
exit 1
fi
setquota -u bocajail 0 500000 0 10000 -a
rm -rf /bocajail
mkdir -p $homejail/tmp
chmod 1777 $homejail/tmp
ln -s $homejail /bocajail
[ -x /usr/bin/safeexec ] && cp -a /usr/bin/safeexec /bocajail/usr/bin/
#for i in usr lib var bin sbin etc dev; do
# [ -d $homejail/$i ] && rm -rf $homejail/$i
# cp -ar /$i $homejail
#done
#rm -rf $homejail/var/lib/postgres*
#rm -rf $homejail/var/www/*
#mkdir -p $homejail/proc
#mkdir -p $homejail/sys
uname -m | grep -q 64
if [ $? == 0 ]; then
archt=amd64
else
archt=i386
fi
cat <<FIM > /etc/schroot/chroot.d/bocajail.conf
[bocajail]
description=Jail
location=$homejail
directory=$homejail
root-users=root
type=directory
users=bocajail,nobody,root
FIM
#debootstrap --arch $archt $DISTRIB_CODENAME $homejail
debootstrap $DISTRIB_CODENAME $homejail
if [ $? != 0 ]; then
echo "bocajail failed to debootstrap"
exit 1
else
schroot -l | grep -q bocajail
if [ $? == 0 ]; then
echo "bocajail successfully installed at $homejail"
else
echo "*** some error has caused bocajail not to install properly -- I will try it again with different parameters"
grep -v "^location" /etc/schroot/chroot.d/bocajail.conf > /tmp/.boca.tmp
mv /tmp/.boca.tmp /etc/schroot/chroot.d/bocajail.conf
debootstrap $DISTRIB_CODENAME $homejail
schroot -l | grep -q bocajail
if [ $? == 0 ]; then
echo "*** bocajail successfully installed at $homejail"
else
echo "*** bocajail failed to install"
exit 1
fi
fi
fi
echo "*** Populating $homejail"
cat <<EOF > /home/bocajail/tmp/populate.sh
#!/bin/bash
mount -t proc proc /proc
apt-get -y update
apt-get -y install g++ gcc libstdc++6 sharutils default-jdk default-jre
umount /proc
EOF
cp -f /etc/apt/sources.list $homejail/etc/apt/
chmod 755 /home/bocajail/tmp/populate.sh
cd / ; chroot $homejail /tmp/populate.sh
|
