mount PWD into chroot for config files
This commit is contained in:
		
							parent
							
								
									8d755d41e0
								
							
						
					
					
						commit
						0dbd8a01ff
					
				| @ -1,14 +1,28 @@ | |||||||
| #!/bin/bash | #!/bin/bash | ||||||
| set -e | set -e | ||||||
| 
 | 
 | ||||||
| # runs copyparty in a chroot | # runs copyparty (or any other python script really) in a chroot | ||||||
| # | # | ||||||
| # assumption: all items within the following directories are owned by root | # assumption: these directories, and everything within, are owned by root | ||||||
| sysdirs=(bin lib lib32 lib64 sbin usr) | sysdirs=(bin lib lib32 lib64 sbin usr) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | # error-handler | ||||||
|  | help() { cat <<'EOF' | ||||||
|  | 
 | ||||||
|  | usage: | ||||||
|  |   ./prisonparty.sh <ROOTDIR> <UID> <GID> [VOLDIR [VOLDIR...]] -- copyparty-sfx.py [...]" | ||||||
|  | 
 | ||||||
|  | example: | ||||||
|  |   ./prisonparty.sh /var/jail 1000 1000 /mnt/nas/music -- copyparty-sfx.py -v /mnt/nas/music::rwmd" | ||||||
|  | 
 | ||||||
|  | EOF | ||||||
|  | exit 1 | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| # read arguments | # read arguments | ||||||
| { | trap help EXIT | ||||||
| jail="$1"; shift | jail="$1"; shift | ||||||
| uid="$1"; shift | uid="$1"; shift | ||||||
| gid="$1"; shift | gid="$1"; shift | ||||||
| @ -21,20 +35,25 @@ sysdirs=(bin lib lib32 lib64 sbin usr) | |||||||
| 	vols+=("$v") | 	vols+=("$v") | ||||||
| done | done | ||||||
| cpp="$1"; shift | cpp="$1"; shift | ||||||
| } || { | cpp="$(realpath "$cpp")" | ||||||
| 	echo "usage: ./prisonparty.sh <ROOTDIR> <UID> <GID> [VOLDIR [VOLDIR...]] -- copyparty-sfx.py [...]" | cppdir="$(dirname "$cpp")" | ||||||
| 	echo "example: ./prisonparty.sh /var/jail 1000 1000 /mnt/nas/music -- copyparty-sfx.py -v /mnt/nas/music::rwmd" | trap - EXIT | ||||||
| 	exit 1 |  | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # debug/vis | # debug/vis | ||||||
| echo "chroot-dir: [$jail]" | echo | ||||||
| echo "user:group: [$uid:$gid]" | echo "chroot-dir = $jail" | ||||||
| echo " copyparty: [$cpp]" | echo "user:group = $uid:$gid" | ||||||
|  | echo " copyparty = $cpp" | ||||||
|  | echo | ||||||
|  | printf '\033[33m%s\033[0m\n' "copyparty can access these folders and all their subdirectories:" | ||||||
| for v in "${vols[@]}"; do | for v in "${vols[@]}"; do | ||||||
| 	echo "     mount: [$v]" | 	printf '\033[36m ├─\033[0m %s \033[36m ── added by (You)\033[0m\n' "$v" | ||||||
| done | done | ||||||
|  | printf '\033[36m ├─\033[0m %s \033[36m ── where the copyparty binary is\033[0m\n' "$cppdir" | ||||||
|  | printf '\033[36m ╰─\033[0m %s \033[36m ── the folder you are currently in\033[0m\n' "$PWD" | ||||||
|  | vols+=("$cppdir" "$PWD") | ||||||
|  | echo | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # resolve and remove trailing slash | # resolve and remove trailing slash | ||||||
| @ -43,7 +62,12 @@ jail="${jail%/}" | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # bind-mount system directories and volumes | # bind-mount system directories and volumes | ||||||
| for v in "${sysdirs[@]}" "${vols[@]}"; do | printf '%s\n' "${sysdirs[@]}" "${vols[@]}" | LC_ALL=C sort | | ||||||
|  | while IFS= read -r v; do | ||||||
|  | 	[ -e "/$v" ] || { | ||||||
|  | 		# printf '\033[1;31mfolder does not exist:\033[0m %s\n' "$v" | ||||||
|  | 		continue | ||||||
|  | 	} | ||||||
| 	mkdir -p "$jail/$v" | 	mkdir -p "$jail/$v" | ||||||
| 	mount | grep -qF " on $jail/$v " || | 	mount | grep -qF " on $jail/$v " || | ||||||
| 		mount --bind /$v "$jail/$v" | 		mount --bind /$v "$jail/$v" | ||||||
| @ -55,14 +79,16 @@ mkdir -p "$jail/tmp" | |||||||
| chown -R "$uid:$gid" "$jail/tmp" | chown -R "$uid:$gid" "$jail/tmp" | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # copy sfx into jail |  | ||||||
| cp -pv "$cpp" "$jail/copyparty.py" |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| # run copyparty | # run copyparty | ||||||
| /sbin/chroot --userspec=$uid:$gid "$jail" "$(which python3)" /copyparty.py "$@" | /sbin/chroot --userspec=$uid:$gid "$jail" "$(which python3)" "$cpp" "$@" && rv=0 || rv=$? | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # cleanup if not in use | # cleanup if not in use | ||||||
| lsof "$jail" | grep -qF "$jail" || | lsof "$jail" | grep -qF "$jail" && | ||||||
| mount | grep -F " on $jail" | awk '{sub(/ type .*/,"");sub(/.* on /,"");print}' | LC_ALL=C sort -r  | tr '\n' '\0' | xargs -r0 umount | 	echo "chroot is in use, will not cleanup" || | ||||||
|  | { | ||||||
|  | 	mount | grep -F " on $jail" | | ||||||
|  | 	awk '{sub(/ type .*/,"");sub(/.* on /,"");print}' | | ||||||
|  | 	LC_ALL=C sort -r  | tr '\n' '\0' | xargs -r0 umount | ||||||
|  | } | ||||||
|  | exit $rv | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 ed
						ed