forked from magenx/Magento-2-server-installation
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchroot-bind
133 lines (115 loc) · 3.2 KB
/
chroot-bind
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash
_CHROOTS_CMD="ls -1d /home/*"
_BIND="\
/proc \
/dev/urandom \
/dev/zero \
/dev/null \
/dev/tty \
/dev/pts \
/usr/share/zoneinfo \
/usr/share/phpMyAdmin \
/usr/share/php \
/usr/share/terminfo \
/usr/bin/sh \
/usr/bin/bash \
/usr/bin/tty \
/usr/bin/whoami \
/usr/bin/id \
/usr/bin/grep \
/usr/bin/find
/usr/bin/dircolors \
/usr/bin/env \
/usr/bin/ls \
/usr/bin/php \
/usr/libexec/grepconf.sh \
/usr/lib64 \
/etc/pki \
/etc/resolv.conf \
/etc/nsswitch.conf \
/etc/group \
/etc/passwd \
/etc/profile \
/etc/profile.d \
/etc/php.d \
/etc/php.ini \
/etc/DIR_COLORS \
/etc/DIR_COLORS.256color \
/etc/DIR_COLORS.lightbgcolor"
# File with additional binds.
_BIND_LOCAL="../bind.conf"
is_bound() {
mount | grep " on $1 type " > /dev/null && return 0 || return 1
}
get_binds() {
local chroot="$1"
echo $_BIND
cd "$chroot"
[ -f "$_BIND_LOCAL" ] && cat "$_BIND_LOCAL"
}
delete_path() {
local chroot="$1"
local path="$2"
local lastPath=""
local cmd="echo \" (Not deleted, use -do)\""
while [ "$path" != "/" ]; do lastPath="$path"; path=`dirname $path`; done;
$_OPT_DO && cmd="rm -rf \"${chroot}${lastPath}\" && echo \" (deleted)\""
[ -e "${chroot}${lastPath}" ] && echo -en "\tRemove: ${chroot}${lastPath}" && eval "$cmd" && return 0
return 1
}
# Parse commandline
_OPT_CLEAN=false
_OPT_DO=false
case "$1" in
"status" ) _OPT_ACTION="status";;
"bind" ) _OPT_ACTION="bind";;
"unbind" )
_OPT_ACTION="unbind"
[ "$2" = "clean" ] && _OPT_CLEAN=true
[ "$3" = "-do" ] && _OPT_DO=true
[ -n "$2" ] && ! $_OPT_CLEAN && _OPT_ACTION="help"
[ -n "$3" ] && ! $_OPT_DO && _OPT_ACTION="help"
;;
*) _OPT_ACTION="help";;
esac
# Print help
[ "$_OPT_ACTION" = "help" ] && cat <<EOF && exit 1
Usage: $0 <command> [<subcommand> [-do]]
<command> can be one of
status:
Show if pathes defined in \$_BIND are mounted (green)
or not (red)
bind:
Bind any path defined in \$_BIND to any chroot
given by \$_CHROOTS_CMD if it is not bound already.
unbind [clean [-do]]:
Unmount all binds defined in \$_BIND mounted to chroots.
If "clean" is given, the mountpoints created for binding
will be deleted. If -do is omitted it will only print what
would be deleted. Use with -do to actually delete.
EOF
# Do operation with chroots
$_CHROOTS_CMD | while read chroot; do
echo "Chroot: $chroot"
for bind in `get_binds "${chroot}"`; do
mountpoint="${chroot}${bind}"
# List binds
if [ "$_OPT_ACTION" = "status" ]; then
is_bound "$mountpoint" && echo -en "\t\033[32m+" || echo -en "\t\033[31m-"
echo -e "\033[0m ${bind}"
continue
fi
# Bind if not bound
if [ "$_OPT_ACTION" = "bind" ] && ! is_bound "${mountpoint}"; then
# Create mountpoint (could be directory or file)
[ -d "${bind}" ] && mkdir -p "${mountpoint}" || mkdir -p "${chroot}`dirname ${bind}`" && touch "${mountpoint}"
# Mount bind read-only
echo -en "\t " && mount -v -o "bind,ro" "${bind}" "${mountpoint}"
continue
fi
# Unbind if bound
[ "$_OPT_ACTION" = "unbind" ] && is_bound "${mountpoint}" && echo -en "\t" && umount -v "${mountpoint}"
done;
# Clean up directories and files created as mountpoint
[ "$_OPT_ACTION" = "unbind" ] && $_OPT_CLEAN && for bind in `get_binds "${chroot}"`; do delete_path "${chroot}" "${bind}"; done;
done;