diff options
Diffstat (limited to 'common')
| -rw-r--r-- | common | 75 |
1 files changed, 73 insertions, 2 deletions
@@ -39,6 +39,7 @@ declare -A fsck_types=([cramfs]=1 [ext3]=1 [ext4]=1 [ext4dev]=1 + [f2fs]=1 [jfs]=1 [minix]=1 [msdos]=1 @@ -89,7 +90,7 @@ chroot_setup() { chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid && chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec && chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev && - chroot_add_mount /run "$1/run" --bind && + chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 && chroot_add_mount tmp "$1/tmp" -t tmpfs -o mode=1777,strictatime,nodev,nosuid } @@ -100,6 +101,77 @@ chroot_teardown() { unset CHROOT_ACTIVE_MOUNTS } +chroot_add_mount_lazy() { + mount "$@" && CHROOT_ACTIVE_LAZY=("$2" "${CHROOT_ACTIVE_LAZY[@]}") +} + +chroot_bind_device() { + touch "$2" && CHROOT_ACTIVE_FILES=("$2" "${CHROOT_ACTIVE_FILES[@]}") + chroot_add_mount $1 "$2" --bind +} + +chroot_add_link() { + ln -sf "$1" "$2" && CHROOT_ACTIVE_FILES=("$2" "${CHROOT_ACTIVE_FILES[@]}") +} + +unshare_setup() { + CHROOT_ACTIVE_MOUNTS=() + CHROOT_ACTIVE_LAZY=() + CHROOT_ACTIVE_FILES=() + [[ $(trap -p EXIT) ]] && die '(BUG): attempting to overwrite existing EXIT trap' + trap 'unshare_teardown' EXIT + + chroot_add_mount_lazy "$1" "$1" --bind && + chroot_add_mount proc "$1/proc" -t proc -o nosuid,noexec,nodev && + chroot_add_mount_lazy /sys "$1/sys" --rbind && + chroot_add_link "$1/proc/self/fd" "$1/dev/fd" && + chroot_add_link "$1/proc/self/fd/0" "$1/dev/stdin" && + chroot_add_link "$1/proc/self/fd/1" "$1/dev/stdout" && + chroot_add_link "$1/proc/self/fd/2" "$1/dev/stderr" && + chroot_bind_device /dev/full "$1/dev/full" && + chroot_bind_device /dev/null "$1/dev/null" && + chroot_bind_device /dev/random "$1/dev/random" && + chroot_bind_device /dev/tty "$1/dev/tty" && + chroot_bind_device /dev/urandom "$1/dev/urandom" && + chroot_bind_device /dev/zero "$1/dev/zero" && + chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 && + chroot_add_mount tmp "$1/tmp" -t tmpfs -o mode=1777,strictatime,nodev,nosuid +} + +unshare_teardown() { + chroot_teardown + + if (( ${#CHROOT_ACTIVE_LAZY[@]} )); then + umount --lazy "${CHROOT_ACTIVE_LAZY[@]}" + fi + unset CHROOT_ACTIVE_LAZY + + if (( ${#CHROOT_ACTIVE_FILES[@]} )); then + rm "${CHROOT_ACTIVE_FILES[@]}" + fi + unset CHROOT_ACTIVE_FILES +} + +root_unshare="unshare --fork --pid" +user_unshare="$root_unshare --mount --map-auto --map-root-user --setuid 0 --setgid 0" + +# This outputs code for declaring all variables to stdout. For example, if +# FOO=BAR, then running +# declare -p FOO +# will result in the output +# declare -- FOO="bar" +# This function may be used to re-declare all currently used variables and +# functions in a new shell. +declare_all() { + # Remove read-only variables to avoid warnings. Unfortunately, declare +r -p + # doesn't work like it looks like it should (declaring only read-write + # variables). However, declare -rp will print out read-only variables, which + # we can then use to remove those definitions. + declare -p | grep -Fvf <(declare -rp) + # Then declare functions + declare -pf +} + try_cast() ( _=$(( $1#$2 )) ) 2>/dev/null @@ -243,7 +315,6 @@ dm_name_for_devnode() { else # don't leave the caller hanging, just print the original name # along with the failure. - print '%s' "$1" error 'Failed to resolve device mapper name for: %s' "$1" fi } |