61 lines
1.1 KiB
Bash
Executable File
61 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
## BEGIN INIT INFO
|
|
# Provides: sandbox
|
|
# Default-Start: 5
|
|
# Default-Stop: 0 1 2 3 4 6
|
|
# Required-Start:
|
|
#
|
|
## END INIT INFO
|
|
# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
|
|
#
|
|
# chkconfig: 5 1 99
|
|
#
|
|
# Description: sandbox is using pam_namespace to share the /var/tmp, /tmp and
|
|
# /home/sandbox accounts. This script will setup the / mount
|
|
# point as shared and all of the subdirectories just these
|
|
# directories as unshared.
|
|
#
|
|
|
|
# Source function library.
|
|
. /etc/init.d/functions
|
|
|
|
LOCKFILE=/var/lock/subsys/sandbox
|
|
|
|
base=${0##*/}
|
|
|
|
case "$1" in
|
|
start)
|
|
[ -f "$LOCKFILE" ] && exit 0
|
|
|
|
touch $LOCKFILE
|
|
mount --make-rshared /
|
|
mount --bind /tmp /tmp
|
|
mount --bind /var/tmp /var/tmp
|
|
mount --bind /home /home
|
|
mount --make-private /home
|
|
mount --make-private /tmp
|
|
mount --make-private /var/tmp
|
|
RETVAL=$?
|
|
exit $RETVAL
|
|
;;
|
|
|
|
status)
|
|
if [ -f "$LOCKFILE" ]; then
|
|
echo "$base is running"
|
|
else
|
|
echo "$base is stopped"
|
|
fi
|
|
exit 0
|
|
;;
|
|
|
|
stop)
|
|
rm -f $LOCKFILE
|
|
exit 0
|
|
;;
|
|
|
|
*)
|
|
echo $"Usage: $0 {start|stop}"
|
|
exit 3
|
|
;;
|
|
esac
|