blob: cda1d6e253fc7671a998b1a38b72bc494bb9bedf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#!/bin/bash
#
# Copyright (c) 2004 Peter Palfrader <peter@palfrader.org>
#
# All rights reserved.
#
set -e # Exit immediately if a *simple command* exits with a non-zero status.
set -u # Treat unset variables as an error
targetdir=/chroot-accounts/MasterChroot
BINARIES="\
/usr/lib/sftp-server
/lib/tls/libpthread-0.60.so
/bin/ls
/usr/bin/scp
/bin/rm
/bin/ln
/bin/mv
/bin/chmod
/bin/chown
/bin/chgrp
/bin/mkdir
/bin/rmdir
/bin/pwd
/usr/bin/groups
/usr/bin/id
/bin/echo
/usr/bin/rsync
/usr/bin/unison"
[ -d $targetdir ] || mkdir -p $targetdir
# we don't want to delete bin usr lib themselves, as
# they are bind mounted all over the place and we would
# have to remount them. So we just delete everything
# below them to clean up
# This is dangerous: -xdev doesn't protect us from bind mounts
#for dir in bin usr lib ; do
# find $targetdir/$dir -xdev -mindepth 1 -print0 | xargs --no-run-if-empty -0 rm -rf
#done
for dir in bin lib/tls lib usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin usr; do
dir=$targetdir/$dir
if [ -e "$dir" ]; then
find "$dir" -mindepth 1 -maxdepth 1 -print0 | while read -rd '' file; do
if [ -f "$file" ]; then
rm -f "$file"
fi;
done
fi
done
for dir in usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin; do
dir=$targetdir/$dir
[ -d "$dir" ] && rmdir "$dir"
done
for dir in usr lib/tls bin; do
dir=$targetdir/$dir
if [ -n "$(ls -A "$dir")" ]; then
echo "'$dir' should be empty, but isn't." >&2
exit 1
fi
done
LIB_LIST=$( ldd $BINARIES 2> /dev/null |
cut -f2 -d\> |
cut -f1 -d'(' |
grep "^ " |
sort -u )
LDSO_LIST="/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1"
for lib in $LDSO_LIST; do
if [ -f $lib ]; then
LIB_LIST="$LIB_LIST $lib"
fi
done
LIB_LIST="$LIB_LIST /lib/libnss_compat*"
for bin in $BINARIES $LIB_LIST; do
mkdir -p $targetdir/`/usr/bin/dirname $bin`
cp $bin $targetdir$bin
done
for dir in bin usr lib ; do
find $targetdir/$dir -xdev -type d -print0 | xargs --no-run-if-empty -0 chmod 0111
find $targetdir/$dir -xdev -print0 | xargs --no-run-if-empty -0 chmod a-w
find $targetdir/$dir -xdev -type f -perm +0111 -print0 | xargs --no-run-if-empty -0 chmod a-r
done
chmod 444 $targetdir/lib/tls/lib*.so*
|
