schroot/setup.d/80schsh-hardening

   1 #!/bin/sh
   2
   3 . "$SETUP_DATA_DIR/common-data"
   4 . "$SETUP_DATA_DIR/common-functions"
   5 . "$SETUP_DATA_DIR/common-config"
   6
   7 SETUP_HARDENING="$CHROOT_PROFILE_DIR/schsh-hardening"
   8
   9 # Mount filesystems from fstab for all chroot types
  10 if [ "$STAGE" = "setup-start" ] || [ "$STAGE" = "setup-recover" ]; then
  11         if [ "$CHROOT_PROFILE" = "schsh" ]; then
  12                 if [ -f "$SETUP_HARDENING" ]; then
  13                         while read REMOUNT; do
  14                                 if echo "$REMOUNT" | egrep -q '^(#|$)' ; then
  15                                         continue
  16                                 fi
  17                                 REMOUNT=$(echo "$REMOUNT" | tr ' ' '\t' | tr -s '\t') # replace spaces by tabs, and squeeze tabs together
  18                                 MOUNTPOINT=${CHROOT_PATH}/$(echo "$REMOUNT" | cut -f 1)
  19                                 MOUNTPOINT=$(readlink -m "$MOUNTPOINT") # canonicalize the path
  20                                 MOUNTOPT=$(echo "$REMOUNT" | cut -f 2)
  21                                 if cat /proc/mounts | grep " $MOUNTPOINT " > /dev/null; then # somehow "mountpoint" does not detect bind points...
  22                                         info "Re-mounting $MOUNTPOINT with $MOUNTOPT"
  23                                         mount -o remount,"$MOUNTOPT" "$MOUNTPOINT"
  24                                 else
  25                                         info "No such mountpoint: $MOUNTPOINT"
  26                                 fi
  27
  28                         done < "$SETUP_HARDENING"
  29                 else
  30                         fatal "schsh-hardening file '$SETUP_HARDENING' does not exist"
  31                 fi
  32         else
  33                 info "Not a schsh chroot, not doing anything"
  34         fi
  35 fi