diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-20 16:05:45 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-20 16:05:45 -0500 |
commit | 80cc5fa809ebb3f213852312dea15cded00cc069 (patch) | |
tree | 2f233a23c075a0dd2e89b32b37b09fce06b13058 /test/chroot/configure | |
parent | seccomp work 2 (diff) | |
download | firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.gz firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.zst firejail-80cc5fa809ebb3f213852312dea15cded00cc069.zip |
chroot testing
Diffstat (limited to 'test/chroot/configure')
-rwxr-xr-x | test/chroot/configure | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/test/chroot/configure b/test/chroot/configure new file mode 100755 index 000000000..ba8238803 --- /dev/null +++ b/test/chroot/configure | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # build a very small chroot | ||
4 | ROOTDIR="/tmp/chroot" # default chroot directory | ||
5 | DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files | ||
6 | DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group " | ||
7 | DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc | ||
8 | DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount" | ||
9 | |||
10 | rm -fr $ROOTDIR | ||
11 | mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc} | ||
12 | chmod 777 $ROOTDIR/tmp | ||
13 | mkdir -p $ROOTDIR/etc/firejail | ||
14 | mkdir -p $ROOTDIR/home/netblue/.config/firejail | ||
15 | chown netblue:netblue $ROOTDIR/home/netblue | ||
16 | chown netblue:netblue $ROOTDIR/home/netblue/.config | ||
17 | cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/. | ||
18 | cp -a /etc/skel $ROOTDIR/etc/. | ||
19 | mkdir $ROOTDIR/home/someotheruser | ||
20 | mkdir $ROOTDIR/boot | ||
21 | mkdir $ROOTDIR/selinux | ||
22 | cp /etc/passwd $ROOTDIR/etc/. | ||
23 | cp /etc/group $ROOTDIR/etc/. | ||
24 | cp /etc/hosts $ROOTDIR/etc/. | ||
25 | cp /etc/hostname $ROOTDIR/etc/. | ||
26 | mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu | ||
27 | cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/. | ||
28 | cp -a /usr/lib/ssl $ROOTDIR/usr/lib/. | ||
29 | touch $ROOTDIR/var/log/syslog | ||
30 | touch $ROOTDIR/var/tmp/somefile | ||
31 | SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u` | ||
32 | for FILE in $SORTED | ||
33 | do | ||
34 | cp --parents $FILE $ROOTDIR | ||
35 | done | ||
36 | cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR | ||
37 | cp --parents /lib/ld-linux.so.2 $ROOTDIR | ||
38 | cp unchroot $ROOTDIR/. | ||
39 | touch $ROOTDIR/this-is-my-chroot | ||
40 | |||
41 | cd $ROOTDIR; find . | ||
42 | mkdir -p usr/lib/firejail/ | ||
43 | cp /usr/lib/firejail/libtrace.so usr/lib/firejail/. | ||
44 | |||
45 | |||
46 | echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR" | ||