chroot testing

author: netblue30 <netblue30@yahoo.com> 2016-11-20 16:05:45 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-20 16:05:45 -0500
commit: 80cc5fa809ebb3f213852312dea15cded00cc069 (patch)
tree: 2f233a23c075a0dd2e89b32b37b09fce06b13058 /test/chroot/configure
parent: seccomp work 2 (diff)
download: firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.gz
firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.zst
firejail-80cc5fa809ebb3f213852312dea15cded00cc069.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/test/chroot/configure b/test/chroot/configure
new file mode 100755
index 000000000..ba8238803
--- /dev/null
+++ b/test/chroot/configure
@@ -0,0 +1,46 @@
+#!/bin/bash
+# build a very small chroot
+ROOTDIR="/tmp/chroot"                   # default chroot directory
+DEFAULT_FILES="/bin/bash /bin/sh "      # basic chroot files
+DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
+DEFAULT_FILES+=`find /lib -name libnss*`        # files required by glibc
+DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
+rm -fr $ROOTDIR
+mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
+chmod 777 $ROOTDIR/tmp
+mkdir -p $ROOTDIR/etc/firejail
+mkdir -p $ROOTDIR/home/netblue/.config/firejail
+chown netblue:netblue $ROOTDIR/home/netblue
+chown netblue:netblue $ROOTDIR/home/netblue/.config
+cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/.
+cp -a /etc/skel $ROOTDIR/etc/.
+mkdir $ROOTDIR/home/someotheruser
+mkdir $ROOTDIR/boot
+mkdir $ROOTDIR/selinux
+cp /etc/passwd $ROOTDIR/etc/.
+cp /etc/group $ROOTDIR/etc/.
+cp /etc/hosts $ROOTDIR/etc/.
+cp /etc/hostname $ROOTDIR/etc/.
+mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu
+cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/.
+cp -a /usr/lib/ssl $ROOTDIR/usr/lib/.
+touch $ROOTDIR/var/log/syslog
+touch $ROOTDIR/var/tmp/somefile
+SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u`
+for FILE in $SORTED
+do
+        cp --parents $FILE $ROOTDIR
+done
+cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR
+cp --parents /lib/ld-linux.so.2 $ROOTDIR
+cp unchroot $ROOTDIR/.
+touch $ROOTDIR/this-is-my-chroot
+cd $ROOTDIR; find .
+mkdir -p usr/lib/firejail/
+cp /usr/lib/firejail/libtrace.so usr/lib/firejail/.
+echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR"
author	netblue30 <netblue30@yahoo.com>	2016-11-20 16:05:45 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-20 16:05:45 -0500
commit	80cc5fa809ebb3f213852312dea15cded00cc069 (patch)
tree	2f233a23c075a0dd2e89b32b37b09fce06b13058 /test/chroot/configure
parent	seccomp work 2 (diff)
download	firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.gz firejail-80cc5fa809ebb3f213852312dea15cded00cc069.tar.zst firejail-80cc5fa809ebb3f213852312dea15cded00cc069.zip

diff --git a/test/chroot/configure b/test/chroot/configure new file mode 100755 index 000000000..ba8238803 --- /dev/null +++ b/test/chroot/configure
@@ -0,0 +1,46 @@
	1	#!/bin/bash
	2
	3	# build a very small chroot
	4	ROOTDIR="/tmp/chroot" # default chroot directory
	5	DEFAULT_FILES="/bin/bash /bin/sh " # basic chroot files
	6	DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
	7	DEFAULT_FILES+=`find /lib -name libnss*` # files required by glibc
	8	DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"
	9
	10	rm -fr $ROOTDIR
	11	mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
	12	chmod 777 $ROOTDIR/tmp
	13	mkdir -p $ROOTDIR/etc/firejail
	14	mkdir -p $ROOTDIR/home/netblue/.config/firejail
	15	chown netblue:netblue $ROOTDIR/home/netblue
	16	chown netblue:netblue $ROOTDIR/home/netblue/.config
	17	cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/.
	18	cp -a /etc/skel $ROOTDIR/etc/.
	19	mkdir $ROOTDIR/home/someotheruser
	20	mkdir $ROOTDIR/boot
	21	mkdir $ROOTDIR/selinux
	22	cp /etc/passwd $ROOTDIR/etc/.
	23	cp /etc/group $ROOTDIR/etc/.
	24	cp /etc/hosts $ROOTDIR/etc/.
	25	cp /etc/hostname $ROOTDIR/etc/.
	26	mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu
	27	cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/.
	28	cp -a /usr/lib/ssl $ROOTDIR/usr/lib/.
	29	touch $ROOTDIR/var/log/syslog
	30	touch $ROOTDIR/var/tmp/somefile
	31	SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE \| grep -v dynamic \| cut -d " " -f 3; done \| sort -u`
	32	for FILE in $SORTED
	33	do
	34	cp --parents $FILE $ROOTDIR
	35	done
	36	cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR
	37	cp --parents /lib/ld-linux.so.2 $ROOTDIR
	38	cp unchroot $ROOTDIR/.
	39	touch $ROOTDIR/this-is-my-chroot
	40
	41	cd $ROOTDIR; find .
	42	mkdir -p usr/lib/firejail/
	43	cp /usr/lib/firejail/libtrace.so usr/lib/firejail/.
	44
	45
	46	echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR"