policycoreutils 2.1.0-3ubuntu1 / etc / init.d / sandbox

This file is indexed.

/etc/init.d/sandbox is in policycoreutils 2.1.0-3ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
#!/bin/bash
### BEGIN INIT INFO
# Provides: sandbox
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Set up namespace for sandbox
# Description: sandbox and other apps that want to use pam_namespace 
#              on /var/tmp, /tmp and home directories, requires this script
#              to be run at boot time.
#              This script sets up the / mount point and all of its 
#              subdirectories as shared. The script sets up
#              /tmp, /var/tmp, /home and any homedirs listed in 
#              /etc/default/sandbox and all of their subdirectories 
#              as unshared.
#              All processes that use pam_namespace will see 
#              modifications to the global mountspace, except for the
#              unshared directories.
### END INIT INFO
# sandbox:        Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
#
# chkconfig: 345 1 99
#

# Get lsb functions
. /lib/lsb/init-functions
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

HOMEDIRS="/home"

if [ -f /etc/default/sandbox ]; then
  . /etc/default/sandbox
fi

if [ "$RUN" = "NO" ]; then
  echo "Sandbox disabled, edit /etc/default/sandbox to enable it"
  exit 0
fi

LOCKFILE=/var/lock/sandbox

base=${0##*/}

start() {
	echo -n "Starting sandbox"

	[ -f "$LOCKFILE" ] && return 1

	touch $LOCKFILE
	mount --make-rshared / || return $? 
	mount --rbind /tmp /tmp || return $?
	mount --rbind /var/tmp /var/tmp || return $?
	mount --make-private /tmp || return $?
	mount --make-private /var/tmp || return $?
	for h in $HOMEDIRS; do
	    mount --rbind $h $h || return $?
	    mount --make-private $h || return $?
	done

	return 0
}

stop() {
	echo -n "Stopping sandbox"

	[ -f "$LOCKFILE" ] || return 1
}

status() {
	if [ -f "$LOCKFILE" ]; then 
	    echo "$base is running"
	else
	    echo "$base is stopped"
	fi
	exit 0
}

case "$1" in
    restart)
	start && success || failure
	;;

    force-reload)
	start && success || failure
	;;

    start)
	start && success || failure
	echo
	;;

    stop)
	stop && success || failure
	echo
	;;

    status)
	status
	;;

    *)
	echo $"Usage: $0 {start|stop|status|restart}"
	exit 3
	;;
esac

APT Browse - Built by Thomas Orozco.