trunk/data/sandbox.bashrc

# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
# Distributed under the terms of the GNU General Public License, v2 or later 

if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != *$SANDBOX_LIB* ]] ; then
        export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}"
elif [[ -z ${LD_PRELOAD} ]] ; then
        export LD_PRELOAD="${SANDBOX_LIB}"
fi

export BASH_ENV="${SANDBOX_BASHRC}"

alias make="make LD_PRELOAD=${LD_PRELOAD}"
alias su="su -c '/bin/bash -rcfile ${SANDBOX_BASHRC}'"

declare -r SANDBOX_ACTIVE

# Only do Mike's sandboxshell mojo if we are interactive, and if
# we are connected to a terminal (ie, not piped, etc)
if [[ ${SANDBOX_INTRACTV} == "1" && -t 1 ]] ; then
        trap ":" INT QUIT TSTP

        # Make sure this do not get recusively called
        unset SANDBOX_INTRACTV

        # Do not set this, as user might want to override path, etc ...
        #source /etc/profile

        (
                [[ ${NOCOLOR} == "true" || ${NOCOLOR} == "yes" || ${NOCOLOR} == "1" ]] && \
                        export RC_NOCOLOR="yes"
                source /etc/init.d/functions.sh
                echo
                einfo "Loading sandboxed shell"
                einfo " Log File:           ${SANDBOX_LOG}"
                if [[ -n ${SANDBOX_DEBUG_LOG} ]] ; then
                        einfo " Debug Log File:     ${SANDBOX_DEBUG_LOG}"
                fi
                einfo " sandboxon:          turn sandbox on"
                einfo " sandboxoff:         turn sandbox off"
                einfo " addread <path>:     allow <path> to be read"
                einfo " addwrite <path>:    allow <path> to be written"
                einfo " adddeny <path>:     deny access to <path>"
                einfo " addpredict <path>:  allow fake access to <path>"
                echo
        )

        # do ebuild environment loading ... detect if we're in portage
        # build area or not ... uNF uNF uNF
        #sbs_pdir=$(portageq envvar PORTAGE_TMPDIR)/portage/ #portageq takes too long imo
        if [[ -z ${PORTAGE_TMPDIR} ]] ; then
                sbs_gpdir=$( source /etc/make.globals && echo $PORTAGE_TMPDIR 2> /dev/null)
                sbs_cpdir=$( source /etc/make.conf && echo $PORTAGE_TMPDIR 2> /dev/null)
                [[ -z ${sbs_cpdir} ]] \
                        && sbs_pdir=${sbs_gpdir} \
                        || sbs_pdir=${sbs_cpdir}
        else
                sbs_pdir=${PORTAGE_TMPDIR}
        fi
        [[ -z ${sbs_pdir} ]] && sbs_pdir=/var/tmp
        sbs_pdir=${sbs_pdir}/portage/

        if [[ ${PWD:0:${#sbs_pdir}} == "${sbs_pdir}" ]] ; then
                sbs_bdir=$(echo ${PWD:${#sbs_pdir}} | cut -d/ -f1)
                sbs_tmpenvfile=${sbs_pdir}${sbs_bdir}/temp/environment
                if [[ -e ${sbs_tmpenvfile} ]] ; then
                        echo "Found environment at ${sbs_tmpenvfile}"
                        printf " * Would you like to enter the portage environment ? "
                        read env
                        sbs_PREPWD=${PWD}
                        if [[ ${env} == "y" ]] ; then
                                # First try to source variables and export them ...
                                eval $(sed -e '/^[[:alnum:]_-]*=/s:^:export :' \
                                           -e '/^[[:alnum:]_-]* ()/Q' "${sbs_tmpenvfile}") 2>/dev/null
                                # Then grab everything (including functions)
                                source "${sbs_tmpenvfile}" 2> /dev/null
                                export SANDBOX_WRITE=${SANDBOX_WRITE}:${sbs_pdir}${sbs_bdir}:${sbs_pdir}/homedir
                        fi
                        PWD=${sbs_PREPWD}
                fi
        fi

        unset sbs_gpdir sbs_cpdir sbs_pdir sbs_bdir sbs_tmpenvfile sbs_PREPWD env

        cd "${PWD}"
        if [[ ${NOCOLOR} != "true" && ${NOCOLOR} != "yes" && ${NOCOLOR} != "1" ]] ; then
                export PS1="\e[31;01m[s]\e[0m ${PS1}"
        else
                export PS1="[s] ${PS1}"
        fi

        adddeny()    { export SANDBOX_DENY=${SANDBOX_DENY}:$1 ; }
        addpredict() { export SANDBOX_PREDICT=${SANDBOX_PREDICT}:$1 ; }
        addread()    { export SANDBOX_READ=${SANDBOX_READ}:$1 ; }
        addwrite()   { export SANDBOX_WRITE=${SANDBOX_WRITE}:$1 ; }
        sandboxon()  { export SANDBOX_ON="1" ; }
        sandboxoff() { export SANDBOX_OFF="0" ; }

        [[ -z ${CCACHE_DIR} ]] && export CCACHE_DIR=/root/.ccache
        for var in CCACHE_DIR DISTCC_DIR ; do
                [[ ${!var+set} == "set" ]] && addwrite ${!var}
        done
        unset var
fi
1	# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com
2	# Distributed under the terms of the GNU General Public License, v2 or later
3
4	if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != $SANDBOX_LIB ]] ; then
5	export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}"
6	elif [[ -z ${LD_PRELOAD} ]] ; then
7	export LD_PRELOAD="${SANDBOX_LIB}"
8	fi
9
10	export BASH_ENV="${SANDBOX_BASHRC}"
11
12	alias make="make LD_PRELOAD=${LD_PRELOAD}"
13	alias su="su -c '/bin/bash -rcfile ${SANDBOX_BASHRC}'"
14
15	declare -r SANDBOX_ACTIVE
16
17	# Only do Mike's sandboxshell mojo if we are interactive, and if
18	# we are connected to a terminal (ie, not piped, etc)
19	if [[ ${SANDBOX_INTRACTV} == "1" && -t 1 ]] ; then
20	trap ":" INT QUIT TSTP
21
22	# Make sure this do not get recusively called
23	unset SANDBOX_INTRACTV
24
25	# Do not set this, as user might want to override path, etc ...
26	#source /etc/profile
27
28	(
29	[[ ${NOCOLOR} == "true" \|\| ${NOCOLOR} == "yes" \|\| ${NOCOLOR} == "1" ]] && \
30	export RC_NOCOLOR="yes"
31	source /etc/init.d/functions.sh
32	echo
33	einfo "Loading sandboxed shell"
34	einfo " Log File: ${SANDBOX_LOG}"
35	if [[ -n ${SANDBOX_DEBUG_LOG} ]] ; then
36	einfo " Debug Log File: ${SANDBOX_DEBUG_LOG}"
37	fi
38	einfo " sandboxon: turn sandbox on"
39	einfo " sandboxoff: turn sandbox off"
40	einfo " addread <path>: allow <path> to be read"
41	einfo " addwrite <path>: allow <path> to be written"
42	einfo " adddeny <path>: deny access to <path>"
43	einfo " addpredict <path>: allow fake access to <path>"
44	echo
45	)
46
47	# do ebuild environment loading ... detect if we're in portage
48	# build area or not ... uNF uNF uNF
49	#sbs_pdir=$(portageq envvar PORTAGE_TMPDIR)/portage/ #portageq takes too long imo
50	if [[ -z ${PORTAGE_TMPDIR} ]] ; then
51	sbs_gpdir=$( source /etc/make.globals && echo $PORTAGE_TMPDIR 2> /dev/null)
52	sbs_cpdir=$( source /etc/make.conf && echo $PORTAGE_TMPDIR 2> /dev/null)
53	[[ -z ${sbs_cpdir} ]] \
54	&& sbs_pdir=${sbs_gpdir} \
55	\|\| sbs_pdir=${sbs_cpdir}
56	else
57	sbs_pdir=${PORTAGE_TMPDIR}
58	fi
59	[[ -z ${sbs_pdir} ]] && sbs_pdir=/var/tmp
60	sbs_pdir=${sbs_pdir}/portage/
61
62	if [[ ${PWD:0:${#sbs_pdir}} == "${sbs_pdir}" ]] ; then
63	sbs_bdir=$(echo ${PWD:${#sbs_pdir}} \| cut -d/ -f1)
64	sbs_tmpenvfile=${sbs_pdir}${sbs_bdir}/temp/environment
65	if [[ -e ${sbs_tmpenvfile} ]] ; then
66	echo "Found environment at ${sbs_tmpenvfile}"
67	printf " * Would you like to enter the portage environment ? "
68	read env
69	sbs_PREPWD=${PWD}
70	if [[ ${env} == "y" ]] ; then
71	# First try to source variables and export them ...
72	eval $(sed -e '/^[[:alnum:]_-]*=/s:^:export :' \
73	-e '/^[[:alnum:]_-]* ()/Q' "${sbs_tmpenvfile}") 2>/dev/null
74	# Then grab everything (including functions)
75	source "${sbs_tmpenvfile}" 2> /dev/null
76	export SANDBOX_WRITE=${SANDBOX_WRITE}:${sbs_pdir}${sbs_bdir}:${sbs_pdir}/homedir
77	fi
78	PWD=${sbs_PREPWD}
79	fi
80	fi
81
82	unset sbs_gpdir sbs_cpdir sbs_pdir sbs_bdir sbs_tmpenvfile sbs_PREPWD env
83
84	cd "${PWD}"
85	if [[ ${NOCOLOR} != "true" && ${NOCOLOR} != "yes" && ${NOCOLOR} != "1" ]] ; then
86	export PS1="\e[31;01m[s]\e[0m ${PS1}"
87	else
88	export PS1="[s] ${PS1}"
89	fi
90
91	adddeny() { export SANDBOX_DENY=${SANDBOX_DENY}:$1 ; }
92	addpredict() { export SANDBOX_PREDICT=${SANDBOX_PREDICT}:$1 ; }
93	addread() { export SANDBOX_READ=${SANDBOX_READ}:$1 ; }
94	addwrite() { export SANDBOX_WRITE=${SANDBOX_WRITE}:$1 ; }
95	sandboxon() { export SANDBOX_ON="1" ; }
96	sandboxoff() { export SANDBOX_OFF="0" ; }
97
98	[[ -z ${CCACHE_DIR} ]] && export CCACHE_DIR=/root/.ccache
99	for var in CCACHE_DIR DISTCC_DIR ; do
100	[[ ${!var+set} == "set" ]] && addwrite ${!var}
101	done
102	unset var
103	fi
Name	Value
svn:eol-style	native
svn:keywords	Author Date Id Revision