source: trunk/debathena/config/reactivate/debian/snapshot-run @ 25606

Revision 25606, 2.1 KB checked in by jdreed, 12 years ago (diff)
In reactivate: * Recover from a 'set -e' failure in snapshot-run and don't leave chroots lying around if possible
  • Property svn:executable set to *
Line 
1#!/bin/sh
2#
3# snapshot-run PROGRAM [ARGS]
4# Create an Athena login snapshot, run PROGRAM within it, and clean up
5# the snapshot.
6#
7# This script is run as the user who is logging in, usually as a wrapper
8# around their Xsession or shell. You probably want to run reactivate
9# immediately afterwards, as root.
10
11set -e
12cd /
13
14addgroups="sudo admin lpadmin adm fuse cdrom floppy audio video plugdev scanner dialout lp"
15daemons="$(/usr/sbin/policy-rc.d --daemons)"
16
17# Setup
18
19session=$(schroot -c login -b)
20cleanup() {
21    # Teardown
22
23    # Remove file from above.
24    # (This also gets nuked in reactivate, but be paranoid)
25    rm -f /tmp/ticketenv
26
27    for daemon in $daemons; do
28        schr invoke-rc.d "$daemon" stop || [ $? = 100 ]
29    done
30
31    schroot -c "$session" -e
32}
33trap 'cleanup' EXIT
34sch() { schroot -r -c "$session" -- "$@"; }          # Run in the chroot
35schq() { schroot -q -r -c "$session" -- "$@"; }      # Run in the chroot quietly
36schr() { schroot -r -c "$session" -u root -- "$@"; } # Run in the chroot as root
37
38for group in $addgroups; do
39    schr env NSS_NONLOCAL_IGNORE=ignore getent group "$group" >/dev/null 2>&1 && schr adduser "$USER" "$group"
40done
41
42schr sed -i "/su-error/d" "/etc/pam.d/su.debathena"
43
44schr touch /ClusterLogin
45
46for daemon in $daemons; do
47    schr invoke-rc.d "$daemon" start || [ $? = 100 ]
48done
49
50schr rm /etc/debian_chroot
51
52# Deter people from thinking they can use /home as persistant storage
53# by punting it
54schr rm -rf /home
55
56# Fix up mtab so that df and friends work correctly
57schr sed -i "s| /var/lib/schroot/mount/${session}/| /|" /etc/mtab
58
59# Run the session
60#
61# We wrap the target command in sudo because it runs initgroups(3)
62# /after/ being chrooted, which puts users back in the groups we
63# added them to
64
65# Workaround for stupidity, see #928 for details
66# Remove this once we're running pam-afs-session 2.4
67# Run this inside the "set -e" block so it'll fail if necessary
68echo "KRB5CCNAME=$KRB5CCNAME" >| /tmp/ticketenv
69
70set +e
71
72echo "$USER ALL=(ALL) ALL" | schr sh -c "cat >> /etc/sudoers"
73
74cd
75schroot -c "$session" -r -p -- sudo -E -u "$USER" -- "$@"
76cd /
77
Note: See TracBrowser for help on using the repository browser.