| [23155] | 1 | #!/bin/sh |
|---|
| [24149] | 2 | # |
|---|
| 3 | # snapshot-run PROGRAM [ARGS] |
|---|
| 4 | # Create an Athena login snapshot, run PROGRAM within it, and clean up |
|---|
| 5 | # the snapshot. |
|---|
| 6 | # |
|---|
| 7 | # This script is run as the user who is logging in, usually as a wrapper |
|---|
| 8 | # around their Xsession or shell. You probably want to run reactivate |
|---|
| 9 | # immediately afterwards, as root. |
|---|
| [23155] | 10 | |
|---|
| [25609] | 11 | if [ -e /var/run/debathena-inhibit-dbus-helper ]; then |
|---|
| 12 | logger -p user.notice -t reactivate "debathena-inhibit-dbus-helper still exists in snapshot-run (shouldn't happen)" |
|---|
| 13 | rm /var/run/debathena-inhibit-dbus-helper |
|---|
| 14 | fi |
|---|
| 15 | |
|---|
| [24125] | 16 | set -e |
|---|
| [24165] | 17 | cd / |
|---|
| [24125] | 18 | |
|---|
| [25536] | 19 | addgroups="sudo admin lpadmin adm fuse cdrom floppy audio video plugdev scanner dialout lp" |
|---|
| [24125] | 20 | daemons="$(/usr/sbin/policy-rc.d --daemons)" |
|---|
| 21 | |
|---|
| 22 | # Setup |
|---|
| 23 | |
|---|
| 24 | session=$(schroot -c login -b) |
|---|
| [25606] | 25 | cleanup() { |
|---|
| 26 | # Teardown |
|---|
| 27 | |
|---|
| [25716] | 28 | # Remove file from above. |
|---|
| 29 | # (This also gets nuked in reactivate, but be paranoid) |
|---|
| 30 | rm -f /tmp/ticketenv |
|---|
| 31 | |
|---|
| [25606] | 32 | for daemon in $daemons; do |
|---|
| 33 | schr invoke-rc.d "$daemon" stop || [ $? = 100 ] |
|---|
| 34 | done |
|---|
| 35 | |
|---|
| 36 | schroot -c "$session" -e |
|---|
| 37 | } |
|---|
| 38 | trap 'cleanup' EXIT |
|---|
| [24230] | 39 | sch() { schroot -r -c "$session" -- "$@"; } # Run in the chroot |
|---|
| 40 | schq() { schroot -q -r -c "$session" -- "$@"; } # Run in the chroot quietly |
|---|
| [24232] | 41 | schr() { schroot -r -c "$session" -u root -- "$@"; } # Run in the chroot as root |
|---|
| [24228] | 42 | |
|---|
| [24125] | 43 | for group in $addgroups; do |
|---|
| [25536] | 44 | schr env NSS_NONLOCAL_IGNORE=ignore getent group "$group" >/dev/null 2>&1 && schr adduser "$USER" "$group" |
|---|
| [24125] | 45 | done |
|---|
| 46 | |
|---|
| [24228] | 47 | schr touch /ClusterLogin |
|---|
| [24199] | 48 | |
|---|
| [24125] | 49 | for daemon in $daemons; do |
|---|
| [24228] | 50 | schr invoke-rc.d "$daemon" start || [ $? = 100 ] |
|---|
| [24125] | 51 | done |
|---|
| 52 | |
|---|
| [24228] | 53 | schr rm /etc/debian_chroot |
|---|
| [24125] | 54 | |
|---|
| [24278] | 55 | # Deter people from thinking they can use /home as persistant storage |
|---|
| 56 | # by punting it |
|---|
| 57 | schr rm -rf /home |
|---|
| 58 | |
|---|
| [25187] | 59 | # Fix up mtab so that df and friends work correctly |
|---|
| [25275] | 60 | schr sed -i "s| /var/lib/schroot/mount/${session}/| /|" /etc/mtab |
|---|
| [25187] | 61 | |
|---|
| [24125] | 62 | # Run the session |
|---|
| 63 | # |
|---|
| [25727] | 64 | # We wrap the target command in a session-wrapper so that it can run |
|---|
| 65 | # initgroups(3), which puts users back in the groups we added them to |
|---|
| [24125] | 66 | |
|---|
| [25716] | 67 | # Workaround for stupidity, see #928 for details |
|---|
| 68 | # Remove this once we're running pam-afs-session 2.4 |
|---|
| 69 | # Run this inside the "set -e" block so it'll fail if necessary |
|---|
| 70 | echo "KRB5CCNAME=$KRB5CCNAME" >| /tmp/ticketenv |
|---|
| 71 | |
|---|
| [24149] | 72 | set +e |
|---|
| 73 | |
|---|
| [24165] | 74 | cd |
|---|
| [25671] | 75 | schroot -c "$session" -r -p -- /usr/lib/debathena-reactivate/session-wrapper "$@" |
|---|
| [24165] | 76 | cd / |
|---|
| [24149] | 77 | |
|---|
