1 | #!/bin/sh |
---|
2 | # |
---|
3 | # snapshot-run PROGRAM [ARGS] |
---|
4 | # Create an Athena login snapshot, run PROGRAM within it, and clean up |
---|
5 | # the snapshot. |
---|
6 | # |
---|
7 | # This script is run as the user who is logging in, usually as a wrapper |
---|
8 | # around their Xsession or shell. You probably want to run reactivate |
---|
9 | # immediately afterwards, as root. |
---|
10 | |
---|
11 | if [ -e /var/run/debathena-inhibit-dbus-helper ]; then |
---|
12 | logger -p user.notice -t reactivate "debathena-inhibit-dbus-helper still exists in snapshot-run (shouldn't happen)" |
---|
13 | rm /var/run/debathena-inhibit-dbus-helper |
---|
14 | fi |
---|
15 | |
---|
16 | set -e |
---|
17 | cd / |
---|
18 | |
---|
19 | addgroups="sudo admin lpadmin adm fuse cdrom floppy audio video plugdev scanner dialout lp" |
---|
20 | daemons="$(/usr/sbin/policy-rc.d --daemons)" |
---|
21 | |
---|
22 | # Setup |
---|
23 | |
---|
24 | session=$(schroot -c login -b) |
---|
25 | cleanup() { |
---|
26 | # Teardown |
---|
27 | |
---|
28 | # Remove file from above. |
---|
29 | # (This also gets nuked in reactivate, but be paranoid) |
---|
30 | rm -f /tmp/ticketenv |
---|
31 | |
---|
32 | for daemon in $daemons; do |
---|
33 | schr invoke-rc.d "$daemon" stop || [ $? = 100 ] |
---|
34 | done |
---|
35 | |
---|
36 | schroot -c "$session" -e |
---|
37 | } |
---|
38 | trap 'cleanup' EXIT |
---|
39 | sch() { schroot -r -c "$session" -- "$@"; } # Run in the chroot |
---|
40 | schq() { schroot -q -r -c "$session" -- "$@"; } # Run in the chroot quietly |
---|
41 | schr() { schroot -r -c "$session" -u root -- "$@"; } # Run in the chroot as root |
---|
42 | |
---|
43 | for group in $addgroups; do |
---|
44 | schr env NSS_NONLOCAL_IGNORE=ignore getent group "$group" >/dev/null 2>&1 && schr adduser "$USER" "$group" |
---|
45 | done |
---|
46 | |
---|
47 | schr sed -i "/su-error/d" "/etc/pam.d/su.debathena" |
---|
48 | |
---|
49 | schr touch /ClusterLogin |
---|
50 | |
---|
51 | for daemon in $daemons; do |
---|
52 | schr invoke-rc.d "$daemon" start || [ $? = 100 ] |
---|
53 | done |
---|
54 | |
---|
55 | schr rm /etc/debian_chroot |
---|
56 | |
---|
57 | # Deter people from thinking they can use /home as persistant storage |
---|
58 | # by punting it |
---|
59 | schr rm -rf /home |
---|
60 | |
---|
61 | # Fix up mtab so that df and friends work correctly |
---|
62 | schr sed -i "s| /var/lib/schroot/mount/${session}/| /|" /etc/mtab |
---|
63 | |
---|
64 | # Run the session |
---|
65 | # |
---|
66 | # We wrap the target command in sudo because it runs initgroups(3) |
---|
67 | # /after/ being chrooted, which puts users back in the groups we |
---|
68 | # added them to |
---|
69 | |
---|
70 | # Workaround for stupidity, see #928 for details |
---|
71 | # Remove this once we're running pam-afs-session 2.4 |
---|
72 | # Run this inside the "set -e" block so it'll fail if necessary |
---|
73 | echo "KRB5CCNAME=$KRB5CCNAME" >| /tmp/ticketenv |
---|
74 | |
---|
75 | set +e |
---|
76 | |
---|
77 | cd |
---|
78 | schroot -c "$session" -r -p -- /usr/lib/debathena-reactivate/session-wrapper "$@" |
---|
79 | cd / |
---|
80 | |
---|