Moved some stuff around, added the first unit test, with no instructions on how to run it; updated readme for NOOP explanation.

2012-08-06 19:27:55 -04:00
parent cea08e9d74
commit 22aa757238
9 changed files with 54 additions and 15 deletions
--- a/client/bin/disco-fs-mount
+++ b/client/bin/disco-fs-mount
@@ -43,7 +43,7 @@ if [ "$NOOP" != "" ]; then
    echo "export PATH=${DISCOROOT}/restricted/bin" >> ${DISCOROOT}/munge/etc/profile

    # Make default wrapper
-    echo -e "#!/bin/bash\necho \"info: Would execute \$0 \$@\"" > ${DISCOROOT}/restricted/bin/_disco_restricted_cmd
+    echo -e "#!/bin/bash\necho \"info: Would execute : \$(basename \$0) \$@\"" > ${DISCOROOT}/restricted/bin/_disco_restricted_cmd
    chmod +x ${DISCOROOT}/restricted/bin/_disco_restricted_cmd

    # Now link everything to the default wrapper
--- a/client/bin/disco-sh-exec
+++ b/client/bin/disco-sh-exec
@@ -8,12 +8,7 @@ if [ $? -ne 0 ]; then
 fi

 # Strip out any shebang and put the script in the root
-mkdir -p ${DISCOROOT}/execs/$(dirname $2)
-cat $1 | sed s/'^#!.*'/''/g > ${DISCOROOT}/execs/$2
-if [ "$NOOP" != "" ]; then
-    chroot ${DISCOROOT}/chroot /bin/bash --restricted $2
-else
-    chroot ${DISCOROOT}/chroot /bin/bash $2
-fi
-./disco-fs-unmount
+mkdir -p ${DISCOROOT}/restricted/$(dirname $2)
+cat $1 | sed s/'^#!.*'/''/g > ${DISCOROOT}/restricted/$2
+$(dirname $0)/disco-sh-shell ${DISCOROOT}/restricted/$2
 exit $?
--- a/client/bin/disco-sh-shell
+++ b/client/bin/disco-sh-shell
@@ -4,12 +4,13 @@ DISCOROOT=/var/disco/testfs

 mount | grep $DISCOROOT >/dev/null 2>&1
 if [ $? -ne 0 ]; then
-    ./disco-fs-mount
+    echo "disco filesystem is not mounted"
+    exit 0
 fi
+
 if [ "$NOOP" != "" ]; then
-    chroot ${DISCOROOT}/chroot /bin/rbash
+    chroot ${DISCOROOT}/chroot /bin/env PATH=${DISCOROOT}/restricted/bin /bin/bash --login --restricted $@
 else
-    chroot ${DISCOROOT}/chroot /bin/bash 
+    chroot ${DISCOROOT}/chroot /bin/bash --login $@
 fi
-./disco-fs-unmount
 exit $?
--- a/client/bin/disco-shutup
+++ b/client/bin/disco-shutup
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# This is a convenience to the user of restricted shells, so they can redirect stdout to /dev/null
+# Use like [ COMMAND | disco-shutup] ... doesn't do much for stderr, sorry.
+
+cat > /dev/null
--- a/client/etc/disco/client.cfg
+++ b/client/etc/disco/client.cfg
@@ -0,0 +1,8 @@
+DISCOROOT=/var/disco/testfs
+COLOR_CYAN=$(echo -e '\033[0;36;40m'); 
+COLOR_MAGENTA=$(echo -e '\033[0;35;40m');
+COLOR_GREEN=$(echo -e '\033[0;32;40m');
+COLOR_YELLOW=$(echo -e '\033[0;33;40m');
+COLOR_BLUE=$(echo -e '\033[0;34;40m');
+COLOR_RED=$(echo -e '\033[0;31;40m');
+COLOR_NORMAL=$(echo -e '\033[0m');
--- a/client/etc/disco/rerstricted.d/base.bin.d
+++ b/client/etc/disco/rerstricted.d/base.bin.d
--- a/client/etc/disco/rerstricted.d/base.usr.bin.d
+++ b/client/etc/disco/rerstricted.d/base.usr.bin.d