111 lines
2.3 KiB
Bash
Executable File
111 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
|
|
usage()
|
|
{
|
|
echo
|
|
echo 'This script setups chroot environment for BIND'
|
|
echo 'Usage: setup-named-chroot.sh ROOTDIR <on|off> <config.files>'
|
|
}
|
|
|
|
if ! [ "$#" -eq 3 ]; then
|
|
echo 'Wrong number of arguments'
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
ROOTDIR="$1"
|
|
CONFIG_FILES="$3"
|
|
|
|
# Exit if ROOTDIR doesn't exist
|
|
if ! [ -d "$ROOTDIR" ]; then
|
|
echo "Root directory $ROOTDIR doesn't exist"
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
dev_create()
|
|
{
|
|
DEVNAME="$ROOTDIR/dev/$1"
|
|
MINOR="$2"
|
|
if ! [ -e "$DEVNAME" ]; then
|
|
/bin/mknod "$DEVNAME" c 1 $MINOR
|
|
fi
|
|
if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then
|
|
/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null
|
|
fi
|
|
}
|
|
|
|
dev_chroot_prep()
|
|
{
|
|
dev_create random 8
|
|
dev_create zero 5
|
|
dev_create null 3
|
|
}
|
|
|
|
files_comment_filter()
|
|
{
|
|
if [ -d "$1" ]; then
|
|
grep -v '^[[:space:]]*#' "$1"/*.files
|
|
else
|
|
grep -v '^[[:space:]]*#' "$1"
|
|
fi
|
|
}
|
|
|
|
mount_chroot_conf()
|
|
{
|
|
if [ -n "$ROOTDIR" ]; then
|
|
# Check devices are prepared
|
|
dev_chroot_prep
|
|
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
|
# Skip nonexistant files
|
|
[ -e "$all" ] || continue
|
|
|
|
# If mount source is a file
|
|
if ! [ -d "$all" ]; then
|
|
# mount it only if it is not present in chroot or it is empty
|
|
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
|
|
touch "$ROOTDIR$all"
|
|
mount --bind "$all" "$ROOTDIR$all"
|
|
fi
|
|
else
|
|
# Mount source is a directory. Mount it only if directory in chroot is
|
|
# empty.
|
|
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
|
mount --bind --make-private "$all" "$ROOTDIR$all"
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
umount_chroot_conf()
|
|
{
|
|
if [ -n "$ROOTDIR" ]; then
|
|
files_comment_filter "$CONFIG_FILES" | while read -r all; do
|
|
# Check if file is mount target. Do not use /proc/mounts because detecting
|
|
# of modified mounted files can fail.
|
|
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
|
umount "$ROOTDIR$all"
|
|
# Remove temporary created files
|
|
[ -f "$all" ] && rm -f "$ROOTDIR$all"
|
|
fi
|
|
done
|
|
fi
|
|
}
|
|
|
|
case "$2" in
|
|
on)
|
|
mount_chroot_conf
|
|
;;
|
|
off)
|
|
umount_chroot_conf
|
|
;;
|
|
*)
|
|
echo 'Second argument has to be "on" or "off"'
|
|
usage
|
|
exit 1
|
|
esac
|
|
|
|
exit 0
|