commit e748a4d5a43dd7606652eb4b8aac5c2c16380e70 Author: Harold Paulson Date: Thu Nov 12 12:32:35 2020 -0800 import chroot mgr diff --git a/chroots-example.conf b/chroots-example.conf new file mode 100644 index 0000000..f4d71de --- /dev/null +++ b/chroots-example.conf @@ -0,0 +1,8 @@ + +[haroldp] +file : /bin/ls +file : /var/run/ld-elf.so.hints +file : /libexec/ld-elf.so.1 + +dir : /usr/local/share/icu + diff --git a/update-chroots.pl b/update-chroots.pl new file mode 100644 index 0000000..b187fe7 --- /dev/null +++ b/update-chroots.pl @@ -0,0 +1,78 @@ +#!/usr/local/bin/perl -w +# +# TODO: +# - Be smart about adding ld-elf.so.hints and ld-elf.so.1 +# + +use strict; +use vars qw( $CONF_FILE %CONF $DEBUG ); +use Config::Std; +use File::Basename; +use Data::Dumper; + +$CONF_FILE = '/usr/local/etc/chroots.conf'; +$DEBUG = 1; + +if (-e $CONF_FILE ) { + if ( -r $CONF_FILE ) { + print("$CONF_FILE\n") if $DEBUG; + read_config $CONF_FILE => %CONF; + my @users = keys(%CONF); + foreach my $user (@users) { + print("$user:\n") if $DEBUG; + my $chroot = "/home/$user"; # FIXME: don't guess, know + my @files; + if ( exists $CONF{$user}{'file'} ) { + if ( ref($CONF{$user}->{'file'}) eq 'ARRAY' ) { + @files = @{$CONF{$user}{'file'}}; + } + else { + push(@files, $CONF{$user}->${'file'}); + } + } + my %uniq_files; + foreach my $file (@files) { + $uniq_files{$file} = 1; + my @libs = `ldd $file | egrep -v ^/ | cut -w -f4`; + foreach my $lib (@libs) { + chomp($lib); + $uniq_files{$lib} = 1; + } + } + foreach my $file ( keys(%uniq_files) ) { + my $file_dir = dirname($file); + if (! -e "$chroot$file_dir" ) { + system("mkdir -p $chroot$file_dir"); + } + my $cmd = "cp -f $file $chroot$file"; + print("$cmd\n") if $DEBUG; + system($cmd); + } + + my @dirs; + if ( exists $CONF{$user}{'dir'} ) { + if ( ref($CONF{$user}->{'dir'}) eq 'ARRAY' ) { + @dirs = @{$CONF{$user}{'dir'}}; + } + else { + push(@dirs, $CONF{$user}->{'dir'}); + } + } + + foreach my $dir ( @dirs ) { + if (! -e "$chroot$dir" ) { + my $cmd = ("mkdir -p $chroot$dir"); + print("$cmd\n") if $DEBUG; + system("mkdir -p $chroot$dir"); + } + my $cmd = "cp -R $dir/ $chroot$dir/"; + print("$cmd\n") if $DEBUG; + system($cmd); + } + } + } + else { + die("Error: Could not read $CONF_FILE\n"); + } +} +