You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

86 lines
1.4KB

  1. #!/bin/sh
  2. if [ -z "$1" ]; then
  3. echo "Usage: $0 <binToJail>"
  4. exit
  5. fi
  6. BIN_PATH=`which "$1"`
  7. if [ -z $BIN_PATH ]; then
  8. echo "$1 not found."
  9. exit
  10. fi
  11. echo "Jailing '$BIN_PATH'..."
  12. JAIL=/opt/jails/$1
  13. rm -rf $JAIL
  14. # FS
  15. mkdir $JAIL
  16. mkdir $JAIL/{etc,dev,var,usr,run}
  17. mkdir $JAIL/usr/share
  18. mkdir $JAIL/lib64
  19. mkdir $JAIL/usr/lib64
  20. mkdir $JAIL/bin
  21. mkdir $JAIL/usr/bin
  22. mkdir $JAIL/usr/sbin
  23. mkdir $JAIL/tmp
  24. mkdir $JAIL/var/tmp
  25. chmod 1777 $JAIL/tmp
  26. chmod 1777 $JAIL/var/tmp
  27. echo "Base filesystem created"
  28. # dev
  29. mknod -m 0666 $JAIL/dev/null c 1 3
  30. mknod -m 0666 $JAIL/dev/random c 1 8
  31. mknod -m 0444 $JAIL/dev/urandom c 1 9
  32. echo "Special devices created"
  33. # cp binary
  34. cp "$BIN_PATH" "$JAIL$BIN_PATH"
  35. echo "'$BIN_PATH' binary copied to '$JAIL$BIN_PATH'"
  36. # required libs
  37. RAW_LIBS=`ldd $BIN_PATH`
  38. LIBS_LIST=`echo "$RAW_LIBS" |awk -F '=>' '{print $2}' |awk -F' ' '{print $1}'`
  39. for lib in $LIBS_LIST; do
  40. echo "Copying '$lib' to '$JAIL$lib'..."
  41. cp "$lib" "$JAIL$lib"
  42. done
  43. cp /lib64/ld-linux-x86-64.so.2 $JAIL/lib64/
  44. echo "Required libs copied"
  45. # locales
  46. echo "Copying locales..."
  47. cp -r /usr/share/locale $JAIL/usr/share
  48. # create passwd / group
  49. grep "^nobody" /etc/passwd > $JAIL/etc/passwd
  50. grep "^nobody" /etc/group > $JAIL/etc/group
  51. # useful etc files
  52. cp /etc/{resolv.conf,hosts,host.conf,nsswitch.conf} $JAIL/etc/
  53. echo "Etc files created."
  54. echo "Should be good to go!"
  55. echo "start the chroot with 'chroot $JAIL $BIN_PATH'"