mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-11-24 12:09:50 +00:00
97bf196c89
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
77 lines
1.3 KiB
Bash
77 lines
1.3 KiB
Bash
#!/bin/bash
|
|
## BEGIN INIT INFO
|
|
# Provides: sandbox
|
|
# Default-Start: 3 4 5
|
|
# Default-Stop: 0 1 2 3 4 6
|
|
# Required-Start:
|
|
#
|
|
## END INIT INFO
|
|
# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
|
|
#
|
|
# chkconfig: 345 1 99
|
|
#
|
|
# description: sandbox, xguest and other apps that want to use pam_namespace \
|
|
# require this script be run at boot. This service script does \
|
|
# not actually run any service but sets up: \
|
|
# / to be shared by any app that starts a separate namespace
|
|
# If you do not use sandbox, xguest or pam_namespace you can turn \
|
|
# this service off.\
|
|
#
|
|
|
|
# Source function library.
|
|
. /etc/init.d/functions
|
|
|
|
LOCKFILE=/var/lock/subsys/sandbox
|
|
|
|
base=${0##*/}
|
|
|
|
start() {
|
|
echo -n "Starting sandbox"
|
|
|
|
[ -f "$LOCKFILE" ] && return 0
|
|
|
|
touch $LOCKFILE
|
|
mount --make-rshared / || return $?
|
|
return 0
|
|
}
|
|
|
|
stop() {
|
|
echo -n "Stopping sandbox"
|
|
|
|
[ -f "$LOCKFILE" ] || return 1
|
|
}
|
|
|
|
status() {
|
|
if [ -f "$LOCKFILE" ]; then
|
|
echo "$base is running"
|
|
else
|
|
echo "$base is stopped"
|
|
fi
|
|
exit 0
|
|
}
|
|
|
|
case "$1" in
|
|
restart)
|
|
start && success || failure
|
|
;;
|
|
|
|
start)
|
|
start && success || failure
|
|
echo
|
|
;;
|
|
|
|
stop)
|
|
stop && success || failure
|
|
echo
|
|
;;
|
|
|
|
status)
|
|
status
|
|
;;
|
|
|
|
*)
|
|
echo $"Usage: $0 {start|stop|status|restart}"
|
|
exit 3
|
|
;;
|
|
esac
|