Overview

File sandbox.init of Package policycoreutils

#!/bin/bash
### BEGIN INIT INFO
# Provides:          sandbox
# Required-Start:    $syslog $remote_fs
# Should-Start:.
# Required-Stop:     $syslog $remote_fs
# Should-Stop:.
# Default-Start:     5
# Default-Stop:      0 1 2 3 4 6
# Short-Description: SELinux Sandbox
# Description: sandbox is using pam_namespace to share the /var/tmp, /tmp and 
#              /home/sandbox accounts.  This script will setup the / mount 
#              point as shared and all of the subdirectories just these 
#              directories as unshared.
### END INIT INFO

. /etc/rc.status

rc_reset

LOCKFILE=/var/lock/subsys/sandbox

base=${0##*/}

case "$1" in
    start)
	[ -f "$LOCKFILE" ] && exit 0

	touch $LOCKFILE
	mount --make-rshared /
	mount --bind /tmp /tmp
	mount --bind /var/tmp /var/tmp
	mount --bind /home /home
	mount --make-private /home
	mount --make-private /tmp
	mount --make-private /var/tmp
	rc_status -v
	;;

    status)
	if [ -f "$LOCKFILE" ]; then 
	    echo "$base is running"
	else
	    echo "$base is stopped"
	fi
	rc_status -v
	;;

    stop)
	rm -f $LOCKFILE
	rc_status -v
	;;

    *)
	echo $"Usage: $0 {start|stop|status}"
	rc_status -v
	;;
esac

rc_exit
openSUSE Build Service is sponsored by
Places