Artifact Content
Not logged in

Artifact 24439959c3cc680f130940903389d996c38bb190:


#!/bin/bash

# build a very small chroot
ROOTDIR="/tmp/chroot"			# default chroot directory
DEFAULT_FILES="/bin/bash /bin/sh "	# basic chroot files
DEFAULT_FILES+="/etc/passwd /etc/nsswitch.conf /etc/group "
DEFAULT_FILES+=`find /lib -name libnss*`	# files required by glibc
DEFAULT_FILES+=" /bin/cp /bin/ls /bin/cat /bin/ps /bin/netstat /bin/ping /sbin/ifconfig /usr/bin/touch /bin/ip /bin/hostname /bin/grep /usr/bin/dig /usr/bin/openssl /usr/bin/id /usr/bin/getent /usr/bin/whoami /usr/bin/wc /usr/bin/wget /bin/umount"

rm -fr $ROOTDIR
mkdir -p $ROOTDIR/{root,bin,lib,lib64,usr,home,etc,dev/shm,tmp,var/run,var/tmp,var/lock,var/log,proc}
chmod 777 $ROOTDIR/tmp
mkdir -p $ROOTDIR/etc/firejail
mkdir -p $ROOTDIR/home/netblue/.config/firejail
chown netblue:netblue $ROOTDIR/home/netblue
chown netblue:netblue $ROOTDIR/home/netblue/.config
cp /home/netblue/.Xauthority $ROOTDIR/home/netblue/.
cp -a /etc/skel $ROOTDIR/etc/.
mkdir $ROOTDIR/home/someotheruser
mkdir $ROOTDIR/boot
mkdir $ROOTDIR/selinux
cp /etc/passwd $ROOTDIR/etc/.
cp /etc/group $ROOTDIR/etc/.
cp /etc/hosts $ROOTDIR/etc/.
cp /etc/hostname $ROOTDIR/etc/.
mkdir -p $ROOTDIR/usr/lib/x86_64-linux-gnu
cp -a /usr/lib/x86_64-linux-gnu/openssl-1.0.0 $ROOTDIR/usr/lib/x86_64-linux-gnu/.
cp -a /usr/lib/ssl $ROOTDIR/usr/lib/.
touch $ROOTDIR/var/log/syslog
touch $ROOTDIR/var/tmp/somefile
SORTED=`for FILE in $* $DEFAULT_FILES; do echo " $FILE "; ldd $FILE | grep -v dynamic | cut -d " " -f 3; done | sort -u`
for FILE in $SORTED
do
	cp --parents $FILE $ROOTDIR
done
cp --parents /lib64/ld-linux-x86-64.so.2 $ROOTDIR
cp --parents /lib/ld-linux.so.2 $ROOTDIR
cp unchroot $ROOTDIR/.
touch $ROOTDIR/this-is-my-chroot

cd $ROOTDIR; find .
mkdir -p usr/lib/firejail/
cp /usr/lib/firejail/libtrace.so usr/lib/firejail/.


echo "To enter the chroot directory run: firejail --chroot=$ROOTDIR"