|
Adam Tkac |
d218af5 |
#!/bin/bash
|
|
Adam Tkac |
d218af5 |
|
|
 |
e09c558 |
ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf
|
|
Adam Tkac |
d218af5 |
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
|
|
|
aeb3d0f |
/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named
|
|
|
aeb3d0f |
/etc/crypto-policies/back-ends/bind.config /var/named'
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
usage()
|
|
Adam Tkac |
d218af5 |
{
|
|
Adam Tkac |
d218af5 |
echo
|
|
Adam Tkac |
d218af5 |
echo 'This script setups chroot environment for BIND'
|
|
Adam Tkac |
d218af5 |
echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]'
|
|
Adam Tkac |
d218af5 |
}
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
if ! [ "$#" -eq 2 ]; then
|
|
Adam Tkac |
d218af5 |
echo 'Wrong number of arguments'
|
|
Adam Tkac |
d218af5 |
usage
|
|
Adam Tkac |
d218af5 |
exit 1
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
ROOTDIR="$1"
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
# Exit if ROOTDIR doesn't exist
|
|
Adam Tkac |
d218af5 |
if ! [ -d "$ROOTDIR" ]; then
|
|
Adam Tkac |
d218af5 |
echo "Root directory $ROOTDIR doesn't exist"
|
|
Adam Tkac |
d218af5 |
usage
|
|
Adam Tkac |
d218af5 |
exit 1
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
mount_chroot_conf()
|
|
Adam Tkac |
d218af5 |
{
|
|
Adam Tkac |
d218af5 |
if [ -n "$ROOTDIR" ]; then
|
|
Adam Tkac |
d218af5 |
for all in $ROOTDIR_MOUNT; do
|
|
Adam Tkac |
d218af5 |
# Skip nonexistant files
|
|
Adam Tkac |
d218af5 |
[ -e "$all" ] || continue
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
# If mount source is a file
|
|
Adam Tkac |
d218af5 |
if ! [ -d "$all" ]; then
|
|
Adam Tkac |
d218af5 |
# mount it only if it is not present in chroot or it is empty
|
|
Adam Tkac |
d218af5 |
if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then
|
|
Adam Tkac |
d218af5 |
touch "$ROOTDIR$all"
|
|
Adam Tkac |
d218af5 |
mount --bind "$all" "$ROOTDIR$all"
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
else
|
|
Adam Tkac |
d218af5 |
# Mount source is a directory. Mount it only if directory in chroot is
|
|
Adam Tkac |
d218af5 |
# empty.
|
|
Adam Tkac |
d218af5 |
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
|
|
|
7eb562b |
mount --bind --make-private "$all" "$ROOTDIR$all"
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
done
|
|
Adam Tkac |
d218af5 |
fi
|
|
Adam Tkac |
d218af5 |
}
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
umount_chroot_conf()
|
|
Adam Tkac |
d218af5 |
{
|
|
Adam Tkac |
773ac2b |
if [ -n "$ROOTDIR" ]; then
|
|
Adam Tkac |
773ac2b |
for all in $ROOTDIR_MOUNT; do
|
|
Adam Tkac |
773ac2b |
# Check if file is mount target. Do not use /proc/mounts because detecting
|
|
Adam Tkac |
773ac2b |
# of modified mounted files can fail.
|
|
Adam Tkac |
773ac2b |
if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then
|
|
Adam Tkac |
773ac2b |
umount "$ROOTDIR$all"
|
|
Adam Tkac |
773ac2b |
# Remove temporary created files
|
|
Adam Tkac |
773ac2b |
[ -f "$all" ] && rm -f "$ROOTDIR$all"
|
|
Adam Tkac |
773ac2b |
fi
|
|
Adam Tkac |
773ac2b |
done
|
|
Adam Tkac |
773ac2b |
fi
|
|
Adam Tkac |
d218af5 |
}
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
case "$2" in
|
|
Adam Tkac |
d218af5 |
on)
|
|
Adam Tkac |
d218af5 |
mount_chroot_conf
|
|
Adam Tkac |
d218af5 |
;;
|
|
Adam Tkac |
d218af5 |
off)
|
|
Adam Tkac |
d218af5 |
umount_chroot_conf
|
|
Adam Tkac |
d218af5 |
;;
|
|
Adam Tkac |
d218af5 |
*)
|
|
Adam Tkac |
d218af5 |
echo 'Second argument has to be "on" or "off"'
|
|
Adam Tkac |
d218af5 |
usage
|
|
Adam Tkac |
d218af5 |
exit 1
|
|
Adam Tkac |
d218af5 |
esac
|
|
Adam Tkac |
d218af5 |
|
|
Adam Tkac |
d218af5 |
exit 0
|