/usr/local/bin/my-chroot

my-chroot

#! /bin/bash

readonly CHROOTBASE='/usr/local/arch'
readonly STARTSSHD='/usr/bin/dropbear -R -p 8022'
readonly SSHDPIDFILE="/var/run/dropbear.pid"

notice() {
  printf "NOTICE: ${1}\n" >&2
}

err_exit() {
  printf "ERR: ${1}\n" >&2
  exit ${2}
}

mount_proc() {
  local target="${CHROOTBASE}/proc"

  mountpoint -q "${target}"
  if [[ ${?} -ne 0 ]]; then
    mount -t proc proc "${target}"
  else
    notice "${target} is already mounted"
  fi
}

mount_rbind() {
  local source="${1}"
  local target="${CHROOTBASE}${1}"

  mountpoint -q "${target}"
  if [[ ${?} -ne 0 ]]; then
    mount -R "${source}" "${target}"
    mount --make-rslave "${target}"
  else
    notice "${target} is already mounted"
  fi
}

umount_rbind() {
  local target="${CHROOTBASE}${1}"

  mountpoint -q "${target}"
  if [[ ${?} -eq 0 ]]; then
    umount -flR "${target}"
  else
    notice "${target} is not mounted"
  fi
}

umount_proc() {
  umount_rbind /proc
}

chroot_mount() {
  mount_proc
  mount_rbind /sys
  mount_rbind /dev
  mount_rbind /run
}

chroot_umount() {
  umount_rbind /run
  umount_rbind /dev
  umount_rbind /sys
  umount_proc
}

start_sshd() {
  chroot "${CHROOTBASE}" ${STARTSSHD}
}

stop_sshd() {
  local pidfile="${CHROOTBASE}${SSHDPIDFILE}"
  local startsshd=(${STARTSSHD})
  local sshdname="$(basename ${startsshd[0]})"

  if [[ -f "${pidfile}" ]]; then
    kill $(cat "${pidfile}")
  else
    notice "${pidfile} is not found"
    ps -C "${sshdname}" -f
  fi
}

help() {
  printf "usage: ${0} <command>

command:
   start      Start a ssh server in the chroot jail
   stop       Stop the running ssh server
   mount      Mount targets needed by the chroot jail
   umount     Unmount mounted targets
   help       Show this messages
"
}

case "${1}" in
  start) start_sshd ;;
  stop) stop_sshd ;;
  mount) chroot_mount ;;
  umount) chroot_umount ;;
  *) help ;;
esac