Updated scripts/update-base.sh (added the unprivilege function).

diff --git a/scripts/update-base.sh b/scripts/update-base.sh
index 91c7a648962fdd3b5374634172024ffab2b77289..f9bc5350bf1e47126ffdd6d75ebcd15519d44a35 100755 (executable)
--- a/scripts/update-base.sh
+++ b/scripts/update-base.sh
@@ -15,6 +15,87 @@ then
     exit 1
 fi
 
+mount_dev_proc_sys()
+{
+    if [ ! -d $CONTAINER_PATH/rootfs/dev ]
+    then
+        mkdir $CONTAINER_PATH/rootfs/dev
+    fi
+    if [ ! -d $CONTAINER_PATH/rootfs/proc ]
+    then
+        mkdir $CONTAINER_PATH/rootfs/proc
+    fi
+    if [ ! -d $CONTAINER_PATH/rootfs/sys ]
+    then
+        mkdir $CONTAINER_PATH/rootfs/sys
+    fi
+    mount -o bind /dev $CONTAINER_PATH/rootfs/dev
+    mount -t proc proc $CONTAINER_PATH/rootfs/proc
+    mount -t sysfs sysfs $CONTAINER_PATH/rootfs/sys
+}
+
+umount_dev_proc_sys()
+{
+    umount $CONTAINER_PATH/rootfs/dev
+    umount $CONTAINER_PATH/rootfs/proc
+    umount $CONTAINER_PATH/rootfs/sys
+}
+
+unprivilege()
+{
+    find $CONTAINER_PATH/rootfs -perm -u+s >/tmp/us.$$
+    find $CONTAINER_PATH/rootfs -perm -g+s >/tmp/gs.$$
+    find $CONTAINER_PATH/rootfs -perm -o+t >/tmp/ot.$$
+
+    PRIV_UID=0
+    PRIV_UID_COUNT=$(find $CONTAINER_PATH/rootfs -uid $PRIV_UID | wc -l)
+    if [ $PRIV_UID_COUNT -gt 0 ]
+    then
+        echo "root user files: $PRIV_UID_COUNT"
+        UNPRIV_UID=$(( $PRIV_UID + 100000 ))
+        find $CONTAINER_PATH/rootfs -uid $PRIV_UID -print0 | xargs -0 chown --no-dereference $UNPRIV_UID
+    fi
+
+    PRIV_GID=0
+    PRIV_GID_COUNT=$(find $CONTAINER_PATH/rootfs -gid $PRIV_GID | wc -l)
+    if [ $PRIV_GID_COUNT -gt 0 ]
+    then
+        echo "root group files: $PRIV_GID_COUNT"
+        UNPRIV_GID=$(( $PRIV_GID + 100000 ))
+        find $CONTAINER_PATH/rootfs -gid $PRIV_GID -print0 | xargs -0 chgrp --no-dereference $UNPRIV_GID
+    fi
+
+    find $CONTAINER_PATH/rootfs -uid -100000 | while read PRIV_UID_FILE
+    do
+        ls --directory -l $PRIV_UID_FILE
+        PRIV_UID=$(stat --format="%u" $PRIV_UID_FILE)
+        UNPRIV_UID=$(( $PRIV_UID + 100000 ))
+        chown --no-dereference $UNPRIV_UID $PRIV_UID_FILE
+    done
+
+    find $CONTAINER_PATH/rootfs -gid -100000 | while read PRIV_GID_FILE
+    do
+        ls --directory -l $PRIV_GID_FILE
+        PRIV_GID=$(stat --format="%g" $PRIV_GID_FILE)
+        UNPRIV_GID=$(( $PRIV_GID + 100000 ))
+        chgrp --no-dereference $UNPRIV_GID $PRIV_GID_FILE
+    done
+
+    cat /tmp/us.$$ | while read US_NODE
+    do
+        chmod u+s $US_NODE
+    done
+    cat /tmp/gs.$$ | while read GS_NODE
+    do
+        chmod g+s $GS_NODE
+    done
+    cat /tmp/ot.$$ | while read OT_NODE
+    do
+        chmod o+t $OT_NODE
+    done
+    rm --force /tmp/us.$$ /tmp/gs.$$ /tmp/ot.$$
+}
+
 update_packages()
 {
     case "$DISTRIBUTION" in
@@ -173,6 +254,9 @@ fi
 
 echo "Starting at $(date)"
 
+mount_dev_proc_sys
 update_packages
+umount_dev_proc_sys
+unprivilege
 
 echo "Finishing at $(date)"