#! /bin/bash
# $Id: chcontext 2383 2006-11-17 18:48:33Z dhozac $

# Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
#  
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#  
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#  
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

: ${UTIL_VSERVER_VARS:=/usr/lib/util-vserver/util-vserver-vars}
test -e "$UTIL_VSERVER_VARS" || {
    echo $"Can not find util-vserver installation (the file '$UTIL_VSERVER_VARS' would be expected); aborting..." >&2
    exit 1
}
. "$UTIL_VSERVER_VARS"
. "$_LIB_FUNCTIONS"

function showHelp()
{
    echo \
$"Usage: $1 [--cap [!]<cap_name>] [--secure] [--xid <num>] [--disconnect]
       [--domainname <name>] [--hostname <name>] [--flag <flags>+]
       [--silent] [--] command arguments ...

chcontext allocate a new security context and executes
a command in that context.
By default, a new/unused context is allocated

--cap CAP_NAME
    Add a capability from the command. This option may be
    repeated several time.
    See /usr/include/linux/capability.h
    In general, this option is used with the --secure option
    --secure removes most critical capabilities and --cap
    adds specific ones.

--cap !CAP_NAME
    Remove a capability from the command. This option may be
    repeated several time.
    See /usr/include/linux/capability.h

--xid num
    Select the context. On root in context 0 is allowed to
    select a specific context.
    Context number 1 is special. It can see all processes
    in any contexts, but can't kill them though.
    Option --xid may be repeated several times to specify up to 16 contexts.
--disconnect
    Start the command in background and make the process
    a child of process 1.
--domainname new_domainname
    Set the domainname (NIS) in the new security context.
    Use "none" to unset the domain name.
--flag
    Set one flag in the new or current security context. The following
    flags are supported. The option may be used several time.

        fakeinit: The new process will believe it is process number 1.
                  Useful to run a real /sbin/init in a vserver.
        lock:     The new process is trapped and can't use chcontext anymore.
        sched:    The new process and its children will share a common 
                  execution priority.
        nproc:    Limit the number of process in the vserver according to
                  ulimit setting. Normally, ulimit is a per user thing.
                  With this flag, it becomes a per vserver thing.
        private:  No one can join this security context once created.
        ulimit:   Apply the current ulimit to the whole context
--hostname new_hostname
    Set the hostname in the new security context
    This is need because if you create a less privileged
    security context, it may be unable to change its hostname
--secure
    Remove all the capabilities to make a virtual server trustable
--silent
    Do not print the allocated context number.

Report bugs to <$PACKAGE_BUGREPORT>."
    exit $2
}

function showVersion()
{
    echo \
$"chcontext $PACKAGE_VERSION -- allocates/enters a security context
This program is part of $PACKAGE_STRING

Copyright (C) 2004 Enrico Scholz
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty."
    exit $1
}

$_VSERVER_INFO - FEATURE migrate || exec $_CHCONTEXT_COMPAT "$@"

tmp=$(getopt -o + --long cap:,ctx:,xid:,disconnect,domainname:,flag:,hostname:,secure,silent,help,version -n "$0" -- "$@") || exit 1
eval set -- "$tmp"

OPT_CAPS=()
OPT_CTX=
OPT_DISCONNECT=
OPT_FLAGS=()
OPT_SECURE=
OPT_SILENT=
OPT_INITPID=

while true; do
    case "$1" in
	--help)    	showHelp $0 0;;
	--version) 	showVersion 0;;
	--cap)		OPT_CAPS=( "${OPT_CAPS[@]}" "$2" ); shift;;
	--ctx|--xid)	OPT_CTX=$2; shift;;
	--disconnect)	OPT_DISCONNECT=1;;
	--domainname)	OPT_DOMAINNAME=$2; shift;;
	--hostname)	OPT_HOSTNAME=$2;   shift;;
	--flag)
	    test "$2" != "fakeinit" || OPT_INITPID=--initpid
	    OPT_FLAGS=( "${OPT_FLAGS[@]}" "$2" )
	    shift
	    ;;
	--secure)	OPT_SECURE=1;;
	--silent)	OPT_SILENT=1;;
	--)		shift; break;;
	*)		echo $"chcontext: internal error; arg=='$1'" >&2; exit 1;;
    esac
    shift
done

create_cmd=( $_VCONTEXT --create --silentexist
	     ${OPT_SILENT:+--silent}
	     ${OPT_CTX:+--xid "$OPT_CTX"} )

chain_cmd=()

old_IFS=$IFS
IFS=,$IFS

test -z "$OPT_DOMAINNAME$OPT_HOSTNAME" || \
    chain_cmd=( "${chain_cmd[@]}"
		--
		$_VUNAME --set --xid self
		${OPT_DOMAINNAME:+-t domainname="$OPT_DOMAINNAME"}
		${OPT_HOSTNAME:+  -t nodename="$OPT_HOSTNAME"} )

chain_cmd=( "${chain_cmd[@]}"
		--
		$_VATTRIBUTE --set
		${OPT_SECURE:+--secure}
		${OPT_CAPS:+--bcap "${OPT_CAPS[*]}"}
		${OPT_FLAGS:+--flag "${OPT_FLAGS[*]}"} )
		
migrate_cmd=( $_VCONTEXT
	      ${OPT_SILENT:+--silent}
	      ${OPT_DISCONNECT:+--disconnect}
	      $OPT_INITPID )

IFS=$old_IFS

if test -z "$OPT_CTX" || $_VSERVER_INFO -q "$OPT_CTX" XIDTYPE static; then
    "${create_cmd[@]}" "${chain_cmd[@]}" -- \
	"${migrate_cmd[@]}" --endsetup --migrate-self -- "$@"
    rc=$?
else
    rc=254
fi

test "$rc" -ne 254 || exec "${migrate_cmd[@]}" --xid "$OPT_CTX" --migrate -- "$@"
exit $rc