| #!/bin/sh |
| |
| # Copyright 2015-2024 Rivoreo |
| # |
| # Permission is hereby granted, free of charge, to any person obtaining |
| # a copy of this software and associated documentation files (the |
| # "Software"), to deal in the Software without restriction, including |
| # without limitation the rights to use, copy, modify, merge, publish, |
| # distribute, sublicense, and/or sell copies of the Software, and to |
| # permit persons to whom the Software is furnished to do so, subject to |
| # the following conditions: |
| # |
| # The above copyright notice and this permission notice shall be included |
| # in all copies or substantial portions of the Software. |
| # |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
| # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
| # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
| # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
| # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| |
| |
| case "`getenforce 2> /dev/null`" in |
| Enforcing|Permissive) |
| mount() { |
| local changed_selinux r |
| [ "`getenforce 2> /dev/null`" = Enforcing ] && setenforce 0 > /dev/null 2>&1 && changed_selinux=1 || true |
| /bin/mount "$@" |
| r=$? |
| [ -n "$changed_selinux" ] && setenforce 1 > /dev/null 2>&1 || true |
| return $r |
| } |
| umount() { |
| local changed_selinux r |
| [ "`getenforce 2> /dev/null`" = Enforcing ] && setenforce 0 > /dev/null 2>&1 && changed_selinux=1 || true |
| /bin/umount "$@" |
| r=$? |
| [ -n "$changed_selinux" ] && setenforce 1 > /dev/null 2>&1 || true |
| return $r |
| } |
| ;; |
| esac |
| |
| set -e |
| |
| trap "" HUP |
| |
| mount --bind /proc/$$/task /proc/$$ |
| proc_path=/proc/$$/$$ |
| mount -t proc proc $proc_path |
| trap "umount $proc_path /proc/$$" EXIT |
| |
| set +e |
| |
| while true; do |
| for f in /proc/*/exe; do |
| [ -h "$f" ] || break |
| case "`readlink $f`" in |
| */fakeroot-ng|*"/fakeroot-ng (deleted)") |
| mount -t tmpfs systemd-1 -o size=0,mode=555,ro "${f%exe}" |
| ;; |
| */sudo) |
| if grep -Fq fakeroot-ng "${f%exe}cmdline"; then |
| mount -t tmpfs systemd-1 -o size=0,mode=555,ro "${f%exe}" |
| fi |
| ;; |
| */script) |
| if grep -Fq " export SHELL=" "${f%exe}cmdline"; then |
| mount -t tmpfs systemd-1 -o size=0,mode=555,ro "${f%exe}" |
| fi |
| ;; |
| esac |
| done |
| |
| while read -r line; do |
| set -- $line |
| [ $# != 6 ] && continue |
| case "$2" in |
| /proc/*/cmdline) |
| # Likely to fail, no workaround available |
| [ -f "${2%cmdline}stat" ] || umount "$2" |
| ;; |
| /proc/*/*) |
| ;; |
| /proc/$$) |
| ;; |
| /proc/*) |
| p="${2%\\040(deleted)}" |
| case "$1" in |
| proc|systemd-?) |
| pid="${p#/proc/}" |
| if [ ! -f "$proc_path/$pid/stat" ]; then |
| umount "$p" |
| elif grep -Eq "^$pid \\(script\\) [A-Z] 1 " "$proc_path/$pid/stat"; then |
| umount "$p" |
| kill -s KILL "$pid" |
| fi |
| ;; |
| none|dev|udev|devtmpfs|tmpfs) |
| umount "$p" |
| ;; |
| *) |
| [ /dev -ef "$p" ] && umount "$p" |
| ;; |
| esac |
| ;; |
| esac |
| done < /proc/1/mounts |
| |
| sleep 2 & wait $! |
| done > /dev/null 2>&1 |