diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2017-12-31 17:41:55 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2017-12-31 17:41:55 -0200 |
commit | 028accfd58fc446cd6b9b8bcc4cbbab1bff7911e (patch) | |
tree | ad156546cef8b160d31b57e20c8958d4e1284eb9 | |
parent | ba560f275675cdb42499c5b03f2593cde508da9b (diff) | |
download | kvmx-028accfd58fc446cd6b9b8bcc4cbbab1bff7911e.tar.gz kvmx-028accfd58fc446cd6b9b8bcc4cbbab1bff7911e.tar.bz2 |
Adds kvmx-restricted-shell
-rwxr-xr-x | kvmx | 16 | ||||
-rwxr-xr-x | kvmx-restricted-shell | 25 | ||||
-rwxr-xr-x | kvmx-shell | 10 |
3 files changed, 50 insertions, 1 deletions
@@ -1642,6 +1642,10 @@ function kvmx_version { # Shell function kvmx_shell { + local restricted="$1" + local restricted_actions=":status:start:stop:poweroff:suspend:resume:console:monitor" + restricted_actions="$restricted_actions:wipe:shred:app_base:version:list_image:kill:" + # While a "quit" command isn't entered, read STDIN while read -rep "kvmx:/${USER}@${VM}> " STDIN; do if [ "$STDIN" == "quit" ] || [ "$STDIN" == "exit" ] || [ "$STDIN" == "bye" ]; then @@ -1651,7 +1655,17 @@ function kvmx_shell { elif [[ -n "$STDIN" && "$STDIN" != "#"* ]]; then # If line is not empty or commented, process command STDIN=($STDIN) - $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1} + + # But check first if we're in a restricted shell + if [ "$restricted" == "restricted" ]; then + if ! echo $restricted_actions | grep -q ":${STDIN[0]}:"; then + echo "Running in restricted shell mode." + echo "Allowed commands are only `echo $restricted_actions | tr ':' ' '`" + fi + else + # Process command + $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1} + fi fi done } diff --git a/kvmx-restricted-shell b/kvmx-restricted-shell new file mode 100755 index 0000000..19fbbbf --- /dev/null +++ b/kvmx-restricted-shell @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +# +# kvmx-restricted-shell restricted login shell wrapper for a single VM per user +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" + +# Dispatch, restricted version +$DIRNAME/kvmx shell $USER restricted @@ -22,4 +22,14 @@ DIRNAME="`dirname $0`" # Dispatch +# +# WARNING: this is not a restricted shell. By using the "config" action +# one can easilly run arbitrary commands. So assume kvmx-shell is just +# a utility wrapper for kvmx and not a complete isolation sollution. +# +# Assume this shell is as safe as giving /bin/bash access to the user. +# +# You might use `kvmx-restricted-shell` instead of use it as an example to +# build a restricted shell by allowing just a small subset of kvmx commands +# like starting/stopping the guest. $DIRNAME/kvmx shell $USER |