aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xkvmx16
-rwxr-xr-xkvmx-restricted-shell25
-rwxr-xr-xkvmx-shell10
3 files changed, 50 insertions, 1 deletions
diff --git a/kvmx b/kvmx
index f8d1167..1c30ad6 100755
--- a/kvmx
+++ b/kvmx
@@ -1642,6 +1642,10 @@ function kvmx_version {
# Shell
function kvmx_shell {
+ local restricted="$1"
+ local restricted_actions=":status:start:stop:poweroff:suspend:resume:console:monitor"
+ restricted_actions="$restricted_actions:wipe:shred:app_base:version:list_image:kill:"
+
# While a "quit" command isn't entered, read STDIN
while read -rep "kvmx:/${USER}@${VM}> " STDIN; do
if [ "$STDIN" == "quit" ] || [ "$STDIN" == "exit" ] || [ "$STDIN" == "bye" ]; then
@@ -1651,7 +1655,17 @@ function kvmx_shell {
elif [[ -n "$STDIN" && "$STDIN" != "#"* ]]; then
# If line is not empty or commented, process command
STDIN=($STDIN)
- $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+
+ # But check first if we're in a restricted shell
+ if [ "$restricted" == "restricted" ]; then
+ if ! echo $restricted_actions | grep -q ":${STDIN[0]}:"; then
+ echo "Running in restricted shell mode."
+ echo "Allowed commands are only `echo $restricted_actions | tr ':' ' '`"
+ fi
+ else
+ # Process command
+ $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+ fi
fi
done
}
diff --git a/kvmx-restricted-shell b/kvmx-restricted-shell
new file mode 100755
index 0000000..19fbbbf
--- /dev/null
+++ b/kvmx-restricted-shell
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# kvmx-restricted-shell restricted login shell wrapper for a single VM per user
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+
+# Dispatch, restricted version
+$DIRNAME/kvmx shell $USER restricted
diff --git a/kvmx-shell b/kvmx-shell
index 5149087..a8a7eb1 100755
--- a/kvmx-shell
+++ b/kvmx-shell
@@ -22,4 +22,14 @@
DIRNAME="`dirname $0`"
# Dispatch
+#
+# WARNING: this is not a restricted shell. By using the "config" action
+# one can easilly run arbitrary commands. So assume kvmx-shell is just
+# a utility wrapper for kvmx and not a complete isolation sollution.
+#
+# Assume this shell is as safe as giving /bin/bash access to the user.
+#
+# You might use `kvmx-restricted-shell` instead of use it as an example to
+# build a restricted shell by allowing just a small subset of kvmx commands
+# like starting/stopping the guest.
$DIRNAME/kvmx shell $USER