1 files changed, 15 insertions, 1 deletions

diff --git a/kvmx b/kvmx
index f8d1167..1c30ad6 100755
--- a/kvmx
+++ b/kvmx
@@ -1642,6 +1642,10 @@ function kvmx_version {
 
 # Shell
 function kvmx_shell {
+  local restricted="$1"
+  local restricted_actions=":status:start:stop:poweroff:suspend:resume:console:monitor"
+        restricted_actions="$restricted_actions:wipe:shred:app_base:version:list_image:kill:"
+
   # While a "quit" command isn't entered, read STDIN
   while read -rep "kvmx:/${USER}@${VM}> " STDIN; do
     if [ "$STDIN" == "quit" ] || [ "$STDIN" == "exit" ] || [ "$STDIN" == "bye" ]; then
@@ -1651,7 +1655,17 @@ function kvmx_shell {
     elif [[ -n "$STDIN" && "$STDIN" != "#"* ]]; then
       # If line is not empty or commented, process command
       STDIN=($STDIN)
-      $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+
+      # But check first if we're in a restricted shell
+      if [ "$restricted" == "restricted" ]; then
+        if ! echo $restricted_actions | grep -q ":${STDIN[0]}:"; then
+          echo "Running in restricted shell mode."
+          echo "Allowed commands are only `echo $restricted_actions | tr ':' ' '`"
+        fi
+      else
+        # Process command
+        $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+      fi
     fi
   done
 }