From e22e999be671871393a543d900571f0ae2edeff0 Mon Sep 17 00:00:00 2001 From: Dryusdan Date: Tue, 16 Mar 2021 18:12:49 +0100 Subject: [PATCH] Add curl and ssl capabilities on chroot + add php sessions folder --- chroot.sh | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/chroot.sh b/chroot.sh index c5ce54f..45cc32a 100644 --- a/chroot.sh +++ b/chroot.sh @@ -96,11 +96,8 @@ function cpDep # Linked libraries for DEP in $(ldd "${1}" | grep '=>' |cut -d'>' -f2 | awk '{print $1}') do - if [[ ! -d "${CHROOTPATH}/$(dirname "${DEP}")" ]] - then - mkdir -p "${CHROOTPATH}/$(dirname "${DEP}")" - cp "${DEP}" "${CHROOTPATH}/${DEP}" - fi + mkdir -p "${CHROOTPATH}/$(dirname "${DEP}")" + cp "${DEP}" "${CHROOTPATH}/${DEP}" done # And lib64 @@ -139,6 +136,9 @@ function _ETC cp "/etc/${conf}" "${CHROOTPATH}/etc/" done fi + info "Create ssl" + mkdir -p "${CHROOTPATH}/etc/ssl" + cp -rf /etc/ssl/certs ${CHROOTPATH}/etc/ssl } function _DEV @@ -156,7 +156,7 @@ function _DEV function _LIB { - for lib_name in {libnss,libnss_dns,libxml,libcurl} + for lib_name in {libnss,libnss_dns,libxml,libcurl,libsqlite3} do info "Copy ${lib_name}" for lib in $(whereis ${lib_name}) @@ -168,6 +168,12 @@ function _LIB fi done done + for lib in $(ls /lib/x86_64-linux-gnu/*dns.* /lib/x86_64-linux-gnu/*dns-*) + do + info "Copy ${lib}" + mkdir -p "${CHROOTPATH}/$(dirname ${lib})" + cp -f "${lib}" "${CHROOTPATH}/$(dirname ${lib})" + done } @@ -229,6 +235,16 @@ function _CONFIGURE info "Copy ${chrooter}" cp "${CHROOTPATH}/etc/${chrooter}" "${WEBCHROOT}/etc/${chrooter}" done + info "Create certs path" + mkdir -p "${WEBCHROOT}/etc/ssl/certs" + info "Mount RO certs path" + mount --bind -o ro /etc/ssl/certs "${WEBCHROOT}/etc/ssl/certs" + info "Create session folder" + mkdir -p ${WEBCHROOT}/var/lib/php/sessions + info "Chmod 755 all var" + chmod 755 "${WEBCHROOT}/var/" + info "Add sticky bit" + chmod 1757 "${WEBCHROOT}/var/lib/php/sessions" }