Skype Sandbox Script

skype-sandbox.sh

#!/bin/bash
# Copyright 2010 Clemens Fruhwirth <clemens@endorphin.org>
# Distribute under the GNU Public License http://www.gnu.org/licenses/gpl.html

set -x

COPYLIST="/etc/ld.so.conf /dev/v4l /dev/video* /dev/snd /etc/asound.conf /usr/bin/skype /usr/lib/alsa-lib/libasound_module_pcm_pulse.so /etc/fonts /var/lib/dbus/machine-id /usr/lib/libpulse.so.0 /usr/share/fonts /usr/bin/env"

if [ -z $(which jk_cp) -o -z $(which jk_update) ]
then
        echo $0: Cannot find jk_cp or jk_update. Please install jailkit http://olivier.sessink.nl/jailkit/
fi

if [ ! -e "$PULSECOOKIE" ]
then
        echo $0: Pulse cookie file does not exist
fi

if [ "$1" != "selfcall" ]
then
        exec sudo $0 selfcall $USER $HOME
fi

USER=$2
HOME=$3
XAUTHORITY=${XAUTHORITY:-$HOME/.Xauthority}

#PULSECOOKIE=/var/run/pulse/.pulse-cookie
PULSECOOKIE=$HOME/.pulse-cookie

DIR=/var/sandbox-$USER
if [ $UID != 0 ]
then
        echo need to run as root
        exit
fi

redoSandbox() {
        rm -fr $DIR
        mkdir $DIR
        cd $DIR
        install -d ./$HOME
        chown root:root $DIR
        mkdir bin opt lib usr etc
        for i in $COPYLIST;
        do
                jk_cp -o -j $DIR $i
        done
        mkdir ./$HOME/.Skype
}


redoSandbox
cd $DIR

# update authorization files

cp -a $XAUTHORITY ./$HOME/.Xauthority
cp -a $PULSECOOKIE etc/pulse-cookie

# Remount user .Skype subdir, so that he sees the same settings as before

mount --bind $HOME/.Skype ./$HOME/.Skype
trap ' umount ./$HOME/.Skype' INT TERM EXIT

# rather crude but effective why to drop the chrootuid dependency
# chrootuid . $USER usr/bin/env PULSE_SERVER=127.0.0.1 HOME=$HOME usr/bin/skype

chown $USER $DIR
chmod go-x $DIR
chown $USER usr/bin/skype
chgrp `id -g $USER` usr/bin/skype
chmod u+s usr/bin/skype
chmod g+s usr/bin/skype
chroot . usr/bin/env PULSE_SERVER=127.0.0.1 XAUTHORITY=./$HOME/.Xauthority HOME=$HOME usr/bin/skype