/skype-sandbox.sh

## skype-sandbox.sh
#!/bin/bash
# Copyright 2010 Clemens Fruhwirth <clemens@endorphin.org>
# Distribute under the GNU Public License http://www.gnu.org/licenses/gpl.html

set -x

COPYLIST="/etc/ld.so.conf /dev/v4l /dev/video* /dev/snd /etc/asound.conf /usr/bin/skype /usr/lib/alsa-lib/libasound_module_pcm_pulse.so /etc/fonts /var/lib/dbus/machine-id /usr/lib/libpulse.so.0 /usr/share/fonts /usr/bin/env"

if [ -z $(which jk_cp) -o -z $(which jk_update) ]
then
        echo $0: Cannot find jk_cp or jk_update. Please install jailkit http://olivier.sessink.nl/jailkit/
fi

if [ ! -e "$PULSECOOKIE" ]
then
        echo $0: Pulse cookie file does not exist
fi

if [ "$1" != "selfcall" ]
then
        exec sudo $0 selfcall $USER $HOME
fi

USER=$2
HOME=$3
XAUTHORITY=${XAUTHORITY:-$HOME/.Xauthority}

#PULSECOOKIE=/var/run/pulse/.pulse-cookie
PULSECOOKIE=$HOME/.pulse-cookie

DIR=/var/sandbox-$USER
if [ $UID != 0 ]
then
        echo need to run as root
        exit
fi

redoSandbox() {
        rm -fr $DIR
        mkdir $DIR
        cd $DIR
        install -d ./$HOME
        chown root:root $DIR
        mkdir bin opt lib usr etc
        for i in $COPYLIST;
        do
                jk_cp -o -j $DIR $i
        done
        mkdir ./$HOME/.Skype
}


redoSandbox
cd $DIR

# update authorization files

cp -a $XAUTHORITY ./$HOME/.Xauthority
cp -a $PULSECOOKIE etc/pulse-cookie

# Remount user .Skype subdir, so that he sees the same settings as before

mount --bind $HOME/.Skype ./$HOME/.Skype
trap ' umount ./$HOME/.Skype' INT TERM EXIT

# rather crude but effective why to drop the chrootuid dependency
# chrootuid . $USER usr/bin/env PULSE_SERVER=127.0.0.1 HOME=$HOME usr/bin/skype

chown $USER $DIR
chmod go-x $DIR
chown $USER usr/bin/skype
chgrp `id -g $USER` usr/bin/skype
chmod u+s usr/bin/skype
chmod g+s usr/bin/skype
chroot . usr/bin/env PULSE_SERVER=127.0.0.1 XAUTHORITY=./$HOME/.Xauthority HOME=$HOME usr/bin/skype
	#!/bin/bash
	# Copyright 2010 Clemens Fruhwirth <clemens@endorphin.org>
	# Distribute under the GNU Public License http://www.gnu.org/licenses/gpl.html

	set -x

	COPYLIST="/etc/ld.so.conf /dev/v4l /dev/video* /dev/snd /etc/asound.conf /usr/bin/skype /usr/lib/alsa-lib/libasound_module_pcm_pulse.so /etc/fonts /var/lib/dbus/machine-id /usr/lib/libpulse.so.0 /usr/share/fonts /usr/bin/env"

	if [ -z $(which jk_cp) -o -z $(which jk_update) ]
	then
	echo $0: Cannot find jk_cp or jk_update. Please install jailkit http://olivier.sessink.nl/jailkit/
	fi

	if [ ! -e "$PULSECOOKIE" ]
	then
	echo $0: Pulse cookie file does not exist
	fi

	if [ "$1" != "selfcall" ]
	then
	exec sudo $0 selfcall $USER $HOME
	fi

	USER=$2
	HOME=$3
	XAUTHORITY=${XAUTHORITY:-$HOME/.Xauthority}

	#PULSECOOKIE=/var/run/pulse/.pulse-cookie
	PULSECOOKIE=$HOME/.pulse-cookie

	DIR=/var/sandbox-$USER
	if [ $UID != 0 ]
	then
	echo need to run as root
	exit
	fi

	redoSandbox() {
	rm -fr $DIR
	mkdir $DIR
	cd $DIR
	install -d ./$HOME
	chown root:root $DIR
	mkdir bin opt lib usr etc
	for i in $COPYLIST;
	do
	jk_cp -o -j $DIR $i
	done
	mkdir ./$HOME/.Skype
	}


	redoSandbox
	cd $DIR

	# update authorization files

	cp -a $XAUTHORITY ./$HOME/.Xauthority
	cp -a $PULSECOOKIE etc/pulse-cookie

	# Remount user .Skype subdir, so that he sees the same settings as before

	mount --bind $HOME/.Skype ./$HOME/.Skype
	trap ' umount ./$HOME/.Skype' INT TERM EXIT

	# rather crude but effective why to drop the chrootuid dependency
	# chrootuid . $USER usr/bin/env PULSE_SERVER=127.0.0.1 HOME=$HOME usr/bin/skype

	chown $USER $DIR
	chmod go-x $DIR
	chown $USER usr/bin/skype
	chgrp `id -g $USER` usr/bin/skype
	chmod u+s usr/bin/skype
	chmod g+s usr/bin/skype
	chroot . usr/bin/env PULSE_SERVER=127.0.0.1 XAUTHORITY=./$HOME/.Xauthority HOME=$HOME usr/bin/skype