Create a gist now

Instantly share code, notes, and snippets.

anonymous /skype-sandbox.sh
Created Oct 7, 2010

What would you like to do?
Skype Sandbox Script
#!/bin/bash
# Copyright 2010 Clemens Fruhwirth <clemens@endorphin.org>
# Distribute under the GNU Public License http://www.gnu.org/licenses/gpl.html
set -x
COPYLIST="/etc/ld.so.conf /dev/v4l /dev/video* /dev/snd /etc/asound.conf /usr/bin/skype /usr/lib/alsa-lib/libasound_module_pcm_pulse.so /etc/fonts /var/lib/dbus/machine-id /usr/lib/libpulse.so.0 /usr/share/fonts /usr/bin/env"
if [ -z $(which jk_cp) -o -z $(which jk_update) ]
then
echo $0: Cannot find jk_cp or jk_update. Please install jailkit http://olivier.sessink.nl/jailkit/
fi
if [ ! -e "$PULSECOOKIE" ]
then
echo $0: Pulse cookie file does not exist
fi
if [ "$1" != "selfcall" ]
then
exec sudo $0 selfcall $USER $HOME
fi
USER=$2
HOME=$3
XAUTHORITY=${XAUTHORITY:-$HOME/.Xauthority}
#PULSECOOKIE=/var/run/pulse/.pulse-cookie
PULSECOOKIE=$HOME/.pulse-cookie
DIR=/var/sandbox-$USER
if [ $UID != 0 ]
then
echo need to run as root
exit
fi
redoSandbox() {
rm -fr $DIR
mkdir $DIR
cd $DIR
install -d ./$HOME
chown root:root $DIR
mkdir bin opt lib usr etc
for i in $COPYLIST;
do
jk_cp -o -j $DIR $i
done
mkdir ./$HOME/.Skype
}
redoSandbox
cd $DIR
# update authorization files
cp -a $XAUTHORITY ./$HOME/.Xauthority
cp -a $PULSECOOKIE etc/pulse-cookie
# Remount user .Skype subdir, so that he sees the same settings as before
mount --bind $HOME/.Skype ./$HOME/.Skype
trap ' umount ./$HOME/.Skype' INT TERM EXIT
# rather crude but effective why to drop the chrootuid dependency
# chrootuid . $USER usr/bin/env PULSE_SERVER=127.0.0.1 HOME=$HOME usr/bin/skype
chown $USER $DIR
chmod go-x $DIR
chown $USER usr/bin/skype
chgrp `id -g $USER` usr/bin/skype
chmod u+s usr/bin/skype
chmod g+s usr/bin/skype
chroot . usr/bin/env PULSE_SERVER=127.0.0.1 XAUTHORITY=./$HOME/.Xauthority HOME=$HOME usr/bin/skype
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment