mkjail.sh

#!/bin/sh

# name: mkjail.sh

# Creates a minimal environment based on the host binaries. So far
# this has only been tested on Fedora27

set -xe

default_bins="ls bash env cat less"

function usage {
    cat << EOF
Usage: $0 TARGET [BINS...]
Copy BINS and all their shared libraries to TARGET directory
Example: $0 /srv/jail/minimal1 bash ls find grep

$0 is used to create minimal chroot jails. TARGET should be the path
to a directory in the filesystem. If TARGET doesn't exist, the script
will create it. If BINS aren't supplied, it will default to
"$default_bins".

Note that configuration files and other artefacts may also be copied
to TARGET directory, depending on the selected BINS.

EOF

}

target="$1"

[[ -z "$target" || "$target" == "--help" || "$target" == "-h" ]] && {
    usage
    exit 0
}

shift
bins="$@"
[[ -z "$bins" ]] && bins="ls bash env cat less find grep sed awk"


[[ ! -d "$target" ]] && {
    echo "Initializing directory $target ..."
    mkdir -p "$target"/usr/bin
    mkdir -p "$target"/usr/sbin
    mkdir -p "$target"/usr/share
    ln -s usr/bin "$target"/bin
    mkdir -p "$target"/lib64
}


for bin in $bins; do
    echo "Copying binary $bin ..."
    full_path=$(which "$bin")
    cp "$full_path" "$target$full_path"

    # copy every shared library called by an executable, except for vdso
    # more info on vdso: http://man7.org/linux/man-pages/man7/vdso.7.html
    for obj in $(ldd "$full_path" | awk '! /vdso/ {print $1}'); do
	echo "Copying shared object: $obj"
	cp /lib64/${obj##/*/} "$target"/lib64
    done
done

# Terminfo is needed to make bash act sane
cp -R /usr/share/terminfo "$target"/usr/share