diff --git a/bin/prisonparty.sh b/bin/prisonparty.sh index d0e301e8..d7cddbbe 100644 --- a/bin/prisonparty.sh +++ b/bin/prisonparty.sh @@ -1,7 +1,7 @@ #!/bin/bash set -e -# runs copyparty (or any other python script really) in a chroot +# runs copyparty (or any other program really) in a chroot # # assumption: these directories, and everything within, are owned by root sysdirs=( /bin /lib /lib32 /lib64 /sbin /usr ) @@ -34,6 +34,8 @@ while true; do [ "$#" -eq 0 ] && break # invalid usage vols+=( "$(realpath "$v")" ) done +pybin="$1"; shift +pybin="$(realpath "$pybin")" cpp="$1"; shift cpp="$(realpath "$cpp")" cppdir="$(dirname "$cpp")" @@ -83,7 +85,7 @@ chmod 777 "$jail/tmp" # run copyparty -/sbin/chroot --userspec=$uid:$gid "$jail" "$(which python3)" "$cpp" "$@" && rv=0 || rv=$? +/sbin/chroot --userspec=$uid:$gid "$jail" "$pybin" "$cpp" "$@" && rv=0 || rv=$? # cleanup if not in use diff --git a/contrib/systemd/prisonparty.service b/contrib/systemd/prisonparty.service new file mode 100644 index 00000000..645e581e --- /dev/null +++ b/contrib/systemd/prisonparty.service @@ -0,0 +1,27 @@ +# this will start `/usr/local/bin/copyparty-sfx.py` +# in a chroot, preventing accidental access elsewhere +# and share '/mnt' with anonymous read+write +# +# installation: +# 1) put copyparty-sfx.py and prisonparty.sh in /usr/local/bin +# 2) cp -pv prisonparty.service /etc/systemd/system && systemctl enable --now prisonparty +# +# you may want to: +# change '/mnt::rw' to another location or permission-set +# (remember to change the '/mnt' chroot arg too) +# +# enable line-buffering for realtime logging (slight performance cost): +# inside the [Service] block, add the following line: +# Environment=PYTHONUNBUFFERED=x + +[Unit] +Description=copyparty file server + +[Service] +SyslogIdentifier=prisonparty +WorkingDirectory=/usr/local/bin +ExecStart=/bin/bash /usr/local/bin/prisonparty.sh /var/lib/copyparty-jail 1000 1000 /mnt -- \ + /usr/bin/python3 /usr/local/bin/copyparty-sfx.py -q -v /mnt::rw + +[Install] +WantedBy=multi-user.target