diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-06-29 09:14:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-06-29 09:20:38 +0000 |
commit | 13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a (patch) | |
tree | 1cdf704c14e208bc35e4ea25569ff14086ae4ed7 /bin/container-shell | |
parent | Adding upstream version 20170522. (diff) | |
download | open-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.tar.xz open-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.zip |
Adding upstream version 20170629.upstream/20170629
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | bin/container-shell | 51 |
1 files changed, 48 insertions, 3 deletions
diff --git a/bin/container-shell b/bin/container-shell index 17c0849..38a9ab9 100755 --- a/bin/container-shell +++ b/bin/container-shell @@ -85,10 +85,55 @@ Shell () then echo "'${COMMAND}': no such ${PROGRAM} command" >&2 return - else - echo - sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true fi + + if [ -n "${CONTAINER_COMMANDS_ENABLE}" ] + then + COMMAND_ALLOWED="" + + for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_ENABLE} + do + case "${CONTAINER_COMMAND}" in + ${COMMAND}|all|about|logout|exit|help) + COMMAND_ALLOWED="true" + ;; + esac + done + + case "${COMMAND_ALLOWED}" in + true) + ;; + + *) + echo "'${COMMAND}': command not allowed for current user" >&2 + return + ;; + esac + fi + + if [ -n "${CONTAINER_COMMANDS_DISABLE}" ] + then + COMMAND_DISALLOWED="" + + for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_DISABLE} + do + case "${CONTAINER_COMMAND}" in + ${COMMAND}|all|about|logout|exit|help) + COMMAND_DISALLOWED="true" + ;; + esac + done + + case "${COMMAND_DISALLOWED}" in + true) + echo "'${COMMAND}': command not allowed for current user" >&2 + return + ;; + esac + fi + + echo + sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true } trap 'echo' EXIT HUP INT QUIT TERM |