403Webshell
Server IP : 13.213.54.232  /  Your IP : 216.73.216.30
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /snap/snapd/current/usr/lib/snapd/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /snap/snapd/current/usr/lib/snapd/snap-mgmt-selinux
#!/bin/bash

set -e
set +x

STATIC_SNAP_MOUNT_DIR="/snap"

show_help() {
    exec cat <<'EOF'
Usage: snap-mgmt-selinux.sh [OPTIONS]

A helper script to manage SELinux contexts used by snapd

Arguments:
  --snap-mount-dir=<path>                   Provide a path to be used as $STATIC_SNAP_MOUNT_DIR
  --patch-selinux-mount-context=<context>   Add SELinux context to mount units
  --remove-selinux-mount-context=<context>  Remove SELinux context from mount units
EOF
}

SNAP_UNIT_PREFIX="$(systemd-escape -p ${STATIC_SNAP_MOUNT_DIR})"

patch_selinux_mount_context() {
    if ! command -v selinuxenabled > /dev/null; then
        return
    fi
    if ! selinuxenabled; then
        # The tools are there, but SELinux is not enabled
        return
    fi

    selinux_mount_context="$1"
    remove="$2"
    if ! echo "$selinux_mount_context" | grep -qE '[a-zA-Z0-9_]+(:[a-zA-Z0-9_]+){2,3}'; then
        echo "invalid mount context '$selinux_mount_context'"
        exit 1
    fi
    context_opt="context=$selinux_mount_context"

    mounts=$(systemctl list-unit-files --no-legend --full "$SNAP_UNIT_PREFIX-*.mount" | cut -f1 -d ' ' || true)
    changed_mounts=
    for unit in $mounts; do
        # Ensure its really a snap mount unit or systemd unit
        if ! grep -q 'What=/var/lib/snapd/snaps/' "/etc/systemd/system/$unit" && ! grep -q 'X-Snappy=yes' "/etc/systemd/system/$unit"; then
            echo "Skipping non-snapd systemd unit $unit"
            continue
        fi

        if [ "$remove" == "" ]; then
            if grep -q "Options=.*,$context_opt" < "/etc/systemd/system/$unit"; then
                # already patched
                continue
            fi

            if ! sed -i -e "s#^\\(Options=nodev.*\\)#\\1,$context_opt#" "/etc/systemd/system/$unit"; then
                echo "Cannot patch $unit"
            fi

            changed_mounts="$changed_mounts $unit"
        elif [ "$remove" == "remove" ]; then
            if ! grep -q "Options=.*,$context_opt" < "/etc/systemd/system/$unit"; then
                # Not patched
                continue
            fi

            if ! sed -i -e "s#^\\(Options=nodev.*\\),$context_opt\\(,.*\\)\\?#\\1\\2#" "/etc/systemd/system/$unit"; then
                echo "Cannot patch $unit"
            fi

            changed_mounts="$changed_mounts $unit"
        fi
    done

    if [ -z "$changed_mounts" ]; then
        # Nothing changed, no need to reload
        return
    fi

    systemctl daemon-reload

    for unit in $changed_mounts; do
        if ! systemctl try-restart "$unit" ; then
            echo "Cannot restart $unit"
        fi
    done
}

while [ -n "$1" ]; do
    case "$1" in
        --help)
            show_help
            exit
            ;;
        --snap-mount-dir=*)
            STATIC_SNAP_MOUNT_DIR=${1#*=}
            SNAP_UNIT_PREFIX=$(systemd-escape -p "$STATIC_SNAP_MOUNT_DIR")
            shift
            ;;
        --patch-selinux-mount-context=*)
            patch_selinux_mount_context "${1#*=}"
            shift
            ;;
        --remove-selinux-mount-context=*)
            patch_selinux_mount_context "${1#*=}" remove
            shift
            ;;
        *)
            echo "Unknown command: $1"
            exit 1
            ;;
    esac
done

Youez - 2016 - github.com/yon3zu
LinuXploit