Introduction
Introduction Statistics Contact Development Disclaimer Help
rc_twitch - twitch-go - twitch.tv web application in Go
git clone git://git.codemadness.org/twitch-go
Log
Files
Refs
README
LICENSE
---
rc_twitch (1689B)
---
1 #!/bin/sh
2 # This sets up a chroot for a service.
3 # the service is priv-dropped.
4 # NOTE: depending on your service some build_chroot steps can be omitted.
5 #
6 # Some tips:
7 # - idealy setup a separate partition for services with mount options:
8 # nodev,nosuid,ro options.
9 # - pledge(2) the service program.
10 # - specific pf rules for service.
11 # - setup resource limits for service user.
12
13 chroot_daemon="/bin/twitch-go"
14 original_daemon="/usr/local/sbin/twitch-go"
15 chroot="/services/twitch"
16 user="_twitch"
17 group="_twitch"
18
19 # NOTE: GODEBUG=netdns=cgo to force system DNS resolver.
20 daemon="GODEBUG=netdns=cgo chroot -u ${user} -g ${group} $chroot ${chroo…
21 daemon_flags="-t tcp4 -d /data -l 127.0.0.1:8081 -c twitch_clientid_here"
22
23 . /etc/rc.d/rc.subr
24
25 rc_reload=NO
26 rc_bg=YES
27
28 pexp="${chroot_daemon} .*"
29
30 build_chroot() {
31 # Locations of binaries and libraries.
32 mkdir -p "$chroot/etc" \
33 "$chroot/bin" \
34 "$chroot/dev" \
35 "$chroot/usr/lib" \
36 "$chroot/usr/libexec"
37
38 # Copy original daemon.
39 cp "$original_daemon" "$chroot/bin"
40
41 # Copy password and group information.
42 cp /etc/passwd /etc/resolv.conf "$chroot/etc"
43 grep "$group" "/etc/group" > "$chroot/etc/group"
44
45 # cert bundle.
46 mkdir -p "$chroot/etc/ssl"
47 cp /etc/ssl/cert.pem "$chroot/etc/ssl"
48
49 # copy shared core libraries.
50 cp /usr/lib/libpthread.so.* "$chroot/usr/lib"
51 cp /usr/lib/libc.so.* "$chroot/usr/lib"
52 cp /usr/libexec/ld.so "$chroot/usr/libexec"
53
54 # setup /dev
55 # NOTE: make sure mount in $chroot does not have "nodev" set.
56 test -e "$chroot/dev/urandom" || mknod -m 644 "$chroot/dev/urand…
57 test -e "$chroot/dev/null" || mknod -m 644 "$chroot/dev/null" c …
58 }
59
60 rc_pre() {
61 build_chroot
62 }
63
64 rc_cmd $1
65
66
You are viewing proxied material from codemadness.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.