#!/bin/bash

# /etc/init.d/sandbox

### BEGIN INIT INFO
# Provides: sandbox
# Required-Start:    $remote_fs
# Should-Start:
# Required-Stop:     $remote_fs
# Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 3 6
# Short-Description: Script for sandbox and other apps using pam_namespace
# Description: sandbox, xguest and other apps that want to use pam_namespace \
#              require this script be run at boot.  This service script does \
#              not actually run any service but sets up: \
#              /var/tmp, /tmp and home directories to be used by these tools.\
#              If you do not use sandbox, xguest or pam_namespace you can turn \
#              this service off.\
### END INIT INFO

# Source function library.
. /etc/rc.status

HOMEDIRS="/home"

. /etc/sysconfig/sandbox

LOCKFILE=/var/lock/sandbox

base=${0##*/}

start() {
	echo -n "Starting sandbox"

	[ -f "$LOCKFILE" ] && return 1

	touch $LOCKFILE
	mount --make-rshared / || return $?
	mount --rbind /tmp /tmp || return $?
	mount --rbind /var/tmp /var/tmp || return $?
	mount --make-private /tmp || return $?
	mount --make-private /var/tmp || return $?
	for h in $HOMEDIRS; do
	    mount --rbind $h $h || return $?
	    mount --make-private $h || return $?
	done

	return 0
}

stop() {
	echo -n "Stopping sandbox"

	[ -f "$LOCKFILE" ] || return 1
}

status() {
	if [ -f "$LOCKFILE" ]; then 
	    echo "$base is running"
	else
	    echo "$base is stopped"
	fi
	exit 0
}

case "$1" in
    restart)
	start && success || failure
	;;

    start)
	start && success || failure
	echo
	;;

    stop)
	stop && success || failure
	echo
	;;

    status)
	status
	;;
    reload)
        # unused
        exit 3
        ;;

    *)
	echo $"Usage: $0 {start|stop|status|restart|reload}"
	exit 3
	;;
esac
