#!/bin/bash

## BEGIN INIT INFO

# Provides: sandbox

# Default-Start: 5

# Default-Stop: 0 1 2 3 4 6

# Required-Start:

#              

## END INIT INFO

# sandbox:        Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared

#

# chkconfig: 5 1 99

#

# Description: sandbox is using pam_namespace to share the /var/tmp, /tmp and 

#              /home/sandbox accounts.  This script will setup the / mount 

#              point as shared and all of the subdirectories just these 

#              directories as unshared.

#

# Source function library.

. /etc/init.d/functions

LOCKFILE=/var/lock/subsys/sandbox

base=${0##*/}

case "$1" in

    start)

	[ -f "$LOCKFILE" ] && exit 0

	touch $LOCKFILE

	mount --make-rshared /

	mount --bind /tmp /tmp

	mount --bind /var/tmp /var/tmp

	mount --bind /home /home

	mount --make-private /home

	mount --make-private /tmp

	mount --make-private /var/tmp

	RETVAL=$?

	exit $RETVAL

	;;

    status)

	if [ -f "$LOCKFILE" ]; then 

	    echo "$base is running"

	else

	    echo "$base is stopped"

	fi

	exit 0

	;;

    stop)

	rm -f $LOCKFILE

	exit 0

	;;

    *)

	echo $"Usage: $0 {start|stop}"

	exit 3

	;;

esac