Adds kvmx-restricted-shell

diff --git a/kvmx b/kvmx
index f8d1167c9750402d75df9cd3e426acc2bd5d2943..1c30ad66b81689fc363cf40a848f59af2b31f1ff 100755 (executable)
--- a/kvmx
+++ b/kvmx
@@ -1642,6 +1642,10 @@ function kvmx_version {
 
 # Shell
 function kvmx_shell {
+  local restricted="$1"
+  local restricted_actions=":status:start:stop:poweroff:suspend:resume:console:monitor"
+        restricted_actions="$restricted_actions:wipe:shred:app_base:version:list_image:kill:"
+
   # While a "quit" command isn't entered, read STDIN
   while read -rep "kvmx:/${USER}@${VM}> " STDIN; do
     if [ "$STDIN" == "quit" ] || [ "$STDIN" == "exit" ] || [ "$STDIN" == "bye" ]; then
@@ -1651,7 +1655,17 @@ function kvmx_shell {
     elif [[ -n "$STDIN" && "$STDIN" != "#"* ]]; then
       # If line is not empty or commented, process command
       STDIN=($STDIN)
-      $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+
+      # But check first if we're in a restricted shell
+      if [ "$restricted" == "restricted" ]; then
+        if ! echo $restricted_actions | grep -q ":${STDIN[0]}:"; then
+          echo "Running in restricted shell mode."
+          echo "Allowed commands are only `echo $restricted_actions | tr ':' ' '`"
+        fi
+      else
+        # Process command
+        $APP_BASE/kvmx ${STDIN[0]} $VM ${STDIN[@]:1}
+      fi
     fi
   done
 }

diff --git a/kvmx-restricted-shell b/kvmx-restricted-shell
new file mode 100755 (executable)
index 0000000..19fbbbf
--- /dev/null
+++ b/kvmx-restricted-shell
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# kvmx-restricted-shell restricted login shell wrapper for a single VM per user
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+
+# Dispatch, restricted version
+$DIRNAME/kvmx shell $USER restricted

diff --git a/kvmx-shell b/kvmx-shell
index 514908782a76bc502cc09ad1192e8d7d2dd67ec9..a8a7eb100ca5ce979437818defae7986f59dd2ee 100755 (executable)
--- a/kvmx-shell
+++ b/kvmx-shell
@@ -22,4 +22,14 @@
 DIRNAME="`dirname $0`"
 
 # Dispatch
+#
+# WARNING: this is not a restricted shell. By using the "config" action
+# one can easilly run arbitrary commands. So assume kvmx-shell is just
+# a utility wrapper for kvmx and not a complete isolation sollution.
+#
+# Assume this shell is as safe as giving /bin/bash access to the user.
+#
+# You might use `kvmx-restricted-shell` instead of use it as an example to
+# build a restricted shell by allowing just a small subset of kvmx commands
+# like starting/stopping the guest.
 $DIRNAME/kvmx shell $USER