From cdcf1f75720544036408e9cfe361cb70b0374e6e Mon Sep 17 00:00:00 2001 From: xf0r3m Date: Fri, 15 Mar 2024 18:31:12 +0100 Subject: [PATCH] Dostosowanie immudex do pracy z docker-em. --- tools/bin/immudex-padlock | 4 ++-- tools/sbin/immudex-crypt | 2 +- tools/sbin/immudex-docker-swap-root | 15 +++++++++++++++ versions/base.sh | 5 +++-- 4 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 tools/sbin/immudex-docker-swap-root diff --git a/tools/bin/immudex-padlock b/tools/bin/immudex-padlock index 9047771..59343d7 100755 --- a/tools/bin/immudex-padlock +++ b/tools/bin/immudex-padlock @@ -35,7 +35,7 @@ function unlock() { function lock() { - mapperDeviceList=$(ls /dev/mapper --hide=control | awk '{printf $1" "}'); + mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}'); if [ "$mapperDeviceList" ]; then for dmDevice in $mapperDeviceList; do @@ -64,7 +64,7 @@ function lock() { fi } -mapperDeviceList=$(ls /dev/mapper --hide=control | awk '{printf $1" "}'); +mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}'); if [ "$mapperDeviceList" ]; then lock; else unlock; diff --git a/tools/sbin/immudex-crypt b/tools/sbin/immudex-crypt index b163379..dcbc73c 100755 --- a/tools/sbin/immudex-crypt +++ b/tools/sbin/immudex-crypt @@ -19,7 +19,7 @@ function help() { function list() { - mapperDeviceList=$(ls /dev/mapper --hide=control | awk '{printf $1" "}'); + mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}'); echo "=============================================================="; echo -e "Opened devices:"; diff --git a/tools/sbin/immudex-docker-swap-root b/tools/sbin/immudex-docker-swap-root new file mode 100644 index 0000000..3db6f01 --- /dev/null +++ b/tools/sbin/immudex-docker-swap-root @@ -0,0 +1,15 @@ +#!/bin/bash + +sudo systemctl stop docker.socket +sudo systemctl stop docker.service +sudo systemctl stop containerd.service + +sudo sed -i 's,dockerd,dockerd --data-root=/ic0/docker,' /lib/systemd/system/docker.service + +if [ ! -d /ic0/docker ]; then sudo cp -prvv /var/lib/docker /ic0; fi + +sudo systemctl daemon-reload + +sudo systemctl start containerd.service +sudo systemctl start docker.socket +sudo systemctl start docker.service diff --git a/versions/base.sh b/versions/base.sh index 52ae928..c4d6bdf 100644 --- a/versions/base.sh +++ b/versions/base.sh @@ -12,8 +12,8 @@ else fi cd; -if [ -x /usr/bin/git ]; then git clone https://github.com/xf0r3m/immudex; -else apt install git -y && git clone https://github.com/xf0r3m/immudex; +if [ -x /usr/bin/git ]; then git clone https://git.morketsmerke.org/git/immudex; +else apt install git -y && git clone https://git.morketsmerke.org/git/immudex; fi source ~/immudex/versions/template.sh; @@ -90,6 +90,7 @@ cp -vv ~/immudex/tools/sbin/immudex-crypt /usr/local/sbin; cp -vv ~/immudex/tools/sbin/immudex-hostname /usr/local/sbin; cp -vv ~/immudex/tools/sbin/immudex-install /usr/local/sbin; cp -vv ~/immudex/tools/sbin/immudex-upgrade /usr/local/sbin; +cp -vv ~/immudex/tools/sbin/immudex-docker-swap-root /usr/local/sbin; chown root:root /usr/local/sbin/*; chmod 544 /usr/local/sbin/*; -- 2.39.5