[PATCH 2/3] [V5] Disable shell access when lockdown is active
Timothy Pearson
tpearson at raptorengineering.com
Sat Aug 13 12:36:11 AEST 2016
This patch disables direct command line access when the /etc/pb-lockdown
file is present.
Signed-off-by: Timothy Pearson <tpearson at raptorengineering.com>
---
ui/ncurses/nc-cui.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
index 09b63b0..96ebd1e 100644
--- a/ui/ncurses/nc-cui.c
+++ b/ui/ncurses/nc-cui.c
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/reboot.h>
#include "log/log.h"
#include "pb-protocol/pb-protocol.h"
@@ -94,6 +95,15 @@ static void cui_atexit(void)
clear();
refresh();
endwin();
+
+ bool lockdown = false;
+ if (access(LOCKDOWN_FILE, F_OK) != -1)
+ lockdown = true;
+
+ while (lockdown) {
+ sync();
+ reboot(RB_AUTOBOOT);
+ }
}
/**
@@ -826,6 +836,9 @@ static struct pmenu *main_menu_init(struct cui *cui)
struct pmenu_item *i;
struct pmenu *m;
int result;
+ bool lockdown = false;
+ if (access(LOCKDOWN_FILE, F_OK) != -1)
+ lockdown = true;
m = pmenu_init(cui, 7, cui_on_exit);
if (!m) {
@@ -869,7 +882,10 @@ static struct pmenu *main_menu_init(struct cui *cui)
i->on_execute = menu_add_url_execute;
pmenu_item_insert(m, i, 5);
- i = pmenu_item_create(m, _("Exit to shell"));
+ if (lockdown)
+ i = pmenu_item_create(m, _("Reboot"));
+ else
+ i = pmenu_item_create(m, _("Exit to shell"));
i->on_execute = pmenu_exit_cb;
pmenu_item_insert(m, i, 6);
--
2.8.1
More information about the Petitboot
mailing list