From cc4010b1bbb5d6c3f10c042af4764d64f9743de8 Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 16 Aug 2023 10:01:37 +0200
Subject: [PATCH] umount all user mounts on logout
---
roles/lmn_kde/tasks/main.yml | 2 +-
roles/lmn_mount/files/lmn-mounthome.sh | 3 ++
roles/lmn_mount/tasks/main.yml | 18 ++++++---
roles/lmn_vm/files/mounthome.sh | 52 +++++++++++++++-----------
roles/lmn_vm/files/run-vm.sh | 5 ++-
roles/lmn_vm/files/start-virtiofsd.sh | 2 +-
6 files changed, 52 insertions(+), 30 deletions(-)
create mode 100644 roles/lmn_mount/files/lmn-mounthome.sh
diff --git a/roles/lmn_kde/tasks/main.yml b/roles/lmn_kde/tasks/main.yml
index 8a1caaf..6f3f963 100644
--- a/roles/lmn_kde/tasks/main.yml
+++ b/roles/lmn_kde/tasks/main.yml
@@ -3,7 +3,7 @@
ansible.builtin.debconf:
name: wireshark-common
question: wireshark-common/install-setuid
- value: true
+ value: 'true'
vtype: boolean
- name: Preseed ttf-mscorefonts-installer
diff --git a/roles/lmn_mount/files/lmn-mounthome.sh b/roles/lmn_mount/files/lmn-mounthome.sh
new file mode 100644
index 0000000..44f81e1
--- /dev/null
+++ b/roles/lmn_mount/files/lmn-mounthome.sh
@@ -0,0 +1,3 @@
+if [[ "${UID}" -gt 60000 ]]; then
+ sudo /usr/local/bin/mounthome.sh &
+fi
diff --git a/roles/lmn_mount/tasks/main.yml b/roles/lmn_mount/tasks/main.yml
index 3927d1a..9e22dfa 100644
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@@ -25,8 +25,8 @@
<volume
fstype="cifs"
server="{{ smb_server }}"
- path="{{ smb_share }}"
- mountpoint="/lmn/media/%(USER)/.default-school"
+ path="{{ smb_share }}share"
+ mountpoint="/lmn/media/%(USER)/share"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not>
</volume>
@@ -78,17 +78,25 @@
line: KillUserProcesses=yes
insertafter: '#KillUserProcesses=no'
+- name: Umount all user-mounts on logout
+ blockinfile:
+ dest: /usr/share/sddm/scripts/Xstop
+ block: |
+ for i in $(mount | /usr/bin/grep "/lmn/media/" | /usr/bin/cut -f 3 -d ' '); do
+ umount $i
+ done
+ umount /srv/samba/schools/default-school
+
- name: Deploy script to generate links in /lmn/media/$USER/
copy:
- src: lmn-linkhome.sh
+ src: lmn-mounthome.sh
dest: /etc/profile.d/
mode: '0644'
- when: false
- name: Bind mount lmn/media with nosuid directory
ansible.posix.mount:
src: /lmn/media
- path: /lmn/nosuidmedia
+ path: /lmn/media
opts: nosuid,bind
state: present
fstype: none
diff --git a/roles/lmn_vm/files/mounthome.sh b/roles/lmn_vm/files/mounthome.sh
index 3c0f3bd..1ad2796 100755
--- a/roles/lmn_vm/files/mounthome.sh
+++ b/roles/lmn_vm/files/mounthome.sh
@@ -5,17 +5,24 @@ home="$(getent passwd "$SUDO_UID" | cut -d : -f 6 | sed 's|/srv/samba/schools/de
exit_script() {
echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
- findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome"
- findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome"
+ findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
+ findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
+ trap - SIGHUP SIGINT SIGTERM # clear the trap
+ kill -- -$$ # Sends SIGTERM to child/sub processes
+}
+
+exit_script_home() {
+ echo "unmounting media - terminated by trap!" >> "/tmp/${SUDO_UID}-exit-mount.log"
+ umount "/lmn/media/${SUDO_USER}/home"
trap - SIGHUP SIGINT SIGTERM # clear the trap
kill -- -$$ # Sends SIGTERM to child/sub processes
}
if [[ "$#" -gt 0 ]] && [[ "$1" = '-u' ]]; then
- findmnt "/media/${SUDO_USER}/home" && umount "/media/${SUDO_USER}/home" && rmdir "/media/${SUDO_USER}/home"
- #findmnt "/media/${SUDO_USER}/share" && umount "/media/${SUDO_USER}/share" && rmdir "/media/${SUDO_USER}/share"
- findmnt "/media/${SUDO_USER}/oldhome" && umount "/media/${SUDO_USER}/oldhome" && rmdir "/media/${SUDO_USER}/oldhome"
- findmnt "/media/${SUDO_USER}/linuxhome" && umount "/media/${SUDO_USER}/linuxhome" && rmdir "/media/${SUDO_USER}/linuxhome"
+ findmnt "/lmn/media/${SUDO_USER}/home" && umount "/lmn/media/${SUDO_USER}/home" && rmdir "/lmn/media/${SUDO_USER}/home"
+ #findmnt "/lmn/media/${SUDO_USER}/share" && umount "/lmn/media/${SUDO_USER}/share" && rmdir "/lmn/media/${SUDO_USER}/share"
+ findmnt "/lmn/media/${SUDO_USER}/oldhome" && umount "/lmn/media/${SUDO_USER}/oldhome" && rmdir "/lmn/media/${SUDO_USER}/oldhome"
+ findmnt "/lmn/media/${SUDO_USER}/linuxhome" && umount "/lmn/media/${SUDO_USER}/linuxhome" && rmdir "/lmn/media/${SUDO_USER}/linuxhome"
elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
echo "Einbinden der Daten des alten/bisherigen Systems (PaedML Novell)."
echo "Bitte den Username und Passwort aus dem ALTEN System eingeben."
@@ -23,12 +30,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
read -srp "Passwort: " PASSWD
export PASSWD
echo
- mkdir -p "/media/${SUDO_USER}/oldhome"
+ mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
#errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
- # "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome")
+ # "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
#if [[ ! "${errcode}" ]]; then
- mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
- "//192.168.1.2/DOCS/fvs" "/media/${SUDO_USER}/oldhome"
+ mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+ "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
#echo "Mounting successfull!"
echo "Einbindung erfolgreich!"
echo "Dieses Fenster bitte nicht schließen!"
@@ -40,9 +47,9 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
echo "Bitte den Username und Passwort aus dem ALTEN System (PaedML Novell) eingeben."
echo "Bitte auch Groß- und Kleinschreibung achten."
read -rp "Username: " username
- mkdir -p "/media/${SUDO_USER}/linuxhome"
+ mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \
- "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/media/${SUDO_USER}/linuxhome"
+ "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
#echo "Mounting successfull!"
echo "Einbindung erfolgreich!"
echo "Dieses Fenster bitte nicht schließen!"
@@ -54,19 +61,22 @@ else
#chown "${SUDO_USER}:1010" "/media/${SUDO_USER}"
chgrp 1010 "/lmn/media/${SUDO_USER}"
chmod 0770 "/lmn/media/${SUDO_USER}"
- if ! findmnt "/lmn/media/${SUDO_USER}/share"; then
- [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share"
- mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share"
- fi
+ #if ! findmnt "/lmn/media/${SUDO_USER}/share"; then
+ # [[ -d "/lmn/media/${SUDO_USER}/share" ]] || mkdir "/lmn/media/${SUDO_USER}/share"
+ # mount --bind "/lmn/media/${SUDO_USER}/.default-school/share" "/lmn/media/${SUDO_USER}/share"
+ #fi
if ! findmnt "/lmn/media/${SUDO_USER}/home"; then
[[ -d "/lmn/media/${SUDO_USER}/home" ]] || mkdir "/lmn/media/${SUDO_USER}/home"
home="$(getent passwd $SUDO_USER | cut -d: -f6)"
- mount --bind "/lmn/media/${SUDO_USER}/.default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home"
+ mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,nobrl,mfsymlinks" \
+ "//server/default-school/${home##/srv/samba/schools/default-school/}" "/lmn/media/${SUDO_USER}/home"
+ trap exit_script_home SIGHUP SIGINT SIGTERM
+ sleep infinity
fi
- #mkdir -p "/media/${SUDO_USER}/home"
- #mkdir -p "/media/${SUDO_USER}/share"
+ #mkdir -p "/lmn/media/${SUDO_USER}/home"
+ #mkdir -p "/lmn/media/${SUDO_USER}/share"
#mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
- # "//server/default-school/${home}" "/media/${SUDO_USER}/home"
+ # "//server/default-school/${home}" "/lmn/media/${SUDO_USER}/home"
#mount -t cifs -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks" \
- # "//server/default-school/share" "/media/${SUDO_USER}/share"
+ # "//server/default-school/share" "/lmn/media/${SUDO_USER}/share"
fi
diff --git a/roles/lmn_vm/files/run-vm.sh b/roles/lmn_vm/files/run-vm.sh
index 1f5d496..d368262 100755
--- a/roles/lmn_vm/files/run-vm.sh
+++ b/roles/lmn_vm/files/run-vm.sh
@@ -108,7 +108,7 @@ fi
## check, if we have to mount home
#if ! findmnt "/media/${USER}/home"; then
# echo "mounting home."
- sudo mounthome.sh
+ sudo mounthome.sh &
#fi
# because virsh has problems with long pathnames, using diffent configdir
@@ -124,9 +124,10 @@ if ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
virsh --connect=qemu:///session undefine "${VM_NAME}-clone" || echo "${VM_NAME}-clone did not exist"
# finally, create the new vm
virsh --connect=qemu:///session define "${VM_DIR}/${VM_NAME}-clone.xml"
- trap exit_script SIGHUP SIGINT SIGTERM
+ #trap exit_script SIGHUP SIGINT SIGTERM
[[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/start-virtiofsd.sh "${VM_NAME}"
virsh --connect="${QEMU}" start "${VM_NAME}-clone"
fi
echo "starting viewer"
+trap exit_script SIGHUP SIGINT SIGTERM
virt-viewer --connect="${QEMU}" --full-screen "${VM_NAME}-clone"
diff --git a/roles/lmn_vm/files/start-virtiofsd.sh b/roles/lmn_vm/files/start-virtiofsd.sh
index 83926eb..83d9e0c 100755
--- a/roles/lmn_vm/files/start-virtiofsd.sh
+++ b/roles/lmn_vm/files/start-virtiofsd.sh
@@ -19,7 +19,7 @@ fi
[[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]] && /usr/bin/rm "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" --announce-submounts -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
#sudo /usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" --socket-group="${SUDO_USER}" -o source="/media/${USER}" -o sandbox=chroot > /dev/null &
-/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/nosuidmedia/${SUDO_USER}" -o sandbox=chroot > /dev/null &
+/usr/lib/qemu/virtiofsd --socket-path="${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" -o source="/lmn/media/${SUDO_USER}" -o sandbox=chroot > /dev/null &
# Wait until socket-File exists and chown to user
until [[ -S "${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock" ]]; do
echo "waiting for ${XDG_RUNTIME_DIR}/virtiofs/${VM_NAME}-clone.sock"