blob: 1fa3fe801c19181d6d5034d9e6a4ac3d2e2e9897 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#!/bin/sh
OPENVPN_CONFIG="$1"
# rest of args is the command to run in network namespace
shift
echo -n $$ > /var/lib/0tdns/shell_pid
# starts openvpn with the netns-script,
# that creates tun inside network namespace 0tdns;
# we could consider using --daemon option instead of &
openvpn --ifconfig-noexec --route-noexec --up netns-script \
--route-up netns-script --down netns-script \
--config "$OPENVPN_CONFIG" --script-security 2 &
OPENVPN_PID=$!
# waitin for signal from our netns script
# https://stackoverflow.com/questions/9052847/implementing-infinite-wait-in-shell-scripting
trap true usr1
# wait on openvpn process;
# if we get a signal - wait will terminate;
# if openvpn process dies - wait will also terminate
wait $OPENVPN_PID
# TODO check which of 2 above mention situations occured and
# return from script with error code if openvpn process died
# we no longer need this file
rm /var/lib/0tdns/shell_pid
# run the provided command inside '0tdns' namespace
# under '0tdns' user;
sudo ip netns exec 0tdns sudo -u 0tdns "$@"
# close the connection
kill $OPENVPN_PID
wait $OPENVPN_PID
|
