#!/bin/bash -e
mkdir -p jail/{,dev,proc,sys,bin,sbin,lib,usr,lib32,lib64,emul,lang,var,root,home/guest}
for A in {dev,sys,bin,sbin,lib,usr,lib32,lib64,emul,lang,var,root,home/guest}; do
	mount --rbind /"$A" jail/"$A"
done
mount -t proc proc jail/proc
mkdir -p jail/tmp ; chmod a+rwxt jail/tmp
cp -al /etc jail/
rm jail/etc/{passwd,group,passwd-,group-,ssh/sshd_config}
awk -F: 'BEGIN{OFS=":"} $1=="guest" {$7="/bin/bash"} $3<1000||$3>60000||$1=="guest"||$1=="sam" {print}' </etc/passwd >jail/etc/passwd
awk -F: '$3<1000||$3>60000||$1=="guest"||$1=="sam" {print}' </etc/group >jail/etc/group
awk 'BEGIN{print "Port 222"} !/ListenAddress|Port/ {print}' </etc/ssh/sshd_config >jail/etc/ssh/sshd_config
iptables -I OUTPUT -m owner --uid-owner guest -j DROP   # TODO move to firewall
chroot jail /usr/sbin/sshd #-d -D