Add the confine_ssh task

This is required by the drbackup stuff, which is required to migrate Dist Git to ansible.
author: Mathieu Bridon <bochecha@fedoraproject.org> 2014-07-17 17:15:28 +0200
committer: Kevin Fenzi <kevin@scrye.com> 2014-08-26 18:28:27 +0000
commit: f60221e2aa4d00a4e8e3d16a615eb46a011d24e6 (patch)
tree: c3845735e26bbf5670ac2e37feaa03d8b9f4ff6a
parent: 9dd33b21dd4891bc3535177f7d01a41093b96f1b (diff)
download: ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.tar.gz
ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.tar.xz
ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.zip
2 files changed, 22 insertions, 0 deletions
diff --git a/files/scripts/confine-ssh.sh b/files/scripts/confine-ssh.sh
new file mode 100644
index 000000000..07a448fc4
--- /dev/null
+++ b/files/scripts/confine-ssh.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+# Confine ssh commands
+case "$SSH_ORIGINAL_COMMAND" in
+*\&*)
+echo "Rejected"
+;;
+*\;*)
+echo "Rejected"
+;;
+rsync\ --server\ --sender*)
+$SSH_ORIGINAL_COMMAND
+;;
+*)
+echo "Rejected"
+;;
+esac
diff --git a/tasks/confine_ssh.yml b/tasks/confine_ssh.yml
new file mode 100644
index 000000000..914d5ad1e
--- /dev/null
+++ b/tasks/confine_ssh.yml
@@ -0,0 +1,6 @@
+---
+- name: install the confine-ssh script
+  copy: >
+    src={{files}}/scripts/confine-ssh.sh
+    dest=/usr/local/bin/confine-ssh.sh
+    mode=0755
author	Mathieu Bridon <bochecha@fedoraproject.org>	2014-07-17 17:15:28 +0200
committer	Kevin Fenzi <kevin@scrye.com>	2014-08-26 18:28:27 +0000
commit	f60221e2aa4d00a4e8e3d16a615eb46a011d24e6 (patch)
tree	c3845735e26bbf5670ac2e37feaa03d8b9f4ff6a
parent	9dd33b21dd4891bc3535177f7d01a41093b96f1b (diff)
download	ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.tar.gz ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.tar.xz ansible-f60221e2aa4d00a4e8e3d16a615eb46a011d24e6.zip