Repositories / jai.git

jai.git

Clone (read-only): git clone http://git.guha-anderson.com/git/jai.git

Branch
CodeHistory

make make distcheck pass

Author
David Mazieres <dm@uun.org>
Date
2026-03-26 22:48:07 -0700
Commit
9488190786dbf1dd1c197aff43378e25204ea72c
Makefile.am
index 2e088ad..d57873f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3,7 +3,8 @@ bin_PROGRAMS = jai
 AM_CXXFLAGS = $(MOUNT_CFLAGS) $(LIBACL_CFLAGS)
 
 jai_SOURCES = complete.cc cred.cc default_conf.cc fs.cc jai.cc	\
-options.cc cred.h argtype.h defer.h err.h fs.h jai.h
+options.cc argtype.h config.h cred.h defer.h err.h fs.h jai.h	\
+options.h
 jai_LDADD = $(MOUNT_LIBS) $(LIBACL_LIBS)
 
 man1_MANS = jai.1
@@ -17,7 +18,7 @@ sysusers_DATA = jai.conf
 bashcompdir = $(datadir)/bash-completion/completions
 bashcomp_DATA = bash-completion/jai
 
-EXTRA_DIST = jai.1 jai.1.md jai.conf.in jai.bash logo.svg
+EXTRA_DIST = jai.1 jai.1.md jai.conf.in bash-completion/jai logo.svg
 
 CLEANFILES = *~
 DISTCLEANFILES = jai.conf
@@ -34,18 +35,22 @@ MAINTAINERCLEANFILES = \
 	$(srcdir)/install-sh \
 	$(srcdir)/missing
 
+JAI_USER = @UNTRUSTED_USER@
+
 install-exec-hook:
 	-chown root $(DESTDIR)$(bindir)/jai
 	-chmod 04511 $(DESTDIR)$(bindir)/jai
 
 install-data-hook:
 	test ! -r "$(DESTDIR)/etc/passwd" || \
-		systemd-sysusers --root="$(DESTDIR)/"
+		([[ "$(prefix)" == /usr || "$(prefix)" == /usr/local ]] && \
+		systemd-sysusers --root="$(DESTDIR)/") || :
 
 uninstall-hook:
-	@if test -r "$(DESTDIR)/etc/passwd" && \
+	@set -x; if test -r "$(DESTDIR)/etc/passwd" && \
+	[[ "$(prefix)" == /usr || "$(prefix)" == /usr/local ]] && \
 	gecos=$$(getent passwd @UNTRUSTED_USER@ 2>/dev/null | cut -d: -f5) \
 	    && test "$$gecos" = "JAI sandbox untrusted user"; then \
-	  echo "userdel @UNTRUSTED_USER@"; \
-	  userdel -R "$(DESTDIR)/" @UNTRUSTED_USER@; \
+	  echo "userdel $(JAI_USER)"; \
+	  userdel -R "$(DESTDIR)/" "$(JAI_USER)" || :; \
 	fi
jai.1.md
index b76a73d..97ab274 100644
--- a/jai.1.md
+++ b/jai.1.md
@@ -328,12 +328,13 @@ opencode`):
 `--mask` *file*
 : When creating an overlay home directory, create a "whiteout" file to
   hide *file* in the jail.  *file* must be a relative path and is
-  relative to your home directory.  You can specify this option
-  multiple times.  An easier way to hide files is just to delete them
-  from `/run/jai/$USER/*.home`; hence, this option is mostly useful in
-  configuration files to specify a set of files to delete by default.
-  If you add `mask` directives to your configuration file, you will
-  need to clear mounts with `jai -u` before the changes take effect.
+  always relative to your home directory, regardless of where you run
+  jai.  You can specify this option multiple times.  An easier way to
+  hide files is just to delete them from `/run/jai/$USER/*.home`;
+  hence, this option is mostly useful in configuration files to
+  specify a set of files to delete by default.  If you add `mask`
+  directives to your configuration file, you will need to clear mounts
+  with `jai -u` before the changes take effect.
 
 `--unmask` *file*
 : Reverse the effects of a previous `--mask` option.  This does not