2025-10-13 10:21:35 +02:00
|
|
|
#!/usr/bin/env bash
|
2025-12-11 18:42:03 +01:00
|
|
|
# pacman-post-relock-hosts.sh - Re-apply hosts guard protections after pacman
|
2025-11-06 20:24:19 +01:00
|
|
|
set -euo pipefail
|
|
|
|
|
|
2025-12-11 18:32:15 +01:00
|
|
|
# Source shared functions
|
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
|
# shellcheck source=hosts-guard-common.sh
|
|
|
|
|
source "$SCRIPT_DIR/hosts-guard-common.sh"
|
|
|
|
|
|
2025-10-13 10:21:35 +02:00
|
|
|
ENFORCE=/usr/local/sbin/enforce-hosts.sh
|
2025-12-11 18:32:15 +01:00
|
|
|
|
|
|
|
|
log_hook "post" "relocking(start)"
|
|
|
|
|
|
|
|
|
|
# Collapse any stacked mounts first
|
2025-10-13 10:21:35 +02:00
|
|
|
collapse_mounts
|
|
|
|
|
|
2025-12-11 18:32:15 +01:00
|
|
|
# Run enforcement script if available
|
2025-11-01 15:36:22 +01:00
|
|
|
if [[ -x $ENFORCE ]]; then
|
2026-02-02 21:36:27 +01:00
|
|
|
"$ENFORCE" >/dev/null 2>&1 || true
|
2025-12-04 15:14:50 +01:00
|
|
|
fi
|
|
|
|
|
|
2025-12-11 18:32:15 +01:00
|
|
|
# Apply protections
|
|
|
|
|
apply_immutable
|
|
|
|
|
apply_ro_bind_mount
|
2025-10-13 10:21:35 +02:00
|
|
|
|
2025-12-11 18:32:15 +01:00
|
|
|
# Start the path watcher
|
|
|
|
|
start_path_watcher
|
2025-10-13 10:21:35 +02:00
|
|
|
|
2025-12-11 18:32:15 +01:00
|
|
|
log_hook "post" "relocking(done)"
|
2025-10-13 10:21:35 +02:00
|
|
|
|
|
|
|
|
exit 0
|