scripts/hosts/guard/pacman-hooks/pacman-post-relock-hosts.sh

33 lines
674 B
Bash
Raw Normal View History

2025-10-13 10:21:35 +02:00
#!/usr/bin/env bash
# Post-transaction hook to re-apply hosts guard protections (single-layer ro bind)
2025-11-06 20:24:19 +01:00
set -euo pipefail
# Source shared functions
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=hosts-guard-common.sh
source "$SCRIPT_DIR/hosts-guard-common.sh"
2025-10-13 10:21:35 +02:00
ENFORCE=/usr/local/sbin/enforce-hosts.sh
log_hook "post" "relocking(start)"
# Collapse any stacked mounts first
2025-10-13 10:21:35 +02:00
collapse_mounts
# Run enforcement script if available
2025-11-01 15:36:22 +01:00
if [[ -x $ENFORCE ]]; then
"$ENFORCE" >/dev/null 2>&1 || true
fi
# Apply protections
apply_immutable
apply_ro_bind_mount
2025-10-13 10:21:35 +02:00
# Start the path watcher
start_path_watcher
2025-10-13 10:21:35 +02:00
log_hook "post" "relocking(done)"
2025-10-13 10:21:35 +02:00
exit 0