matth
/
subgraph-oz
mirror of https://github.com/xSmurf/oz.git
1
1
Fork 0
Code Releases Activity

gofmt

Browse Source
master
brl 9 years ago
parent d1bb0fdeec
commit 18bfbe034d
7 changed files with 80 additions and 82 deletions
Show Stats Download Patch File Download Diff File

16
config.go
Unescape View File

@ -6,14 +6,14 @@ import (
)
type Config struct {
ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"`
BridgeMACAddr string `json:"bridge_mac"`
NMIgnoreFile string `json:"nm_ignore_file"`
UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"`
ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"`
BridgeMACAddr string `json:"bridge_mac"`
NMIgnoreFile string `json:"nm_ignore_file"`
UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"`
}
const DefaultConfigPath = "/etc/oz/oz.conf"

2
fs/cleanup.go
Unescape View File

@ -7,7 +7,7 @@ import (
"sort"
"strings"
"syscall"
// External
"github.com/op/go-logging"
)

6
fs/ozinit.go
Unescape View File

@ -36,7 +36,7 @@ func (fs *Filesystem) ozinitMountDev() error {
return err
}
}
if err := mountSpecial("/dev/pts", "devpts"); err != nil {
fs.log.Warning("Failed to mount pts directory: %v", err)
return err
@ -91,7 +91,7 @@ func (fs *Filesystem) ozinitCreateSymlinks() error {
return err
}
}
if fs.fullDevices == false {
for _, sl := range deviceSymlinks {
if err := syscall.Symlink(sl[0], sl[1]); err != nil {
@ -99,7 +99,7 @@ func (fs *Filesystem) ozinitCreateSymlinks() error {
}
}
}
return nil
}

66
fs/setup.go
Unescape View File

@ -21,7 +21,7 @@ var basicEmptyDirs = []string{
"/run/lock", "/root",
"/opt", "/srv", "/dev", "/proc",
"/sys", "/mnt", "/media",
//"/run/shm",
//"/run/shm",
}
var basicBlacklist = []string{
@ -52,32 +52,32 @@ var deviceSymlinks = [][2]string{
type fsDeviceDefinition struct {
path string
mode uint32
dev int
dev int
perm uint32
}
const ugorw = syscall.S_IRUSR|syscall.S_IWUSR | syscall.S_IRGRP|syscall.S_IWGRP | syscall.S_IROTH|syscall.S_IWOTH
const urwgr = syscall.S_IRUSR|syscall.S_IWUSR | syscall.S_IRGRP
const urw = syscall.S_IRUSR|syscall.S_IWUSR
const ugorw = syscall.S_IRUSR | syscall.S_IWUSR | syscall.S_IRGRP | syscall.S_IWGRP | syscall.S_IROTH | syscall.S_IWOTH
const urwgr = syscall.S_IRUSR | syscall.S_IWUSR | syscall.S_IRGRP
const urw = syscall.S_IRUSR | syscall.S_IWUSR
var basicDevices = []fsDeviceDefinition{
{path: "/dev/full", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 7), perm: 0666},
{path: "/dev/null", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 3), perm: 0666},
{path: "/dev/random", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 8), perm: 0666},
{path: "/dev/console", mode: syscall.S_IFCHR|urw, dev: _makedev(5, 1), perm: 0600},
{path: "/dev/tty", mode: syscall.S_IFCHR|ugorw, dev: _makedev(5, 0), perm: 0666},
{path: "/dev/tty1", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640},
{path: "/dev/tty2", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640},
{path: "/dev/tty3", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640},
{path: "/dev/tty4", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640},
{path: "/dev/urandom", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 9), perm: 0666},
{path: "/dev/zero", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 5), perm: 0666},
{path: "/dev/full", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 7), perm: 0666},
{path: "/dev/null", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 3), perm: 0666},
{path: "/dev/random", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 8), perm: 0666},
{path: "/dev/console", mode: syscall.S_IFCHR | urw, dev: _makedev(5, 1), perm: 0600},
{path: "/dev/tty", mode: syscall.S_IFCHR | ugorw, dev: _makedev(5, 0), perm: 0666},
{path: "/dev/tty1", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty2", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty3", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty4", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/urandom", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 9), perm: 0666},
{path: "/dev/zero", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 5), perm: 0666},
}
func _makedev(x, y int) int {
return (((x)<<8) | (y))
return (((x) << 8) | (y))
}
func (fs *Filesystem) Setup(profilesPath string) error {
@ -85,7 +85,7 @@ func (fs *Filesystem) Setup(profilesPath string) error {
for _, bd := range basicBindDirs {
if bd == profilesPath {
profilePathInBindDirs = true
break;
break
}
}
@ -114,7 +114,7 @@ func (fs *Filesystem) Setup(profilesPath string) error {
return err
}
}
return fs.setupMountItems()
}
@ -151,17 +151,17 @@ func (fs *Filesystem) setupRootfs() error {
if err := syscall.Mount(fs.base, fs.base, "tmpfs", flags, data); err != nil {
return fmt.Errorf("failed to create base tmpfs at %s: %v", fs.base, err)
}
/*
// Currently unused
// create extra directories
extra := []string{"sockets", "dev"}
for _, sub := range extra {
d := path.Join(fs.base, sub)
if err := os.Mkdir(d, 0755); err != nil {
return fmt.Errorf("unable to create directory (%s): %v", d, err)
}
}
*/
/*
// Currently unused
// create extra directories
extra := []string{"sockets", "dev"}
for _, sub := range extra {
d := path.Join(fs.base, sub)
if err := os.Mkdir(d, 0755); err != nil {
return fmt.Errorf("unable to create directory (%s): %v", d, err)
}
}
*/
return nil
}
@ -189,7 +189,7 @@ func (fs *Filesystem) setupDev() error {
fs.log.Warning("Failed to mount devtmpfs: %v", err)
return err
}
for _, dev := range basicDevices {
path := path.Join(fs.root, dev.path)
if err := syscall.Mknod(path, dev.mode, dev.dev); err != nil {

50
network/daemon.go
Unescape View File

@ -1,6 +1,6 @@
package network
import(
import (
//Builtin
"errors"
"fmt"
@ -21,35 +21,35 @@ func BridgeInit(bridgeMAC string, nmIgnoreFile string, log *logging.Logger) (*Ho
if os.Getpid() == 1 {
panic(errors.New("Cannot use netinit from child."))
}
htn := &HostNetwork{
BridgeMAC: bridgeMAC,
}
if _, err := os.Stat(nmIgnoreFile); os.IsNotExist(err) {
log.Warning("Warning! Network Manager may not properly configured to ignore the bridge interface! This may result in management conflicts!")
}
br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge)
if err != nil {
log.Info("Bridge not found, attempting to create a new one")
br, err = tenus.NewBridgeWithName(ozDefaultInterfaceBridge)
if err != nil {
return nil, fmt.Errorf("Unable to create bridge %+v", err)
}
}
if err:= htn.configureBridgeInterface(br, log); err != nil {
if err := htn.configureBridgeInterface(br, log); err != nil {
return nil, err
}
brL := br.NetInterface()
addrs, err := brL.Addrs()
if err != nil {
return nil, fmt.Errorf("Unable to get bridge interface addresses: %+v", err)
}
// Build the ip range which we will use for the network
if err := htn.buildBridgeNetwork(addrs); err != nil {
return nil, err
@ -61,19 +61,19 @@ func BridgeInit(bridgeMAC string, nmIgnoreFile string, log *logging.Logger) (*Ho
func PrepareSandboxNetwork(htn *HostNetwork, log *logging.Logger) (*SandboxNetwork, error) {
stn := new(SandboxNetwork)
stn.VethHost = tenus.MakeNetInterfaceName(ozDefaultInterfacePrefix)
stn.VethGuest = stn.VethHost + "1"
stn.Gateway = htn.Gateway
stn.Class = htn.Class
// Allocate a new IP address
stn.Ip = getFreshIP(htn.Min, htn.Max, log)
if stn.Ip == "" {
return nil, errors.New("Unable to acquire random IP")
}
return stn, nil
}
@ -81,11 +81,11 @@ func NetInit(stn *SandboxNetwork, htn *HostNetwork, childPid int, log *logging.L
if os.Getpid() == 1 {
panic(errors.New("Cannot use netSetup from child."))
}
// Seed random number generator (poorly but we're not doing crypto)
rand.Seed(time.Now().Unix() ^ int64((os.Getpid() + childPid)))
log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip + "/" + htn.Class)
log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip+"/"+htn.Class)
// Fetch the bridge from the ifname
br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge)
@ -100,7 +100,7 @@ func NetInit(stn *SandboxNetwork, htn *HostNetwork, childPid int, log *logging.L
//if err := htn.configureBridgeInterface(br, log); err != nil {
// return fmt.Errorf("Unable to reconfigure bridge: %+v", err)
//}
// Create the veth pair
veth, err := tenus.NewVethPairWithOptions(stn.VethHost, tenus.VethOptions{PeerName: stn.VethGuest})
if err != nil {
@ -134,7 +134,7 @@ func NetInit(stn *SandboxNetwork, htn *HostNetwork, childPid int, log *logging.L
if err != nil {
return fmt.Errorf("Unable to parse ip %s, %s.", stn.Ip, err)
}
// Set interface address in the namespace
if err := veth.SetPeerLinkNetInNs(pid, vethGuestIp, vethGuestIpNet, nil); err != nil {
return fmt.Errorf("Unable to parse ip link in namespace, %s.", err)
@ -148,23 +148,23 @@ func (stn *SandboxNetwork) Cleanup(log *logging.Logger) {
if os.Getpid() == 1 {
panic(errors.New("Cannot use Cleanup from child."))
}
if _, err := net.InterfaceByName(stn.VethHost); err != nil {
log.Info("No veth found to cleanup")
return
}
tenus.DeleteLink(stn.VethHost)
}
func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.Logger) error {
func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.Logger) error {
// Set the bridge mac address so it can be fucking ignored by Network-Manager.
if htn.BridgeMAC != "" {
if err := br.SetLinkMacAddress(htn.BridgeMAC); err != nil {
return fmt.Errorf("Unable to set MAC address for gateway", err)
}
}
if htn.Gateway == nil {
// Lookup an empty ip range
brIp, brIpNet, err := findEmptyRange()
@ -175,7 +175,7 @@ func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.
htn.GatewayNet = brIpNet
log.Info("Found available range: %+v", htn.GatewayNet.String())
}
if err := br.SetLinkIp(htn.Gateway, htn.GatewayNet); err != nil {
if os.IsExist(err) {
log.Info("Bridge IP appears to be already assigned")
@ -192,7 +192,7 @@ func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.
return nil
}
func (htn *HostNetwork)buildBridgeNetwork(addrs []net.Addr) error {
func (htn *HostNetwork) buildBridgeNetwork(addrs []net.Addr) error {
// Try to build the network config from the bridge's address
addrIndex := -1
for i, addr := range addrs {
@ -219,11 +219,11 @@ func (htn *HostNetwork)buildBridgeNetwork(addrs []net.Addr) error {
}
}
if addrIndex < 0 {
return errors.New("Could not find IPv4 for bridge interface")
}
return nil
}

12
network/network.go
Unescape View File

@ -4,9 +4,9 @@ import (
//Builtin
"fmt"
"net"
"strings"
"strconv"
"strings"
"github.com/op/go-logging"
)
@ -71,7 +71,6 @@ func init() {
}
}
// Print status of the network interfaces
func NetPrint(log *logging.Logger) {
strLine := ""
@ -87,7 +86,7 @@ func NetPrint(log *logging.Logger) {
log.Info(strHr)
log.Info(strHeader)
for _, netif := range ifs {
addrs, _ := netif.Addrs()
@ -131,15 +130,14 @@ func NetPrint(log *logging.Logger) {
}
strLine += fmt.Sprintf("\n")
log.Info(strLine)
}
log.Info(strHr)
}
// Convert longip to net.IP
func inet_ntoa(ipnr uint64) net.IP {
var bytes [4]byte

10
network/ozinit.go
Unescape View File

@ -10,7 +10,7 @@ import (
// Internal
"github.com/op/go-logging"
//External
"github.com/j-keck/arping"
"github.com/milosgajdos83/tenus"
@ -50,17 +50,17 @@ func setupLoopback(stn *SandboxNetwork) error {
if err != nil {
return fmt.Errorf("Unable to bring loopback interface up, %s.", err)
}
return nil
}
func setupVEth(stn *SandboxNetwork) error {
ifc, err := tenus.NewLinkFrom(stn.VethGuest)
if err != nil {
return fmt.Errorf("Unable to fetch inteface %s, %s.", stn.VethGuest, err)
}
// Bring the link down to prepare for renaming
if err = ifc.SetLinkDown(); err != nil {
return fmt.Errorf("Unable to bring interface %s down, %s.", stn.VethGuest, err)
@ -86,7 +86,7 @@ func setupVEth(stn *SandboxNetwork) error {
if err = ifc.SetLinkDefaultGw(&stn.Gateway); err != nil {
return fmt.Errorf("Unable to set default route %s.", err)
}
return nil
}

Write Preview
Loading…
Cancel
Save