master
brl 10 years ago
parent d1bb0fdeec
commit 18bfbe034d

@ -6,14 +6,14 @@ import (
) )
type Config struct { type Config struct {
ProfileDir string `json:"profile_dir"` ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"` ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"` SandboxPath string `json:"sandbox_path"`
BridgeMACAddr string `json:"bridge_mac"` BridgeMACAddr string `json:"bridge_mac"`
NMIgnoreFile string `json:"nm_ignore_file"` NMIgnoreFile string `json:"nm_ignore_file"`
UseFullDev bool `json:"use_full_dev"` UseFullDev bool `json:"use_full_dev"`
AllowRootShell bool `json:"allow_root_shell"` AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"` LogXpra bool `json:"log_xpra"`
} }
const DefaultConfigPath = "/etc/oz/oz.conf" const DefaultConfigPath = "/etc/oz/oz.conf"

@ -52,32 +52,32 @@ var deviceSymlinks = [][2]string{
type fsDeviceDefinition struct { type fsDeviceDefinition struct {
path string path string
mode uint32 mode uint32
dev int dev int
perm uint32 perm uint32
} }
const ugorw = syscall.S_IRUSR|syscall.S_IWUSR | syscall.S_IRGRP|syscall.S_IWGRP | syscall.S_IROTH|syscall.S_IWOTH const ugorw = syscall.S_IRUSR | syscall.S_IWUSR | syscall.S_IRGRP | syscall.S_IWGRP | syscall.S_IROTH | syscall.S_IWOTH
const urwgr = syscall.S_IRUSR|syscall.S_IWUSR | syscall.S_IRGRP const urwgr = syscall.S_IRUSR | syscall.S_IWUSR | syscall.S_IRGRP
const urw = syscall.S_IRUSR|syscall.S_IWUSR const urw = syscall.S_IRUSR | syscall.S_IWUSR
var basicDevices = []fsDeviceDefinition{ var basicDevices = []fsDeviceDefinition{
{path: "/dev/full", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 7), perm: 0666}, {path: "/dev/full", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 7), perm: 0666},
{path: "/dev/null", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 3), perm: 0666}, {path: "/dev/null", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 3), perm: 0666},
{path: "/dev/random", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 8), perm: 0666}, {path: "/dev/random", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 8), perm: 0666},
{path: "/dev/console", mode: syscall.S_IFCHR|urw, dev: _makedev(5, 1), perm: 0600}, {path: "/dev/console", mode: syscall.S_IFCHR | urw, dev: _makedev(5, 1), perm: 0600},
{path: "/dev/tty", mode: syscall.S_IFCHR|ugorw, dev: _makedev(5, 0), perm: 0666}, {path: "/dev/tty", mode: syscall.S_IFCHR | ugorw, dev: _makedev(5, 0), perm: 0666},
{path: "/dev/tty1", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640}, {path: "/dev/tty1", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty2", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640}, {path: "/dev/tty2", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty3", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640}, {path: "/dev/tty3", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/tty4", mode: syscall.S_IFREG|urwgr, dev: 0, perm: 0640}, {path: "/dev/tty4", mode: syscall.S_IFREG | urwgr, dev: 0, perm: 0640},
{path: "/dev/urandom", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 9), perm: 0666}, {path: "/dev/urandom", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 9), perm: 0666},
{path: "/dev/zero", mode: syscall.S_IFCHR|ugorw, dev: _makedev(1, 5), perm: 0666}, {path: "/dev/zero", mode: syscall.S_IFCHR | ugorw, dev: _makedev(1, 5), perm: 0666},
} }
func _makedev(x, y int) int { func _makedev(x, y int) int {
return (((x)<<8) | (y)) return (((x) << 8) | (y))
} }
func (fs *Filesystem) Setup(profilesPath string) error { func (fs *Filesystem) Setup(profilesPath string) error {
@ -85,7 +85,7 @@ func (fs *Filesystem) Setup(profilesPath string) error {
for _, bd := range basicBindDirs { for _, bd := range basicBindDirs {
if bd == profilesPath { if bd == profilesPath {
profilePathInBindDirs = true profilePathInBindDirs = true
break; break
} }
} }
@ -151,17 +151,17 @@ func (fs *Filesystem) setupRootfs() error {
if err := syscall.Mount(fs.base, fs.base, "tmpfs", flags, data); err != nil { if err := syscall.Mount(fs.base, fs.base, "tmpfs", flags, data); err != nil {
return fmt.Errorf("failed to create base tmpfs at %s: %v", fs.base, err) return fmt.Errorf("failed to create base tmpfs at %s: %v", fs.base, err)
} }
/* /*
// Currently unused // Currently unused
// create extra directories // create extra directories
extra := []string{"sockets", "dev"} extra := []string{"sockets", "dev"}
for _, sub := range extra { for _, sub := range extra {
d := path.Join(fs.base, sub) d := path.Join(fs.base, sub)
if err := os.Mkdir(d, 0755); err != nil { if err := os.Mkdir(d, 0755); err != nil {
return fmt.Errorf("unable to create directory (%s): %v", d, err) return fmt.Errorf("unable to create directory (%s): %v", d, err)
} }
} }
*/ */
return nil return nil
} }

@ -1,6 +1,6 @@
package network package network
import( import (
//Builtin //Builtin
"errors" "errors"
"fmt" "fmt"
@ -40,7 +40,7 @@ func BridgeInit(bridgeMAC string, nmIgnoreFile string, log *logging.Logger) (*Ho
} }
} }
if err:= htn.configureBridgeInterface(br, log); err != nil { if err := htn.configureBridgeInterface(br, log); err != nil {
return nil, err return nil, err
} }
@ -85,7 +85,7 @@ func NetInit(stn *SandboxNetwork, htn *HostNetwork, childPid int, log *logging.L
// Seed random number generator (poorly but we're not doing crypto) // Seed random number generator (poorly but we're not doing crypto)
rand.Seed(time.Now().Unix() ^ int64((os.Getpid() + childPid))) rand.Seed(time.Now().Unix() ^ int64((os.Getpid() + childPid)))
log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip + "/" + htn.Class) log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip+"/"+htn.Class)
// Fetch the bridge from the ifname // Fetch the bridge from the ifname
br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge) br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge)
@ -157,7 +157,7 @@ func (stn *SandboxNetwork) Cleanup(log *logging.Logger) {
tenus.DeleteLink(stn.VethHost) tenus.DeleteLink(stn.VethHost)
} }
func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.Logger) error { func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.Logger) error {
// Set the bridge mac address so it can be fucking ignored by Network-Manager. // Set the bridge mac address so it can be fucking ignored by Network-Manager.
if htn.BridgeMAC != "" { if htn.BridgeMAC != "" {
if err := br.SetLinkMacAddress(htn.BridgeMAC); err != nil { if err := br.SetLinkMacAddress(htn.BridgeMAC); err != nil {
@ -192,7 +192,7 @@ func (htn *HostNetwork) configureBridgeInterface(br tenus.Bridger, log *logging.
return nil return nil
} }
func (htn *HostNetwork)buildBridgeNetwork(addrs []net.Addr) error { func (htn *HostNetwork) buildBridgeNetwork(addrs []net.Addr) error {
// Try to build the network config from the bridge's address // Try to build the network config from the bridge's address
addrIndex := -1 addrIndex := -1
for i, addr := range addrs { for i, addr := range addrs {

@ -4,8 +4,8 @@ import (
//Builtin //Builtin
"fmt" "fmt"
"net" "net"
"strings"
"strconv" "strconv"
"strings"
"github.com/op/go-logging" "github.com/op/go-logging"
) )
@ -71,7 +71,6 @@ func init() {
} }
} }
// Print status of the network interfaces // Print status of the network interfaces
func NetPrint(log *logging.Logger) { func NetPrint(log *logging.Logger) {
strLine := "" strLine := ""
@ -139,7 +138,6 @@ func NetPrint(log *logging.Logger) {
} }
// Convert longip to net.IP // Convert longip to net.IP
func inet_ntoa(ipnr uint64) net.IP { func inet_ntoa(ipnr uint64) net.IP {
var bytes [4]byte var bytes [4]byte

Loading…
Cancel
Save