Added sandbox base path to global config

networking
user 10 years ago
parent 93715e7602
commit 45fc7430cd

@ -8,6 +8,7 @@ import (
type Config struct {
ProfileDir string `json:"profile_dir"`
ShellPath string `json:"shell_path"`
SandboxPath string `json:"sandbox_path"`
AllowRootShell bool `json:"allow_root_shell"`
LogXpra bool `json:"log_xpra"`
}
@ -18,6 +19,7 @@ func NewDefaultConfig() *Config {
return &Config{
ProfileDir: "/var/lib/oz/cells.d",
ShellPath: "/bin/bash",
SandboxPath: "/srv/oz",
AllowRootShell: false,
LogXpra: false,
}

@ -71,8 +71,8 @@ func (fs *Filesystem) newItem(path, target string, readonly bool) (*mountItem, e
}, nil
}
func NewFromProfile(profile *oz.Profile, user *user.User, log *logging.Logger) *Filesystem {
fs := NewFilesystem(profile.Name, user, log)
func NewFromProfile(profile *oz.Profile, user *user.User, basePath string, log *logging.Logger) *Filesystem {
fs := NewFilesystem(profile.Name, user, basePath, log)
for _, wl := range profile.Whitelist {
fs.addWhitelist(wl.Path, wl.Path, wl.ReadOnly)
}
@ -87,14 +87,14 @@ func NewFromProfile(profile *oz.Profile, user *user.User, log *logging.Logger) *
return fs
}
func NewFilesystem(name string, user *user.User, log *logging.Logger) *Filesystem {
func NewFilesystem(name string, user *user.User, basePath string, log *logging.Logger) *Filesystem {
fs := new(Filesystem)
fs.log = log
fs.name = name
if log == nil {
fs.log = logging.MustGetLogger("oz")
}
fs.base = path.Join("/srv/oz", name)
fs.base = path.Join(basePath, name)
fs.root = path.Join(fs.base, "rootfs")
fs.user = user
fs.userID = strconv.Itoa(os.Getuid())

@ -48,6 +48,7 @@ func initialize() *daemonState {
d.log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
}
d.log.Info("Oz Global Config: %+v", config)
d.config = config
ps, err := oz.LoadProfiles(config.ProfileDir)
if err != nil {
@ -148,7 +149,7 @@ func (d *daemonState) handleClean(clean *CleanMsg, msg *ipc.Message) error {
}
// XXX
u, _ := user.Current()
fs := fs.NewFromProfile(p, u, d.log)
fs := fs.NewFromProfile(p, u, d.config.SandboxPath, d.log)
if err := fs.Cleanup(); err != nil {
return msg.Respond(&ErrorMsg{err.Error()})
}

@ -65,7 +65,7 @@ func (d *daemonState) launch(p *oz.Profile, uid, gid uint32) (*Sandbox, error) {
if err != nil {
return nil, fmt.Errorf("failed to lookup user for uid=%d: %v", uid, err)
}
fs := fs.NewFromProfile(p, u, d.log)
fs := fs.NewFromProfile(p, u, d.config.SandboxPath, d.log)
if err := fs.Setup(); err != nil {
return nil, err
}

@ -108,7 +108,7 @@ func parseArgs() *initState {
gid: gid,
user: u,
display: display,
fs: fs.NewFromProfile(p, u, log),
fs: fs.NewFromProfile(p, u, config.SandboxPath, log),
}
}

Loading…
Cancel
Save