Cleanup

10 years ago · 6df101331f
parent 046bc48d51
commit 6df101331f
4 changed files with 34 additions and 24 deletions
--- a/cmd/oz-seccomp/main.go
+++ b/cmd/oz-seccomp/main.go
@ -0,0 +1,9 @@
 package main
 import (
 	ozseccomp "github.com/subgraph/oz/oz-seccomp"
 )
 func main() {
 	ozseccomp.Main()
 }
--- a/oz-init/init.go
+++ b/oz-init/init.go
@ -209,11 +209,6 @@ func (st *initState) runInit() {
 		st.launchEnv = append(st.launchEnv, "HOME="+st.user.HomeDir)
 	}
 	pname := os.Getenv("INIT_PROFILE")
 	if (pname != "") {
 		st.launchEnv = append(st.launchEnv, "INIT_PROFILE="+pname)
 	}
 	if st.profile.Networking.Nettype != network.TYPE_HOST {
 		err := network.NetSetup(st.network)
 		if err != nil {
@ -307,23 +302,17 @@ func (st *initState) readXpraOutput(r io.ReadCloser) {
 }
 func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*exec.Cmd, error) {
 	suffix := ""
 	if st.config.DivertSuffix != "" {
 		suffix = "." + st.config.DivertSuffix
 	}
 	if cpath == "" {
 		cpath = st.profile.Path
 	}
 	if st.config.DivertSuffix != "" {
 		cpath += "." + st.config.DivertSuffix
 	}
-	cpath = cpath + suffix
+	if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST {
-
+		st.log.Notice("Enabling seccomp whitelist for: %s", cpath)
-	if st.profile.Seccomp.Mode == "whitelist" {
+		cmdArgs = append([]string{"-w",cpath}, cmdArgs...)
-		st.log.Warning("cmdArgs %v", cmdArgs)
+		cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
 		args := []string{"-w",cpath}
 		cmdArgs = append(args, cmdArgs...)
 		cpath = "/usr/bin/seccomp-wrapper"
 	}
 	cmd := exec.Command(cpath)
 	stdout, err := cmd.StdoutPipe()
@ -343,6 +332,10 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
 	}
 	cmd.Env = append(cmd.Env, st.launchEnv...)
 	if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST {
 		cmd.Env = append(cmd.Env, "_OZ_PROFILE="+st.profile.Name)
 	}
 	cmd.Args = append(cmd.Args, cmdArgs...)
 	if _, err := os.Stat(pwd); err == nil {
--- a/oz-seccomp/seccomp.go
+++ b/oz-seccomp/seccomp.go
@ -1,4 +1,4 @@
-package main
+package seccomp
 import (
 	"fmt"
@ -19,7 +19,7 @@ func createLogger() *logging.Logger {
 	return l
 }
-func main() {
+func Main() {
 	log := createLogger()
 	if len(os.Args) < 3 {
@ -33,13 +33,14 @@ func main() {
 			log.Error("Error: missing required '%s' argument", name)
 			os.Exit(1)
 		}
 		os.Setenv(name, "")
 		return val
 	}
 	cmd := os.Args[2]
 	cmdArgs := os.Args[2:]
 	env := os.Environ()
-	pname := getvar("INIT_PROFILE")
+	pname := getvar("_OZ_PROFILE")
 	config, err := oz.LoadConfig(oz.DefaultConfigPath)
 	if err != nil {
--- a/profile.go
+++ b/profile.go
@ -66,8 +66,16 @@ type XServerConf struct {
 	AudioMode           AudioMode `json:"audio_mode"`
 }
 type SeccompMode string
 const (
 	PROFILE_SECCOMP_WHITELIST SeccompMode = "whitelist"
 	PROFILE_SECCOMP_BLACKLIST SeccompMode = "blacklist"
 	PROFILE_SECCOMP_DISABLED  SeccompMode = "disabled"
 )
 type SeccompConf struct {
-	Mode              string
+	Mode              SeccompMode
 	Enforce           bool
 	Seccomp_Whitelist string
 	Seccomp_Blacklist string
@ -168,8 +176,7 @@ func LoadProfiles(dir string) (Profiles, error) {
 	for _, f := range fs {
 		if !f.IsDir() {
 			name := path.Join(dir, f.Name())
-			if strings.Contains(f.Name(), ".json") {
+			if strings.HasSuffix(f.Name(), ".json") {
 				p, err := loadProfileFile(name)
 				if err != nil {
 					return nil, fmt.Errorf("error loading '%s': %v", f.Name(), err)