Cleanup u/mount files

oz-daemon/daemon.go

@@ -81,7 +81,7 @@ func initialize() *daemonState {
 
 			d.network = htn
 
-			network.NetPrint(d.log)
+			//network.NetPrint(d.log)
 
 			break
 		}
@@ -276,7 +276,7 @@ func (d *daemonState) handleMountFiles(msg *MountFilesMsg, m *ipc.Message) error
 		return m.Respond(&ErrorMsg{fmt.Sprintf("no sandbox found with id = %d", msg.Id)})
 	}
 	if err := sbox.MountFiles(msg.Files, msg.ReadOnly, d.config.PrefixPath, d.log); err != nil {
-		return m.Respond(&ErrorMsg{fmt.Sprintf("Unable to unmount file `%+s` from sandbox `%s`: %v", msg.Files, sbox.profile.Name, err)})
+		return m.Respond(&ErrorMsg{fmt.Sprintf("Unable to mount: %v", err)})
 	}
 	return m.Respond(&OkMsg{})
 }
@@ -288,7 +288,7 @@ func (d *daemonState) handleUnmountFile(msg *UnmountFileMsg, m *ipc.Message) err
 		return m.Respond(&ErrorMsg{fmt.Sprintf("no sandbox found with id = %d", msg.Id)})
 	}
 	if err := sbox.UnmountFile(msg.File, d.config.PrefixPath, d.log); err != nil {
-		return m.Respond(&ErrorMsg{fmt.Sprintf("Unable to unmount file `%s` from sandbox `%s`: %v", msg.File, sbox.profile.Name, err)})
+		return m.Respond(&ErrorMsg{fmt.Sprintf("Unable to unmount: %v", err)})
 	}
 	return m.Respond(&OkMsg{})
 }

oz-daemon/launch.go

@@ -226,11 +226,11 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool,  binpath string,
 		"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid),
 		"_OZ_HOMEDIR=" + sbox.user.HomeDir,
 	}
+	log.Debug("Attempting to add file with %s to sandbox %s: %+s", pmnt, sbox.profile.Name, files)
 	pout, err := cmnt.CombinedOutput()
-	if err != nil {
+	if err != nil || cmnt.ProcessState.Success() == false {
-		log.Warning("Unable to bind files to sandbox: %v", err)
+		log.Warning("Unable to bind files to sandbox: %s", string(pout))
-		log.Warning("%s", string(pout))
+		return fmt.Errorf("%s", string(pout[2:]))
-		return err
 	}
 	for _, mfile := range files {
 		found := false
@@ -256,10 +256,9 @@ func (sbox *Sandbox) UnmountFile(file, binpath string, log *logging.Logger) erro
 		"_OZ_HOMEDIR=" + sbox.user.HomeDir,
 	}
 	pout, err := cmnt.CombinedOutput()
-	if err != nil {
+	if err != nil || cmnt.ProcessState.Success() == false {
-		log.Warning("Unable to unbind files from sandbox: %v", err)
+		log.Warning("Unable to unbind file from sandbox: %s", string(pout))
-		log.Warning("%s", string(pout))
+		return fmt.Errorf("%s", string(pout[2:]))
-		return err
 	}
 	for i, item := range sbox.mountedFiles {
 		if item == file {

oz-mount/mount.go

@@ -13,6 +13,7 @@ __attribute__((constructor)) void init(void) {
 import "C"
 
 import (
+	"fmt"
 	"os"
 	"path"
 	"strings"
@@ -32,7 +33,7 @@ func Main(mode int) {
 	log := createLogger()
 	config, err := loadConfig()
 	if err != nil {
-		log.Error("Could not load configuration: %s (%+v)\n", oz.DefaultConfigPath, err)
+		log.Error("Could not load configuration: %s (%+v)", oz.DefaultConfigPath, err)
 		os.Exit(1)
 	}
 	
@@ -50,16 +51,16 @@ func Main(mode int) {
 		readonly = true
 	}
 	for _, fpath := range os.Args[start:] {
-		fpath = path.Clean(fpath);
+		cpath, err := cleanPath(fpath, homedir)
-		if !strings.HasPrefix(fpath, homedir) {
+		if (err != nil || cpath == "") {
-			log.Warning("Ignored `%s`, only files inside of home are permitted!", fpath)
+			log.Error("%v", err)
-			continue
+			os.Exit(1)
 		}
 		switch mode {
 		case MOUNT:
-			mount(fpath, readonly, fsys, log)
+			mount(cpath, readonly, fsys, log)
 		case UMOUNT:
-			unmount(fpath, fsys, log)
+			unmount(cpath, fsys, log)
 		default:
 			log.Error("Unknown mode!")
 			os.Exit(1)
@@ -69,17 +70,30 @@ func Main(mode int) {
 	os.Exit(0)
 }
 
+func cleanPath(spath, homedir string) (string, error) {
+	spath = path.Clean(spath)
+	if !path.IsAbs(spath) {
+		spath = path.Join(homedir, spath)
+	}
+	if !strings.HasPrefix(spath, homedir) {
+		return "", fmt.Errorf("only files inside of the user home are permitted")
+	}
+	return spath, nil
+}
+
 func mount(fpath string, readonly bool, fsys *fs.Filesystem, log *logging.Logger) {
-	if _, err := os.Stat(fpath); err == nil {
+	//log.Notice("Adding file `%s`.", fpath)
-		//log.Notice("Adding file `%s`.", fpath)
+	if _, err := os.Stat(fpath); err != nil {
-		flags := fs.BindCanCreate
+		log.Error("%v", err)
-		if readonly {
+		os.Exit(1)
-			flags |= fs.BindReadOnly
+	}
-		}
+	flags := fs.BindCanCreate
-		if err := fsys.BindPath(fpath, flags, nil); err != nil {
+	if readonly {
-			log.Error("%v while adding `%s`!", err, fpath)
+		flags |= fs.BindReadOnly
-			os.Exit(1)
+	}
-		}
+	if err := fsys.BindPath(fpath, flags, nil); err != nil {
+		log.Error("%v", err)
+		os.Exit(1)
 	}
 }
 
@@ -88,17 +102,17 @@ func unmount(fpath string, fsys *fs.Filesystem, log *logging.Logger) {
 	if _, err := os.Stat(sbpath); err == nil {
 		//log.Notice("Removing file `%s`.", fpath)
 		if err := fsys.UnbindPath(fpath); err != nil {
-			log.Error("%v while removing `%s`!", err, fpath)
+			log.Error("%v", err)
 			os.Exit(1)
 		}
 	} else {
-		log.Error("%v error while removing `%s`!", err, fpath)
+		log.Warning("%v", err)
 	}
 }
 
 func createLogger() *logging.Logger {
 	l := logging.MustGetLogger("oz-init")
-	be := logging.NewLogBackend(os.Stderr, "", 0)
+	be := logging.NewLogBackend(os.Stdout, "", 0)
 	f := logging.MustStringFormatter("%{level:.1s} %{message}")
 	fbe := logging.NewBackendFormatter(be, f)
 	logging.SetBackend(fbe)