From 9f81491fc6b538dd02437727f544fc8a8dd40f16 Mon Sep 17 00:00:00 2001 From: xSmurf Date: Tue, 7 Jul 2015 04:01:27 +0000 Subject: [PATCH] Fixed passing of home dir to un/mount utilities --- oz-daemon/launch.go | 25 ++++++++++++++++++------- oz-mount/mount.go | 23 ++++++++++++++++------- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/oz-daemon/launch.go b/oz-daemon/launch.go index b8c317a..10382b3 100644 --- a/oz-daemon/launch.go +++ b/oz-daemon/launch.go @@ -2,10 +2,13 @@ package daemon import ( "bufio" + "crypto/rand" + "encoding/hex" "fmt" "io" "os" "os/exec" + "os/user" "path" "path/filepath" "strconv" @@ -18,11 +21,8 @@ import ( "github.com/subgraph/oz/oz-init" "github.com/subgraph/oz/xpra" - "crypto/rand" - "encoding/hex" "github.com/op/go-logging" "github.com/subgraph/oz/fs" - "os/user" ) type Sandbox struct { @@ -31,6 +31,7 @@ type Sandbox struct { display int profile *oz.Profile init *exec.Cmd + user *user.User cred *syscall.Credential fs *fs.Filesystem stderr io.ReadCloser @@ -104,6 +105,11 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log return nil, err } */ + u, err := user.LookupId(strconv.FormatUint(uint64(uid), 10)) + if err != nil { + log.Error("Failed to look up user with uid=%ld: %v", uid, err) + os.Exit(1) + } display := 0 if p.XServer.Enabled && p.Networking.Nettype == network.TYPE_HOST { @@ -111,7 +117,6 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log d.nextDisplay += 1 } - var err error stn := new(network.SandboxNetwork) stn.Nettype = p.Networking.Nettype if p.Networking.Nettype == network.TYPE_BRIDGE { @@ -148,6 +153,7 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log profile: p, init: cmd, cred: &syscall.Credential{Uid: uid, Gid: gid}, + user: u, fs: fs.NewFilesystem(d.config, log), //addr: path.Join(rootfs, ozinit.SocketAddress), addr: socketPath, @@ -216,7 +222,10 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string, args = append([]string{"--readonly"}, files...) } cmnt := exec.Command(pmnt, args...) - cmnt.Env = []string{"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid)} + cmnt.Env = []string{ + "_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid), + "_OZ_HOMEDIR=" + sbox.user.HomeDir, + } pout, err := cmnt.CombinedOutput() if err != nil { log.Warning("Unable to bind files to sandbox: %v", err) @@ -239,11 +248,13 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string, return nil } - func (sbox *Sandbox) UnmountFile(file, binpath string, log *logging.Logger) error { pmnt := path.Join(binpath, "bin", "oz-umount") cmnt := exec.Command(pmnt, file) - cmnt.Env = []string{"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid)} + cmnt.Env = []string{ + "_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid), + "_OZ_HOMEDIR=" + sbox.user.HomeDir, + } pout, err := cmnt.CombinedOutput() if err != nil { log.Warning("Unable to unbind files from sandbox: %v", err) diff --git a/oz-mount/mount.go b/oz-mount/mount.go index d7c217b..d10d1c9 100644 --- a/oz-mount/mount.go +++ b/oz-mount/mount.go @@ -32,19 +32,25 @@ func Main(mode int) { log := createLogger() config, err := loadConfig() if err != nil { - log.Error("Could not load configuration: %s\n", oz.DefaultConfigPath, err) + log.Error("Could not load configuration: %s (%+v)\n", oz.DefaultConfigPath, err) os.Exit(1) } - + fsys := fs.NewFilesystem(config, log) - start := 1; - readonly := false; + homedir := os.Getenv("_OZ_HOMEDIR") + if homedir == "" { + log.Error("Homedir must be set!") + os.Exit(1) + } + + start := 1 + readonly := false if os.Args[1] == "--readonly" { - start = 2; - readonly = true; + start = 2 + readonly = true } for _, fpath := range os.Args[start:] { - if !strings.HasPrefix(fpath, "/home/") { + if !strings.HasPrefix(fpath, homedir) { log.Warning("Ignored `%s`, only files inside of home are permitted!", fpath) continue } @@ -53,6 +59,9 @@ func Main(mode int) { mount(fpath, readonly, fsys, log) case UMOUNT: unmount(fpath, fsys, log) + default: + log.Error("Unknown mode!") + os.Exit(1) } }