Fixed passing of home dir to un/mount utilities

master
xSmurf 10 years ago
parent 6463dbdfc1
commit 9f81491fc6

@ -2,10 +2,13 @@ package daemon
import ( import (
"bufio" "bufio"
"crypto/rand"
"encoding/hex"
"fmt" "fmt"
"io" "io"
"os" "os"
"os/exec" "os/exec"
"os/user"
"path" "path"
"path/filepath" "path/filepath"
"strconv" "strconv"
@ -18,11 +21,8 @@ import (
"github.com/subgraph/oz/oz-init" "github.com/subgraph/oz/oz-init"
"github.com/subgraph/oz/xpra" "github.com/subgraph/oz/xpra"
"crypto/rand"
"encoding/hex"
"github.com/op/go-logging" "github.com/op/go-logging"
"github.com/subgraph/oz/fs" "github.com/subgraph/oz/fs"
"os/user"
) )
type Sandbox struct { type Sandbox struct {
@ -31,6 +31,7 @@ type Sandbox struct {
display int display int
profile *oz.Profile profile *oz.Profile
init *exec.Cmd init *exec.Cmd
user *user.User
cred *syscall.Credential cred *syscall.Credential
fs *fs.Filesystem fs *fs.Filesystem
stderr io.ReadCloser stderr io.ReadCloser
@ -104,6 +105,11 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log
return nil, err return nil, err
} }
*/ */
u, err := user.LookupId(strconv.FormatUint(uint64(uid), 10))
if err != nil {
log.Error("Failed to look up user with uid=%ld: %v", uid, err)
os.Exit(1)
}
display := 0 display := 0
if p.XServer.Enabled && p.Networking.Nettype == network.TYPE_HOST { if p.XServer.Enabled && p.Networking.Nettype == network.TYPE_HOST {
@ -111,7 +117,6 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log
d.nextDisplay += 1 d.nextDisplay += 1
} }
var err error
stn := new(network.SandboxNetwork) stn := new(network.SandboxNetwork)
stn.Nettype = p.Networking.Nettype stn.Nettype = p.Networking.Nettype
if p.Networking.Nettype == network.TYPE_BRIDGE { if p.Networking.Nettype == network.TYPE_BRIDGE {
@ -148,6 +153,7 @@ func (d *daemonState) launch(p *oz.Profile, msg *LaunchMsg, uid, gid uint32, log
profile: p, profile: p,
init: cmd, init: cmd,
cred: &syscall.Credential{Uid: uid, Gid: gid}, cred: &syscall.Credential{Uid: uid, Gid: gid},
user: u,
fs: fs.NewFilesystem(d.config, log), fs: fs.NewFilesystem(d.config, log),
//addr: path.Join(rootfs, ozinit.SocketAddress), //addr: path.Join(rootfs, ozinit.SocketAddress),
addr: socketPath, addr: socketPath,
@ -216,7 +222,10 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string,
args = append([]string{"--readonly"}, files...) args = append([]string{"--readonly"}, files...)
} }
cmnt := exec.Command(pmnt, args...) cmnt := exec.Command(pmnt, args...)
cmnt.Env = []string{"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid)} cmnt.Env = []string{
"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid),
"_OZ_HOMEDIR=" + sbox.user.HomeDir,
}
pout, err := cmnt.CombinedOutput() pout, err := cmnt.CombinedOutput()
if err != nil { if err != nil {
log.Warning("Unable to bind files to sandbox: %v", err) log.Warning("Unable to bind files to sandbox: %v", err)
@ -239,11 +248,13 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string,
return nil return nil
} }
func (sbox *Sandbox) UnmountFile(file, binpath string, log *logging.Logger) error { func (sbox *Sandbox) UnmountFile(file, binpath string, log *logging.Logger) error {
pmnt := path.Join(binpath, "bin", "oz-umount") pmnt := path.Join(binpath, "bin", "oz-umount")
cmnt := exec.Command(pmnt, file) cmnt := exec.Command(pmnt, file)
cmnt.Env = []string{"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid)} cmnt.Env = []string{
"_OZ_NSPID=" + strconv.Itoa(sbox.init.Process.Pid),
"_OZ_HOMEDIR=" + sbox.user.HomeDir,
}
pout, err := cmnt.CombinedOutput() pout, err := cmnt.CombinedOutput()
if err != nil { if err != nil {
log.Warning("Unable to unbind files from sandbox: %v", err) log.Warning("Unable to unbind files from sandbox: %v", err)

@ -32,19 +32,25 @@ func Main(mode int) {
log := createLogger() log := createLogger()
config, err := loadConfig() config, err := loadConfig()
if err != nil { if err != nil {
log.Error("Could not load configuration: %s\n", oz.DefaultConfigPath, err) log.Error("Could not load configuration: %s (%+v)\n", oz.DefaultConfigPath, err)
os.Exit(1) os.Exit(1)
} }
fsys := fs.NewFilesystem(config, log) fsys := fs.NewFilesystem(config, log)
start := 1; homedir := os.Getenv("_OZ_HOMEDIR")
readonly := false; if homedir == "" {
log.Error("Homedir must be set!")
os.Exit(1)
}
start := 1
readonly := false
if os.Args[1] == "--readonly" { if os.Args[1] == "--readonly" {
start = 2; start = 2
readonly = true; readonly = true
} }
for _, fpath := range os.Args[start:] { for _, fpath := range os.Args[start:] {
if !strings.HasPrefix(fpath, "/home/") { if !strings.HasPrefix(fpath, homedir) {
log.Warning("Ignored `%s`, only files inside of home are permitted!", fpath) log.Warning("Ignored `%s`, only files inside of home are permitted!", fpath)
continue continue
} }
@ -53,6 +59,9 @@ func Main(mode int) {
mount(fpath, readonly, fsys, log) mount(fpath, readonly, fsys, log)
case UMOUNT: case UMOUNT:
unmount(fpath, fsys, log) unmount(fpath, fsys, log)
default:
log.Error("Unknown mode!")
os.Exit(1)
} }
} }

Loading…
Cancel
Save