|
|
@ -20,9 +20,11 @@ type directory struct {
|
|
|
|
|
|
|
|
|
|
|
|
type Filesystem struct {
|
|
|
|
type Filesystem struct {
|
|
|
|
log *logging.Logger
|
|
|
|
log *logging.Logger
|
|
|
|
home string
|
|
|
|
user *user.User
|
|
|
|
|
|
|
|
name string
|
|
|
|
base string
|
|
|
|
base string
|
|
|
|
root string
|
|
|
|
root string
|
|
|
|
|
|
|
|
xpra string
|
|
|
|
userID string
|
|
|
|
userID string
|
|
|
|
noDefaults bool
|
|
|
|
noDefaults bool
|
|
|
|
noSysAndProc bool
|
|
|
|
noSysAndProc bool
|
|
|
@ -34,6 +36,10 @@ func (fs *Filesystem) Root() string {
|
|
|
|
return fs.root
|
|
|
|
return fs.root
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (fs *Filesystem) Xpra() string {
|
|
|
|
|
|
|
|
return fs.xpra
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (fs *Filesystem) addWhitelist(path, target string, readonly bool) error {
|
|
|
|
func (fs *Filesystem) addWhitelist(path, target string, readonly bool) error {
|
|
|
|
item, err := fs.newItem(path, target, readonly)
|
|
|
|
item, err := fs.newItem(path, target, readonly)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
@ -65,8 +71,8 @@ func (fs *Filesystem) newItem(path, target string, readonly bool) (*mountItem, e
|
|
|
|
}, nil
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func NewFromProfile(profile *oz.Profile, log *logging.Logger) *Filesystem {
|
|
|
|
func NewFromProfile(profile *oz.Profile, user *user.User, log *logging.Logger) *Filesystem {
|
|
|
|
fs := NewFilesystem(profile.Name, log)
|
|
|
|
fs := NewFilesystem(profile.Name, user, log)
|
|
|
|
for _,wl := range profile.Whitelist {
|
|
|
|
for _,wl := range profile.Whitelist {
|
|
|
|
fs.addWhitelist(wl.Path, wl.Path, wl.ReadOnly)
|
|
|
|
fs.addWhitelist(wl.Path, wl.Path, wl.ReadOnly)
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -75,24 +81,22 @@ func NewFromProfile(profile *oz.Profile, log *logging.Logger) *Filesystem {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fs.noDefaults = profile.NoDefaults
|
|
|
|
fs.noDefaults = profile.NoDefaults
|
|
|
|
fs.noSysAndProc = profile.NoSysProc
|
|
|
|
fs.noSysAndProc = profile.NoSysProc
|
|
|
|
|
|
|
|
if profile.XServer.Enabled {
|
|
|
|
|
|
|
|
fs.xpra = path.Join(user.HomeDir, ".Xoz", profile.Name)
|
|
|
|
|
|
|
|
}
|
|
|
|
return fs
|
|
|
|
return fs
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func NewFilesystem(name string, log *logging.Logger) *Filesystem {
|
|
|
|
func NewFilesystem(name string, user *user.User, log *logging.Logger) *Filesystem {
|
|
|
|
|
|
|
|
|
|
|
|
fs := new(Filesystem)
|
|
|
|
fs := new(Filesystem)
|
|
|
|
fs.log = log
|
|
|
|
fs.log = log
|
|
|
|
|
|
|
|
fs.name = name
|
|
|
|
if log == nil {
|
|
|
|
if log == nil {
|
|
|
|
fs.log = logging.MustGetLogger("oz")
|
|
|
|
fs.log = logging.MustGetLogger("oz")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
fs.base = path.Join("/srv/oz", name)
|
|
|
|
fs.base = path.Join("/srv/oz", name)
|
|
|
|
fs.root = path.Join(fs.base, "rootfs")
|
|
|
|
fs.root = path.Join(fs.base, "rootfs")
|
|
|
|
|
|
|
|
fs.user = user
|
|
|
|
u, err := user.Current()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
panic("Failed to look up current user: " + err.Error())
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
fs.home = u.HomeDir
|
|
|
|
|
|
|
|
fs.userID = strconv.Itoa(os.Getuid())
|
|
|
|
fs.userID = strconv.Itoa(os.Getuid())
|
|
|
|
|
|
|
|
|
|
|
|
return fs
|
|
|
|
return fs
|
|
|
@ -205,3 +209,17 @@ func copyFileInfo(info os.FileInfo, target string) error {
|
|
|
|
os.Chmod(target, info.Mode().Perm())
|
|
|
|
os.Chmod(target, info.Mode().Perm())
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func createSubdirs(base string, uid,gid int, mode os.FileMode, subdirs ...string) error {
|
|
|
|
|
|
|
|
dir := base
|
|
|
|
|
|
|
|
for _,sd := range subdirs {
|
|
|
|
|
|
|
|
dir = path.Join(dir, sd)
|
|
|
|
|
|
|
|
if err := os.Mkdir(dir, mode); err != nil && !os.IsExist(err) {
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := os.Chown(dir, uid, gid); err != nil {
|
|
|
|
|
|
|
|
return err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
|
|
|