Added sandbox base path to global config

10 years ago · a76fcb0217
parent 93715e7602
commit a76fcb0217
5 changed files with 14 additions and 11 deletions
--- a/config.go
+++ b/config.go
@ -6,10 +6,11 @@ import (
 )
 type Config struct {
-	ProfileDir     string `json:"profile_dir"`
+	ProfileDir     	string `json:"profile_dir"`
-	ShellPath      string `json:"shell_path"`
+	ShellPath      	string `json:"shell_path"`
-	AllowRootShell bool   `json:"allow_root_shell"`
+	SandboxPath    	string `json:"sandbox_path"`
-	LogXpra        bool   `json:"log_xpra"`
+	AllowRootShell 	bool   `json:"allow_root_shell"`
 	LogXpra        	bool   `json:"log_xpra"`
 }
 const DefaultConfigPath = "/etc/oz/oz.conf"
@ -18,6 +19,7 @@ func NewDefaultConfig() *Config {
 	return &Config{
 		ProfileDir:     "/var/lib/oz/cells.d",
 		ShellPath:      "/bin/bash",
 		SandboxPath:    "/srv/oz",
 		AllowRootShell: false,
 		LogXpra:        false,
 	}
--- a/fs/fs.go
+++ b/fs/fs.go
@ -71,8 +71,8 @@ func (fs *Filesystem) newItem(path, target string, readonly bool) (*mountItem, e
 	}, nil
 }
-func NewFromProfile(profile *oz.Profile, user *user.User, log *logging.Logger) *Filesystem {
+func NewFromProfile(profile *oz.Profile, user *user.User, basePath string, log *logging.Logger) *Filesystem {
-	fs := NewFilesystem(profile.Name, user, log)
+	fs := NewFilesystem(profile.Name, user, basePath, log)
 	for _, wl := range profile.Whitelist {
 		fs.addWhitelist(wl.Path, wl.Path, wl.ReadOnly)
 	}
@ -87,14 +87,14 @@ func NewFromProfile(profile *oz.Profile, user *user.User, log *logging.Logger) *
 	return fs
 }
-func NewFilesystem(name string, user *user.User, log *logging.Logger) *Filesystem {
+func NewFilesystem(name string, user *user.User, basePath string, log *logging.Logger) *Filesystem {
 	fs := new(Filesystem)
 	fs.log = log
 	fs.name = name
 	if log == nil {
 		fs.log = logging.MustGetLogger("oz")
 	}
-	fs.base = path.Join("/srv/oz", name)
+	fs.base = path.Join(basePath, name)
 	fs.root = path.Join(fs.base, "rootfs")
 	fs.user = user
 	fs.userID = strconv.Itoa(os.Getuid())
--- a/oz-daemon/daemon.go
+++ b/oz-daemon/daemon.go
@ -48,6 +48,7 @@ func initialize() *daemonState {
 		d.log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
 		config = oz.NewDefaultConfig()
 	}
 	d.log.Info("Oz Global Config: %+v", config)
 	d.config = config
 	ps, err := oz.LoadProfiles(config.ProfileDir)
 	if err != nil {
@ -148,7 +149,7 @@ func (d *daemonState) handleClean(clean *CleanMsg, msg *ipc.Message) error {
 	}
 	// XXX
 	u, _ := user.Current()
-	fs := fs.NewFromProfile(p, u, d.log)
+	fs := fs.NewFromProfile(p, u, d.config.SandboxPath, d.log)
 	if err := fs.Cleanup(); err != nil {
 		return msg.Respond(&ErrorMsg{err.Error()})
 	}
--- a/oz-daemon/launch.go
+++ b/oz-daemon/launch.go
@ -65,7 +65,7 @@ func (d *daemonState) launch(p *oz.Profile, uid, gid uint32) (*Sandbox, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to lookup user for uid=%d: %v", uid, err)
 	}
-	fs := fs.NewFromProfile(p, u, d.log)
+	fs := fs.NewFromProfile(p, u, d.config.SandboxPath, d.log)
 	if err := fs.Setup(); err != nil {
 		return nil, err
 	}
--- a/oz-init/init.go
+++ b/oz-init/init.go
@ -108,7 +108,7 @@ func parseArgs() *initState {
 		gid:     gid,
 		user:    u,
 		display: display,
-		fs:      fs.NewFromProfile(p, u, log),
+		fs:      fs.NewFromProfile(p, u, config.SandboxPath, log),
 	}
 }