Added passing and bind mounting of files passed as arguments to command

master
xSmurf 10 years ago
parent a117e87785
commit d1d1a9ae43

@ -41,6 +41,20 @@ func (fs *Filesystem) Xpra() string {
return fs.xpra return fs.xpra
} }
func (fs *Filesystem) AddBindWhitelist(path, target string, readonly bool) error {
for _, fsitem := range fs.whitelist {
if fsitem.path == path {
return nil
}
}
item, err := fs.newItem(path, target, readonly)
if err != nil {
return err
}
fs.whitelist = append(fs.whitelist, item)
return item.bindItem()
}
func (fs *Filesystem) addWhitelist(path, target string, readonly bool) error { func (fs *Filesystem) addWhitelist(path, target string, readonly bool) error {
item, err := fs.newItem(path, target, readonly) item, err := fs.newItem(path, target, readonly)
if err != nil { if err != nil {

@ -3,8 +3,10 @@ package daemon
import ( import (
"errors" "errors"
"fmt" "fmt"
"github.com/subgraph/oz/ipc" "os"
"strconv" "strconv"
"github.com/subgraph/oz/ipc"
) )
func clientConnect() (*ipc.MsgConn, error) { func clientConnect() (*ipc.MsgConn, error) {
@ -56,9 +58,12 @@ func Launch(arg string, args, env []string) error {
if err != nil { if err != nil {
return err return err
} }
pwd, _ := os.Getwd()
resp, err := clientSend(&LaunchMsg{ resp, err := clientSend(&LaunchMsg{
Index: idx, Index: idx,
Name: name, Name: name,
Pwd: pwd,
Args: args, Args: args,
Env: env, Env: env,
}) })

@ -134,11 +134,11 @@ func (d *daemonState) handleLaunch(msg *LaunchMsg, m *ipc.Message) error {
} }
if sbox := d.getRunningSandboxByName(p.Name); sbox != nil { if sbox := d.getRunningSandboxByName(p.Name); sbox != nil {
d.Info("Found running sandbox for `%s`, running program there", p.Name) d.Info("Found running sandbox for `%s`, running program there", p.Name)
sbox.launchProgram(msg.Args, d.log) sbox.launchProgram(msg.Pwd, msg.Args, d.log)
} else { } else {
d.Debug("Would launch %s", p.Name) d.Debug("Would launch %s", p.Name)
env := d.sanitizeEnvironment(p, msg.Env) env := d.sanitizeEnvironment(p, msg.Env)
_, err = d.launch(p, msg.Args, env, m.Ucred.Uid, m.Ucred.Gid, d.log) _, err = d.launch(p, msg.Pwd, msg.Args, env, m.Ucred.Uid, m.Ucred.Gid, d.log)
if err != nil { if err != nil {
d.Warning("Launch of %s failed: %v", p.Name, err) d.Warning("Launch of %s failed: %v", p.Name, err)
return m.Respond(&ErrorMsg{err.Error()}) return m.Respond(&ErrorMsg{err.Error()})

@ -4,9 +4,11 @@ import (
"bufio" "bufio"
"fmt" "fmt"
"io" "io"
"os"
"os/exec" "os/exec"
"os/user" "os/user"
"path" "path"
"path/filepath"
"sync" "sync"
"syscall" "syscall"
@ -72,7 +74,7 @@ func createInitCommand(initPath, name, chroot string, env []string, uid uint32,
return cmd return cmd
} }
func (d *daemonState) launch(p *oz.Profile, args, env []string, uid, gid uint32, log *logging.Logger) (*Sandbox, error) { func (d *daemonState) launch(p *oz.Profile, pwd string, args, env []string, uid, gid uint32, log *logging.Logger) (*Sandbox, error) {
u, err := user.LookupId(fmt.Sprintf("%d", uid)) u, err := user.LookupId(fmt.Sprintf("%d", uid))
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to lookup user for uid=%d: %v", uid, err) return nil, fmt.Errorf("failed to lookup user for uid=%d: %v", uid, err)
@ -135,7 +137,7 @@ func (d *daemonState) launch(p *oz.Profile, args, env []string, uid, gid uint32,
go func () { go func () {
sbox.ready.Wait() sbox.ready.Wait()
go sbox.launchProgram(args, log) go sbox.launchProgram(pwd, args, log)
}() }()
if sbox.profile.XServer.Enabled { if sbox.profile.XServer.Enabled {
@ -149,7 +151,19 @@ func (d *daemonState) launch(p *oz.Profile, args, env []string, uid, gid uint32,
return sbox, nil return sbox, nil
} }
func (sbox *Sandbox) launchProgram(args []string, log *logging.Logger) { func (sbox *Sandbox) launchProgram(pwd string, args []string, log *logging.Logger) {
for _, fpath := range args {
if _, err := os.Stat(fpath); err == nil {
if filepath.IsAbs(fpath) == false {
fpath = path.Join(pwd, fpath)
}
log.Info("Adding file `%s` to sandbox `%s`.", fpath, sbox.profile.Name)
if err := sbox.fs.AddBindWhitelist(fpath, fpath, false); err != nil {
log.Warning("Error adding file `%s`!", fpath)
}
}
}
err := ozinit.RunProgram(sbox.addr, args) err := ozinit.RunProgram(sbox.addr, args)
if err != nil { if err != nil {
log.Error("start shell command failed: %v", err) log.Error("start shell command failed: %v", err)

@ -33,6 +33,7 @@ type ListProfilesResp struct {
type LaunchMsg struct { type LaunchMsg struct {
Index int "Launch" Index int "Launch"
Name string Name string
Pwd string
Args []string Args []string
Env []string Env []string
} }

Loading…
Cancel
Save