xSmurf 10 years ago
parent 66725621e8
commit fd929aba6b

@ -162,7 +162,7 @@ func (fs *Filesystem) bind(from string, to string, flags int, u *user.User) erro
return bindMount(src, to, mntflags) return bindMount(src, to, mntflags)
} }
func (fs *Filesystem) UnbindPath(to string) (error) { func (fs *Filesystem) UnbindPath(to string) error {
to = path.Join(fs.Root(), to) to = path.Join(fs.Root(), to)
_, err := os.Stat(to) _, err := os.Stat(to)
@ -173,7 +173,7 @@ func (fs *Filesystem) UnbindPath(to string) (error) {
// XXX // XXX
fs.log.Info("unbinding %s", to) fs.log.Info("unbinding %s", to)
if err := syscall.Unmount(to, syscall.MNT_DETACH/* | syscall.MNT_FORCE*/); err != nil { if err := syscall.Unmount(to, syscall.MNT_DETACH /* | syscall.MNT_FORCE*/); err != nil {
return err return err
} }

@ -2,12 +2,12 @@ package fs
import ( import (
"fmt" "fmt"
"os"
"os/exec" "os/exec"
"os/user" "os/user"
"path" "path"
"path/filepath" "path/filepath"
"strings" "strings"
"os"
) )
func resolvePath(p string, u *user.User) ([]string, error) { func resolvePath(p string, u *user.User) ([]string, error) {

@ -13,9 +13,9 @@ import (
//Internal //Internal
//External //External
"github.com/op/go-logging"
"github.com/j-keck/arping" "github.com/j-keck/arping"
"github.com/milosgajdos83/tenus" "github.com/milosgajdos83/tenus"
"github.com/op/go-logging"
) )
func BridgeInit(bridgeMAC string, nmIgnoreFile string, log *logging.Logger) (*HostNetwork, error) { func BridgeInit(bridgeMAC string, nmIgnoreFile string, log *logging.Logger) (*HostNetwork, error) {
@ -100,13 +100,13 @@ func NetInit(stn *SandboxNetwork, htn *HostNetwork, childPid int, log *logging.L
rand.Seed(time.Now().Unix() ^ int64((os.Getpid() + childPid))) rand.Seed(time.Now().Unix() ^ int64((os.Getpid() + childPid)))
log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip+"/"+htn.Class) log.Info("Configuring host veth pair '%s' with: %s", stn.VethHost, stn.Ip+"/"+htn.Class)
/* /*
// Fetch the bridge from the ifname // Fetch the bridge from the ifname
br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge) br, err := tenus.BridgeFromName(ozDefaultInterfaceBridge)
if err != nil { if err != nil {
return fmt.Errorf("Unable to attach to bridge interface %, %s.", ozDefaultInterfaceBridge, err) return fmt.Errorf("Unable to attach to bridge interface %, %s.", ozDefaultInterfaceBridge, err)
} }
*/ */
// Make sure the bridge is configured and the link is up // Make sure the bridge is configured and the link is up
// This really shouldn't be needed, but Network-Manager is a PITA // This really shouldn't be needed, but Network-Manager is a PITA
// and even if you actualy ignore the interface there's a race // and even if you actualy ignore the interface there's a race

@ -7,8 +7,8 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/op/go-logging"
"github.com/milosgajdos83/tenus" "github.com/milosgajdos83/tenus"
"github.com/op/go-logging"
) )
const ( const (
@ -21,9 +21,9 @@ const (
type NetType string type NetType string
const( const (
TYPE_HOST NetType = "host" TYPE_HOST NetType = "host"
TYPE_EMPTY NetType = "empty" TYPE_EMPTY NetType = "empty"
TYPE_BRIDGE NetType = "bridge" TYPE_BRIDGE NetType = "bridge"
) )

@ -1,6 +1,6 @@
package network package network
import( import (
//Builtin //Builtin
"fmt" "fmt"
"io" "io"
@ -16,16 +16,16 @@ import(
type ProxyType string type ProxyType string
const( const (
PROXY_CLIENT ProxyType = "client" PROXY_CLIENT ProxyType = "client"
PROXY_SERVER ProxyType = "server" PROXY_SERVER ProxyType = "server"
) )
type ProtoType string type ProtoType string
const( const (
PROTO_TCP ProtoType = "tcp" PROTO_TCP ProtoType = "tcp"
PROTO_UDP ProtoType = "udp" PROTO_UDP ProtoType = "udp"
PROTO_SOCKET ProtoType = "socket" PROTO_SOCKET ProtoType = "socket"
) )
@ -146,7 +146,7 @@ func nsSocketListener(fd uintptr, proto ProtoType, lAddr string) (net.Listener,
/** /**
* Connect/Server * Connect/Server
**/ **/
func proxyServerConn(pid int, conn *net.Conn, proto ProtoType, rAddr string, log *logging.Logger, ready sync.WaitGroup) (error) { func proxyServerConn(pid int, conn *net.Conn, proto ProtoType, rAddr string, log *logging.Logger, ready sync.WaitGroup) error {
rConn, err := socketConnect(pid, proto, rAddr) rConn, err := socketConnect(pid, proto, rAddr)
if err != nil { if err != nil {
log.Error("Socket: %+v.", err) log.Error("Socket: %+v.", err)
@ -159,7 +159,7 @@ func proxyServerConn(pid int, conn *net.Conn, proto ProtoType, rAddr string, log
return nil return nil
} }
func newProxyServer(pid int, proto ProtoType, dest string, port int, log *logging.Logger, ready sync.WaitGroup) (error) { func newProxyServer(pid int, proto ProtoType, dest string, port int, log *logging.Logger, ready sync.WaitGroup) error {
if dest == "" { if dest == "" {
dest = "127.0.0.1" dest = "127.0.0.1"
} }

@ -102,7 +102,7 @@ func KillSandbox(id int) error {
} }
} }
func MountFiles(files []string) (error) { func MountFiles(files []string) error {
resp, err := clientSend(&MountFilesMsg{Files: files}) resp, err := clientSend(&MountFilesMsg{Files: files})
if err != nil { if err != nil {
return err return err
@ -117,7 +117,7 @@ func MountFiles(files []string) (error) {
} }
} }
func UnmountFile(file string) (error) { func UnmountFile(file string) error {
resp, err := clientSend(&UnmountFileMsg{File: file}) resp, err := clientSend(&UnmountFileMsg{File: file})
if err != nil { if err != nil {
return err return err

@ -281,7 +281,6 @@ func (d *daemonState) handleMountFiles(msg *MountFilesMsg, m *ipc.Message) error
return m.Respond(&OkMsg{}) return m.Respond(&OkMsg{})
} }
func (d *daemonState) handleUnmountFile(msg *UnmountFileMsg, m *ipc.Message) error { func (d *daemonState) handleUnmountFile(msg *UnmountFileMsg, m *ipc.Message) error {
sbox := d.sandboxById(msg.Id) sbox := d.sandboxById(msg.Id)
if sbox == nil { if sbox == nil {
@ -293,8 +292,6 @@ func (d *daemonState) handleUnmountFile(msg *UnmountFileMsg, m *ipc.Message) err
return m.Respond(&OkMsg{}) return m.Respond(&OkMsg{})
} }
func (d *daemonState) sandboxById(id int) *Sandbox { func (d *daemonState) sandboxById(id int) *Sandbox {
for _, sb := range d.sandboxes { for _, sb := range d.sandboxes {
if sb.id == id { if sb.id == id {

@ -215,7 +215,7 @@ func (sbox *Sandbox) launchProgram(binpath, cpath, pwd string, args []string, lo
} }
} }
func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string, log *logging.Logger) error { func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string, log *logging.Logger) error {
pmnt := path.Join(binpath, "bin", "oz-mount") pmnt := path.Join(binpath, "bin", "oz-mount")
args := files args := files
if readonly { if readonly {
@ -235,12 +235,12 @@ func (sbox *Sandbox) MountFiles(files []string, readonly bool, binpath string,
for _, mfile := range files { for _, mfile := range files {
found := false found := false
for _, mmfile := range sbox.mountedFiles { for _, mmfile := range sbox.mountedFiles {
if (mfile == mmfile) { if mfile == mmfile {
found = true found = true
break; break
} }
} }
if (!found) { if !found {
sbox.mountedFiles = append(sbox.mountedFiles, mfile) sbox.mountedFiles = append(sbox.mountedFiles, mfile)
} }
} }
@ -284,7 +284,7 @@ func (sbox *Sandbox) whitelistArgumentFiles(binpath, pwd string, args []string,
} }
} }
if len(files) > 0 { if len(files) > 0 {
sbox.MountFiles(files, false, binpath, log); sbox.MountFiles(files, false, binpath, log)
} }
} }

@ -64,13 +64,13 @@ type KillSandboxMsg struct {
} }
type MountFilesMsg struct { type MountFilesMsg struct {
Id int "MountFiles" Id int "MountFiles"
Files []string Files []string
ReadOnly bool ReadOnly bool
} }
type UnmountFileMsg struct { type UnmountFileMsg struct {
Id int "UnmountFile" Id int "UnmountFile"
File string File string
} }

@ -311,7 +311,7 @@ func (st *initState) launchApplication(cpath, pwd string, cmdArgs []string) (*ex
if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST { if st.profile.Seccomp.Mode == oz.PROFILE_SECCOMP_WHITELIST {
st.log.Notice("Enabling seccomp whitelist for: %s", cpath) st.log.Notice("Enabling seccomp whitelist for: %s", cpath)
cmdArgs = append([]string{"-w",cpath}, cmdArgs...) cmdArgs = append([]string{"-w", cpath}, cmdArgs...)
cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp") cpath = path.Join(st.config.PrefixPath, "bin", "oz-seccomp")
} }
cmd := exec.Command(cpath) cmd := exec.Command(cpath)

@ -107,7 +107,7 @@ func setupRootfs(fsys *fs.Filesystem, useFullDev bool) error {
return err return err
} }
if (!useFullDev) { if !useFullDev {
for _, d := range basicDevices { for _, d := range basicDevices {
if err := fsys.CreateDevice(d.path, d.dev, d.mode); err != nil { if err := fsys.CreateDevice(d.path, d.dev, d.mode); err != nil {
return err return err

@ -1,5 +1,6 @@
// +build linux,!gccgo // +build linux,!gccgo
package mount package mount
// extern int enter_mount_namespace(void); // extern int enter_mount_namespace(void);
/* /*
#include <stdlib.h> #include <stdlib.h>
@ -45,13 +46,13 @@ func Main(mode int) {
os.Exit(1) os.Exit(1)
} }
fsys := fs.NewFilesystem(config, log) fsys := fs.NewFilesystem(config, log)
homedir := os.Getenv("_OZ_HOMEDIR") homedir := os.Getenv("_OZ_HOMEDIR")
if homedir == "" { if homedir == "" {
log.Error("Homedir must be set!") log.Error("Homedir must be set!")
os.Exit(1) os.Exit(1)
} }
os.Setenv("_OZ_HOMEDIR", "") os.Setenv("_OZ_HOMEDIR", "")
start := 1 start := 1
readonly := false readonly := false
if os.Args[1] == "--readonly" { if os.Args[1] == "--readonly" {
@ -60,7 +61,7 @@ func Main(mode int) {
} }
for _, fpath := range os.Args[start:] { for _, fpath := range os.Args[start:] {
cpath, err := cleanPath(fpath, homedir) cpath, err := cleanPath(fpath, homedir)
if (err != nil || cpath == "") { if err != nil || cpath == "" {
log.Error("%v", err) log.Error("%v", err)
os.Exit(1) os.Exit(1)
} }

@ -31,7 +31,7 @@ func Main() {
log.Error("oz-seccomp wrapper must be called from oz-init!") log.Error("oz-seccomp wrapper must be called from oz-init!")
os.Exit(1) os.Exit(1)
} }
var getvar = func(name string) string { var getvar = func(name string) string {
val := os.Getenv(name) val := os.Getenv(name)
if val == "" { if val == "" {

Loading…
Cancel
Save