mirror of https://github.com/xSmurf/oz.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
187 lines
3.8 KiB
187 lines
3.8 KiB
package daemon
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"github.com/subgraph/oz"
|
|
"github.com/subgraph/oz/fs"
|
|
"github.com/subgraph/oz/xpra"
|
|
"io"
|
|
"os"
|
|
"os/exec"
|
|
"os/user"
|
|
"path"
|
|
"sync"
|
|
"syscall"
|
|
)
|
|
|
|
const initPath = "/usr/local/bin/oz-init"
|
|
|
|
type Sandbox struct {
|
|
daemon *daemonState
|
|
id int
|
|
display int
|
|
profile *oz.Profile
|
|
init *exec.Cmd
|
|
cred *syscall.Credential
|
|
fs *fs.Filesystem
|
|
stderr io.ReadCloser
|
|
addr string
|
|
xpra *xpra.Xpra
|
|
ready sync.WaitGroup
|
|
}
|
|
|
|
/*
|
|
func findSandbox(id int) *Sandbox {
|
|
for _, sb := range sandboxes {
|
|
if sb.id == id {
|
|
return sb
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
*/
|
|
const initCloneFlags = syscall.CLONE_NEWNS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWPID | syscall.CLONE_NEWUTS | syscall.CLONE_NEWNET
|
|
|
|
func createInitCommand(name, chroot string, uid uint32, display int) *exec.Cmd {
|
|
cmd := exec.Command(initPath)
|
|
cmd.Dir = "/"
|
|
cmd.SysProcAttr = &syscall.SysProcAttr{
|
|
Chroot: chroot,
|
|
Cloneflags: initCloneFlags,
|
|
}
|
|
cmd.Env = []string{
|
|
"INIT_PROFILE=" + name,
|
|
fmt.Sprintf("INIT_UID=%d", uid),
|
|
}
|
|
if display > 0 {
|
|
cmd.Env = append(cmd.Env, fmt.Sprintf("INIT_DISPLAY=%d", display))
|
|
}
|
|
return cmd
|
|
}
|
|
|
|
func (d *daemonState) launch(p *oz.Profile, uid, gid uint32) (*Sandbox, error) {
|
|
u, err := user.LookupId(fmt.Sprintf("%d", uid))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to lookup user for uid=%d: %v", uid, err)
|
|
}
|
|
fs := fs.NewFromProfile(p, u, d.config.SandboxPath, d.log)
|
|
if err := fs.Setup(); err != nil {
|
|
return nil, err
|
|
}
|
|
display := 0
|
|
if p.XServer.Enabled {
|
|
display = d.nextDisplay
|
|
d.nextDisplay += 1
|
|
}
|
|
|
|
cmd := createInitCommand(p.Name, fs.Root(), uid, display)
|
|
pp, err := cmd.StderrPipe()
|
|
if err != nil {
|
|
fs.Cleanup()
|
|
return nil, fmt.Errorf("error creating stderr pipe for init process: %v", err)
|
|
|
|
}
|
|
if err := cmd.Start(); err != nil {
|
|
fs.Cleanup()
|
|
return nil, err
|
|
}
|
|
sbox := &Sandbox{
|
|
daemon: d,
|
|
id: d.nextSboxId,
|
|
display: display,
|
|
profile: p,
|
|
init: cmd,
|
|
cred: &syscall.Credential{Uid: uid, Gid: gid},
|
|
fs: fs,
|
|
addr: path.Join(fs.Root(), "tmp", "oz-init-control"),
|
|
stderr: pp,
|
|
}
|
|
sbox.ready.Add(1)
|
|
go sbox.logMessages()
|
|
if sbox.profile.XServer.Enabled {
|
|
go func() {
|
|
sbox.ready.Wait()
|
|
go sbox.startXpraClient()
|
|
}()
|
|
}
|
|
d.nextSboxId += 1
|
|
d.sandboxes = append(d.sandboxes, sbox)
|
|
return sbox, nil
|
|
}
|
|
|
|
func (sbox *Sandbox) remove() {
|
|
sboxes := []*Sandbox{}
|
|
for _, sb := range sbox.daemon.sandboxes {
|
|
if sb == sbox {
|
|
sb.fs.Cleanup()
|
|
} else {
|
|
sboxes = append(sboxes, sb)
|
|
}
|
|
}
|
|
sbox.daemon.sandboxes = sboxes
|
|
}
|
|
|
|
func (sbox *Sandbox) logMessages() {
|
|
scanner := bufio.NewScanner(sbox.stderr)
|
|
seenOk := false
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
if line == "OK" && !seenOk {
|
|
sbox.daemon.log.Info("oz-init (%s) is ready", sbox.profile.Name)
|
|
seenOk = true
|
|
sbox.ready.Done()
|
|
} else if len(line) > 1 {
|
|
sbox.logLine(line)
|
|
}
|
|
}
|
|
sbox.stderr.Close()
|
|
}
|
|
|
|
func (sbox *Sandbox) logLine(line string) {
|
|
if len(line) < 2 {
|
|
return
|
|
}
|
|
f := sbox.getLogFunc(line[0])
|
|
msg := line[2:]
|
|
if f != nil {
|
|
f("[%s] %s", sbox.profile.Name, msg)
|
|
} else {
|
|
sbox.daemon.log.Info("[%s] %s", sbox.profile.Name, line)
|
|
}
|
|
}
|
|
|
|
func (sbox *Sandbox) getLogFunc(c byte) func(string, ...interface{}) {
|
|
log := sbox.daemon.log
|
|
switch c {
|
|
case 'D':
|
|
return log.Debug
|
|
case 'I':
|
|
return log.Info
|
|
case 'N':
|
|
return log.Notice
|
|
case 'W':
|
|
return log.Warning
|
|
case 'E':
|
|
return log.Error
|
|
case 'C':
|
|
return log.Critical
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (sbox *Sandbox) startXpraClient() {
|
|
sbox.xpra = xpra.NewClient(
|
|
&sbox.profile.XServer,
|
|
uint64(sbox.display),
|
|
sbox.cred,
|
|
sbox.fs.Xpra(),
|
|
sbox.profile.Name,
|
|
sbox.daemon.log)
|
|
sbox.xpra.Process.Stdout = os.Stdout
|
|
sbox.xpra.Process.Stderr = os.Stdout
|
|
if err := sbox.xpra.Process.Start(); err != nil {
|
|
sbox.daemon.Warning("Failed to start xpra client: %v", err)
|
|
}
|
|
}
|