def initsecurity(config):
idsetuid = None
idsetgid = None
if config.has_option("pygopherd", "setuid"):
import pwd
idsetuid = pwd.getpwnam(config.get("pygopherd", "setuid"))[2]
if config.has_option("pygopherd", "setgid"):
import grp
idsetgid = grp.getgrnam(config.get("pygopherd", "setgid"))[2]
if config.getboolean("pygopherd", "usechroot"):
os.chroot(config.get("pygopherd", "root"))
logger.log("Chrooted to " + config.get("pygopherd", "root"))
config.set("pygopherd", "root", "/")
if idsetuid != None or idsetgid != None:
os.setgroups(())
logger.log("Supplemental group list cleared.")
if idsetgid != None:
os.setregid(idsetgid, idsetgid)
logger.log("Switched to group %d" % idsetgid)
if idsetuid != None:
os.setreuid(idsetuid, idsetuid)
logger.log("Switched to uid %d" % idsetuid)
def contain(command, image_name, image_dir, container_id, container_dir):
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
# TODO: time to say goodbye to the old mount namespace, see "man 2 unshare" to get some help
# HINT 1: there is no os.unshare(), time to use the linux module we made just for you!
# HINT 2: the linux module include both functions and constants! e.g. linux.CLONE_NEWNS
# TODO: remember shared subtrees? (https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt)
# make / a private mount to avoid littering our host mount table
# Create mounts (/proc, /sys, /dev) under new_root
linux.mount('proc', os.path.join(new_root, 'proc'), 'proc', 0, '')
linux.mount('sysfs', os.path.join(new_root, 'sys'), 'sysfs', 0, '')
linux.mount('tmpfs', os.path.join(new_root, 'dev'), 'tmpfs',
linux.MS_NOSUID | linux.MS_STRICTATIME, 'mode=755')
# Add some basic devices
devpts_path = os.path.join(new_root, 'dev', 'pts')
if not os.path.exists(devpts_path):
os.makedirs(devpts_path)
linux.mount('devpts', devpts_path, 'devpts', 0, '')
for i, dev in enumerate(['stdin', 'stdout', 'stderr']):
os.symlink('/proc/self/fd/%d' % i, os.path.join(new_root, 'dev', dev))
# TODO: add more device (e.g. null, zero, random, urandom) using os.mknode
os.chroot(new_root)
os.chdir('/')
os.execvp(command[0], command)
def setupEnvironment(self, chroot, rundir, nodaemon, pidfile):
"""
Set the filesystem root, the working directory, and daemonize.
@type chroot: C{str} or L{NoneType}
@param chroot: If not None, a path to use as the filesystem root (using
L{os.chroot}).
@type rundir: C{str}
@param rundir: The path to set as the working directory.
@type nodaemon: C{bool}
@param nodaemon: A flag which, if set, indicates that daemonization
should not be done.
@type pidfile: C{str} or C{NoneType}
@param pidfile: If not C{None}, the path to a file into which to put
the PID of this process.
"""
if chroot is not None:
os.chroot(chroot)
if rundir == '.':
rundir = '/'
os.chdir(rundir)
if not nodaemon:
daemonize()
if pidfile:
open(pidfile,'wb').write(str(os.getpid()))
def start(self):
serversockets = []
for port in self.ports:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
s.bind(("", port))
except socket.error as e:
self.print_error("Could not bind port %s: %s." % (port, e))
sys.exit(1)
s.listen(5)
serversockets.append(s)
del s
self.print_info("Listening on port %d." % port)
if self.chroot:
os.chdir(self.chroot)
os.chroot(self.chroot)
self.print_info("Changed root directory to %s" % self.chroot)
if self.setuid:
os.setresgid(self.setuid[1], self.setuid[1], self.setuid[1])
os.setresuid(self.setuid[0], self.setuid[0], self.setuid[0])
self.print_info("Setting uid:gid to %s:%s"
% (self.setuid[0], self.setuid[1]))
last_aliveness_check = time.time()
while True:
(iwtd, owtd, ewtd) = select.select(
serversockets + [x.socket for x in self.clients.values()],
[x.socket for x in self.clients.values()
if x.write_queue_size() > 0],
[],
10)
for x in iwtd:
if x in self.clients:
self.clients[x].socket_readable_notification()
else:
(conn, addr) = x.accept()
if self.ssl_pem_file:
import ssl
try:
conn = ssl.wrap_socket(
conn,
server_side=True,
certfile=self.ssl_pem_file,
keyfile=self.ssl_pem_file)
except ssl.SSLError as e:
self.print_error(
"SSL error for connection from %s:%s: %s" % (
addr[0], addr[1], e))
continue
self.clients[conn] = self.client_factory(conn)
self.print_info("Accepted connection from %s:%s." % (
addr[0], addr[1]))
for x in owtd:
if x in self.clients: # client may have been disconnected
self.clients[x].socket_writable_notification()
now = time.time()
if last_aliveness_check + 10 < now:
for client in self.clients.values():
client.check_aliveness()
last_aliveness_check = now
def main():
parser = argparse.ArgumentParser(
description='run in a chroot'
)
parser.add_argument(
'root', metavar='ROOT', help='chroot directory')
parser.add_argument(
'--no-pivot', dest='pivot', action='store_false',
help="don't pivot_root before chroot")
args = parser.parse_args()
unshare(CLONE_NEWNS)
mount('none', '/', None, MS_REC | MS_PRIVATE, None)
if args.pivot:
mount(args.root, args.root, None, MS_BIND, None)
os.chdir(args.root)
if args.pivot:
pivot_root('.', 'mnt')
umount('mnt', MNT_DETACH)
os.chroot('.')
mount('proc', '/proc', 'proc', MS_NODEV | MS_NOEXEC | MS_NOSUID, None)
mount('sys', '/sys', 'sysfs', MS_NODEV | MS_NOEXEC | MS_NOSUID, None)
mount('dev', '/dev', 'devtmpfs', MS_NOSUID, None)
os.execve('/bin/sh', ['/bin/sh', '-i'], {
'HOME': '/root',
'PATH': '/usr/bin',
'SHELL': '/bin/sh',
'USER': '******',
})
def run(self):
os.chroot(self.root)
os.chdir('/')
if self.search:
os.execvp(self.path, self.args)
else:
os.execv(self.path, self.args)
def __enter__(self):
pid = os.fork()
if pid == 0:
os.chroot(self.path)
return self
else:
os.waitpid(pid, 0)
def executeInNewProcess(fileSource, language, stdin, expectedOutput):
""" Forks and runs the given code in a child, chroot'd process.
The result (AC, WA, etc.) is written to a pipe that the parent
reads from and is returned. """
r, w = os.pipe()
pid = os.fork()
if pid: # parent process
os.close(w)
r = os.fdopen(r) # turn r into a file object
result = r.read()
r.close()
os.waitpid(pid, 0) # make sure the child process gets cleaned up
return result
else: # child process
os.close(r)
try:
os.chdir(config.CHROOT_DIR)
os.chroot('.')
os.setuid(config.JUDGE_UID)
except OSError as e:
log.debug("chroot failed. Abandoning execution.")
log.debug("%s" % e.message)
w.write(status.INTERNAL_ERROR)
sys.exit(1)
result = executeProgram(fileSource, language, stdin, expectedOutput)
result = str(result)
w = os.fdopen(w, 'w')
w.write(result)
w.close()
sys.exit(0)
def run_test(sDirBase, sModWork):
sConfigDir = loadconfig.get_config_dir()
sChrootDir = build_chroot(sDirBase, sConfigDir)
shutil.copy(path.join(sConfigDir, path.basename(sModWork)), sDirBase)
sDirOrig = os.getcwd()
os.chroot(sChrootDir)
unittest.main(__import__(sModWork))
def post_install_fun(self):
if os.path.isfile(self.installfile):
with open(self.installfile, 'r') as installfile:
if 'post_install' in installfile.read():
os.chroot(self.rootpath)
os.putenv('BASH_ENV', self.installfile)
subprocess.call(["bash", '-c', 'post_install'])
def contain(command, image_name, image_dir, container_id, container_dir):
linux.unshare(linux.CLONE_NEWNS) # create a new mount namespace
linux.mount(None, '/', None, linux.MS_PRIVATE | linux.MS_REC, None) # TODO: we added MS_REC here. wanna guess why?
new_root = create_container_root(image_name, image_dir, container_id, container_dir)
print('Created a new root fs for our container: {}'.format(new_root))
# Create mounts (/proc, /sys, /dev) under new_root
linux.mount('proc', os.path.join(new_root, 'proc'), 'proc', 0, '')
linux.mount('sysfs', os.path.join(new_root, 'sys'), 'sysfs', 0, '')
linux.mount('tmpfs', os.path.join(new_root, 'dev'), 'tmpfs',
linux.MS_NOSUID | linux.MS_STRICTATIME, 'mode=755')
# Add some basic devices
devpts_path = os.path.join(new_root, 'dev', 'pts')
if not os.path.exists(devpts_path):
os.makedirs(devpts_path)
linux.mount('devpts', devpts_path, 'devpts', 0, '')
makedev(os.path.join(new_root, 'dev'))
os.chroot(new_root) # TODO: replace with pivot_root
os.chdir('/')
# TODO: umount2 old root (HINT: see MNT_DETACH in man mount)
os.execvp(command[0], command)
def __init__(self, **serverSettings):
self.ip = serverSettings.get('ip', '0.0.0.0')
self.port = serverSettings.get('port', 69)
self.netbootDirectory = serverSettings.get('netbootDirectory', '.')
self.logger = serverSettings.get('logger', None)
self.mode_debug = serverSettings.get('mode_debug', False)
self.sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.sock.bind((self.ip, self.port))
if self.logger == None:
import logging
import logging.handlers
# setup logger
self.logger = logging.getLogger("tftp")
handler = logging.StreamHandler()
formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
handler.setFormatter(formatter)
self.logger.addHandler(handler)
if self.mode_debug:
self.logger.setLevel(logging.DEBUG)
self.logger.debug('NOTICE: TFTP server started in debug mode. TFTP server is using the following:')
self.logger.debug('\tTFTP Server IP: ' + self.ip)
self.logger.debug('\tTFTP Server Port: ' + str(self.port))
self.logger.debug('\tTFTP Network Boot Directory: ' + self.netbootDirectory)
#key is (address, port) pair
self.ongoing = defaultdict(lambda: {'filename': '', 'handle': None, 'block': 1, 'blksize': 512})
# Start in network boot file directory and then chroot,
# this simplifies target later as well as offers a slight security increase
os.chdir (self.netbootDirectory)
os.chroot ('.')
def _unInstStop(self, bytes, total, h):
(pkg, tsi) = self._extract_str_cbkey(h)
self.total_removed += 1
self.complete_actions += 1
if pkg in tsi.obsoleted:
action = 'obsoleting'
elif tsi.op_type == dnf.transaction.UPGRADE:
action = 'cleanup'
else:
action = dnf.transaction.ERASE
self.display.filelog(pkg, action)
self.display.event(pkg, action, 100, 100, self.complete_actions,
self.total_actions)
if self.test:
return
if tsi is not None:
self._scriptout(pkg)
# Note that we are currently inside the chroot, which makes
# sqlite panic when it tries to open it's journal file.
# So let's have some "fun" and workaround that:
_do_chroot = False
if _do_chroot and self.base.conf.installroot != '/':
os.chroot(".")
pid = self.base.history.pkg2pid(pkg)
state = tsi.history_state(pkg)
self.base.history.trans_data_pid_end(pid, state)
if _do_chroot and self.base.conf.installroot != '/':
os.chroot(self.base.conf.installroot)
# :dead
# self.ts_done(txmbr.po, txmbr.output_state)
else:
self._scriptout(name)
def doAufsChroot(aufs_rw_dir, aufs_chroot_dir):
" helper that sets the chroot up and does chroot() into it "
if not setupAufsChroot(aufs_rw_dir, aufs_chroot_dir):
return False
os.chroot(aufs_chroot_dir)
os.chdir("/")
return True
def getUserHome():
"""
Finds the home directory of the user running the application.
If runnning within a container, the root dir must be passed as
a volume.
Ex. docker run -v /:/host -e SUDO_USER -e USER foobar
"""
logger.debug("Finding the users home directory")
user = Utils.getUserName()
incontainer = Utils.inContainer()
# Check to see if we are running in a container. If we are we
# will chroot into the /host path before calling os.path.expanduser
if incontainer:
os.chroot(HOST_DIR)
# Call os.path.expanduser to determine the user's home dir.
# See https://docs.python.org/2/library/os.path.html#os.path.expanduser
# Warn if none is detected, don't error as not having a home
# dir doesn't mean we fail.
home = os.path.expanduser("~%s" % user)
if home == ("~%s" % user):
logger.error("No home directory exists for user %s" % user)
# Back out of chroot if necessary
if incontainer:
os.chroot("../..")
logger.debug("Running as user %s. Using home directory %s for configuration data"
% (user, home))
return home
def checkUserExists(self, username, root="/mnt/sysimage"):
childpid = os.fork()
if not childpid:
if not root in ["","/"]:
os.chroot(root)
os.chdir("/")
del(os.environ["LIBUSER_CONF"])
self.admin = libuser.admin()
if self.admin.lookupUserByName(username):
os._exit(0)
else:
os._exit(1)
try:
status = os.waitpid(childpid, 0)[1]
except OSError as e:
log.critical("exception from waitpid while creating a user: %s %s", e.errno, e.strerror)
return False
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
return True
else:
return False
def condChroot(chrootPath):
if chrootPath is not None:
saved = { "ruid": os.getuid(), "euid": os.geteuid(), }
uid.setresuid(0,0,0)
os.chdir(chrootPath)
os.chroot(chrootPath)
uid.setresuid(saved['ruid'], saved['euid'])
def __init__(self, **server_settings):
self.ip = server_settings.get('ip', '0.0.0.0')
self.port = server_settings.get('port', 80)
self.netboot_directory = server_settings.get('netboot_directory', '.')
self.mode_debug = server_settings.get('mode_debug', False) # debug mode
self.logger = server_settings.get('logger', None)
# setup logger
if self.logger == None:
self.logger = logging.getLogger('HTTP')
handler = logging.StreamHandler()
formatter = logging.Formatter('%(asctime)s [%(levelname)s] %(name)s %(message)s')
handler.setFormatter(formatter)
self.logger.addHandler(handler)
if self.mode_debug:
self.logger.setLevel(logging.DEBUG)
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.sock.bind((self.ip, self.port))
self.sock.listen(1)
# start in network boot file directory and then chroot,
# this simplifies target later as well as offers a slight security increase
os.chdir (self.netboot_directory)
os.chroot ('.')
self.logger.debug('NOTICE: HTTP server started in debug mode. HTTP server is using the following:')
self.logger.debug('Server IP: {0}'.format(self.ip))
self.logger.debug('Server Port: {0}'.format(self.port))
self.logger.debug('Network Boot Directory: {0}'.format(self.netboot_directory))
def execute(self, config):
"""
Run the build task for the given config in the chroot.
"""
build_path = os.path.join(self.path, self.config['build-path'])
try:
shutil.rmtree(self.path)
except OSError:
pass
shutil.copytree(".", build_path)
for (path, sha) in config['file']:
if os.path.isabs(path):
path = os.path.join(self.path, path[1:])
else:
path = os.path.join(build_path, path)
with open(path, 'w') as location:
with self.server.get(sha) as data:
chunk = 'a'
while len(chunk) > 0:
chunk = data.read(4096)
location.write(chunk)
pid = os.fork()
if pid == 0:
os.chroot(self.path)
os.chdir('/')
os.execl(config['task'], config['task'])
else:
os.waitpid(pid, 0)
def __init__(self, socket_path, private_key, certificate, lifetime, basic_constraints, key_usage, extended_key_usage, revocation_list_lifetime):
asyncore.dispatcher.__init__(self)
# Bind to sockets
if os.path.exists(socket_path):
os.unlink(socket_path)
os.umask(0o007)
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.bind(socket_path)
self.listen(5)
# Load CA private key and certificate
self.private_key = crypto.load_privatekey(crypto.FILETYPE_PEM, open(private_key).read())
self.certificate = crypto.load_certificate(crypto.FILETYPE_PEM, open(certificate).read())
self.lifetime = lifetime
self.revocation_list_lifetime = revocation_list_lifetime
self.basic_constraints = basic_constraints
self.key_usage = key_usage
self.extended_key_usage = extended_key_usage
# Perhaps perform chroot as well, currently results in
# (<class 'OpenSSL.crypto.Error'>:[('random number generator', 'SSLEAY_RAND_BYTES', 'PRNG not seeded')
# probably needs partially populated /dev in chroot
# Dropping privileges
_, _, uid, gid, gecos, root, shell = pwd.getpwnam("nobody")
os.chroot("/run/certidude/signer/jail")
os.setgid(gid)
os.setuid(uid)
def log_output(session, path, args, outfile, uploadpath, cwd=None, logerror=0, append=0, chroot=None, env=None):
"""Run command with output redirected. If chroot is not None, chroot to the directory specified
before running the command."""
pid = os.fork()
fd = None
if not pid:
session._forget()
try:
if chroot:
os.chroot(chroot)
if cwd:
os.chdir(cwd)
flags = os.O_CREAT | os.O_WRONLY
if append:
flags |= os.O_APPEND
fd = os.open(outfile, flags, 0666)
os.dup2(fd, 1)
if logerror:
os.dup2(fd, 2)
# echo the command we're running into the logfile
os.write(fd, '$ %s\n' % ' '.join(args))
environ = os.environ.copy()
if env:
environ.update(env)
os.execvpe(path, args, environ)
except:
msg = ''.join(traceback.format_exception(*sys.exc_info()))
if fd:
try:
os.write(fd, msg)
os.close(fd)
except:
pass
print msg
os._exit(1)
else:
if chroot:
outfile = os.path.normpath(chroot + outfile)
outfd = None
remotename = os.path.basename(outfile)
while True:
status = os.waitpid(pid, os.WNOHANG)
time.sleep(1)
if not outfd:
try:
outfd = file(outfile, 'r')
except IOError:
# will happen if the forked process has not created the logfile yet
continue
except:
print 'Error reading log file: %s' % outfile
print ''.join(traceback.format_exception(*sys.exc_info()))
incremental_upload(session, remotename, outfd, uploadpath)
if status[0] != 0:
if outfd:
outfd.close()
return status[1]
def __enter__(self):
self.old_cwd = os.getcwd()
self.old_fd = os.open(self.old_cwd, os.O_DIRECTORY)
self.tmpdir = tempfile.mkdtemp()
logging.info("TemporaryChroot in %s" % self.tmpdir)
os.chroot(self.tmpdir)
return self
def _unInstStop(self, bytes, total, h):
pkg, state, _ = self._extract_str_cbkey(h)
self.total_removed += 1
self.complete_actions += 1
if state == 'Obsoleted':
action = TransactionDisplay.PKG_OBSOLETE
elif state == 'Updated':
action = TransactionDisplay.PKG_CLEANUP
else:
action = TransactionDisplay.PKG_ERASE
self.display.filelog(pkg, action)
self.display.event(pkg, action, 100, 100, self.complete_actions,
self.total_actions)
if self.test:
return
if state is not None:
self._scriptout()
# Note that we are currently inside the chroot, which makes
# sqlite panic when it tries to open it's journal file.
# So let's have some "fun" and workaround that:
_do_chroot = False
if _do_chroot and self.base.conf.installroot != '/':
os.chroot(".")
pid = self.base.history.pkg2pid(pkg)
self.base.history.trans_data_pid_end(pid, state)
if _do_chroot and self.base.conf.installroot != '/':
os.chroot(self.base.conf.installroot)
# :dead
# self.ts_done(txmbr.po, txmbr.output_state)
else:
self._scriptout()
def run_python(self):
# This functions creates a fork with then chroots into the
# pakfire root if necessary and then compiles the given scriptlet
# code and runs it.
log.debug(_("Executing python scriptlet..."))
# Create fork.
pid = os.fork()
if not pid:
# child code
# The child chroots into the pakfire path.
if not self.pakfire.path == "/":
os.chroot(self.pakfire.path)
# Create a clean global environment, where only
# builtin functions are available and the os and sys modules.
_globals = {
"os" : os,
"sys" : sys,
}
# Compile the scriptlet and execute it.
try:
obj = compile(self.scriptlet, "<string>", "exec")
eval(obj, _globals, {})
except Exception, e:
print _("Exception occured: %s") % e
os._exit(1)
# End the child process without cleaning up.
os._exit(0)
def limit(self):
resource.setrlimit(resource.RLIMIT_AS, (self.memorylimit.value, self.memorylimit.value + 16777216))
resource.setrlimit(resource.RLIMIT_CPU, (self.cpulimit.value, self.cpulimit.value + 1.0))
os.chroot("/tmp/pjudge/")
os.setgid(305)
os.setuid(305)
return 0
def __exit__(self, typ, exc, trc):
log.debug('Leaving chroot')
os.fchdir(self.real_root)
os.chroot('.')
os.chdir(self.cwd)
log.debug('Outside chroot')
return False
def system_chroot(command):
''' Execute command in chroot environment '''
# prevent stupidity
if config.ROOT_DIR == '/':
return
real_root = os.open('/', os.O_RDONLY)
mount = whereis('mount')
try:
for s in ('/proc', '/dev', '/sys'):
sdir = config.ROOT_DIR + s
if not os.path.ismount(sdir):
if not os.path.isdir(sdir):
os.makedirs(sdir)
subprocess.check_call((mount, '--rbind', s, sdir))
os.chroot(config.ROOT_DIR)
os.chdir('/')
subprocess.check_call(command)
finally:
os.fchdir(real_root)
os.chroot('.')
os.close(real_root)
for s in ('/proc', '/dev', '/sys'):
sdir = config.ROOT_DIR + s
if os.path.ismount(sdir):
subprocess.check_call((mount, '--force', '--lazy', sdir))
def start(self):
self.server_sockets = []
for port in self.ports:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
s.bind((self.address, port))
except socket.error as e:
logger.error("Could not bind port %s: %s.", port, e)
sys.exit(1)
s.listen(5)
self.server_sockets.append(s)
logger.info("Listening on port %d.", port)
if self.chroot:
os.chdir(self.chroot)
os.chroot(self.chroot)
logger.info("Changed root directory to %s", self.chroot)
if self.setuid:
os.setgid(self.setuid[1])
os.setuid(self.setuid[0])
logger.info("Setting uid:gid to %s:%s",
self.setuid[0], self.setuid[1])
self.last_aliveness_check = time.time()
self.run_loop()
def _daemonize(self, options):
# http://code.activestate.com/recipes/278731/
pid = os.fork()
if pid == 0:
os.setsid()
pid2 = os.fork()
if pid2 != 0:
os._exit(0)
else:
os._exit(0)
import resource
os.chroot("/")
os.umask(0)
if os.access(options.pidfile, os.F_OK):
f = open(options.pidfile, "r")
f.seek(0)
old_pid = f.readline()
if os.path.exists("/proc/{0}".format(old_pid)):
print "Old PID file exists, and process is still running: {0}".format(options.pidfile)
sys.exit(1)
else:
print "Cleaning old PID file, which points to a non-running process."
os.remove(options.pidfile)
maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
if (maxfd == resource.RLIM_INFINITY):
maxfd = 1024
for fd in range(3, maxfd):
try:
os.close(fd)
except OSError:
pass
sys.stdin.close()
if options.infolog or options.errorlog:
_setup_logging(options)
if options.infolog:
sys.stdout = _LoggingDescriptor(logging.info)
else:
sys.stdout = _NullDescriptor()
if options.errorlog:
sys.stderr = _LoggingDescriptor(logging.error)
else:
sys.stderr = _NullDescriptor()
f = open(options.pidfile, "w")
f.write("{0}".format(os.getpid()))
f.close()
os.chmod(
"./jail", stat.S_IRUSR | stat.S_IXUSR | stat.S_IRGRP | stat.S_IXGRP
| stat.S_IROTH | stat.S_IXOTH)
# ------------ pre-load some modules for chroot --------------
dummy = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME,
u"IN")])).sign(ca_private_key,
hashes.SHA256(),
default_backend())
# ------------ end pre-load some modules for chroot --------------
try:
os.chroot("./jail")
except Exception as e:
print "*** Failed to chroot", e
sys.exit(-1)
try:
os.setgid(ca_gid)
except Exception as e:
print "*** Failed to setgid", e
sys.exit(-1)
try:
os.setuid(ca_uid)
except Exception as e:
print "*** Failed to setuid", e
sys.exit(-1)
def chroot_jail(root="/tmp"):
os.chroot(root)
os.chdir("/")
def chroot(self):
os.chroot(self.instroot)
os.chdir("/")
os.access(path="path", mode=os.R_OK) # $ getAPathArgument="path"
os.chdir("path") # $ getAPathArgument="path"
os.chdir(path="path") # $ getAPathArgument="path"
os.chflags("path", stat.UF_NODUMP) # $ getAPathArgument="path"
os.chflags(path="path", flags=stat.UF_NODUMP) # $ getAPathArgument="path"
os.chmod("path", 0o700) # $ getAPathArgument="path"
os.chmod(path="path", mode=0o700) # $ getAPathArgument="path"
os.chown("path", -1, -1) # $ getAPathArgument="path"
os.chown(path="path", uid=-1, gid=-1) # $ getAPathArgument="path"
# unix only
os.chroot("path") # $ getAPathArgument="path"
os.chroot(path="path") # $ getAPathArgument="path"
# unix only
os.lchflags("path", stat.UF_NODUMP) # $ getAPathArgument="path"
os.lchflags(path="path", flags=stat.UF_NODUMP) # $ getAPathArgument="path"
# unix only
os.lchmod("path", 0o700) # $ getAPathArgument="path"
os.lchmod(path="path", mode=0o700) # $ getAPathArgument="path"
# unix only
os.lchown("path", -1, -1) # $ getAPathArgument="path"
os.lchown(path="path", uid=-1, gid=-1) # $ getAPathArgument="path"
os.link("src", "dst") # $ getAPathArgument="src" getAPathArgument="dst"
def run():
args = parse_args_main()
if config.get('chroot'):
os.chroot(config.get('chroot'))
if config.source_file is None:
# we could try to automatically figure this out from server_path, if
# it is set?
sys.exit("No configuration provided!")
# do this here so it can happen before logging init
if args.logfile:
if args.logfile == "-":
config.get('logging_config').pop('filename', None)
args.logfile = "<stdout>" # make the log message easier to read
else:
config.get('logging_config')['filename'] = args.logfile
init_logging(config.get('logging_config'))
logging.info("Loaded server configuration from: %s", config.source_file)
if config.get('live_debug'):
logging.info("Starting in live-debug mode.")
config.set('watch_socket_dirs', False)
if args.logfile:
logging.info("Using command-line supplied logfile: '%s'", args.logfile)
export_args_to_config(args)
try:
config.load_game_data()
config.validate()
except:
err_exit("Errors in config. Exiting.", exc_info=True)
if config.get('daemon', False):
daemonize()
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGHUP, signal_handler)
signal.signal(signal.SIGINT, signal_handler)
if config.get('umask') is not None:
os.umask(config.get('umask'))
write_pidfile()
global servers
servers = bind_server()
ensure_tornado_current()
shed_privileges()
# is this ever set to False by anyone in practice?
dgl_mode = config.get('dgl_mode')
if dgl_mode:
userdb.ensure_user_db_exists()
userdb.upgrade_user_db()
userdb.ensure_settings_db_exists()
signal.signal(signal.SIGUSR1, usr1_handler)
try:
IOLoop.current().set_blocking_log_threshold(0.5) # type: ignore
logging.info("Blocking call timeout: 500ms.")
except:
# this is the new normal; still not sure of a way to deal with this.
logging.info("Webserver running without a blocking call timeout.")
if dgl_mode:
ws_handler.status_file_timeout()
auth.purge_login_tokens_timeout()
ws_handler.start_reading_milestones()
if config.get('watch_socket_dirs'):
process_handler.watch_socket_dirs()
# start the lobby update timeout loop
ws_handler.do_periodic_lobby_updates()
logging.info("DCSS Webtiles server started with Tornado %s! (PID: %s)" %
(tornado.version, os.getpid()))
IOLoop.current().start()
logging.info("Bye!")
remove_pidfile()
import subprocess
import sys
import tempfile
import time
now = time.strftime("%c")
## Display current date and time from now variable
print("Script started: %s" % now)
time.sleep(5)
#
# chroot if kickstart
#
sysroot = '/mnt/sysimage'
if os.path.exists(sysroot):
os.chroot(sysroot)
os.chdir("/")
#
# realmd setup
#
domain = "ad.alexmartin.io"
ou = "OU=Linux,OU=Servers,OU=Resources,DC=AD,DC=ad,DC=alexmartin,DC=io"
principal = "HOST/[email protected]"
keytaburl = "http://repos.alexmartio.co.uk/ks/sssd/domainjoin.keytab"
fqdn = socket.getfqdn().lower()
hostspn = "host/{}@AD.ALEXMARTIN.IO".format(fqdn)
keytab = os.path.join(tempfile.mkdtemp(), "domainjoin.keytab")
print('')
def chroot(self):
os.chroot(self)
def chroot():
os.chroot(root)
def chroot(self): return os.chroot(self)
if hasattr(os, 'lchflags'):
def chroot(self):
return os.chroot(self)
ssl=tlsctx,
backlog=5,
reuse_address=True))
maildrop_ports.append(
loop.create_server(msmtp,
"0.0.0.0",
465,
family=socket.AF_INET,
ssl=tlsctx,
backlog=5,
reuse_address=True))
servers = asyncio.gather(*maildrop_ports)
maildrop_servers = loop.run_until_complete(servers)
# XXX fork, close listen socket, chroot, setuid
os.chroot(mindhome)
os.setuid(minder_user)
syslog.syslog(syslog.LOG_INFO, "listening on :: port 25")
try:
loop.run_forever()
except KeyboardInterrupt:
pass
# Close the server
for server in maildrop_servers:
server.close()
loop.run_until_complete(server.wait_closed())
loop.close()
def legacy_root_fix(self):
print("\nFix ROOT\n")
b = False
root = self.all_root_par[self.root_target.get_active_text()][0]
if self.all_root_btrfs != None and root in self.all_root_btrfs[
self.root_target.get_active_text()]:
b = True
ids = self.all_root_btrfs[self.root_target.get_active_text()][1]
if b:
check = subprocess.call(
"mount -t btrfs %s -o subvolid=%s /mnt/arfedora_fix_boot 2>/dev/null"
% (root, ids),
shell=True)
if check != 0:
self.check = "m"
return False
else:
check = subprocess.call(
"mount %s /mnt/arfedora_fix_boot 2>/dev/null" % root,
shell=True)
if check != 0:
self.check = "m"
return False
os.makedirs("/mnt/arfedora_fix_boot/boot", exist_ok=True)
time.sleep(0.2)
for i in ["/dev", "/proc", "/sys", "/run", "/dev/pts"]:
time.sleep(0.2)
check = subprocess.call("mount -B %s /mnt/arfedora_fix_boot%s" %
(i, i),
shell=True)
if check != 0:
self.check = "m"
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
real_root = os.open("/", os.O_RDONLY)
os.chroot("/mnt/arfedora_fix_boot")
os.chdir("/boot")
if self.internet:
check = subprocess.call(legacy_command[0], shell=True)
if check != 0:
self.check = "i"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
check = subprocess.call(legacy_command[1], shell=True)
if check != 0:
self.check = "i"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
if reinstall_kernel[0] == "yes":
for i in range(1, len(reinstall_kernel)):
try:
time.sleep(0.2)
subprocess.call(reinstall_kernel[i], shell=True)
except:
continue
check = subprocess.call(
"%s --force %s" %
(grub_install, self.install_boot_target.get_active_text()),
shell=True)
if check != 0:
self.check = "m"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
check = subprocess.call("%s -o %s" % (grub_mkconfig, legacy),
shell=True)
if check != 0:
self.check = "m"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return True
def efi_root_with_boot_fix(self):
print("\nFix ROOT/BOOT/EFI\n")
root = self.all_root_par[self.root_target.get_active_text()][0]
b = False
if self.all_root_btrfs != None and root in self.all_root_btrfs[
self.root_target.get_active_text()]:
b = True
ids = self.all_root_btrfs[self.root_target.get_active_text()][1]
efi = self.efi_target.get_active_text()
boot = self.boot_target.get_active_text()
if b:
check = subprocess.call(
"mount -t btrfs %s -o subvolid=%s /mnt/arfedora_fix_boot 2>/dev/null"
% (root, ids),
shell=True)
if check != 0:
self.check = "m"
return False
else:
check = subprocess.call(
"mount %s /mnt/arfedora_fix_boot 2>/dev/null" % root,
shell=True)
if check != 0:
self.check = "m"
return False
os.makedirs("/mnt/arfedora_fix_boot/boot", exist_ok=True)
time.sleep(0.2)
check = subprocess.call(
"mount %s /mnt/arfedora_fix_boot/boot 2>/dev/null" % boot,
shell=True)
if check != 0:
self.check = "m"
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
os.makedirs("/mnt/arfedora_fix_boot/boot/efi", exist_ok=True)
time.sleep(0.2)
check = subprocess.call(
"mount %s /mnt/arfedora_fix_boot/boot/efi 2>/dev/null" % efi,
shell=True)
if check != 0:
self.check = "m"
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
time.sleep(0.2)
for i in ["/dev", "/proc", "/sys", "/run", "/dev/pts"]:
time.sleep(0.2)
check = subprocess.call("mount -B %s /mnt/arfedora_fix_boot%s" %
(i, i),
shell=True)
if check != 0:
self.check = "m"
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
if not use_internet:
if len(b_chroot_efi_custom_command_if_use_internet_false) != 0:
for c in b_chroot_efi_custom_command_if_use_internet_false:
time.sleep(0.5)
check = subprocess.call("%s" % i, shell=True)
if check != 0:
self.check = "m"
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
real_root = os.open("/", os.O_RDONLY)
os.chroot("/mnt/arfedora_fix_boot")
os.chdir("/boot")
if self.internet:
check = subprocess.call(efi_command[0], shell=True)
if check != 0:
self.check = "i"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
check = subprocess.call(efi_command[1], shell=True)
if check != 0:
self.check = "i"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
if reinstall_kernel[0] == "yes":
for i in range(1, len(reinstall_kernel)):
try:
time.sleep(0.2)
subprocess.call(reinstall_kernel[i], shell=True)
except:
continue
else:
if len(i_chroot_efi_custom_command_if_use_internet_false) != 0:
for c in i_chroot_efi_custom_command_if_use_internet_false:
time.sleep(0.5)
check = subprocess.call("%s" % i, shell=True)
if check != 0:
self.check = "m"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call(
"umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
check = subprocess.call("%s -o %s" % (grub_mkconfig, uefi),
shell=True)
if check != 0:
self.check = "m"
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return False
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
subprocess.call("umount -f -R /mnt/arfedora_fix_boot 2>/dev/null",
shell=True)
return True
def server_main():
args = parse_args()
if config.chroot:
os.chroot(config.chroot)
if args.reset_password or args.clear_reset_password:
reset_token_commands(args)
return
if getattr(config, 'live_debug', False):
logging.info("Starting in live-debug mode.")
config.watch_socket_dirs = False
# do this here so it can happen before logging init
if args.logfile:
if args.logfile == "-":
config.logging_config.pop('filename', None)
args.logfile = "<stdout>" # make the log message easier to read
else:
config.logging_config['filename'] = args.logfile
init_logging(config.logging_config)
if args.logfile:
logging.info("Using command-line supplied logfile: '%s'", args.logfile)
_do_load_games()
export_args_to_config(args)
if not check_config():
err_exit("Errors in config. Exiting.")
if config.daemon:
daemonize()
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGHUP, signal_handler)
signal.signal(signal.SIGINT, signal_handler)
if getattr(config, 'umask', None) is not None:
os.umask(config.umask)
write_pidfile()
global servers
servers = bind_server()
ensure_tornado_current()
shed_privileges()
if config.dgl_mode:
userdb.ensure_user_db_exists()
userdb.upgrade_user_db()
userdb.ensure_settings_db_exists()
signal.signal(signal.SIGUSR1, usr1_handler)
try:
IOLoop.current().set_blocking_log_threshold(0.5) # type: ignore
logging.info("Blocking call timeout: 500ms.")
except:
# this is the new normal; still not sure of a way to deal with this.
logging.info("Webserver running without a blocking call timeout.")
if config.dgl_mode:
status_file_timeout()
auth.purge_login_tokens_timeout()
start_reading_milestones()
if config.watch_socket_dirs:
process_handler.watch_socket_dirs()
# start the lobby update timeout loop
do_periodic_lobby_updates()
logging.info("DCSS Webtiles server started with Tornado %s! (PID: %s)" %
(tornado.version, os.getpid()))
IOLoop.current().start()
logging.info("Bye!")
remove_pidfile()
def _setup_container_filesystem(self, temp_dir, output_dir, memlimit, memory_nodes):
"""Setup the filesystem layout in the container.
As first step, we create a copy of all existing mountpoints in mount_base, recursively,
and as "private" mounts (i.e., changes to existing mountpoints afterwards won't propagate
to our copy).
Then we iterate over all mountpoints and change them
according to the mode the user has specified (hidden, read-only, overlay, or full-access).
This has do be done for each mountpoint because overlays are not recursive.
Then we chroot into the new mount hierarchy.
The new filesystem layout still has a view of the host's /proc.
We do not mount a fresh /proc here because the grandchild still needs the old /proc.
We do simply iterate over all existing mount points and set them to read-only/overlay them,
because it is easier to create a new hierarchy and chroot into it.
First, we still have access to the original mountpoints while doing so,
and second, we avoid race conditions if someone else changes the existing mountpoints.
@param temp_dir: The base directory under which all our directories should be created.
"""
# All strings here are bytes to avoid issues if existing mountpoints are invalid UTF-8.
temp_base = self._get_result_files_base(temp_dir).encode() # directory with files created by tool
temp_dir = temp_dir.encode()
tmpfs_opts = ["size=" + str(memlimit or "100%")]
if memory_nodes:
tmpfs_opts.append("mpol=bind:" + ",".join(map(str, memory_nodes)))
tmpfs_opts = (",".join(tmpfs_opts)).encode()
if self._container_tmpfs:
libc.mount(None, temp_dir, b"tmpfs", 0, tmpfs_opts)
mount_base = os.path.join(temp_dir, b"mount") # base dir for container mounts
os.mkdir(mount_base)
os.mkdir(temp_base)
def _is_below(path, target_path):
# compare with trailing slashes for cases like /foo and /foobar
path = os.path.join(path, b"")
target_path = os.path.join(target_path, b"")
return path.startswith(target_path)
def find_mode_for_dir(path, fstype=None):
if (path == b"/proc"):
# /proc is necessary for the grandchild to read PID, will be replaced later.
return DIR_READ_ONLY
if _is_below(path, b"/proc"):
# Irrelevant.
return None
parent_mode = None
result_mode = None
for special_dir, mode in self._dir_modes.items():
if _is_below(path, special_dir):
if path != special_dir:
parent_mode = mode
result_mode = mode
assert result_mode is not None
if result_mode == DIR_OVERLAY and (
_is_below(path, b"/dev") or
_is_below(path, b"/sys") or
fstype == b"cgroup"):
# Overlay does not make sense for /dev, /sys, and all cgroups.
return DIR_READ_ONLY
if result_mode == DIR_OVERLAY and (
fstype == b"autofs" or
fstype == b"vfat" or
fstype == b"ntfs"):
# Overlayfs does not support these as underlying file systems.
logging.debug("Cannot use overlay mode for %s because it has file system %s. "
"Using read-only mode instead.",
path.decode(), fstype.decode())
return DIR_READ_ONLY
if result_mode == DIR_HIDDEN and parent_mode == DIR_HIDDEN:
# No need to recursively recreate mountpoints in hidden dirs.
return None
return result_mode
# Overlayfs needs its own additional temporary directory ("work" directory).
# temp_base will be the "upper" layer, the host FS the "lower" layer,
# and mount_base the mount target.
work_base = os.path.join(temp_dir, b"overlayfs")
os.mkdir(work_base)
# Create a copy of host's mountpoints.
# Setting MS_PRIVATE flag discouples our mount namespace from the hosts's,
# i.e., mounts we do are not seen by the host, and any (un)mounts the host does afterward
# are not seen by us. The latter is desired such that new mounts (e.g.,
# USB sticks being plugged in) do not appear in the container.
# Blocking host-side unmounts from being propagated has the disadvantage
# that any unmounts done by the sysadmin won't really unmount the device
# because it stays mounted in the container and thus keep the device busy
# (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739593#85).
# We could allow unmounts being propated with MS_SLAVE instead of MS_PRIVATE,
# but we prefer to have the mount namespace of the container being
# unchanged during run execution.
container.make_bind_mount(b"/", mount_base, recursive=True, private=True)
# Ensure each special dir is a mountpoint such that the next loop covers it.
for special_dir in self._dir_modes.keys():
mount_path = mount_base + special_dir
temp_path = temp_base + special_dir
try:
container.make_bind_mount(mount_path, mount_path)
except OSError as e:
# on btrfs, non-recursive bind mounts faitl
if e.errno == errno.EINVAL:
try:
container.make_bind_mount(mount_path, mount_path, recursive=True)
except OSError as e2:
logging.debug("Failed to make %s a (recursive) bind mount: %s", mount_path, e2)
else:
logging.debug("Failed to make %s a bind mount: %s", mount_path, e)
if not os.path.exists(temp_path):
os.makedirs(temp_path)
# Set desired access mode for each mountpoint.
for unused_source, full_mountpoint, fstype, options in list(container.get_mount_points()):
if not _is_below(full_mountpoint, mount_base):
continue
mountpoint = full_mountpoint[len(mount_base):] or b"/"
mode = find_mode_for_dir(mountpoint, fstype)
if not mode:
continue
if not os.access(os.path.dirname(mountpoint), os.X_OK):
# If parent is not accessible we cannot mount something on mountpoint.
# We mark the inaccessible directory as hidden because otherwise the mountpoint
# could become accessible (directly!) if the permissions on the parent
# are relaxed during container execution.
original_mountpoint = mountpoint
parent = os.path.dirname(mountpoint)
while not os.access(parent, os.X_OK):
mountpoint = parent
parent = os.path.dirname(mountpoint)
mode = DIR_HIDDEN
logging.debug(
"Marking inaccessible directory '%s' as hidden "
"because it contains a mountpoint at '%s'",
mountpoint.decode(), original_mountpoint.decode())
else:
logging.debug("Mounting '%s' as %s", mountpoint.decode(), mode)
mount_path = mount_base + mountpoint
temp_path = temp_base + mountpoint
work_path = work_base + mountpoint
if mode == DIR_OVERLAY:
if not os.path.exists(temp_path):
os.makedirs(temp_path)
if not os.path.exists(work_path):
os.makedirs(work_path)
try:
# Previous mount in this place not needed if replaced with overlay dir.
libc.umount(mount_path)
except OSError as e:
logging.debug(e)
try:
container.make_overlay_mount(mount_path, mountpoint, temp_path, work_path)
except OSError as e:
raise OSError(e.errno,
"Creating overlay mount for '{}' failed: {}. "
"Please use other directory modes."
.format(mountpoint.decode(), os.strerror(e.errno)))
elif mode == DIR_HIDDEN:
if not os.path.exists(temp_path):
os.makedirs(temp_path)
try:
# Previous mount in this place not needed if replaced with hidden dir.
libc.umount(mount_path)
except OSError as e:
logging.debug(e)
container.make_bind_mount(temp_path, mount_path)
elif mode == DIR_READ_ONLY:
try:
container.remount_with_additional_flags(mount_path, options, libc.MS_RDONLY)
except OSError as e:
if e.errno == errno.EACCES:
logging.warning(
"Cannot mount '%s', directory may be missing from container.",
mountpoint.decode())
else:
# If this mountpoint is below an overlay/hidden dir re-create mountpoint.
# Linux does not support making read-only bind mounts in one step:
# https://lwn.net/Articles/281157/ http://man7.org/linux/man-pages/man8/mount.8.html
container.make_bind_mount(
mountpoint, mount_path, recursive=True, private=True)
container.remount_with_additional_flags(mount_path, options, libc.MS_RDONLY)
elif mode == DIR_FULL_ACCESS:
try:
# Ensure directory is still a mountpoint by attempting to remount.
container.remount_with_additional_flags(mount_path, options, 0)
except OSError as e:
if e.errno == errno.EACCES:
logging.warning(
"Cannot mount '%s', directory may be missing from container.",
mountpoint.decode())
else:
# If this mountpoint is below an overlay/hidden dir re-create mountpoint.
container.make_bind_mount(
mountpoint, mount_path, recursive=True, private=True)
else:
assert False
# Now configure some special hard-coded cases
def make_tmpfs_dir(path):
"""Ensure that a tmpfs is mounted on path, if the path exists"""
if path in self._dir_modes:
return # explicitly configured by user
mount_tmpfs = mount_base + path
temp_tmpfs = temp_base + path
util.makedirs(temp_tmpfs, exist_ok=True)
if os.path.isdir(mount_tmpfs):
# If we already have a tmpfs, we can just bind mount it, otherwise we need one
if self._container_tmpfs:
container.make_bind_mount(temp_tmpfs, mount_tmpfs)
else:
libc.mount(None, mount_tmpfs, b"tmpfs", 0, tmpfs_opts)
# The following directories should be writable RAM disks for Posix shared memory.
# For example, the Python multiprocessing module explicitly checks for a tmpfs instance.
make_tmpfs_dir(b"/dev/shm")
make_tmpfs_dir(b"/run/shm")
if self._container_system_config:
# If overlayfs is not used for /etc, we need additional bind mounts
# for files in /etc that we want to override, like /etc/passwd
config_mount_base = mount_base if find_mode_for_dir(b"/etc") != DIR_OVERLAY else None
container.setup_container_system_config(temp_base, config_mount_base )
if output_dir:
# We need a way to see temp_base in the container in order to be able to copy result
# files out of it, so we need a directory that is guaranteed to exist in order to use
# it as mountpoint for a bind mount to temp_base.
# Of course, the tool inside the container should not have access to temp_base,
# so we will add another bind mount with an empty directory on top
# (equivalent to --hidden-dir). After the tool terminates we can unmount
# the top-level bind mount and then access temp_base. However, this works only
# if there is no other mount point below that directory, and the user can force us
# to create mount points at arbitrary directory if a directory mode is specified.
# So we need an existing directory with no mount points below, and luckily temp_dir
# fulfills all requirements (because we have just created it as fresh drectory ourselves).
# So we mount temp_base outside of the container to temp_dir inside.
util.makedirs(mount_base + temp_dir, exist_ok=True)
container.make_bind_mount(temp_base, mount_base + temp_dir, read_only=True)
# And the following if branch will automatically hide the bind
# mount below an empty directory.
# If necessary, (i.e., if /tmp is not already hidden),
# hide the directory where we store our files from processes in the container
# by mounting an empty directory over it.
if os.path.exists(mount_base + temp_dir):
util.makedirs(temp_base + temp_dir, exist_ok=True)
container.make_bind_mount(temp_base + temp_dir, mount_base + temp_dir)
os.chroot(mount_base)
class Stream(mitogen.parent.Stream):
child_is_immediate_subprocess = False
container = None
username = None
kind = None
docker_path = 'docker'
lxc_info_path = 'lxc-info'
machinectl_path = 'machinectl'
GET_LEADER_BY_KIND = {
'docker': ('docker_path', get_docker_pid),
'lxc': ('lxc_info_path', get_lxc_pid),
'machinectl': ('machinectl_path', get_machinectl_pid),
}
def construct(self,
container,
kind,
username=None,
docker_path=None,
lxc_info_path=None,
machinectl_path=None,
**kwargs):
super(Stream, self).construct(**kwargs)
if kind not in self.GET_LEADER_BY_KIND:
raise Error('unsupported container kind: %r', kind)
self.container = container
self.kind = kind
if username:
self.username = username
if docker_path:
self.docker_path = docker_path
if lxc_info_path:
self.lxc_info_path = lxc_info_path
if machinectl_path:
self.machinectl_path = machinectl_path
# Order matters. https://github.com/karelzak/util-linux/commit/854d0fe/
NS_ORDER = ('ipc', 'uts', 'net', 'pid', 'mnt', 'user')
def preexec_fn(self):
nspath = '/proc/%d/ns/' % (self.leader_pid, )
selfpath = '/proc/self/ns/'
try:
ns_fps = [
open(nspath + name) for name in self.NS_ORDER
if os.path.exists(nspath + name) and (
os.readlink(nspath + name) != os.readlink(selfpath + name))
]
except Exception, e:
raise Error(str(e))
os.chdir('/proc/%s/root' % (self.leader_pid, ))
os.chroot('.')
os.chdir('/')
for fp in ns_fps:
setns(fp.name, fp.fileno())
fp.close()
for sym in 'endpwent', 'endgrent', 'endspent', 'endsgent':
try:
getattr(LIBC, sym)()
except AttributeError:
pass
if self.username:
try:
os.setgroups([
grent.gr_gid for grent in grp.getgrall()
if self.username in grent.gr_mem
])
pwent = pwd.getpwnam(self.username)
os.setreuid(pwent.pw_uid, pwent.pw_uid)
# shadow-4.4/libmisc/setupenv.c. Not done: MAIL, PATH
os.environ.update({
'HOME': pwent.pw_dir,
'SHELL': pwent.pw_shell or '/bin/sh',
'LOGNAME': self.username,
'USER': self.username,
})
if ((os.path.exists(pwent.pw_dir)
and os.access(pwent.pw_dir, os.X_OK))):
os.chdir(pwent.pw_dir)
except Exception:
e = sys.exc_info()[1]
raise Error(self.username_msg, self.username, self.container,
type(e).__name__, e)
def mychroot():
""" pre-execute function """
os.chroot(chrootdir)
os.chdir("/")
def chroot():
if root and root != '/':
os.chroot(root)
def __exit__(self, type, value, traceback):
os.fchdir(self.root)
os.chroot('.')
os.chdir(self.cwd)
logging.warning("Crawl executable %s doesn't exist!", game_data["crawl_binary"])
success = False
if ("client_path" in game_data and
not os.path.exists(game_data["client_path"])):
logging.warning("Client data path %s doesn't exist!", game_data["client_path"])
success = False
if getattr(config, "allow_password_reset", False) and not config.lobby_url:
logging.warning("Lobby URL needs to be defined!")
success = False
return success
if __name__ == "__main__":
if chroot:
os.chroot(chroot)
init_logging(logging_config)
if not check_config():
err_exit("Errors in config. Exiting.")
if daemon:
daemonize()
signal.signal(signal.SIGTERM, signal_handler)
signal.signal(signal.SIGHUP, signal_handler)
if umask is not None:
os.umask(umask)
def chroot(self):
"""Change the root dir to this path name"""
os.chroot(self)
def 改变当前进程目录(路径):
'成功返回True'
os.chroot(路径)
return True
def execWithCaptureStatus(command,
argv,
searchPath=0,
root='/',
stdin=0,
catchfd=1,
closefd=-1):
if not os.access(root + command, os.X_OK):
raise RuntimeError(command + " cannot be run")
(read, write) = os.pipe()
childpid = os.fork()
if (not childpid):
if (root and root != '/'):
os.chroot(root)
if isinstance(catchfd, tuple):
for fd in catchfd:
os.dup2(write, fd)
else:
os.dup2(write, catchfd)
os.close(write)
os.close(read)
if closefd != -1:
os.close(closefd)
if stdin:
os.dup2(stdin, 0)
os.close(stdin)
if (searchPath):
os.execvp(command, argv)
else:
os.execv(command, argv)
sys.exit(1)
os.close(write)
rc = ""
s = "1"
while (s):
select.select([read], [], [])
s = os.read(read, 1000)
rc = rc + s
os.close(read)
pid = -1
status = -1
try:
(pid, status) = os.waitpid(childpid, 0)
except OSError as xxx_todo_changeme:
(errno, msg) = xxx_todo_changeme.args
print(__name__, "waitpid:", msg)
if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0):
status = os.WEXITSTATUS(status)
else:
status = -1
return (rc, status)
def __enter__(self):
os.chroot(self.path)
import os
import pwd
import sys
import textwrap
pw = pwd.getpwnam("nobody")
os.chdir("home")
os.chroot(".")
os.setgid(pw.pw_gid)
os.setuid(pw.pw_uid)
env = {"__builtins__": {}}
exec(f"def func():\n{textwrap.indent(sys.stdin.read(), ' ')}", env)
ret = env["func"]()
if ret is not None:
print(ret)
def _child_prep_fn():
if (chroot):
os.chroot(chroot)
if (chdir):
os.chdir(chdir)
def chroot():
if root:
os.chroot(root)
def do_chroot():
"""Helper function doing the chroot if requested."""
if chroot and chroot != "/":
os.chroot(chroot)
os.chdir("/")
def chroot(self):
""" .. seealso:: :func:`os.chroot` """
os.chroot(self)
def chroot(target_root):
if target_root and target_root != '/':
os.chroot(target_root)
os.chdir("/")
def _run_chroot_process(filesystem, args, stdout=subprocess.PIPE,
stderr=subprocess.PIPE):
"""
Create a chroot jail and run a process in it.
Prints the PID of the new process.
:param pathlib.Path filesystem: The directory which should be the root of
the new process.
:param list args: List of strings. See ``subprocess.Popen.args``.
:param stdout: See
https://docs.python.org/3.1/library/subprocess.html#subprocess.Popen.
:param stderr: See
https://docs.python.org/3.1/library/subprocess.html#subprocess.Popen.
:return subprocess.Popen: The newly started process.
"""
real_root = os.open("/", os.O_RDONLY)
os.chroot(str(filesystem))
process = subprocess.Popen(
args=args,
stdout=stdout,
stderr=stderr,
)
os.fchdir(real_root)
os.chroot(".")
os.close(real_root)
# On some platforms it seems to take some time for a process to start,
# even after this point. Therefore sleep for 5ms to ensure platform
# parity. This seems to be necessary on Travis CI hosted.
time.sleep(0.05)
return process
