def protect_call_cmd(args: argparse.Namespace, ) -> int: if os.getuid() != 0: print('Only root can execute protected binaries') return 1 try: try: manage_plug(INTERFACE_NAME, enable_plug=True) except Exception: # If we fail to plug, it is no big deal, we might # drop some traffic but let's not fail to run the # command log.exception('Failed to enable plug') subprocess.check_call([args.cmd] + args.args, preexec_fn=drop_perms) finally: # Netlink comms can be unreliable according to the manpage, # so do some retries to ensure we really turn off the plug # It would be really bad if we do not turn off the plug for i in range(3): try: manage_plug(INTERFACE_NAME, enable_plug=False) break except Exception: log.exception('Failed to disable plug, try #%d' % i) return 0
def protect_call_cmd(args): if os.getuid() != 0: print('Only root can execute protected binaries') return 1 try: try: manage_plug(INTERFACE_NAME, enable_plug=True) except: # If we fail to plug, it is no big deal, we might # drop some traffic but let's not fail to run the # command log.exception('Failed to enable plug') subprocess.check_call( [args.cmd] + args.args, preexec_fn=drop_perms ) finally: # Netlink comms can be unreliable according to the manpage, # so do some retries to ensure we really turn off the plug # It would be really bad if we do not turn off the plug for i in range(3): try: manage_plug(INTERFACE_NAME, enable_plug=False) break except: log.exception('Failed to disable plug, try #%d' % i)
def manage_plug_cmd(args): if args.action == 'plug': manage_plug(INTERFACE_NAME, enable_plug=True) elif args.action == 'unplug': manage_plug(INTERFACE_NAME, enable_plug=False) else: return 1 return 0
def manage_plug_cmd(args: argparse.Namespace, ) -> int: if args.action == 'plug': manage_plug(INTERFACE_NAME, enable_plug=True) elif args.action == 'unplug': manage_plug(INTERFACE_NAME, enable_plug=False) else: return 1 return 0