def PreprocessMountDockerFS(docker_dir, container_id): """Mounts a Docker container Filesystem locally. We use subprocess to run the DockerExplorer script, instead of using the Python module, because we need to make sure all DockerExplorer code runs as root. Args: docker_dir(str): the root Docker directory. container_id(str): the complete ID of the container. Returns: The path to the mounted container file system, as a string. Raises: TurbiniaException: if there was an error trying to mount the filesystem. """ # Most of the code is copied from PreprocessMountDisk # Only the mount command changes config.LoadConfig() mount_prefix = config.MOUNT_DIR_PREFIX if os.path.exists(mount_prefix) and not os.path.isdir(mount_prefix): raise TurbiniaException( 'Mount dir {0:s} exists, but is not a directory'.format(mount_prefix)) if not os.path.exists(mount_prefix): log.info('Creating local mount parent directory {0:s}'.format(mount_prefix)) try: os.makedirs(mount_prefix) except OSError as e: raise TurbiniaException( 'Could not create mount directory {0:s}: {1!s}'.format( mount_prefix, e)) container_mount_path = tempfile.mkdtemp(prefix='turbinia', dir=mount_prefix) log.info( 'Using docker_explorer to mount container {0:s} on {1:s}'.format( container_id, container_mount_path)) de_binary = utils.get_exe_path('de.py') if not de_binary: raise TurbiniaException('Could not find docker-explorer script: de.py') # TODO(aarontp): Remove hard-coded sudo in commands: # https://github.com/google/turbinia/issues/73 mount_cmd = [ 'sudo', de_binary, '-r', docker_dir, 'mount', container_id, container_mount_path ] log.info('Running: {0:s}'.format(' '.join(mount_cmd))) try: subprocess.check_call(mount_cmd) except subprocess.CalledProcessError as e: raise TurbiniaException( 'Could not mount container {0:s}: {1!s}'.format(container_id, e)) return container_mount_path
def GetContainers(self, evidence): """Lists the containers from an input Evidence. We use subprocess to run the DockerExplorer script, instead of using the Python module, because we need to make sure all DockerExplorer code runs as root. Args: evidence (Evidence): the input Evidence. Returns: a list(dict) containing information about the containers found. Raises: TurbiniaException: when the docker-explorer tool cannot be found or failed to run. """ config.LoadConfig() docker_dir = GetDockerPath(evidence.mount_path) containers_info = None # TODO(rgayon): use docker-explorer exposed constant when # https://github.com/google/docker-explorer/issues/80 is in. de_binary = utils.get_exe_path('de.py') if not de_binary: raise TurbiniaException('Cannot find de.py in path') # Check if docker folder exists if not path.exists(docker_dir): log.info('docker_dir does not exist') return containers_info docker_explorer_command = ['sudo', de_binary] if config.DEBUG_TASKS or self.task_config.get('debug_tasks'): docker_explorer_command.append('-d') docker_explorer_command.extend( ['-r', docker_dir, 'list', 'all_containers']) log.info('Running {0:s}'.format(' '.join(docker_explorer_command))) try: json_string = subprocess.check_output( docker_explorer_command).decode('utf-8') containers_info = json.loads(json_string) except json.JSONDecodeError as e: raise TurbiniaException( 'Error decoding JSON output from de.py: {0!s} {1!s}'.format( e, json_string)) except subprocess.CalledProcessError as e: raise TurbiniaException('de.py returned an error: {0!s}'.format(e)) return containers_info