Exemplo n.º 1
0
def PreprocessMountDockerFS(docker_dir, container_id):
  """Mounts a Docker container Filesystem locally.

  We use subprocess to run the DockerExplorer script, instead of using the
  Python module, because we need to make sure all DockerExplorer code runs
  as root.

  Args:
    docker_dir(str): the root Docker directory.
    container_id(str): the complete ID of the container.

  Returns:
    The path to the mounted container file system, as a string.

  Raises:
    TurbiniaException: if there was an error trying to mount the filesystem.
  """
  # Most of the code is copied from PreprocessMountDisk
  # Only the mount command changes
  config.LoadConfig()
  mount_prefix = config.MOUNT_DIR_PREFIX

  if os.path.exists(mount_prefix) and not os.path.isdir(mount_prefix):
    raise TurbiniaException(
        'Mount dir {0:s} exists, but is not a directory'.format(mount_prefix))
  if not os.path.exists(mount_prefix):
    log.info('Creating local mount parent directory {0:s}'.format(mount_prefix))
    try:
      os.makedirs(mount_prefix)
    except OSError as e:
      raise TurbiniaException(
          'Could not create mount directory {0:s}: {1!s}'.format(
              mount_prefix, e))

  container_mount_path = tempfile.mkdtemp(prefix='turbinia', dir=mount_prefix)

  log.info(
      'Using docker_explorer to mount container {0:s} on {1:s}'.format(
          container_id, container_mount_path))
  de_binary = utils.get_exe_path('de.py')

  if not de_binary:
    raise TurbiniaException('Could not find docker-explorer script: de.py')

  # TODO(aarontp): Remove hard-coded sudo in commands:
  # https://github.com/google/turbinia/issues/73
  mount_cmd = [
      'sudo', de_binary, '-r', docker_dir, 'mount', container_id,
      container_mount_path
  ]
  log.info('Running: {0:s}'.format(' '.join(mount_cmd)))

  try:
    subprocess.check_call(mount_cmd)
  except subprocess.CalledProcessError as e:
    raise TurbiniaException(
        'Could not mount container {0:s}: {1!s}'.format(container_id, e))

  return container_mount_path
Exemplo n.º 2
0
    def GetContainers(self, evidence):
        """Lists the containers from an input Evidence.

    We use subprocess to run the DockerExplorer script, instead of using the
    Python module, because we need to make sure all DockerExplorer code runs
    as root.

    Args:
      evidence (Evidence): the input Evidence.

    Returns:
      a list(dict) containing information about the containers found.

    Raises:
      TurbiniaException: when the docker-explorer tool cannot be found or failed
          to run.
    """
        config.LoadConfig()
        docker_dir = GetDockerPath(evidence.mount_path)

        containers_info = None

        # TODO(rgayon): use docker-explorer exposed constant when
        # https://github.com/google/docker-explorer/issues/80 is in.
        de_binary = utils.get_exe_path('de.py')
        if not de_binary:
            raise TurbiniaException('Cannot find de.py in path')

        # Check if docker folder exists
        if not path.exists(docker_dir):
            log.info('docker_dir does not exist')
            return containers_info

        docker_explorer_command = ['sudo', de_binary]

        if config.DEBUG_TASKS or self.task_config.get('debug_tasks'):
            docker_explorer_command.append('-d')

        docker_explorer_command.extend(
            ['-r', docker_dir, 'list', 'all_containers'])

        log.info('Running {0:s}'.format(' '.join(docker_explorer_command)))
        try:
            json_string = subprocess.check_output(
                docker_explorer_command).decode('utf-8')
            containers_info = json.loads(json_string)
        except json.JSONDecodeError as e:
            raise TurbiniaException(
                'Error decoding JSON output from de.py: {0!s} {1!s}'.format(
                    e, json_string))
        except subprocess.CalledProcessError as e:
            raise TurbiniaException('de.py returned an error: {0!s}'.format(e))

        return containers_info