Exemple #1
0
// proc_starter starts a user process with the correct rlimits and after
// closing any open FDs.
func main() {
	runtime.LockOSThread()

	rlimits := flag.String("rlimits", "", "encoded rlimits")
	dropCapabilities := flag.Bool("dropCapabilities", true, "drop capabilities before starting process")
	uid := flag.Int("uid", -1, "user id to run the process as")
	gid := flag.Int("gid", -1, "group id to run the process as")
	extendedWhitelist := flag.Bool("extendedWhitelist", false, "whitelist CAP_SYS_ADMIN in addition to the default set. Use only with -dropCapabilities=true")
	flag.Parse()

	closeFds()

	mgr := &container_daemon.RlimitsManager{}
	must(mgr.Apply(mgr.DecodeLimits(*rlimits)))

	args := flag.Args()

	if *dropCapabilities {
		caps := &system.ProcessCapabilities{Pid: os.Getpid()}
		must(caps.Limit(*extendedWhitelist))
	}

	execer := system.UserExecer{}
	if err := execer.ExecAsUser(*uid, *gid, args[0], args[1:]...); err != nil {
		fmt.Fprintf(os.Stderr, "proc_starter: ExecAsUser: %s\n", err)
		os.Exit(255)
	}
}
func main() {
	uid := flag.Int("uid", -1, "uid")
	gid := flag.Int("gid", -1, "gid")
	workDir := flag.String("workDir", "", "working directory")
	flag.Parse()

	execer := system.UserExecer{}
	if err := execer.ExecAsUser(*uid, *gid, *workDir, "bash", "-c", "id -u && id -G"); err != nil {
		fmt.Fprintf(os.Stderr, "%s", err)
		os.Exit(2)
	}
}