Exemple #1
0
func (c *Pod) stage2(app types.ACName, user, group string, cwd string, env []string, exec ...string) error {
	if strings.HasPrefix(user, "/") || strings.HasPrefix(group, "/") {
		return errors.New("Path-based user/group not supported yet, sorry")
	}

	hasPath := false
	hasTerm := false

	for _, envVar := range env {
		if strings.HasPrefix(envVar, "PATH=") {
			hasPath = true
		}
		if strings.HasPrefix(envVar, "TERM=") {
			hasTerm = true
		}
	}

	if !hasPath {
		env = append(env, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
	}

	if !hasTerm {
		// TODO: TERM= only if we're attached to a terminal
		term := os.Getenv("TERM")
		if term == "" {
			term = "vt100"
		}
		env = append(env, "TERM="+term)
	}

	// Ensure jail is created
	jid := c.Jid()
	if jid == 0 {
		if err := errors.Trace(c.runJail("-c")); err != nil {
			return errors.Trace(err)
		}
		jid = c.Jid()
		if jid == 0 {
			panic("Could not start jail")
		}
	}

	mds, err := c.Host.MetadataURL(c.UUID)
	if err != nil {
		return errors.Trace(err)
	}

	pwf, err := passwd.ReadPasswd(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "passwd"))
	if err != nil {
		return errors.Trace(err)
	}

	pwent := pwf.Find(user)
	if pwent == nil {
		return errors.Errorf("Cannot find user: %#v", user)
	}

	if group != "" {
		grf, err := passwd.ReadGroup(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "group"))
		if err != nil {
			return errors.Trace(err)
		}
		pwent.Gid = grf.FindGid(group)
		if pwent.Gid < 0 {
			return errors.Errorf("Cannot find group: %#v", group)
		}
	}

	if cwd == "" {
		cwd = "/"
	}

	stage2 := filepath.Join(Config().MustGetString("path.libexec"), "stage2")
	args := []string{
		fmt.Sprintf("%d:%d:%d:%s:%s", jid, pwent.Uid, pwent.Gid, app, cwd),
		"AC_METADATA_URL=" + mds,
		"USER="******"LOGNAME=" + pwent.Username,
		"HOME=" + pwent.Home,
		"SHELL=" + pwent.Shell,
	}
	args = append(args, env...)
	args = append(args, exec...)
	return run.Command(stage2, args...).Run()
}
Exemple #2
0
func (c *Pod) stage2(app types.ACName, user, group string, cwd string, env []string, exec ...string) error {
	if strings.HasPrefix(user, "/") || strings.HasPrefix(group, "/") {
		return errors.New("Path-based user/group not supported yet, sorry")
	}

	// Ensure jail is created
	jid := c.Jid()
	if jid == 0 {
		if err := errors.Trace(c.runJail("-c")); err != nil {
			return errors.Trace(err)
		}
		jid = c.Jid()
		if jid == 0 {
			panic("Could not start jail")
		}
	}

	mds, err := c.Host.MetadataURL(c.UUID)
	if err != nil {
		return errors.Trace(err)
	}

	pwf, err := passwd.ReadPasswd(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "passwd"))
	if err != nil {
		return errors.Trace(err)
	}

	pwent := pwf.Find(user)
	if pwent == nil {
		return errors.Errorf("Cannot find user: %#v", user)
	}

	if group != "" {
		grf, err := passwd.ReadGroup(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "group"))
		if err != nil {
			return errors.Trace(err)
		}
		pwent.Gid = grf.FindGid(group)
		if pwent.Gid < 0 {
			return errors.Errorf("Cannot find group: %#v", group)
		}
	}

	if cwd == "" {
		cwd = "/"
	}

	stage2 := filepath.Join(Config().MustGetString("path.libexec"), "stage2")
	args := []string{
		"-jid", strconv.Itoa(jid),
		"-app", string(app),
		"-mds", mds,
		"-uid", strconv.Itoa(pwent.Uid),
		"-gid", strconv.Itoa(pwent.Gid),
		"-cwd", cwd,
		"-setenv", "USER="******"-setenv", "LOGNAME=" + pwent.Username,
		"-setenv", "HOME=" + pwent.Home,
		"-setenv", "SHELL=" + pwent.Shell,
	}
	args = append(args, env...)
	args = append(args, exec...)
	return run.Command(stage2, args...).Run()
}