func (c *Pod) stage2(app types.ACName, user, group string, cwd string, env []string, exec ...string) error {
if strings.HasPrefix(user, "/") || strings.HasPrefix(group, "/") {
return errors.New("Path-based user/group not supported yet, sorry")
}
hasPath := false
hasTerm := false
for _, envVar := range env {
if strings.HasPrefix(envVar, "PATH=") {
hasPath = true
}
if strings.HasPrefix(envVar, "TERM=") {
hasTerm = true
}
}
if !hasPath {
env = append(env, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
}
if !hasTerm {
// TODO: TERM= only if we're attached to a terminal
term := os.Getenv("TERM")
if term == "" {
term = "vt100"
}
env = append(env, "TERM="+term)
}
// Ensure jail is created
jid := c.Jid()
if jid == 0 {
if err := errors.Trace(c.runJail("-c")); err != nil {
return errors.Trace(err)
}
jid = c.Jid()
if jid == 0 {
panic("Could not start jail")
}
}
mds, err := c.Host.MetadataURL(c.UUID)
if err != nil {
return errors.Trace(err)
}
pwf, err := passwd.ReadPasswd(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "passwd"))
if err != nil {
return errors.Trace(err)
}
pwent := pwf.Find(user)
if pwent == nil {
return errors.Errorf("Cannot find user: %#v", user)
}
if group != "" {
grf, err := passwd.ReadGroup(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "group"))
if err != nil {
return errors.Trace(err)
}
pwent.Gid = grf.FindGid(group)
if pwent.Gid < 0 {
return errors.Errorf("Cannot find group: %#v", group)
}
}
if cwd == "" {
cwd = "/"
}
stage2 := filepath.Join(Config().MustGetString("path.libexec"), "stage2")
args := []string{
fmt.Sprintf("%d:%d:%d:%s:%s", jid, pwent.Uid, pwent.Gid, app, cwd),
"AC_METADATA_URL=" + mds,
"USER="******"LOGNAME=" + pwent.Username,
"HOME=" + pwent.Home,
"SHELL=" + pwent.Shell,
}
args = append(args, env...)
args = append(args, exec...)
return run.Command(stage2, args...).Run()
}
func (c *Pod) stage2(app types.ACName, user, group string, cwd string, env []string, exec ...string) error {
if strings.HasPrefix(user, "/") || strings.HasPrefix(group, "/") {
return errors.New("Path-based user/group not supported yet, sorry")
}
// Ensure jail is created
jid := c.Jid()
if jid == 0 {
if err := errors.Trace(c.runJail("-c")); err != nil {
return errors.Trace(err)
}
jid = c.Jid()
if jid == 0 {
panic("Could not start jail")
}
}
mds, err := c.Host.MetadataURL(c.UUID)
if err != nil {
return errors.Trace(err)
}
pwf, err := passwd.ReadPasswd(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "passwd"))
if err != nil {
return errors.Trace(err)
}
pwent := pwf.Find(user)
if pwent == nil {
return errors.Errorf("Cannot find user: %#v", user)
}
if group != "" {
grf, err := passwd.ReadGroup(c.Path("rootfs", "app", app.String(), "rootfs", "etc", "group"))
if err != nil {
return errors.Trace(err)
}
pwent.Gid = grf.FindGid(group)
if pwent.Gid < 0 {
return errors.Errorf("Cannot find group: %#v", group)
}
}
if cwd == "" {
cwd = "/"
}
stage2 := filepath.Join(Config().MustGetString("path.libexec"), "stage2")
args := []string{
"-jid", strconv.Itoa(jid),
"-app", string(app),
"-mds", mds,
"-uid", strconv.Itoa(pwent.Uid),
"-gid", strconv.Itoa(pwent.Gid),
"-cwd", cwd,
"-setenv", "USER="******"-setenv", "LOGNAME=" + pwent.Username,
"-setenv", "HOME=" + pwent.Home,
"-setenv", "SHELL=" + pwent.Shell,
}
args = append(args, env...)
args = append(args, exec...)
return run.Command(stage2, args...).Run()
}