Exemplo n.º 1
0
func TestAsAdmin(t *testing.T) {
	before := syscall.Geteuid()
	println(before)
	hello := func() error {
		fmt.Println("Hello World")
		return nil
	}
	err := AsAdmin(hello)
	if err != nil {
		t.Log(err)
		t.FailNow()
	}
	after := syscall.Geteuid()
	println(after)
}
Exemplo n.º 2
0
Arquivo: rkt.go Projeto: rowhit/nomad
func (d *RktDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if we are root when running on non-windows systems.
	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.rkt: must run as root user, disabling")
		return false, nil
	}

	outBytes, err := exec.Command("rkt", "version").Output()
	if err != nil {
		return false, nil
	}
	out := strings.TrimSpace(string(outBytes))

	rktMatches := reRktVersion.FindStringSubmatch(out)
	appcMatches := reAppcVersion.FindStringSubmatch(out)
	if len(rktMatches) != 2 || len(appcMatches) != 2 {
		return false, fmt.Errorf("Unable to parse Rkt version string: %#v", rktMatches)
	}

	node.Attributes["driver.rkt"] = "1"
	node.Attributes["driver.rkt.version"] = rktMatches[1]
	node.Attributes["driver.rkt.appc.version"] = appcMatches[1]

	return true, nil
}
Exemplo n.º 3
0
func (d *AllocDir) dropDirPermissions(path string) error {
	// Can't do anything if not root.
	if syscall.Geteuid() != 0 {
		return nil
	}

	u, err := user.Lookup("nobody")
	if err != nil {
		return err
	}

	uid, err := getUid(u)
	if err != nil {
		return err
	}

	gid, err := getGid(u)
	if err != nil {
		return err
	}

	if err := os.Chown(path, uid, gid); err != nil {
		return fmt.Errorf("Couldn't change owner/group of %v to (uid: %v, gid: %v): %v", path, uid, gid, err)
	}

	if err := os.Chmod(path, 0777); err != nil {
		return fmt.Errorf("Chmod(%v) failed: %v", path, err)
	}

	return nil
}
Exemplo n.º 4
0
// TestHostKeyFile tests that reading and writing the wrong host key file fails
func TestWrongHostKeyFile(t *testing.T) {
	// Non-existent host key file should fail
	f := NewHostKeyFile(wrongHostFile)
	_, err := f.GetHostKeys()
	if err == nil {
		t.Fatal("should fail to read wrong host file")
	}
	if _, ok := err.(*os.PathError); !ok {
		t.Fatalf("should fail to read wrong host file due to file miss, but got %v", err)
	}

	// Create a host key file we do not have permission to read
	os.OpenFile(wrongHostFile, os.O_CREATE, 0000)
	defer os.Remove(wrongHostFile)
	// If run as root, drop privileges temporarily
	if id := syscall.Geteuid(); id == 0 {
		if err := syscall.Setuid(12345); err != nil {
			t.Fatalf("error setting uid: %v", err)
		}
		defer syscall.Setuid(id)
	}
	err = f.PutHostKey("", nil)
	if err == nil {
		t.Fatal("should fail to write wrong host file")
	}
	if !os.IsPermission(err) {
		t.Fatalf("should fail to write wrong host file due to permission denied, but got %v", err)
	}
}
Exemplo n.º 5
0
func TestRuleAddAndLoad(t *testing.T) {
	// Test #1: Add a trivial filter
	filter1, err := NewFilter(ActAllow)
	if err != nil {
		t.Errorf("Error creating filter: %s", err)
	}
	defer filter1.Release()

	call, err := GetSyscallFromName("getpid")
	if err != nil {
		t.Errorf("Error getting syscall number of getpid: %s", err)
	}

	call2, err := GetSyscallFromName("setreuid")
	if err != nil {
		t.Errorf("Error getting syscall number of setreuid: %s", err)
	}

	uid := syscall.Getuid()
	euid := syscall.Geteuid()

	err = filter1.AddRule(call, ActErrno.SetReturnCode(0x1))
	if err != nil {
		t.Errorf("Error adding rule to restrict syscall: %s", err)
	}

	cond, err := MakeCondition(1, CompareEqual, uint64(euid))
	if err != nil {
		t.Errorf("Error making rule to restrict syscall: %s", err)
	}

	cond2, err := MakeCondition(0, CompareEqual, uint64(uid))
	if err != nil {
		t.Errorf("Error making rule to restrict syscall: %s", err)
	}

	conditions := []ScmpCondition{cond, cond2}

	err = filter1.AddRuleConditional(call2, ActErrno.SetReturnCode(0x2), conditions)
	if err != nil {
		t.Errorf("Error adding conditional rule: %s", err)
	}

	err = filter1.Load()
	if err != nil {
		t.Errorf("Error loading filter: %s", err)
	}

	// Try making a simple syscall, it should error
	pid := syscall.Getpid()
	if pid != -1 {
		t.Errorf("Syscall should have returned error code!")
	}

	// Try making a Geteuid syscall that should normally succeed
	err = syscall.Setreuid(uid, euid)
	if err != syscall.Errno(2) {
		t.Errorf("Syscall should have returned error code!")
	}
}
Exemplo n.º 6
0
func init() {
	// Hack to run sys init during unit testing
	if utils.SelfPath() == "/sbin/init" {
		SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests needs to be run as root")
	}

	NetworkBridgeIface = "testdockbr0"

	// Make it our Store root
	runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false)
	if err != nil {
		panic(err)
	}

	// Create the "Server"
	srv := &Server{
		runtime:     runtime,
		enableCors:  false,
		lock:        &sync.Mutex{},
		pullingPool: make(map[string]struct{}),
		pushingPool: make(map[string]struct{}),
	}
	// Retrieve the Image
	if err := srv.ImagePull(unitTestImageName, "", "", os.Stdout, utils.NewStreamFormatter(false), nil); err != nil {
		panic(err)
	}
}
Exemplo n.º 7
0
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Get the current status so that we can log any debug messages only if the
	// state changes
	_, currentlyEnabled := node.Attributes[execDriverAttr]

	// Only enable if cgroups are available and we are root
	if _, ok := node.Attributes["unique.cgroup.mountpoint"]; !ok {
		if currentlyEnabled {
			d.logger.Printf("[DEBUG] driver.exec: cgroups unavailable, disabling")
		}
		delete(node.Attributes, execDriverAttr)
		return false, nil
	} else if syscall.Geteuid() != 0 {
		if currentlyEnabled {
			d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
		}
		delete(node.Attributes, execDriverAttr)
		return false, nil
	}

	if !currentlyEnabled {
		d.logger.Printf("[DEBUG] driver.exec: exec driver is enabled")
	}
	node.Attributes[execDriverAttr] = "1"
	return true, nil
}
Exemplo n.º 8
0
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
	// Set up defaults.
	defaultExecUser := user.ExecUser{
		Uid:  syscall.Getuid(),
		Gid:  syscall.Getgid(),
		Home: "/",
	}
	passwdPath, err := user.GetPasswdPath()
	if err != nil {
		return err
	}
	groupPath, err := user.GetGroupPath()
	if err != nil {
		return err
	}

	execUser, err := user.GetExecUserPath(u, &defaultExecUser, passwdPath, groupPath)
	if err != nil {
		return fmt.Errorf("get supplementary groups %s", err)
	}

	// if not root - check uid/gid by hand if seccomp is not working
	if syscall.Geteuid() > 0 && (execUser.Uid <= MIN_UID || execUser.Gid <= MIN_GID) {
		return fmt.Errorf("Invalid UID or GID")
	}

	// set supplementary groups
	if err := syscall.Setgroups(execUser.Sgids); err != nil {
		return fmt.Errorf("setgroups %s", err)
	}

	// set gid
	if err := system.Setgid(execUser.Gid); err != nil {
		return fmt.Errorf("setgid %s", err)
	}

	// check if setgid is successfull
	if syscall.Getgid() != execUser.Gid {
		return fmt.Errorf("setgid failed")
	}

	// set uid
	if err := system.Setuid(execUser.Uid); err != nil {
		return fmt.Errorf("setuid %s", err)
	}

	// check if setuid is successful
	if syscall.Getuid() != execUser.Uid {
		return fmt.Errorf("setuid failed")
	}

	// if we didn't get HOME already, set it based on the user's HOME
	if envHome := os.Getenv("HOME"); envHome == "" {
		if err := os.Setenv("HOME", execUser.Home); err != nil {
			return fmt.Errorf("set HOME %s", err)
		}
	}
	return nil
}
Exemplo n.º 9
0
Arquivo: sec.go Projeto: tslnc04/go-1
// Change effective run permissions to settings.AdminUID
func AdminOn() error {
	origUID = syscall.Geteuid()
	// note that Setuid equiv seems buggy, Setreuid is solid currently
	if err := syscall.Setreuid(s.AdminUID, s.AdminUID); err != nil {
		return err
	}
	return nil
}
Exemplo n.º 10
0
func MountCompatible(t *testing.T) {
	if runtime.GOOS == "windows" {
		t.Skip("Windows does not support mount")
	}

	if syscall.Geteuid() != 0 {
		t.Skip("Must be root to run test")
	}
}
Exemplo n.º 11
0
Arquivo: exec.go Projeto: ranjib/nomad
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if we are root when running on non-windows systems.
	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
		return false, nil
	}

	node.Attributes["driver.exec"] = "1"
	return true, nil
}
Exemplo n.º 12
0
func init() {
	// use seccomp if not root
	if syscall.Geteuid() > 0 {
		initSeccomp()
	}

	// make sure we only have one process and that it runs on the main thread (so that ideally, when we Exec, we keep our user switches and stuff)
	runtime.GOMAXPROCS(1)
	runtime.LockOSThread()
}
Exemplo n.º 13
0
func RktCompatible(t *testing.T) {
	if runtime.GOOS == "windows" || syscall.Geteuid() != 0 {
		t.Skip("Must be root on non-windows environments to run test")
	}
	// else see if rkt exists
	_, err := exec.Command("rkt", "version").CombinedOutput()
	if err != nil {
		t.Skip("Must have rkt installed for rkt specific tests to run")
	}
}
Exemplo n.º 14
0
func init() {
	os.Setenv("TEST", "1")

	// Hack to run sys init during unit testing
	if selfPath := utils.SelfPath(); selfPath == "/sbin/init" || selfPath == "/.dockerinit" {
		SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests need to be run as root")
	}

	NetworkBridgeIface = unitTestNetworkBridge

	// Make it our Store root
	if runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false); err != nil {
		log.Fatalf("Unable to create a runtime for tests:", err)
	} else {
		globalRuntime = runtime
	}

	// Cleanup any leftover container
	for _, container := range globalRuntime.List() {
		if err := globalRuntime.Destroy(container); err != nil {
			log.Fatalf("Error destroying leftover container: %s", err)
		}
	}

	// Create the "Server"
	srv := &Server{
		runtime:     globalRuntime,
		enableCors:  false,
		pullingPool: make(map[string]struct{}),
		pushingPool: make(map[string]struct{}),
	}
	// If the unit test is not found, try to download it.
	if img, err := globalRuntime.repositories.LookupImage(unitTestImageName); err != nil || img.ID != unitTestImageID {
		// Retrieve the Image
		if err := srv.ImagePull(unitTestImageName, "", os.Stdout, utils.NewStreamFormatter(false), nil, nil, true); err != nil {
			log.Fatalf("Unable to pull the test image:", err)
		}
	}
	// Spawn a Daemon
	go func() {
		if err := ListenAndServe(testDaemonProto, testDaemonAddr, srv, os.Getenv("DEBUG") != ""); err != nil {
			log.Fatalf("Unable to spawn the test daemon:", err)
		}
	}()

	// Give some time to ListenAndServer to actually start
	time.Sleep(time.Second)

	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
}
Exemplo n.º 15
0
func setupHome(rw http.ResponseWriter, req *http.Request) {
	_, port, _ := net.SplitHostPort(*webserver.Listen)
	ourAddr := "127.0.0.1:" + port
	uid, err := netutil.AddrPairUserid(req.RemoteAddr, ourAddr)

	fmt.Fprintf(rw, "Hello %q\n", req.RemoteAddr)
	fmt.Fprintf(rw, "<p>uid = %d\n", syscall.Getuid())
	fmt.Fprintf(rw, "<p>euid = %d\n", syscall.Geteuid())

	fmt.Fprintf(rw, "<p>http_local_uid(%q => %q) = %d (%v)\n", req.RemoteAddr, ourAddr, uid, err)
}
Exemplo n.º 16
0
Arquivo: exec.go Projeto: savaki/nomad
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if we are root on linux.
	if runtime.GOOS != "linux" {
		d.logger.Printf("[DEBUG] driver.exec: only available on linux, disabling")
		return false, nil
	} else if syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
		return false, nil
	}

	node.Attributes["driver.exec"] = "1"
	return true, nil
}
Exemplo n.º 17
0
Arquivo: exec.go Projeto: stigkj/nomad
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if cgroups are available and we are root
	if _, ok := node.Attributes["unique.cgroup.mountpoint"]; !ok {
		d.logger.Printf("[DEBUG] driver.exec: cgroups unavailable, disabling")
		return false, nil
	} else if syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
		return false, nil
	}

	node.Attributes["driver.exec"] = "1"
	return true, nil
}
Exemplo n.º 18
0
func (d *JavaDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if we are root when running on non-windows systems.
	if runtime.GOOS == "linux" && syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.java: must run as root user on linux, disabling")
		return false, nil
	}

	// Find java version
	var out bytes.Buffer
	var erOut bytes.Buffer
	cmd := exec.Command("java", "-version")
	cmd.Stdout = &out
	cmd.Stderr = &erOut
	err := cmd.Run()
	if err != nil {
		// assume Java wasn't found
		return false, nil
	}

	// 'java -version' returns output on Stderr typically.
	// Check stdout, but it's probably empty
	var infoString string
	if out.String() != "" {
		infoString = out.String()
	}

	if erOut.String() != "" {
		infoString = erOut.String()
	}

	if infoString == "" {
		d.logger.Println("[WARN] driver.java: error parsing Java version information, aborting")
		return false, nil
	}

	// Assume 'java -version' returns 3 lines:
	//    java version "1.6.0_36"
	//    OpenJDK Runtime Environment (IcedTea6 1.13.8) (6b36-1.13.8-0ubuntu1~12.04)
	//    OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode)
	// Each line is terminated by \n
	info := strings.Split(infoString, "\n")
	versionString := info[0]
	versionString = strings.TrimPrefix(versionString, "java version ")
	versionString = strings.Trim(versionString, "\"")
	node.Attributes["driver.java"] = "1"
	node.Attributes["driver.java.version"] = versionString
	node.Attributes["driver.java.runtime"] = info[1]
	node.Attributes["driver.java.vm"] = info[2]

	return true, nil
}
Exemplo n.º 19
0
func BoundingSetEmpty() (err error) {
	// don't bother trying to empty the capability bounding set if
	// we're not root, as we won't have the permissions.

	// FIXME: instead of checking for root, we should be checking
	// for the permission
	if syscall.Geteuid() != 0 {
		return
	}
	for i := CapMin; i <= CapMax; i++ {
		BoundingSetDrop(i)
	}
	return nil
}
Exemplo n.º 20
0
func init() {
	hasRoot = syscall.Geteuid() == 0

	sudoUid, ok := syscall.Getenv("SUDO_UID")
	if ok {
		var err error
		realUid, err = strconv.Atoi(sudoUid)
		if err != nil {
			fatalln("SUDO_UID", err)
		}
	} else {
		realUid = syscall.Getuid()
	}

	dropRoot()
}
Exemplo n.º 21
0
func init() {
	// Always use the same driver (vfs) for all integration tests.
	// To test other drivers, we need a dedicated driver validation suite.
	os.Setenv("DOCKER_DRIVER", "vfs")
	os.Setenv("TEST", "1")
	os.Setenv("DOCKER_TMPDIR", unitTestDockerTmpdir)

	// Hack to run sys init during unit testing
	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
		sysinit.SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests need to be run as root")
	}

	// Copy dockerinit into our current testing directory, if provided (so we can test a separate dockerinit binary)
	if dockerinit := os.Getenv("TEST_DOCKERINIT_PATH"); dockerinit != "" {
		src, err := os.Open(dockerinit)
		if err != nil {
			log.Fatalf("Unable to open TEST_DOCKERINIT_PATH: %s\n", err)
		}
		defer src.Close()
		dst, err := os.OpenFile(filepath.Join(filepath.Dir(utils.SelfPath()), "dockerinit"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0555)
		if err != nil {
			log.Fatalf("Unable to create dockerinit in test directory: %s\n", err)
		}
		defer dst.Close()
		if _, err := io.Copy(dst, src); err != nil {
			log.Fatalf("Unable to copy dockerinit to TEST_DOCKERINIT_PATH: %s\n", err)
		}
		dst.Close()
		src.Close()
	}

	// Setup the base daemon, which will be duplicated for each test.
	// (no tests are run directly in the base)
	setupBaseImage()

	// Create the "global daemon" with a long-running daemons for integration tests
	spawnGlobalDaemon()
	spawnLegitHttpsDaemon()
	spawnRogueHttpsDaemon()
	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
}
Exemplo n.º 22
0
Arquivo: rkt.go Projeto: zanella/nomad
func (d *RktDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Get the current status so that we can log any debug messages only if the
	// state changes
	_, currentlyEnabled := node.Attributes[rktDriverAttr]

	// Only enable if we are root when running on non-windows systems.
	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
		if currentlyEnabled {
			d.logger.Printf("[DEBUG] driver.rkt: must run as root user, disabling")
		}
		delete(node.Attributes, rktDriverAttr)
		return false, nil
	}

	outBytes, err := exec.Command(rktCmd, "version").Output()
	if err != nil {
		delete(node.Attributes, rktDriverAttr)
		return false, nil
	}
	out := strings.TrimSpace(string(outBytes))

	rktMatches := reRktVersion.FindStringSubmatch(out)
	appcMatches := reAppcVersion.FindStringSubmatch(out)
	if len(rktMatches) != 2 || len(appcMatches) != 2 {
		delete(node.Attributes, rktDriverAttr)
		return false, fmt.Errorf("Unable to parse Rkt version string: %#v", rktMatches)
	}

	node.Attributes[rktDriverAttr] = "1"
	node.Attributes["driver.rkt.version"] = rktMatches[1]
	node.Attributes["driver.rkt.appc.version"] = appcMatches[1]

	minVersion, _ := version.NewVersion(minRktVersion)
	currentVersion, _ := version.NewVersion(node.Attributes["driver.rkt.version"])
	if currentVersion.LessThan(minVersion) {
		// Do not allow ancient rkt versions
		d.logger.Printf("[WARN] driver.rkt: please upgrade rkt to a version >= %s", minVersion)
		node.Attributes[rktDriverAttr] = "0"
	}

	// Advertise if this node supports rkt volumes
	if d.config.ReadBoolDefault(rktVolumesConfigOption, rktVolumesConfigDefault) {
		node.Attributes["driver."+rktVolumesConfigOption] = "1"
	}
	return true, nil
}
Exemplo n.º 23
0
func init() {
	// Hack to run sys init during unit testing
	if utils.SelfPath() == "/sbin/init" {
		SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests need to be run as root")
	}

	NetworkBridgeIface = unitTestNetworkBridge

	// Make it our Store root
	runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false)
	if err != nil {
		panic(err)
	}
	globalRuntime = runtime

	// Create the "Server"
	srv := &Server{
		runtime:     runtime,
		enableCors:  false,
		pullingPool: make(map[string]struct{}),
		pushingPool: make(map[string]struct{}),
	}
	// If the unit test is not found, try to download it.
	if img, err := runtime.repositories.LookupImage(unitTestImageName); err != nil || img.ID != unitTestImageID {
		// Retrieve the Image
		if err := srv.ImagePull(unitTestImageName, "", os.Stdout, utils.NewStreamFormatter(false), nil); err != nil {
			panic(err)
		}
	}
	// Spawn a Daemon
	go func() {
		if err := ListenAndServe(testDaemonProto, testDaemonAddr, srv, os.Getenv("DEBUG") != ""); err != nil {
			panic(err)
		}
	}()

	// Give some time to ListenAndServer to actually start
	time.Sleep(time.Second)
}
Exemplo n.º 24
0
func init() {
	os.Setenv("TEST", "1")

	// Hack to run sys init during unit testing
	if selfPath := utils.SelfPath(); selfPath == "/sbin/init" || selfPath == "/.dockerinit" {
		sysinit.SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests need to be run as root")
	}

	// Copy dockerinit into our current testing directory, if provided (so we can test a separate dockerinit binary)
	if dockerinit := os.Getenv("TEST_DOCKERINIT_PATH"); dockerinit != "" {
		src, err := os.Open(dockerinit)
		if err != nil {
			log.Fatalf("Unable to open TEST_DOCKERINIT_PATH: %s\n", err)
		}
		defer src.Close()
		dst, err := os.OpenFile(filepath.Join(filepath.Dir(utils.SelfPath()), "dockerinit"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0555)
		if err != nil {
			log.Fatalf("Unable to create dockerinit in test directory: %s\n", err)
		}
		defer dst.Close()
		if _, err := io.Copy(dst, src); err != nil {
			log.Fatalf("Unable to copy dockerinit to TEST_DOCKERINIT_PATH: %s\n", err)
		}
		dst.Close()
		src.Close()
	}

	// Setup the base runtime, which will be duplicated for each test.
	// (no tests are run directly in the base)
	setupBaseImage()

	// Create the "global runtime" with a long-running daemon for integration tests
	spawnGlobalDaemon()
	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
}
Exemplo n.º 25
0
// Init Initialize config
func (t *TomlConfig) Init() (errstring string, err error) {

	//L := GetLog(t.Loglevel)

	// Set security permissions if we are root
	if syscall.Geteuid() == 0 {
		if t.UID != "" {
			if err = SetRuntimeUser(t.UID); err != nil {
				return "Error setting uid", err
			}
		}
		if t.GID != "" {
			if err = SetRuntimeGroup(t.GID); err != nil {
				return "Error setting uid", err
			}
		}
		if t.Chroot == true {
			if err = Chroot(t.DataPath); err != nil {
				return "Error setting uid:%s", err
			}
		}
	}

	// Social providers
	if t.Facebook.AuthID != "" {
		//L.Info("Enabling Facebook Authentication")
		//L.Debugf("Got Facebook authID: %s", t.Facebook.AuthID)
		t.Facebook.FullCallBackURL = t.MainURL + t.Facebook.CallBackURL
		t.Facebook.Register()
	}
	// Social providers
	if t.GooglePlus.AuthID != "" {
		//L.Info("Enabling Facebook Authentication")
		//L.Debugf("Got Facebook authID: %s", t.Facebook.AuthID)
		t.GooglePlus.FullCallBackURL = t.MainURL + t.GooglePlus.CallBackURL
		t.GooglePlus.Register()
	}
	return
}
Exemplo n.º 26
0
func init() {
	os.Setenv("TEST", "1")

	// Hack to run sys init during unit testing
	if selfPath := utils.SelfPath(); selfPath == "/sbin/init" || selfPath == "/.dockerinit" {
		SysInit()
		return
	}

	if uid := syscall.Geteuid(); uid != 0 {
		log.Fatal("docker tests need to be run as root")
	}

	NetworkBridgeIface = unitTestNetworkBridge

	// Setup the base runtime, which will be duplicated for each test.
	// (no tests are run directly in the base)
	setupBaseImage()

	// Create the "global runtime" with a long-running daemon for integration tests
	spawnGlobalDaemon()
	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
}
Exemplo n.º 27
0
Arquivo: qemu.go Projeto: ranjib/nomad
func (d *QemuDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Only enable if we are root when running on non-windows systems.
	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
		d.logger.Printf("[DEBUG] driver.qemu: must run as root user, disabling")
		return false, nil
	}

	outBytes, err := exec.Command("qemu-system-x86_64", "-version").Output()
	if err != nil {
		return false, nil
	}
	out := strings.TrimSpace(string(outBytes))

	matches := reQemuVersion.FindStringSubmatch(out)
	if len(matches) != 2 {
		return false, fmt.Errorf("Unable to parse Qemu version string: %#v", matches)
	}

	node.Attributes["driver.qemu"] = "1"
	node.Attributes["driver.qemu.version"] = matches[1]

	return true, nil
}
Exemplo n.º 28
0
func setupHome(rw http.ResponseWriter, req *http.Request) {
	port := httputil.RequestTargetPort(req)
	localhostAddr, err := netutil.Localhost()
	if err != nil {
		httputil.ServeError(rw, req, err)
	}
	ourAddr := &net.TCPAddr{IP: localhostAddr, Port: port}
	rAddr, err := net.ResolveTCPAddr("tcp", req.RemoteAddr)
	if err != nil {
		fmt.Printf("camlistored: unable to resolve RemoteAddr %q: %v", req.RemoteAddr, err)
		return
	}
	uid, err := netutil.AddrPairUserid(rAddr, ourAddr)
	if err != nil {
		httputil.ServeError(rw, req, err)
	}

	fmt.Fprintf(rw, "Hello %q\n", req.RemoteAddr)
	fmt.Fprintf(rw, "<p>uid = %d\n", syscall.Getuid())
	fmt.Fprintf(rw, "<p>euid = %d\n", syscall.Geteuid())

	fmt.Fprintf(rw, "<p>http_local_uid(%q => %q) = %d (%v)\n", req.RemoteAddr, ourAddr, uid, err)
}
Exemplo n.º 29
0
Arquivo: java.go Projeto: xytis/nomad
func (d *JavaDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
	// Get the current status so that we can log any debug messages only if the
	// state changes
	_, currentlyEnabled := node.Attributes[javaDriverAttr]

	// Only enable if we are root and cgroups are mounted when running on linux systems.
	if runtime.GOOS == "linux" && (syscall.Geteuid() != 0 || !d.cgroupsMounted(node)) {
		if currentlyEnabled {
			d.logger.Printf("[DEBUG] driver.java: root priviledges and mounted cgroups required on linux, disabling")
		}
		delete(node.Attributes, "driver.java")
		return false, nil
	}

	// Find java version
	var out bytes.Buffer
	var erOut bytes.Buffer
	cmd := exec.Command("java", "-version")
	cmd.Stdout = &out
	cmd.Stderr = &erOut
	err := cmd.Run()
	if err != nil {
		// assume Java wasn't found
		delete(node.Attributes, javaDriverAttr)
		return false, nil
	}

	// 'java -version' returns output on Stderr typically.
	// Check stdout, but it's probably empty
	var infoString string
	if out.String() != "" {
		infoString = out.String()
	}

	if erOut.String() != "" {
		infoString = erOut.String()
	}

	if infoString == "" {
		if currentlyEnabled {
			d.logger.Println("[WARN] driver.java: error parsing Java version information, aborting")
		}
		delete(node.Attributes, javaDriverAttr)
		return false, nil
	}

	// Assume 'java -version' returns 3 lines:
	//    java version "1.6.0_36"
	//    OpenJDK Runtime Environment (IcedTea6 1.13.8) (6b36-1.13.8-0ubuntu1~12.04)
	//    OpenJDK 64-Bit Server VM (build 23.25-b01, mixed mode)
	// Each line is terminated by \n
	info := strings.Split(infoString, "\n")
	versionString := info[0]
	versionString = strings.TrimPrefix(versionString, "java version ")
	versionString = strings.Trim(versionString, "\"")
	node.Attributes[javaDriverAttr] = "1"
	node.Attributes["driver.java.version"] = versionString
	node.Attributes["driver.java.runtime"] = info[1]
	node.Attributes["driver.java.vm"] = info[2]

	return true, nil
}
Exemplo n.º 30
0
package plugins

import "syscall"

type PromptSymbol struct{}

var userIsRoot = func() bool { return syscall.Geteuid() == 0 }

func (plugin PromptSymbol) Prompt(parameters []string) (string, error) {
	root, common := plugin.loadSymbols(parameters)

	if userIsRoot() {
		return root, nil
	}

	return common, nil
}

func (plugin PromptSymbol) loadSymbols(parameters []string) (string, string) {
	root, common := "#", "$"
	if len(parameters) == 0 {
		return root, common
	}

	if len(parameters) == 1 {
		return parameters[0], common
	}

	return parameters[0], parameters[1]
}