示例#1
0
func DropCapabilities(keepCaps map[uint]bool) error {
	var i uint
	for i = 0; ; i++ {
		if keepCaps[i] {
			continue
		}
		log.Debug("prctl", "PR_CAPBSET_READ", i)
		if err := unix.Prctl(unix.PR_CAPBSET_READ, uintptr(i), 0, 0, 0); err != nil {
			// Regard EINVAL as the condition of loop finish.
			if errno, ok := err.(syscall.Errno); ok && errno == unix.EINVAL {
				break
			}
			return err
		}
		log.Debug("prctl", "PR_CAPBSET_DROP", i)
		if err := unix.Prctl(unix.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0); err != nil {
			// Ignore EINVAL since the capability may not be supported in this system.
			if errno, ok := err.(syscall.Errno); ok && errno == unix.EINVAL {
				continue
			} else if errno, ok := err.(syscall.Errno); ok && errno == unix.EPERM {
				return errors.New("required CAP_SETPCAP capabilities")
			} else {
				return err
			}
		}
	}

	if i == 0 {
		return errors.New("Failed to drop capabilities")
	}

	return nil
}
示例#2
0
文件: osutil.go 项目: yuuki/droot
func RunCmd(name string, arg ...string) error {
	log.Debug("runcmd: ", name, arg)
	out, err := exec.Command(name, arg...).CombinedOutput()
	if len(out) > 0 {
		log.Debug(string(out))
	}
	if err != nil {
		log.Debugf("Failed to exec %s %s: %s", name, arg, err)
		return err
	}
	return nil
}
示例#3
0
文件: osutil.go 项目: yuuki/droot
func ForceMount(device, target, mType, options string) error {
	log.Debug("mount", device, target, mType, options)
	if err := mount.ForceMount(device, target, mType, options); err != nil {
		return err
	}

	return nil
}
示例#4
0
func Execv(cmd string, args []string, env []string) error {
	name, err := exec.LookPath(cmd)
	if err != nil {
		return err
	}

	log.Debug("execv", name, args)

	return syscall.Exec(name, args, env)
}
示例#5
0
文件: osutil.go 项目: yuuki/droot
// Symlink, but ignore already exists file.
func Symlink(oldname, newname string) error {
	log.Debug("symlink", oldname, newname)
	if err := os.Symlink(oldname, newname); err != nil {
		// Ignore already created symlink
		if _, ok := err.(*os.LinkError); !ok {
			log.Debugf("Failed to symlink %s %s: %s", oldname, newname, err)
			return err
		}
	}
	return nil
}
示例#6
0
文件: osutil.go 项目: yuuki/droot
func Chroot(rootDir string) error {
	log.Debug("chroot", rootDir)

	if err := unix.Chroot(rootDir); err != nil {
		return err
	}
	if err := unix.Chdir("/"); err != nil {
		return err
	}

	return nil
}
示例#7
0
文件: mount.go 项目: yuuki/droot
func (m *Mounter) UmountRoot() error {
	mounts, err := m.GetMountsRoot()
	if err != nil {
		return err
	}

	for _, mo := range mounts {
		if err := mount.Unmount(mo.Mountpoint); err != nil {
			return err
		}
		log.Debug("umount:", mo.Mountpoint)
	}

	return nil
}
示例#8
0
文件: osutil.go 项目: yuuki/droot
func MountIfNotMounted(device, target, mType, options string) error {
	mounted, err := mount.Mounted(target)
	if err != nil {
		return err
	}

	if !mounted {
		log.Debug("mount", device, target, mType, options)
		if err := mount.Mount(device, target, mType, options); err != nil {
			return err
		}
	}

	return nil
}