Merge pull request #57 from morphis/f/hide-container-mgr-cmd

Hide container-manager command and print out a warning when not called as root

Merge pull request #57 from morphis/f/hide-container-mgr-cmd
Hide container-manager command and print out a warning when not called as root
120bd079 · Simon Fels · GitHub · 9e517f1f · b33e0e78 · 120bd079
隐藏空白更改
内联并排

Showing with 23 addition and 10 deletion

src/anbox/cli.cpp src/anbox/cli.cpp +7 -5

src/anbox/cli.h src/anbox/cli.h +8 -4

src/anbox/cmds/container_manager.cpp src/anbox/cmds/container_manager.cpp +8 -1

未找到文件。
--- a/src/anbox/cli.cpp
+++ b/src/anbox/cli.cpp
@@ -78,9 +78,11 @@ cli::Usage cli::Command::usage() const { return usage_; }

 cli::Description cli::Command::description() const { return description_; }

+bool cli::Command::hidden() const { return hidden_; }
+
 cli::Command::Command(const cli::Name& name, const cli::Usage& usage,
-                      const cli::Description& description)
-    : name_(name), usage_(usage), description_(description) {}
+                      const cli::Description& description, bool hidden)
+    : name_(name), usage_(usage), description_(description), hidden_(hidden) {}

 cli::CommandWithSubcommands::CommandWithSubcommands(
    const Name& name, const Usage& usage, const Description& description)
@@ -117,7 +119,7 @@ void cli::CommandWithSubcommands::help(std::ostream& out) {
    out << std::endl
        << pattern::commands << std::endl;
    for (const auto& cmd : commands_) {
-      if (cmd.second)
+      if (cmd.second && !cmd.second->hidden())
        out << boost::format(pattern::command) % cmd.second->name() %
                   cmd.second->description()
            << std::endl;
@@ -168,8 +170,8 @@ int cli::CommandWithSubcommands::run(const cli::Command::Context& ctxt) {
 }

 cli::CommandWithFlagsAndAction::CommandWithFlagsAndAction(
-    const Name& name, const Usage& usage, const Description& description)
-    : Command{name, usage, description} {}
+    const Name& name, const Usage& usage, const Description& description, bool hidden)
+    : Command{name, usage, description, hidden} {}

 cli::CommandWithFlagsAndAction& cli::CommandWithFlagsAndAction::flag(
    const Flag::Ptr& flag) {

--- a/src/anbox/cli.h
+++ b/src/anbox/cli.h
@@ -243,6 +243,9 @@ class Command : public DoNotCopyOrMove {
  /// @brief description returns a longer string explaining the command.
  virtual Description description() const;

+  /// @brief hidden returns if the command is hidden from the user or not.
+  virtual bool hidden() const;
+
  /// @brief run puts the command to execution.
  virtual int run(const Context& context) = 0;

@@ -252,7 +255,7 @@ class Command : public DoNotCopyOrMove {
 protected:
  /// @brief Command initializes a new instance with the given name, usage and
  /// description.
-  Command(const Name& name, const Usage& usage, const Description& description);
+  Command(const Name& name, const Usage& usage, const Description& description, bool hidden = false);

  /// @brief name adjusts the name of the command to n.
  // virtual void name(const Name& n);
@@ -265,6 +268,7 @@ class Command : public DoNotCopyOrMove {
  Name name_;
  Usage usage_;
  Description description_;
+  bool hidden_;
 };

 /// @brief CommandWithSubcommands implements Command, selecting one of a set of
@@ -275,7 +279,7 @@ class CommandWithSubcommands : public Command {
  typedef std::function<int(const Context&)> Action;

  /// @brief CommandWithSubcommands initializes a new instance with the given
-  /// name, usage and description
+  /// name, usage and description.
  CommandWithSubcommands(const Name& name, const Usage& usage,
                         const Description& description);

@@ -302,9 +306,9 @@ class CommandWithFlagsAndAction : public Command {
  typedef std::function<int(const Context&)> Action;

  /// @brief CommandWithFlagsAndAction initializes a new instance with the given
-  /// name, usage and description
+  /// name, usage and description. Optionally the command can be marked as hidden.
  CommandWithFlagsAndAction(const Name& name, const Usage& usage,
-                            const Description& description);
+                            const Description& description, bool hidden = false);

  /// @brief flag adds the given flag to the set of known flags.
  CommandWithFlagsAndAction& flag(const Flag::Ptr& flag);

--- a/src/anbox/cmds/container_manager.cpp
+++ b/src/anbox/cmds/container_manager.cpp
@@ -37,7 +37,7 @@ constexpr unsigned int unprivileged_user_id{100000};
 anbox::cmds::ContainerManager::ContainerManager()
    : CommandWithFlagsAndAction{
          cli::Name{"container-manager"}, cli::Usage{"container-manager"},
-          cli::Description{"Start the container manager service"}} {
+          cli::Description{"Start the container manager service"}, true} {

  flag(cli::make_flag(cli::Name{"android-image"},
                      cli::Description{"Path to the Android rootfs image file if not stored in the data path"},
@@ -51,6 +51,13 @@ anbox::cmds::ContainerManager::ContainerManager()

  action([&](const cli::Command::Context&) {
    try {
+      if (getuid() != 0) {
+        ERROR("You're not running the container-manager as root. Generally you don't");
+        ERROR("want to run the container-manager manually unless you're a developer");
+        ERROR("as it is started by the init system of your operating system.");
+        return EXIT_FAILURE;
+      }
+
      auto trap = core::posix::trap_signals_for_process(
          {core::posix::Signal::sig_term, core::posix::Signal::sig_int});
      trap->signal_raised().connect([trap](const core::posix::Signal& signal) {