Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
anbox
提交
917baf45
A
anbox
项目概览
openeuler
/
anbox
通知
24
Star
1
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
A
anbox
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
917baf45
编写于
9月 17, 2016
作者:
S
Simon Fels
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove old source which we don't need anymore
上级
48839a9e
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
0 addition
and
455 deletion
+0
-455
src/anbox/id_map_writer.cpp
src/anbox/id_map_writer.cpp
+0
-282
src/anbox/id_map_writer.h
src/anbox/id_map_writer.h
+0
-43
src/anbox/namespace_attacher.cpp
src/anbox/namespace_attacher.cpp
+0
-81
src/anbox/namespace_attacher.h
src/anbox/namespace_attacher.h
+0
-49
未找到文件。
src/anbox/id_map_writer.cpp
已删除
100644 → 0
浏览文件 @
48839a9e
/*
* Copyright (C) 2016 Simon Fels <morphis@gravedo.de>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 3, as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranties of
* MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#include "anbox/id_map_writer.h"
#include "anbox/not_reachable.h"
#include "anbox/utils.h"
#include <fstream>
#include <sstream>
#include <boost/filesystem.hpp>
#include <boost/format.hpp>
#include <pwd.h>
namespace
fs
=
boost
::
filesystem
;
#define getid(type) ((unsigned) ((type) == GID ? getgid() : getuid()))
#define idfile(type) ((type) == GID ? "gid_map" : "uid_map")
#define idname(type) ((type) == GID ? "GID" : "UID")
#define subpath(type) ((type) == GID ? "/etc/subgid" : "/etc/subuid")
namespace
{
char
*
append
(
char
**
destination
,
const
char
*
format
,
...)
{
char
*
extra
,
*
result
;
va_list
args
;
va_start
(
args
,
format
);
if
(
vasprintf
(
&
extra
,
format
,
args
)
<
0
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
va_end
(
args
);
if
(
*
destination
==
NULL
)
{
*
destination
=
extra
;
return
extra
;
}
if
(
asprintf
(
&
result
,
"%s%s"
,
*
destination
,
extra
)
<
0
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
free
(
*
destination
);
free
(
extra
);
*
destination
=
result
;
return
result
;
}
char
*
string
(
const
char
*
format
,
...)
{
char
*
result
;
va_list
args
;
va_start
(
args
,
format
);
if
(
vasprintf
(
&
result
,
format
,
args
)
<
0
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
va_end
(
args
);
return
result
;
}
static
char
*
getmap
(
pid_t
pid
,
int
type
)
{
char
*
line
=
NULL
,
*
result
=
NULL
,
*
path
;
size_t
size
;
unsigned
count
,
first
,
lower
;
FILE
*
file
;
if
(
pid
==
-
1
)
path
=
string
(
"/proc/self/%s"
,
idfile
(
type
));
else
path
=
string
(
"/proc/%d/%s"
,
pid
,
idfile
(
type
));
if
(
!
(
file
=
fopen
(
path
,
"r"
)))
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
while
(
getline
(
&
line
,
&
size
,
file
)
>=
0
)
{
if
(
sscanf
(
line
,
" %u %u %u"
,
&
first
,
&
lower
,
&
count
)
!=
3
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
append
(
&
result
,
"%s%u:%u:%u"
,
result
?
","
:
""
,
first
,
lower
,
count
);
}
if
(
!
result
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
fclose
(
file
);
free
(
line
);
free
(
path
);
return
result
;
}
static
char
*
mapitem
(
char
*
map
,
unsigned
*
first
,
unsigned
*
lower
,
unsigned
*
count
)
{
ssize_t
skip
;
while
(
map
&&
*
map
&&
strchr
(
",;"
,
*
map
))
map
++
;
if
(
map
==
NULL
||
*
map
==
'\0'
)
return
NULL
;
if
(
sscanf
(
map
,
"%u:%u:%u%zn"
,
first
,
lower
,
count
,
&
skip
)
<
3
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
return
map
+
skip
;
}
static
char
*
rangeitem
(
char
*
range
,
unsigned
*
start
,
unsigned
*
length
)
{
ssize_t
skip
;
while
(
range
&&
*
range
&&
strchr
(
",;"
,
*
range
))
range
++
;
if
(
range
==
NULL
||
*
range
==
'\0'
)
return
NULL
;
if
(
sscanf
(
range
,
"%u:%u%zn"
,
start
,
length
,
&
skip
)
<
2
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
return
range
+
skip
;
}
static
char
*
readranges
(
int
type
)
{
char
*
line
=
NULL
,
*
range
,
*
user
;
size_t
end
,
size
;
struct
passwd
*
passwd
;
unsigned
length
,
start
;
FILE
*
file
;
range
=
string
(
"%u:1"
,
getid
(
type
));
if
(
!
(
file
=
fopen
(
subpath
(
type
),
"r"
)))
return
range
;
user
=
getenv
(
"USER"
);
user
=
user
?
user
:
getenv
(
"LOGNAME"
);
user
=
user
?
user
:
getlogin
();
if
(
!
user
||
!
(
passwd
=
getpwnam
(
user
))
||
passwd
->
pw_uid
!=
getuid
())
{
if
(
!
(
passwd
=
getpwuid
(
getuid
())))
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
""
));
user
=
passwd
->
pw_name
;
}
endpwent
();
while
(
getline
(
&
line
,
&
size
,
file
)
>=
0
)
{
if
(
strncmp
(
line
,
user
,
strlen
(
user
)))
continue
;
if
(
sscanf
(
line
+
strlen
(
user
),
":%u:%u%zn"
,
&
start
,
&
length
,
&
end
)
<
2
)
continue
;
if
(
strchr
(
":
\n
"
,
line
[
end
+
strlen
(
user
)
+
1
]))
append
(
&
range
,
",%u:%u"
,
start
,
length
);
}
free
(
line
);
fclose
(
file
);
return
range
;
}
static
char
*
rootdefault
(
int
type
)
{
char
*
cursor
,
*
map
,
*
result
;
unsigned
count
,
first
,
last
=
INVALID
,
lower
;
cursor
=
map
=
getmap
(
-
1
,
type
);
while
((
cursor
=
mapitem
(
cursor
,
&
first
,
&
lower
,
&
count
)))
if
(
last
==
INVALID
||
last
<
first
+
count
-
1
)
last
=
first
+
count
-
1
;
result
=
string
(
"0:%u:1"
,
last
);
cursor
=
map
;
while
((
cursor
=
mapitem
(
cursor
,
&
first
,
&
lower
,
&
count
)))
{
if
(
first
==
0
)
{
if
(
count
==
1
&&
first
>=
last
)
error
(
1
,
0
,
"No unprivileged %s available
\n
"
,
idname
(
type
));
first
++
,
lower
++
,
count
--
;
}
if
(
last
<=
first
+
count
-
1
&&
count
>
0
)
count
--
;
if
(
count
>
0
)
append
(
&
result
,
"%s%u:%u:%u"
,
result
?
","
:
""
,
first
,
first
,
count
);
}
free
(
map
);
return
result
;
}
static
char
*
userdefault
(
int
type
)
{
char
*
cursor
,
*
map
,
*
range
,
*
result
=
NULL
;
unsigned
count
,
first
,
index
=
0
,
length
,
lower
,
start
;
if
(
geteuid
()
!=
0
)
return
string
(
"0:%u:1"
,
getid
(
type
));
map
=
getmap
(
-
1
,
type
);
range
=
readranges
(
type
);
while
((
range
=
rangeitem
(
range
,
&
start
,
&
length
)))
{
cursor
=
map
;
while
((
cursor
=
mapitem
(
cursor
,
&
first
,
&
lower
,
&
count
)))
{
if
(
start
+
length
<=
first
||
first
+
count
<=
start
)
continue
;
if
(
first
+
count
<
start
+
length
)
length
=
start
-
first
+
count
;
if
(
start
<
first
)
{
index
+=
first
-
start
;
length
-=
first
-
start
;
start
=
first
;
}
append
(
&
result
,
"%s%u:%u:%u"
,
result
?
","
:
""
,
index
,
start
,
length
);
index
+=
length
;
}
}
free
(
map
);
free
(
range
);
return
result
;
}
static
void
validate
(
char
*
range
,
unsigned
first
,
unsigned
count
)
{
unsigned
length
,
start
;
while
((
range
=
rangeitem
(
range
,
&
start
,
&
length
)))
if
(
first
<
start
+
length
&&
start
<
first
+
count
)
{
if
(
first
<
start
)
validate
(
range
,
first
,
start
-
first
);
if
(
first
+
count
>
start
+
length
)
validate
(
range
,
start
+
length
,
first
+
count
-
start
-
length
);
return
;
}
error
(
1
,
0
,
"Cannot map onto IDs that are not delegated to you"
);
}
static
void
verifymap
(
char
*
map
,
char
*
range
)
{
unsigned
count
,
first
,
lower
;
while
((
map
=
mapitem
(
map
,
&
first
,
&
lower
,
&
count
)))
validate
(
range
,
lower
,
count
);
}
static
void
writemap
(
pid_t
pid
,
int
type
,
char
*
map
)
{
char
*
path
,
*
range
,
*
text
=
NULL
;
int
fd
;
unsigned
count
,
first
,
lower
;
if
(
!
map
)
{
map
=
(
getuid
()
==
0
?
rootdefault
:
userdefault
)(
type
);
}
else
if
(
getuid
()
!=
0
)
{
range
=
readranges
(
type
);
verifymap
(
map
,
range
);
free
(
range
);
}
while
((
map
=
mapitem
(
map
,
&
first
,
&
lower
,
&
count
)))
append
(
&
text
,
"%u %u %u
\n
"
,
first
,
lower
,
count
);
path
=
string
(
"/proc/%d/%s"
,
pid
,
idfile
(
type
));
if
((
fd
=
open
(
path
,
O_WRONLY
))
<
0
)
error
(
1
,
0
,
"Failed to set container %s map"
,
idname
(
type
));
else
if
(
write
(
fd
,
text
,
strlen
(
text
))
!=
(
ssize_t
)
strlen
(
text
))
error
(
1
,
0
,
"Failed to set container %s map"
,
idname
(
type
));
close
(
fd
);
free
(
path
);
free
(
text
);
}
}
namespace
anbox
{
IdMapWriter
::
IdMapWriter
(
const
Type
&
type
,
const
pid_t
&
pid
)
:
type_
(
type
),
pid_
(
pid
)
{
}
IdMapWriter
::~
IdMapWriter
()
{
}
void
IdMapWriter
::
apply
()
{
const
auto
map
=
retrieve_mappings
();
}
}
// namespace anbox
src/anbox/id_map_writer.h
已删除
100644 → 0
浏览文件 @
48839a9e
/*
* Copyright (C) 2016 Simon Fels <morphis@gravedo.de>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 3, as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranties of
* MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef ANBOX_ID_MAP_WRITER_H_
#define ANBOX_ID_MAP_WRITER_H_
#include <vector>
#include <boost/filesystem.hpp>
namespace
anbox
{
class
IdMapWriter
{
public:
enum
class
Type
{
UID
,
GID
};
IdMapWriter
(
const
Type
&
type
,
const
pid_t
&
pid
=
-
1
);
~
IdMapWriter
();
void
apply
();
private:
Type
type_
;
pid_t
pid_
;
};
}
// namespace anbox
#endif
src/anbox/namespace_attacher.cpp
已删除
100644 → 0
浏览文件 @
48839a9e
/*
* Copyright (C) 2016 Simon Fels <morphis@gravedo.de>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 3, as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranties of
* MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#include "anbox/namespace_attacher.h"
#include "anbox/utils.h"
#include <boost/throw_exception.hpp>
#include <boost/filesystem.hpp>
#include <unistd.h>
#include <fcntl.h>
namespace
fs
=
boost
::
filesystem
;
namespace
anbox
{
std
::
string
NamespaceAttacher
::
ns_type_to_string
(
NamespaceType
type
)
{
switch
(
type
)
{
case
NamespaceType
::
user
:
return
"user"
;
case
NamespaceType
::
pid
:
return
"pid"
;
case
NamespaceType
::
uts
:
return
"uts"
;
case
NamespaceType
::
mount
:
return
"mnt"
;
case
NamespaceType
::
ipc
:
return
"ipc"
;
case
NamespaceType
::
net
:
return
"net"
;
default:
break
;
}
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
"Unknown namespace type"
));
}
NamespaceAttacher
::
NamespaceAttacher
(
const
std
::
vector
<
NamespaceType
>
&
types
,
pid_t
pid
)
:
pid_
(
pid
)
{
attach
(
types
);
}
NamespaceAttacher
::~
NamespaceAttacher
()
{
}
void
NamespaceAttacher
::
attach
(
const
std
::
vector
<
NamespaceType
>
&
types
)
{
std
::
vector
<
int
>
fds
;
for
(
const
auto
&
type
:
types
)
{
const
auto
path
=
anbox
::
utils
::
string_format
(
"/proc/%lu/ns/%s"
,
pid_
,
ns_type_to_string
(
type
));
if
(
!
fs
::
exists
(
fs
::
path
(
path
)))
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
"Failed to open namespace file"
));
const
auto
fd
=
::
open
(
path
.
c_str
(),
O_RDONLY
);
if
(
fd
<
0
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
"Failed to open namespace file"
));
fds
.
push_back
(
fd
);
}
for
(
const
auto
&
fd
:
fds
)
{
if
(
::
setns
(
fd
,
0
)
==
-
1
)
BOOST_THROW_EXCEPTION
(
std
::
runtime_error
(
"Could not attach to namespace"
));
::
close
(
fd
);
}
}
}
// namespace anbox
src/anbox/namespace_attacher.h
已删除
100644 → 0
浏览文件 @
48839a9e
/*
* Copyright (C) 2016 Simon Fels <morphis@gravedo.de>
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 3, as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranties of
* MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
* PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef ANBOX_NAMESPACE_ATTACHER_H_
#define ANBOX_NAMESPACE_ATTACHER_H_
#include <memory>
#include <vector>
#include <string>
namespace
anbox
{
enum
class
NamespaceType
{
user
,
pid
,
uts
,
mount
,
ipc
,
net
,
};
class
NamespaceAttacher
{
public:
static
std
::
string
ns_type_to_string
(
NamespaceType
type
);
NamespaceAttacher
(
const
std
::
vector
<
NamespaceType
>
&
types
,
pid_t
pid
);
~
NamespaceAttacher
();
private:
void
attach
(
const
std
::
vector
<
NamespaceType
>
&
types
);
pid_t
pid_
;
};
}
// namespace
#endif
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录