hrr_rb_lxns 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/hrr_rb_lxns.rb +51 -72
- data/lib/hrr_rb_lxns/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 868082dbf4148772707fa2b6933b4f2711e944bb89100ed1e7b2ddb095dc6731
|
4
|
+
data.tar.gz: 5ae7eba8c9512417992e32cb1fa0cf0f5194d46257c253a56a3e72d77c984d50
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0561e4d528bf1e37bb54ce1f9fd006ef4b78c6ffac1365775c635342ceaeb669bedd1d9928e4bd290f9883062504470ef4539513ffd39ef61212e73d5788cd8a
|
7
|
+
data.tar.gz: a57b893e2ccd416ff8e2acd5033a95ce54f17ed63c338c2fca22364e438505d420080a36078ae83ad7a361e49e16988eec333c00f54aefd02e1a7c240d68428a
|
data/lib/hrr_rb_lxns.rb
CHANGED
@@ -10,6 +10,17 @@ module HrrRbLxns
|
|
10
10
|
module Constants
|
11
11
|
end
|
12
12
|
|
13
|
+
@@namespaces = Hash.new
|
14
|
+
@@namespaces["mnt"] = {char: "m", flag: NEWNS, key: :mount, file_to_bind: "mnt" }.freeze if const_defined? :NEWNS
|
15
|
+
@@namespaces["uts"] = {char: "u", flag: NEWUTS, key: :uts, file_to_bind: "uts" }.freeze if const_defined? :NEWUTS
|
16
|
+
@@namespaces["ipc"] = {char: "i", flag: NEWIPC, key: :ipc, file_to_bind: "ipc" }.freeze if const_defined? :NEWIPC
|
17
|
+
@@namespaces["net"] = {char: "n", flag: NEWNET, key: :network, file_to_bind: "net" }.freeze if const_defined? :NEWNET
|
18
|
+
@@namespaces["pid"] = {char: "p", flag: NEWPID, key: :pid, file_to_bind: "pid_for_children" }.freeze if const_defined? :NEWPID
|
19
|
+
@@namespaces["user"] = {char: "U", flag: NEWUSER, key: :user, file_to_bind: "user" }.freeze if const_defined? :NEWUSER
|
20
|
+
@@namespaces["cgroup"] = {char: "C", flag: NEWCGROUP, key: :cgroup, file_to_bind: "cgroup" }.freeze if const_defined? :NEWCGROUP
|
21
|
+
@@namespaces["time"] = {char: "T", flag: NEWTIME, key: :time, file_to_bind: "time_for_children"}.freeze if const_defined? :NEWTIME
|
22
|
+
@@namespaces.freeze
|
23
|
+
|
13
24
|
# Collects namespace files information in /proc/PID/ns/ directory of a process.
|
14
25
|
#
|
15
26
|
# @example
|
@@ -137,6 +148,10 @@ module HrrRbLxns
|
|
137
148
|
|
138
149
|
private
|
139
150
|
|
151
|
+
def self.namespaces
|
152
|
+
@@namespaces
|
153
|
+
end
|
154
|
+
|
140
155
|
def self.interpret_flags arg
|
141
156
|
case arg
|
142
157
|
when Integer
|
@@ -150,33 +165,17 @@ module HrrRbLxns
|
|
150
165
|
end
|
151
166
|
|
152
167
|
def self.check_flags flags
|
153
|
-
|
154
|
-
valid_flags += NEWIPC if const_defined?(:NEWIPC)
|
155
|
-
valid_flags += NEWNS if const_defined?(:NEWNS)
|
156
|
-
valid_flags += NEWNET if const_defined?(:NEWNET)
|
157
|
-
valid_flags += NEWPID if const_defined?(:NEWPID)
|
158
|
-
valid_flags += NEWUTS if const_defined?(:NEWUTS)
|
159
|
-
valid_flags += NEWUSER if const_defined?(:NEWUSER)
|
160
|
-
valid_flags += NEWCGROUP if const_defined?(:NEWCGROUP)
|
161
|
-
valid_flags += NEWTIME if const_defined?(:NEWTIME)
|
162
|
-
unless (flags - (flags & valid_flags)).zero?
|
168
|
+
unless (flags - (flags & namespaces.map{|_,v| v[:flag]}.inject(:+))).zero?
|
163
169
|
raise ArgumentError, "unsupported flags are set"
|
164
170
|
end
|
165
171
|
end
|
166
172
|
|
167
173
|
def self.chars_to_flags chars
|
168
|
-
chars.
|
169
|
-
|
170
|
-
|
171
|
-
elsif c == "n" && const_defined?(:NEWNET) then f | NEWNET
|
172
|
-
elsif c == "p" && const_defined?(:NEWPID) then f | NEWPID
|
173
|
-
elsif c == "u" && const_defined?(:NEWUTS) then f | NEWUTS
|
174
|
-
elsif c == "U" && const_defined?(:NEWUSER) then f | NEWUSER
|
175
|
-
elsif c == "C" && const_defined?(:NEWCGROUP) then f | NEWCGROUP
|
176
|
-
elsif c == "T" && const_defined?(:NEWTIME) then f | NEWTIME
|
177
|
-
else raise ArgumentError, "unsupported flag charactor: #{c.inspect}"
|
178
|
-
end
|
174
|
+
invalid_chars = chars.chars - namespaces.map{|_,v| v[:char]}
|
175
|
+
unless invalid_chars.empty?
|
176
|
+
raise ArgumentError, "unsupported flag charactor: #{invalid_chars.inspect}"
|
179
177
|
end
|
178
|
+
namespaces.select{|_,v| chars.include?(v[:char])}.map{|_,v| v[:flag]}.inject(0){|lsum,flag| lsum | flag}
|
180
179
|
end
|
181
180
|
|
182
181
|
def self.fork? options
|
@@ -184,16 +183,7 @@ module HrrRbLxns
|
|
184
183
|
end
|
185
184
|
|
186
185
|
def self.bind_ns_files? options
|
187
|
-
|
188
|
-
list.push :ipc if const_defined?(:NEWIPC)
|
189
|
-
list.push :mount if const_defined?(:NEWNS)
|
190
|
-
list.push :network if const_defined?(:NEWNET)
|
191
|
-
list.push :pid if const_defined?(:NEWPID)
|
192
|
-
list.push :uts if const_defined?(:NEWUTS)
|
193
|
-
list.push :user if const_defined?(:NEWUSER)
|
194
|
-
list.push :cgroup if const_defined?(:NEWCGROUP)
|
195
|
-
list.push :time if const_defined?(:NEWTIME)
|
196
|
-
(list & options.keys).empty?.!
|
186
|
+
(namespaces.map{|_,v| v[:key]} & options.keys).empty?.!
|
197
187
|
end
|
198
188
|
|
199
189
|
# In some cases, namespace files need to be created by an external process.
|
@@ -201,18 +191,35 @@ module HrrRbLxns
|
|
201
191
|
def self.bind_ns_files_from_child flags, options
|
202
192
|
if bind_ns_files? options
|
203
193
|
pid_to_bind = Process.pid
|
204
|
-
|
205
|
-
begin
|
206
|
-
io_r, io_w = IO.pipe
|
194
|
+
IO.pipe do |io_r, io_w|
|
207
195
|
if pid = fork
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
196
|
+
begin
|
197
|
+
ret = yield
|
198
|
+
rescue Exception
|
199
|
+
Process.kill "KILL", pid
|
212
200
|
Process.waitpid pid
|
213
|
-
raise
|
201
|
+
raise
|
202
|
+
else
|
203
|
+
IO.pipe do |io2_r, io2_w|
|
204
|
+
if ret
|
205
|
+
io_w.write "1"
|
206
|
+
io_w.close
|
207
|
+
Process.waitpid pid
|
208
|
+
unless $?.to_i.zero?
|
209
|
+
if ret > 0
|
210
|
+
Process.kill "KILL", ret
|
211
|
+
Process.waitpid ret
|
212
|
+
end
|
213
|
+
raise Marshal.load(io_r.read) unless $?.to_i.zero?
|
214
|
+
end
|
215
|
+
else
|
216
|
+
io_w.close
|
217
|
+
io2_w.close
|
218
|
+
io2_r.read
|
219
|
+
end
|
220
|
+
end
|
221
|
+
ret
|
214
222
|
end
|
215
|
-
ret
|
216
223
|
else
|
217
224
|
begin
|
218
225
|
io_r.read 1
|
@@ -224,16 +231,6 @@ module HrrRbLxns
|
|
224
231
|
exit! true
|
225
232
|
end
|
226
233
|
end
|
227
|
-
ensure
|
228
|
-
io_w.write "1" rescue nil # just in case getting an error before io_w.write
|
229
|
-
io_w.close rescue nil
|
230
|
-
io_r.close rescue nil
|
231
|
-
if pid_to_bind == Process.pid
|
232
|
-
begin
|
233
|
-
Process.waitpid pid
|
234
|
-
rescue Errno::ECHILD
|
235
|
-
end
|
236
|
-
end
|
237
234
|
end
|
238
235
|
else
|
239
236
|
yield
|
@@ -241,16 +238,7 @@ module HrrRbLxns
|
|
241
238
|
end
|
242
239
|
|
243
240
|
def self.bind_ns_files flags, options, pid
|
244
|
-
|
245
|
-
list.push ["ipc", NEWIPC, :ipc ] if const_defined?(:NEWIPC)
|
246
|
-
list.push ["mnt", NEWNS, :mount ] if const_defined?(:NEWNS)
|
247
|
-
list.push ["net", NEWNET, :network] if const_defined?(:NEWNET)
|
248
|
-
list.push ["pid_for_children", NEWPID, :pid ] if const_defined?(:NEWPID)
|
249
|
-
list.push ["uts", NEWUTS, :uts ] if const_defined?(:NEWUTS)
|
250
|
-
list.push ["user", NEWUSER, :user ] if const_defined?(:NEWUSER)
|
251
|
-
list.push ["cgroup", NEWCGROUP, :cgroup ] if const_defined?(:NEWCGROUP)
|
252
|
-
list.push ["time_for_children", NEWTIME, :time ] if const_defined?(:NEWTIME)
|
253
|
-
list.each do |name, flag, key|
|
241
|
+
namespaces.map{|_,v| [v[:file_to_bind], v[:flag], v[:key]]}.each do |name, flag, key|
|
254
242
|
if (flags & flag).zero?.! && options[key]
|
255
243
|
HrrRbMount.bind "/proc/#{pid}/ns/#{name}", options[key]
|
256
244
|
end
|
@@ -258,7 +246,7 @@ module HrrRbLxns
|
|
258
246
|
end
|
259
247
|
|
260
248
|
def self.map_uid_gid? flags, options
|
261
|
-
|
249
|
+
(flags & namespaces.fetch("user", {}).fetch(:flag, 0)).zero?.! && (options.has_key?(:map_uid) || options.has_key?(:map_gid))
|
262
250
|
end
|
263
251
|
|
264
252
|
# This method calls fork and the child process writes into /proc/PID/uid_map, /proc/PID/gid_map, and /proc/PID/setgroups.
|
@@ -337,7 +325,7 @@ module HrrRbLxns
|
|
337
325
|
end
|
338
326
|
|
339
327
|
def self.set_timens_offsets? flags, options
|
340
|
-
|
328
|
+
(flags & namespaces.fetch("time", {}).fetch(:flag, 0)).zero?.! && (options.has_key?(:monotonic) || options.has_key?(:boottime))
|
341
329
|
end
|
342
330
|
|
343
331
|
def self.set_timens_offsets(flags, options)
|
@@ -387,17 +375,8 @@ module HrrRbLxns
|
|
387
375
|
end
|
388
376
|
|
389
377
|
def self.get_nstype_file_h flags, pid, options
|
390
|
-
list = Array.new
|
391
|
-
list.push ["ipc", NEWIPC, :ipc ] if const_defined?(:NEWIPC)
|
392
|
-
list.push ["mnt", NEWNS, :mount ] if const_defined?(:NEWNS)
|
393
|
-
list.push ["net", NEWNET, :network] if const_defined?(:NEWNET)
|
394
|
-
list.push ["pid", NEWPID, :pid ] if const_defined?(:NEWPID)
|
395
|
-
list.push ["uts", NEWUTS, :uts ] if const_defined?(:NEWUTS)
|
396
|
-
list.push ["user", NEWUSER, :user ] if const_defined?(:NEWUSER)
|
397
|
-
list.push ["cgroup", NEWCGROUP, :cgroup ] if const_defined?(:NEWCGROUP)
|
398
|
-
list.push ["time", NEWTIME, :time ] if const_defined?(:NEWTIME)
|
399
378
|
nstype_file_h = Hash.new
|
400
|
-
|
379
|
+
namespaces.map{|k,v| [k, v[:flag], v[:key]]}.each do |name, flag, key|
|
401
380
|
file = get_file name, (flags & flag), pid, key, options[key]
|
402
381
|
nstype_file_h[flag] = file if file
|
403
382
|
end
|
data/lib/hrr_rb_lxns/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hrr_rb_lxns
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- hirura
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-05-
|
11
|
+
date: 2020-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: hrr_rb_mount
|