Package::Package(std::string package_file) : mPackagePath(package_file) { setupWorkdir(); readPackageFile(package_file); }
int main(int argc, char *argv[]) { char *execname; /* * We write the log to stderr and expect cn-agent to log/parse the output. * It can know that dockerexec finished when it sees either a line that * starts with: * * <timestamp> FATAL * * or: * * <timestamp> EXEC * * the former indicating that we failed and the latter that the next action * will be execve(). */ log_stream = stderr; if (argc < 2) { fatal(ERR_NO_COMMAND, "no command specified on cmdline, argc: %d\n", argc); } /* NOTE: all of these will call fatal() if there's a problem */ getUserGroupData(); setupWorkdir(); buildCmdEnv(); /* cleanup mess from mdata-client */ close(4); /* /dev/urandom from mdata-client */ close(5); /* event port from mdata-client */ close(6); /* /native/.zonecontrol/metadata.sock from mdata-client */ /* TODO: ensure we cleaned up everything else mdata created for us */ // TODO: close any descriptors which are not to be attached to this // exec cmd? Or let the zlogin caller deal with that? dlog("DROP PRIVS\n"); if (grp != NULL) { if (setgid(grp->gr_gid) != 0) { fatal(ERR_SETGID, "setgid(%d): %s\n", grp->gr_gid, strerror(errno)); } } if (pwd != NULL) { if (initgroups(pwd->pw_name, grp->gr_gid) != 0) { fatal(ERR_INITGROUPS, "initgroups(%s,%d): %s\n", pwd->pw_name, grp->gr_gid, strerror(errno)); } if (setuid(pwd->pw_uid) != 0) { fatal(ERR_SETUID, "setuid(%d): %s\n", pwd->pw_uid, strerror(errno)); } } // find execname from argv[1] (w/ path), then execute it. execname = execName(argv[1]); // calls fatal() if fails // Message for cn-agent that dockerexec is done and child should start // now. dlog("EXEC\n"); execve(execname, argv+1, env); // If execve() has failed, this next message should go to the user since // stdout and stderr should now be connected to them. fatal(ERR_EXEC_FAILED, "execve(%s) failed: %s\n", argv[1], strerror(errno)); /* NOTREACHED */ abort(); }
Package::Package() { setupWorkdir(); }