C++ (Cpp) singularity_config_rewind Examples

Example #1

0

Show file

int singularity_ns_ipc_unshare(void) {

    singularity_config_rewind();
    if ( singularity_config_get_bool("allow ipc ns", 1) <= 0 ) {
        singularity_message(VERBOSE2, "Not virtualizing IPC namespace by configuration\n");
        return(0);
    }

    if ( envar_defined("SINGULARITY_UNSHARE_IPC") == FALSE ) {
        singularity_message(VERBOSE2, "Not virtualizing IPC namespace on user request\n");
        return(0);
    }

#ifdef NS_CLONE_NEWIPC
    singularity_message(DEBUG, "Using IPC namespace: CLONE_NEWIPC\n");
    singularity_priv_escalate();
    singularity_message(DEBUG, "Virtualizing IPC namespace\n");
    if ( unshare(CLONE_NEWIPC) < 0 ) {
        singularity_message(ERROR, "Could not virtualize IPC namespace: %s\n", strerror(errno));
        ABORT(255);
    }
    singularity_priv_drop();
    enabled = 0;

#else
    singularity_message(WARNING, "Skipping IPC namespace creation, support not available on host\n");
    return(0);
#endif

    return(0);
}

Example #2

0

Show file

File: tmp.c Project: kellyrowland/singularity

int singularity_mount_tmp(void) {
    char *container_dir = singularity_rootfs_dir();
    char *tmp_source;
    char *vartmp_source;
    char *tmpdirpath;

    singularity_config_rewind();
    if ( singularity_config_get_bool("mount tmp", 1) <= 0 ) {
        singularity_message(VERBOSE, "Skipping tmp dir mounting (per config)\n");
        return(0);
    }

    if ( ( tmpdirpath = getenv("SINGULARITY_WORKDIR") ) != NULL ) { // Flawfinder: ignore
        singularity_config_rewind();
        if ( singularity_config_get_bool("user bind control", 1) <= 0 ) {
            singularity_message(ERROR, "User bind control is disabled by system administrator\n");
            ABORT(5);
        }
        tmp_source = joinpath(tmpdirpath, "/tmp");
        vartmp_source = joinpath(tmpdirpath, "/var_tmp");
    } else if ( getenv("SINGULARITY_CONTAIN") != NULL ) { // Flawfinder: ignore
        char *sessiondir = singularity_sessiondir_get();
        tmp_source = joinpath(sessiondir, "/tmp");
        vartmp_source = joinpath(sessiondir, "/var_tmp");
    } else {
        tmp_source = strdup("/tmp");
        vartmp_source = strdup("/var/tmp");
    }

    if ( s_mkpath(tmp_source, 0755) < 0 ) {
        singularity_message(ERROR, "Could not create tmp directory %s: %s\n", tmp_source, strerror(errno));
        ABORT(255);
    }
    if ( s_mkpath(vartmp_source, 0755) < 0 ) {
        singularity_message(ERROR, "Could not create vartmp directory %s: %s\n", vartmp_source, strerror(errno));
        ABORT(255);
    }

    if ( is_dir(tmp_source) == 0 ) {
        if ( is_dir(joinpath(container_dir, "/tmp")) == 0 ) {
            singularity_priv_escalate();
            singularity_message(VERBOSE, "Mounting directory: /tmp\n");
            if ( mount(tmp_source, joinpath(container_dir, "/tmp"), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) {
                singularity_message(ERROR, "Failed to mount %s -> /tmp: %s\n", tmp_source, strerror(errno));
                ABORT(255);
            }
            singularity_priv_drop();
        } else {
            singularity_message(VERBOSE, "Could not mount container's /tmp directory: does not exist\n");
        }
    } else {
        singularity_message(VERBOSE, "Could not mount host's /tmp directory (%s): does not exist\n", tmp_source);
    }

    if ( is_dir(vartmp_source) == 0 ) {
        if ( is_dir(joinpath(container_dir, "/var/tmp")) == 0 ) {
            singularity_priv_escalate();
            singularity_message(VERBOSE, "Mounting directory: /var/tmp\n");
            if ( mount(vartmp_source, joinpath(container_dir, "/var/tmp"), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) {
                singularity_message(ERROR, "Failed to mount %s -> /var/tmp: %s\n", vartmp_source, strerror(errno));
                ABORT(255);
            }
            singularity_priv_drop();
        } else {
            singularity_message(VERBOSE, "Could not mount container's /var/tmp directory: does not exist\n");
        }
    } else {
        singularity_message(VERBOSE, "Could not mount host's /var/tmp directory (%s): does not exist\n", vartmp_source);
    }

    free(tmp_source);
    free(vartmp_source);

    return(0);
}

Example #3

0

Show file

File: kernelfs.c Project: kellyrowland/singularity

int singularity_mount_kernelfs(void) {
    char *container_dir = singularity_rootfs_dir();

    // Mount /proc if we are configured
    singularity_message(DEBUG, "Checking configuration file for 'mount proc'\n");
    singularity_config_rewind();
    if ( singularity_config_get_bool("mount proc", 1) > 0 ) {
        if ( is_dir(joinpath(container_dir, "/proc")) == 0 ) {
            if ( singularity_ns_pid_enabled() >= 0 ) {
                singularity_priv_escalate();
                singularity_message(VERBOSE, "Mounting /proc\n");
                if ( mount("proc", joinpath(container_dir, "/proc"), "proc", 0, NULL) < 0 ) {
                    singularity_message(ERROR, "Could not mount /proc into container: %s\n", strerror(errno));
                    ABORT(255);
                }
                singularity_priv_drop();
            } else {
                singularity_priv_escalate();
                singularity_message(VERBOSE, "Bind mounting /proc\n");
                if ( mount("/proc", joinpath(container_dir, "/proc"), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) {
                    singularity_message(ERROR, "Could not bind mount container's /proc: %s\n", strerror(errno));
                    ABORT(255);
                }
                singularity_priv_drop();
            }
        } else {
            singularity_message(WARNING, "Not mounting /proc, container has no bind directory\n");
        }
    } else {
        singularity_message(VERBOSE, "Skipping /proc mount\n");
    }


    // Mount /sys if we are configured
    singularity_message(DEBUG, "Checking configuration file for 'mount sys'\n");
    singularity_config_rewind();
    if ( singularity_config_get_bool("mount sys", 1) > 0 ) {
        if ( is_dir(joinpath(container_dir, "/sys")) == 0 ) {
            if ( singularity_ns_user_enabled() < 0 ) {
                singularity_priv_escalate();
                singularity_message(VERBOSE, "Mounting /sys\n");
                if ( mount("sysfs", joinpath(container_dir, "/sys"), "sysfs", 0, NULL) < 0 ) {
                    singularity_message(ERROR, "Could not mount /sys into container: %s\n", strerror(errno));
                    ABORT(255);
                }
                singularity_priv_drop();
            } else {
                singularity_priv_escalate();
                singularity_message(VERBOSE, "Bind mounting /sys\n");
                if ( mount("/sys", joinpath(container_dir, "/sys"), NULL, MS_BIND|MS_NOSUID|MS_REC, NULL) < 0 ) {
                    singularity_message(ERROR, "Could not bind mount container's /sys: %s\n", strerror(errno));
                    ABORT(255);
                }
                singularity_priv_drop();
            }
        } else {
            singularity_message(WARNING, "Not mounting /sys, container has no bind directory\n");
        }
    } else {
        singularity_message(VERBOSE, "Skipping /sys mount\n");
    }

    return(0);
}