Package::Package(std::string package_file)
: mPackagePath(package_file)
{
setupWorkdir();
readPackageFile(package_file);
}
int
main(int argc, char *argv[])
{
char *execname;
/*
* We write the log to stderr and expect cn-agent to log/parse the output.
* It can know that dockerexec finished when it sees either a line that
* starts with:
*
* <timestamp> FATAL
*
* or:
*
* <timestamp> EXEC
*
* the former indicating that we failed and the latter that the next action
* will be execve().
*/
log_stream = stderr;
if (argc < 2) {
fatal(ERR_NO_COMMAND, "no command specified on cmdline, argc: %d\n",
argc);
}
/* NOTE: all of these will call fatal() if there's a problem */
getUserGroupData();
setupWorkdir();
buildCmdEnv();
/* cleanup mess from mdata-client */
close(4); /* /dev/urandom from mdata-client */
close(5); /* event port from mdata-client */
close(6); /* /native/.zonecontrol/metadata.sock from mdata-client */
/* TODO: ensure we cleaned up everything else mdata created for us */
// TODO: close any descriptors which are not to be attached to this
// exec cmd? Or let the zlogin caller deal with that?
dlog("DROP PRIVS\n");
if (grp != NULL) {
if (setgid(grp->gr_gid) != 0) {
fatal(ERR_SETGID, "setgid(%d): %s\n", grp->gr_gid, strerror(errno));
}
}
if (pwd != NULL) {
if (initgroups(pwd->pw_name, grp->gr_gid) != 0) {
fatal(ERR_INITGROUPS, "initgroups(%s,%d): %s\n", pwd->pw_name,
grp->gr_gid, strerror(errno));
}
if (setuid(pwd->pw_uid) != 0) {
fatal(ERR_SETUID, "setuid(%d): %s\n", pwd->pw_uid, strerror(errno));
}
}
// find execname from argv[1] (w/ path), then execute it.
execname = execName(argv[1]); // calls fatal() if fails
// Message for cn-agent that dockerexec is done and child should start
// now.
dlog("EXEC\n");
execve(execname, argv+1, env);
// If execve() has failed, this next message should go to the user since
// stdout and stderr should now be connected to them.
fatal(ERR_EXEC_FAILED, "execve(%s) failed: %s\n", argv[1],
strerror(errno));
/* NOTREACHED */
abort();
}
Package::Package()
{
setupWorkdir();
}
