TError TClient::LoadGroups() {
std::vector<std::string> lines;
TError error = TPath("/proc/" + std::to_string(Pid) + "/status").ReadLines(lines);
if (error)
return error;
Cred.Groups.clear();
for (auto &l : lines)
if (l.compare(0, 8, "Groups:\t") == 0) {
std::vector<std::string> groupsStr;
error = SplitString(l.substr(8), ' ', groupsStr);
if (error)
return error;
for (auto g : groupsStr) {
int group;
error = StringToInt(g, group);
if (error)
return error;
Cred.Groups.push_back(group);
}
break;
}
return TError::Success();
}
/**
Get the destionation path of the rescaled image.
@return Path to the image stored in the contacts images folder. This will be empty
if the image processing is not complete, has been cancelled or there was an error
when processing.
*/
TPath CImageRescaler::DestinationPath() const
{
if (iState == EComplete)
{
return iDestFile;
}
else
{
return TPath();
}
}
void InitCred() {
TError error;
error = GroupId(PORTO_GROUP_NAME, PortoGroup);
if (error)
L_WRN() << "Cannot find group porto: " << error << std::endl;
if (TPath("/proc/sys/kernel/cap_last_cap").ReadInt(LastCapability)) {
L_WRN() << "Can't read /proc/sys/kernel/cap_last_cap, assuming 36" << std::endl;
LastCapability = 36; //FIXME
}
}
TError TClient::IdentifyClient(TContainerHolder &holder, bool initial) {
std::shared_ptr<TContainer> ct;
struct ucred cr;
socklen_t len = sizeof(cr);
TError error;
if (getsockopt(Fd, SOL_SOCKET, SO_PEERCRED, &cr, &len))
return TError(EError::Unknown, errno, "Cannot identify client: getsockopt() failed");
/* check that request from the same pid and container is still here */
if (!initial && Pid == cr.pid && TaskCred.Uid == cr.uid &&
TaskCred.Gid == cr.gid && !ClientContainer.expired())
return TError::Success();
TaskCred.Uid = cr.uid;
TaskCred.Gid = cr.gid;
Pid = cr.pid;
error = holder.FindTaskContainer(Pid, ct);
if (error && error.GetErrno() != ENOENT)
L_WRN() << "Cannot identify container of pid " << Pid
<< " : " << error << std::endl;
if (error)
return error;
if (!ct->IsPortoEnabled())
return TError(EError::Permission,
"Porto disabled in container " + ct->GetName());
ClientContainer = ct;
error = TPath("/proc/" + std::to_string(Pid) + "/comm").ReadAll(Comm, 64);
if (error)
Comm = "<unknown process>";
else
Comm.resize(Comm.length() - 1); /* cut \n at the end */
if (ct->IsRoot()) {
Cred.Uid = cr.uid;
Cred.Gid = cr.gid;
error = LoadGroups();
if (error && error.GetErrno() != ENOENT)
L_WRN() << "Cannot load supplementary group list" << Pid
<< " : " << error << std::endl;
} else {
/* requests from containers are executed in behalf of their owners */
Cred = ct->OwnerCred;
}
ReadOnlyAccess = !Cred.IsPortoUser();
return TError::Success();
}
TError TClient::IdentifyClient(TContainerHolder &holder, bool initial) {
struct ucred cr;
socklen_t len = sizeof(cr);
TError error;
if (getsockopt(Fd, SOL_SOCKET, SO_PEERCRED, &cr, &len))
return TError(EError::Unknown, errno, "Cannot identify client: getsockopt() failed");
if (!initial && Pid == cr.pid && Cred.Uid == cr.uid && Cred.Gid == cr.gid &&
!ClientContainer.expired())
return TError::Success();
Cred.Uid = cr.uid;
Cred.Gid = cr.gid;
Pid = cr.pid;
error = TPath("/proc/" + std::to_string(Pid) + "/comm").ReadAll(Comm, 64);
if (error)
Comm = "<unknown process>";
else
Comm.resize(Comm.length() - 1); /* cut \n at the end */
error = LoadGroups();
if (error && error.GetErrno() != ENOENT)
L_WRN() << "Cannot load supplementary group list" << Pid
<< " : " << error << std::endl;
ReadOnlyAccess = !Cred.IsPortoUser();
std::shared_ptr<TContainer> container;
error = holder.FindTaskContainer(Pid, container);
if (error && error.GetErrno() != ENOENT)
L_WRN() << "Cannot identify container of pid " << Pid
<< " : " << error << std::endl;
if (error)
return error;
if (!container->Prop->Get<bool>(P_ENABLE_PORTO))
return TError(EError::Permission, "Porto disabled in container " + container->GetName());
ClientContainer = container;
return TError::Success();
}
TPath TPath::DirName() const {
std::string s = DirNameStr();
return TPath(s);
}
TPath TCgroup::Knob(const std::string &knob) const {
if (!Subsystem)
return TPath();
return Subsystem->Root / Name / knob;
}
TPath TCgroup::Path() const {
if (!Subsystem)
return TPath();
return Subsystem->Root / Name;
}
TPath operator+(const TPath &p) const {
return TPath(Path + p.ToString());
}
