}
}
-static int wait_condition(void)
-{
- int r;
- void *h;
-
- int (*wait_mount_user)(void);
-
- r = access(LAZYMOUNT_LIB, F_OK);
- if (r < 0){
- fprintf(stderr, "cannot find lazymount module - No support lazymount\n");
- return 0;
- }
-
- h = dlopen(LAZYMOUNT_LIB, RTLD_LAZY);
- if (!h) {
- fprintf(stderr, "lazymount module dlopen error\n");
- return -1;
- }
-
- do{
- wait_mount_user = (int (*)())dlsym(h, "wait_mount_user");
- if (!wait_mount_user) {
- fprintf(stderr, "dlsym wait_mount_user error\n");
- dlclose(h);
- return -1;
- }
- } while (0);
-
- r = wait_mount_user();
- if (r < 0) {
- fprintf(stderr, "wait_mout_user failed\n");
- dlclose(h);
- return r;
- }
-
- dlclose(h);
- return 0;
-}
-
extern "C" {
-LAZYMOUNT_EXTERN __attribute__((visibility("default")))
-int container_preprocess(char* id) {
- std::cout << "kraterize (UID " << id << ")..." << std::endl << std::flush;
- try {
- runtime::User user(std::stoi(std::string(id)));
-
- enterKrate(user.getName());
-
- if (user.getUid() >= KRATE_UID_MIN && user.getUid() <= KRATE_UID_MAX ) {
- wait_condition();
- }
- } catch (runtime::Exception& e) {
- std::cerr << "krate error : " << e.what() <<std::endl << std::flush;
- return -1;
- }
-
- std::cout << "krate preprocess completed!" << std::endl << std::flush;
- return 0;
-}
-
-LAZYMOUNT_EXTERN __attribute__((visibility("default")))
-int container_postprocess(char* id) {
- try {
- runtime::User user(std::stoi(std::string(id)));
- KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
- builder.mountOwnFilesystem();
- } catch (runtime::Exception& e) {
- std::cerr << "krate error : " << e.what() << std::endl << std::flush;
- return -1;
- }
- std::cout << "krate postprocess completed!" << std::endl << std::flush;
- std::cout << "kraterized!" << std::endl << std::flush;
- return 0;
-}
-
PAM_EXTERN __attribute__((visibility("default")))
int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
{
try {
runtime::User user(getKrateName(pamh));
-
enterKrate(user.getName());
-
- KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
- builder.mountOwnFilesystem();
+ if (user.getUid() >= KRATE_UID_MIN && user.getUid() <= KRATE_UID_MAX ) {
+ runtime::File flag("/run/user/" + std::to_string(user.getUid()) + "/.container");
+ if (!flag.exists())
+ flag.create(0644);
+ }
} catch (runtime::Exception& e) {
::pam_syslog(pamh, LOG_ERR, "%s", e.what());
return PAM_SESSION_ERR;
if (pids.size() <= 1) {
std::string path = CGROUP_SUBSYSTEM "/" + name;
runtime::Cgroup::destroy(CGROUP_SUBSYSTEM, path);
+ runtime::User user(name);
+ runtime::File flag("/run/user/" + std::to_string(user.getUid()) + "/.container");
+ if (flag.exists())
+ flag.remove(false);
}
} catch (runtime::Exception& e) {
::pam_syslog(pamh, LOG_ERR, "%s", e.what());
%attr(644,root,root) %{TZ_SYS_RO_ICONS}/krate/indicator_icon.png
%attr(644,root,root) %{TZ_SYS_RO_ICONS}/krate/notification_sub_icon.png
%attr(755,root,root) %{_libdir}/security/pam_krate.so
-%config /etc/pam.d/*
%prep
%setup -q
ln -s ../krate.service %{buildroot}/%{_unitdir}/multi-user.target.wants/krate.service
%post
+echo "session required pam_krate.so" >> /etc/pam.d/systemd-user
%clean
rm -rf %{buildroot}
%preun
%postun
-mv /etc/pam.d/systemd-user.keep /etc/pam.d/systemd-user
+sed --in-place '/pam_krate.so/d' /etc/pam.d/systemd-user
projects / platform / core / security / krate.git / commitdiff