runtime::Mount::mountEntry(source, target, type, options);
}
-void KrateBuilder::containerize(bool create)
+void KrateBuilder::unshareNamespace()
{
int nsFlags = CLONE_NEWIPC | CLONE_NEWNS;
if (::mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) == -1) {
throw runtime::Exception("Failed to mount root filesystem");
}
+}
+
+void KrateBuilder::mountOwnFilesystem() {
+ manifest.reset(xml::Parser::parseFile("/opt/etc/krate/owner.xml"));
xml::Node::NodeList entries = manifest->evaluate("/manifest/filesystem/entry");
for (const xml::Node& entry : entries) {
#include <string>
#include <vector>
+#include <iostream>
#include "session.h"
#include "krate-guard.h"
#include <klay/xml/parser.h>
#include <klay/xml/document.h>
+#define LAZYMOUNT_EXTERN extern
+
std::string buildKrateManifestPath(const std::string& name)
{
return CONF_PATH "/" + name + ".xml";
return static_cast<const char*>(retItem);
}
-void openKrateSession(const std::string& name)
-{
- auto sessionBuilder = [](const runtime::User& user) {
- KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
- builder.containerize();
- };
+extern "C" {
+LAZYMOUNT_EXTERN __attribute__((visibility("default")))
+int container_preprocess(char* id) {
+ std::cout << "kraterize (UID " << id << ")..." << std::endl << std::flush;
+ try {
+ runtime::User user(std::stoi(std::string(id)));
+ KrateGuard krateGuard(user.getName());
+ krateGuard.wait();
- createSession(runtime::User(name), sessionBuilder);
+ auto sessionBuilder = [](const runtime::User& user) {
+ KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
+ builder.unshareNamespace();
+ };
+ createSession(user, sessionBuilder);
+ } catch (runtime::Exception& e) {
+ std::cerr << "krate error : " << e.what() <<std::endl << std::flush;
+ return -1;
+ }
+
+ std::cout << "krate preprocess completed!" << std::endl << std::flush;
+ return 0;
}
-void closeKrateSession(const std::string& name)
-{
- destroySession(runtime::User(name));
+LAZYMOUNT_EXTERN __attribute__((visibility("default")))
+int container_postprocess(char* id) {
+ try {
+ runtime::User user(std::stoi(std::string(id)));
+ KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
+ builder.mountOwnFilesystem();
+ } catch (runtime::Exception& e) {
+ std::cerr << "krate error : " << e.what() << std::endl << std::flush;
+ return -1;
+ }
+ std::cout << "krate postprocess completed!" << std::endl << std::flush;
+ std::cout << "kraterized!" << std::endl << std::flush;
+ return 0;
}
-extern "C" {
PAM_EXTERN __attribute__((visibility("default")))
int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
{
try {
- std::string name = getKrateName(pamh);
- KrateGuard krateGuard(name);
+ runtime::User user(getKrateName(pamh));
+ KrateGuard krateGuard(user.getName());
krateGuard.wait();
- openKrateSession(name);
+ auto sessionBuilder = [](const runtime::User& user) {
+ KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
+ builder.unshareNamespace();
+ builder.mountOwnFilesystem();
+ };
+ createSession(user, sessionBuilder);
} catch (runtime::Exception& e) {
::pam_syslog(pamh, LOG_ERR, "%s", e.what());
return PAM_SESSION_ERR;
int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
{
try {
- std::string name = getKrateName(pamh);
- KrateGuard krateGuard(name);
+ runtime::User user(getKrateName(pamh));
+ KrateGuard krateGuard(user.getName());
krateGuard.wait();
- closeKrateSession(name);
+ destroySession(user);
} catch (runtime::Exception& e) {
::pam_syslog(pamh, LOG_ERR, "%s", e.what());
return PAM_SESSION_ERR;
projects / platform / core / security / krate.git / commitdiff