本文整理汇总了Golang中syscall.Fchown函数的典型用法代码示例。如果您正苦于以下问题:Golang Fchown函数的具体用法?Golang Fchown怎么用?Golang Fchown使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Fchown函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: createStdioPipes
// setup standard pipes so that the TTY of the calling runc process
// is not inherited by the container.
func createStdioPipes(p *libcontainer.Process, rootuid int) (*tty, error) {
var (
t = &tty{}
fds []int
)
r, w, err := os.Pipe()
if err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(w, os.Stdin)
t.closers = append(t.closers, w)
p.Stdin = r
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(os.Stdout, r)
p.Stdout = w
t.closers = append(t.closers, r)
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(os.Stderr, r)
p.Stderr = w
t.closers = append(t.closers, r)
// change the ownership of the pipe fds incase we are in a user namespace.
for _, fd := range fds {
if err := syscall.Fchown(fd, rootuid, rootuid); err != nil {
return nil, err
}
}
return t, nil
}示例2: fixStdioPermissions
// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
// The ownership needs to match because it is created outside of the container and needs to be
// localized.
func fixStdioPermissions(u *user.ExecUser) error {
var null syscall.Stat_t
if err := syscall.Stat("/dev/null", &null); err != nil {
return err
}
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
var s syscall.Stat_t
if err := syscall.Fstat(int(fd), &s); err != nil {
return err
}
// Skip chown of /dev/null if it was used as one of the STDIO fds.
if s.Rdev == null.Rdev {
continue
}
// We only change the uid owner (as it is possible for the mount to
// prefer a different gid, and there's no reason for us to change it).
// The reason why we don't just leave the default uid=X mount setup is
// that users expect to be able to actually use their console. Without
// this code, you couldn't effectively run as a non-root user inside a
// container and also have a console set up.
if err := syscall.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil {
return err
}
}
return nil
}示例3: Chown
// Chown changes the numeric uid and gid of the named file.
// If there is an error, it will be of type *PathError.
func (f *File) Chown(uid, gid int) error {
if f == nil {
return ErrInvalid
}
if e := syscall.Fchown(f.fd, uid, gid); e != nil {
return &PathError{"chown", f.name, e}
}
return nil
}示例4: setupUser
// setupUser changes the groups, gid, and uid for the user inside the container
func setupUser(config *initConfig) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
var addGroups []int
if len(config.Config.AdditionalGroups) > 0 {
addGroups, err = user.GetAdditionalGroupsPath(config.Config.AdditionalGroups, groupPath)
if err != nil {
return err
}
}
// change the permissions on the STDIO of the current process so that when the user
// is changed for the container, it's STDIO of the process matches the user.
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
if err := syscall.Fchown(int(fd), execUser.Uid, execUser.Gid); err != nil {
return err
}
}
suppGroups := append(execUser.Sgids, addGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}示例5: Chown
// Chown changes the numeric uid and gid of the named file.
// If there is an error, it will be of type *PathError.
func (f *File) Chown(uid, gid int) error {
if err := f.checkValid("chown"); err != nil {
return err
}
if e := syscall.Fchown(f.fd, uid, gid); e != nil {
return &PathError{"chown", f.name, e}
}
return nil
}示例6: RestrictedChown
func RestrictedChown(cwdFd int, file string, origStat os.FileInfo, uid, gid, reqUid, reqGid int) RCHStatus {
status := RCOK
openflags := syscall.O_NONBLOCK | syscall.O_NOCTTY
if reqUid == -1 && reqGid == 1 {
return RCDoOrdinaryChown
}
if !origStat.Mode().IsRegular() {
if !origStat.Mode().IsDir() {
return RCDoOrdinaryChown
}
openflags |= syscall.O_DIRECTORY
}
fd, err := syscall.Openat(cwdFd, file, syscall.O_RDONLY|openflags, 0)
if !(0 <= fd ||
err == syscall.EACCES &&
origStat.Mode().IsRegular()) {
if fd, err = syscall.Openat(cwdFd, file, syscall.O_WRONLY|openflags, 0); 0 > fd {
if err == syscall.EACCES {
return RCDoOrdinaryChown
}
return RCError
}
}
var stat syscall.Stat_t
if err := syscall.Fstat(fd, &stat); err != nil {
status = RCError
} else if !sameFile(origStat.Sys().(*syscall.Stat_t), &stat) {
status = RCInodeChanged
} else if reqUid == -1 || uint32(reqUid) == stat.Uid &&
(reqGid == -1 || uint32(reqGid) == stat.Gid) {
if syscall.Fchown(fd, uid, gid) == nil {
if syscall.Close(fd) == nil {
return RCOK
}
return RCError
} else {
status = RCError
}
}
return status
}示例7: dupStdio
func dupStdio(process *libcontainer.Process, rootuid int) error {
process.Stdin = os.Stdin
process.Stdout = os.Stdout
process.Stderr = os.Stderr
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stdout.Fd(),
os.Stderr.Fd(),
} {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return err
}
}
return nil
}示例8: chownFds
func chownFds(uid, gid int) error {
fdList, err := ioutil.ReadDir("/proc/self/fd")
if err != nil {
return err
}
for _, fi := range fdList {
fd, err := strconv.Atoi(fi.Name())
if err != nil {
// ignore non-numeric file names
continue
}
if err = syscall.Fchown(fd, uid, gid); err != nil {
// "bad file descriptor" probably just means it no longer exists since we did "readdir", so ignore that
if err != syscall.EBADF {
return err
}
}
}
return nil
}示例9: InitializeIO
// InitializeIO creates pipes for use with the process's STDIO
// and returns the opposite side for each
func (p *Process) InitializeIO(rootuid int) (i *IO, err error) {
var fds []uintptr
i = &IO{}
// cleanup in case of an error
defer func() {
if err != nil {
for _, fd := range fds {
syscall.Close(int(fd))
}
}
}()
// STDIN
r, w, err := os.Pipe()
if err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stdin, i.Stdin = r, w
// STDOUT
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stdout, i.Stdout = w, r
// STDERR
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stderr, i.Stderr = w, r
// change ownership of the pipes incase we are in a user namespace
for _, fd := range fds {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return nil, err
}
}
return i, nil
}示例10: fixStdioPermissions
// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
// The ownership needs to match because it is created outside of the container and needs to be
// localized.
func fixStdioPermissions(u *user.ExecUser) error {
var null syscall.Stat_t
if err := syscall.Stat("/dev/null", &null); err != nil {
return err
}
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
var s syscall.Stat_t
if err := syscall.Fstat(int(fd), &s); err != nil {
return err
}
// skip chown of /dev/null if it was used as one of the STDIO fds.
if s.Rdev == null.Rdev {
continue
}
if err := syscall.Fchown(int(fd), u.Uid, u.Gid); err != nil {
return err
}
}
return nil
}示例11: Chown
// Chown changes the numeric uid and gid of the named file.
func (f *File) Chown(uid, gid int) Error {
if e := syscall.Fchown(f.fd, uid, gid); e != 0 {
return &PathError{"chown", f.name, Errno(e)}
}
return nil
}示例12: setupPipes
//.........这里部分代码省略.........
if processConfig.Tty {
cons, err := p.NewConsole(rootuid)
if err != nil {
return writers, err
}
term, err := NewTtyConsole(cons, pipes)
if err != nil {
return writers, err
}
processConfig.Terminal = term
return writers, nil
}
// not a tty--set up stdio pipes
term := &execdriver.StdConsole{}
processConfig.Terminal = term
// if we are not in a user namespace, there is no reason to go through
// the hassle of setting up os-level pipes with proper (remapped) ownership
// so we will do the prior shortcut for non-userns containers
if rootuid == 0 {
p.Stdout = pipes.Stdout
p.Stderr = pipes.Stderr
r, w, err := os.Pipe()
if err != nil {
return writers, err
}
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
return writers, nil
}
// if we have user namespaces enabled (rootuid != 0), we will set
// up os pipes for stderr, stdout, stdin so we can chown them to
// the proper ownership to allow for proper access to the underlying
// fds
var fds []uintptr
copyPipes := func(out io.Writer, in io.ReadCloser) {
defer wg.Done()
io.Copy(out, in)
in.Close()
}
//setup stdout
r, w, err := os.Pipe()
if err != nil {
w.Close()
return writers, err
}
writers = append(writers, w)
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stdout != nil {
wg.Add(1)
go copyPipes(pipes.Stdout, r)
}
term.Closers = append(term.Closers, r)
p.Stdout = w
//setup stderr
r, w, err = os.Pipe()
if err != nil {
w.Close()
return writers, err
}
writers = append(writers, w)
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stderr != nil {
wg.Add(1)
go copyPipes(pipes.Stderr, r)
}
term.Closers = append(term.Closers, r)
p.Stderr = w
//setup stdin
r, w, err = os.Pipe()
if err != nil {
r.Close()
return writers, err
}
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
for _, fd := range fds {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return writers, fmt.Errorf("Failed to chown pipes fd: %v", err)
}
}
return writers, nil
}示例13: wstatPost
func (fs *Fs) wstatPost(fid *Fid, cur *Dir, next *Dir) error {
defer fid.file.unlock()
// Rename the file.
if next.Name != "" &&
next.Name != cur.Name {
new_path := path.Join(path.Dir(fid.Path), next.Name)
err := fid.file.rename(fs, fid.Path, new_path)
if err != nil {
return err
}
}
// Update our access times.
atime := cur.Atime
mtime := cur.Atime
if next.Atime != math.MaxUint32 {
atime = next.Atime
}
if next.Mtime != math.MaxUint32 {
mtime = next.Mtime
}
if atime != cur.Atime || mtime != cur.Mtime {
err := syscall.Futimes(
fid.file.write_fd,
[]syscall.Timeval{
syscall.Timeval{int64(atime), 0},
syscall.Timeval{int64(mtime), 0},
})
if err != nil {
return err
}
}
// Truncate the file.
if next.Length != math.MaxUint64 &&
next.Length != cur.Length {
err := syscall.Ftruncate(fid.file.write_fd, int64(next.Length))
if err != nil {
return err
}
}
// Change the owner.
uid := cur.Uidnum
gid := cur.Gidnum
if next.Uidnum != math.MaxUint32 &&
next.Uidnum != cur.Uidnum {
uid = next.Uidnum
}
if next.Gidnum != math.MaxUint32 &&
next.Gidnum != cur.Gidnum {
gid = next.Gidnum
}
if uid != cur.Uidnum || gid != cur.Gidnum {
err := syscall.Fchown(fid.file.write_fd, int(uid), int(gid))
if err != nil {
return err
}
}
return nil
}示例14: containerInitApp
// Run as pid 1 and monitor the contained process to return its exit code.
func containerInitApp(c *Config, logFile *os.File) error {
log := logger.New()
init := newContainerInit(c, logFile)
log.Debug("registering RPC server")
if err := rpcplus.Register(init); err != nil {
log.Error("error registering RPC server", "err", err)
return err
}
init.mtx.Lock()
defer init.mtx.Unlock()
// Prepare the cmd based on the given args
// If this fails we report that below
cmdPath, cmdErr := getCmdPath(c)
cmd := exec.Command(cmdPath, c.Args[1:]...)
cmd.Dir = c.WorkDir
cmd.Env = make([]string, 0, len(c.Env))
for k, v := range c.Env {
cmd.Env = append(cmd.Env, k+"="+v)
}
// App runs in its own session
cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
if c.Uid != nil || c.Gid != nil {
cmd.SysProcAttr.Credential = &syscall.Credential{}
if c.Uid != nil {
cmd.SysProcAttr.Credential.Uid = *c.Uid
}
if c.Gid != nil {
cmd.SysProcAttr.Credential.Gid = *c.Gid
}
}
// Console setup. Hook up the container app's stdin/stdout/stderr to
// either a pty or pipes. The FDs for the controlling side of the
// pty/pipes will be passed to flynn-host later via a UNIX socket.
if c.TTY {
log.Debug("creating PTY")
ptyMaster, ptySlave, err := pty.Open()
if err != nil {
log.Error("error creating PTY", "err", err)
return err
}
init.ptyMaster = ptyMaster
cmd.Stdout = ptySlave
cmd.Stderr = ptySlave
if c.OpenStdin {
log.Debug("attaching stdin to PTY")
cmd.Stdin = ptySlave
cmd.SysProcAttr.Setctty = true
}
if c.Uid != nil && c.Gid != nil {
if err := syscall.Fchown(int(ptySlave.Fd()), int(*c.Uid), int(*c.Gid)); err != nil {
log.Error("error changing PTY ownership", "err", err)
return err
}
}
} else {
// We copy through a socketpair (rather than using cmd.StdoutPipe directly) to make
// it easier for flynn-host to do non-blocking I/O (via net.FileConn) so that no
// read(2) calls can succeed after closing the logs during an update.
//
// We also don't assign the socketpair directly to fd 1 because that prevents jobs
// using /dev/stdout (calling open(2) on a socket leads to an ENXIO error, see
// http://marc.info/?l=ast-users&m=120978595414993).
newPipe := func(pipeFn func() (io.ReadCloser, error), name string) (*os.File, error) {
pipe, err := pipeFn()
if err != nil {
return nil, err
}
if c.Uid != nil && c.Gid != nil {
if err := syscall.Fchown(int(pipe.(*os.File).Fd()), int(*c.Uid), int(*c.Gid)); err != nil {
return nil, err
}
}
sockR, sockW, err := newSocketPair(name)
if err != nil {
return nil, err
}
go func() {
defer sockW.Close()
for {
// copy data from the pipe to the socket using splice(2)
// (rather than io.Copy) to avoid a needless copy through
// user space
n, err := syscall.Splice(int(pipe.(*os.File).Fd()), nil, int(sockW.Fd()), nil, 65535, 0)
if err != nil || n == 0 {
return
}
}
}()
return sockR, nil
}
log.Debug("creating stdout pipe")
var err error
//.........这里部分代码省略.........
示例15: Fchown
func (k *PosixKernel) Fchown(fd, uid, gid int) uint64 {
return Errno(syscall.Fchown(fd, uid, gid))
}