本文整理汇总了Golang中syscall.Geteuid函数的典型用法代码示例。如果您正苦于以下问题:Golang Geteuid函数的具体用法?Golang Geteuid怎么用?Golang Geteuid使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Geteuid函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestAsAdmin
func TestAsAdmin(t *testing.T) {
before := syscall.Geteuid()
println(before)
hello := func() error {
fmt.Println("Hello World")
return nil
}
err := AsAdmin(hello)
if err != nil {
t.Log(err)
t.FailNow()
}
after := syscall.Geteuid()
println(after)
}示例2: Fingerprint
func (d *RktDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
// Only enable if we are root when running on non-windows systems.
if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
d.logger.Printf("[DEBUG] driver.rkt: must run as root user, disabling")
return false, nil
}
outBytes, err := exec.Command("rkt", "version").Output()
if err != nil {
return false, nil
}
out := strings.TrimSpace(string(outBytes))
rktMatches := reRktVersion.FindStringSubmatch(out)
appcMatches := reAppcVersion.FindStringSubmatch(out)
if len(rktMatches) != 2 || len(appcMatches) != 2 {
return false, fmt.Errorf("Unable to parse Rkt version string: %#v", rktMatches)
}
node.Attributes["driver.rkt"] = "1"
node.Attributes["driver.rkt.version"] = rktMatches[1]
node.Attributes["driver.rkt.appc.version"] = appcMatches[1]
return true, nil
}示例3: dropDirPermissions
func (d *AllocDir) dropDirPermissions(path string) error {
// Can't do anything if not root.
if syscall.Geteuid() != 0 {
return nil
}
u, err := user.Lookup("nobody")
if err != nil {
return err
}
uid, err := getUid(u)
if err != nil {
return err
}
gid, err := getGid(u)
if err != nil {
return err
}
if err := os.Chown(path, uid, gid); err != nil {
return fmt.Errorf("Couldn't change owner/group of %v to (uid: %v, gid: %v): %v", path, uid, gid, err)
}
if err := os.Chmod(path, 0777); err != nil {
return fmt.Errorf("Chmod(%v) failed: %v", path, err)
}
return nil
}示例4: TestWrongHostKeyFile
// TestHostKeyFile tests that reading and writing the wrong host key file fails
func TestWrongHostKeyFile(t *testing.T) {
// Non-existent host key file should fail
f := NewHostKeyFile(wrongHostFile)
_, err := f.GetHostKeys()
if err == nil {
t.Fatal("should fail to read wrong host file")
}
if _, ok := err.(*os.PathError); !ok {
t.Fatalf("should fail to read wrong host file due to file miss, but got %v", err)
}
// Create a host key file we do not have permission to read
os.OpenFile(wrongHostFile, os.O_CREATE, 0000)
defer os.Remove(wrongHostFile)
// If run as root, drop privileges temporarily
if id := syscall.Geteuid(); id == 0 {
if err := syscall.Setuid(12345); err != nil {
t.Fatalf("error setting uid: %v", err)
}
defer syscall.Setuid(id)
}
err = f.PutHostKey("", nil)
if err == nil {
t.Fatal("should fail to write wrong host file")
}
if !os.IsPermission(err) {
t.Fatalf("should fail to write wrong host file due to permission denied, but got %v", err)
}
}示例5: TestRuleAddAndLoad
func TestRuleAddAndLoad(t *testing.T) {
// Test #1: Add a trivial filter
filter1, err := NewFilter(ActAllow)
if err != nil {
t.Errorf("Error creating filter: %s", err)
}
defer filter1.Release()
call, err := GetSyscallFromName("getpid")
if err != nil {
t.Errorf("Error getting syscall number of getpid: %s", err)
}
call2, err := GetSyscallFromName("setreuid")
if err != nil {
t.Errorf("Error getting syscall number of setreuid: %s", err)
}
uid := syscall.Getuid()
euid := syscall.Geteuid()
err = filter1.AddRule(call, ActErrno.SetReturnCode(0x1))
if err != nil {
t.Errorf("Error adding rule to restrict syscall: %s", err)
}
cond, err := MakeCondition(1, CompareEqual, uint64(euid))
if err != nil {
t.Errorf("Error making rule to restrict syscall: %s", err)
}
cond2, err := MakeCondition(0, CompareEqual, uint64(uid))
if err != nil {
t.Errorf("Error making rule to restrict syscall: %s", err)
}
conditions := []ScmpCondition{cond, cond2}
err = filter1.AddRuleConditional(call2, ActErrno.SetReturnCode(0x2), conditions)
if err != nil {
t.Errorf("Error adding conditional rule: %s", err)
}
err = filter1.Load()
if err != nil {
t.Errorf("Error loading filter: %s", err)
}
// Try making a simple syscall, it should error
pid := syscall.Getpid()
if pid != -1 {
t.Errorf("Syscall should have returned error code!")
}
// Try making a Geteuid syscall that should normally succeed
err = syscall.Setreuid(uid, euid)
if err != syscall.Errno(2) {
t.Errorf("Syscall should have returned error code!")
}
}示例6: init
func init() {
// Hack to run sys init during unit testing
if utils.SelfPath() == "/sbin/init" {
SysInit()
return
}
if uid := syscall.Geteuid(); uid != 0 {
log.Fatal("docker tests needs to be run as root")
}
NetworkBridgeIface = "testdockbr0"
// Make it our Store root
runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false)
if err != nil {
panic(err)
}
// Create the "Server"
srv := &Server{
runtime: runtime,
enableCors: false,
lock: &sync.Mutex{},
pullingPool: make(map[string]struct{}),
pushingPool: make(map[string]struct{}),
}
// Retrieve the Image
if err := srv.ImagePull(unitTestImageName, "", "", os.Stdout, utils.NewStreamFormatter(false), nil); err != nil {
panic(err)
}
}示例7: Fingerprint
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
// Get the current status so that we can log any debug messages only if the
// state changes
_, currentlyEnabled := node.Attributes[execDriverAttr]
// Only enable if cgroups are available and we are root
if _, ok := node.Attributes["unique.cgroup.mountpoint"]; !ok {
if currentlyEnabled {
d.logger.Printf("[DEBUG] driver.exec: cgroups unavailable, disabling")
}
delete(node.Attributes, execDriverAttr)
return false, nil
} else if syscall.Geteuid() != 0 {
if currentlyEnabled {
d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
}
delete(node.Attributes, execDriverAttr)
return false, nil
}
if !currentlyEnabled {
d.logger.Printf("[DEBUG] driver.exec: exec driver is enabled")
}
node.Attributes[execDriverAttr] = "1"
return true, nil
}示例8: SetupUser
// SetupUser changes the groups, gid, and uid for the user inside the container
func SetupUser(u string) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(u, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return fmt.Errorf("get supplementary groups %s", err)
}
// if not root - check uid/gid by hand if seccomp is not working
if syscall.Geteuid() > 0 && (execUser.Uid <= MIN_UID || execUser.Gid <= MIN_GID) {
return fmt.Errorf("Invalid UID or GID")
}
// set supplementary groups
if err := syscall.Setgroups(execUser.Sgids); err != nil {
return fmt.Errorf("setgroups %s", err)
}
// set gid
if err := system.Setgid(execUser.Gid); err != nil {
return fmt.Errorf("setgid %s", err)
}
// check if setgid is successfull
if syscall.Getgid() != execUser.Gid {
return fmt.Errorf("setgid failed")
}
// set uid
if err := system.Setuid(execUser.Uid); err != nil {
return fmt.Errorf("setuid %s", err)
}
// check if setuid is successful
if syscall.Getuid() != execUser.Uid {
return fmt.Errorf("setuid failed")
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return fmt.Errorf("set HOME %s", err)
}
}
return nil
}示例9: AdminOn
// Change effective run permissions to settings.AdminUID
func AdminOn() error {
origUID = syscall.Geteuid()
// note that Setuid equiv seems buggy, Setreuid is solid currently
if err := syscall.Setreuid(s.AdminUID, s.AdminUID); err != nil {
return err
}
return nil
}示例10: MountCompatible
func MountCompatible(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("Windows does not support mount")
}
if syscall.Geteuid() != 0 {
t.Skip("Must be root to run test")
}
}示例11: Fingerprint
func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
// Only enable if we are root when running on non-windows systems.
if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
d.logger.Printf("[DEBUG] driver.exec: must run as root user, disabling")
return false, nil
}
node.Attributes["driver.exec"] = "1"
return true, nil
}示例12: init
func init() {
// use seccomp if not root
if syscall.Geteuid() > 0 {
initSeccomp()
}
// make sure we only have one process and that it runs on the main thread (so that ideally, when we Exec, we keep our user switches and stuff)
runtime.GOMAXPROCS(1)
runtime.LockOSThread()
}示例13: RktCompatible
func RktCompatible(t *testing.T) {
if runtime.GOOS == "windows" || syscall.Geteuid() != 0 {
t.Skip("Must be root on non-windows environments to run test")
}
// else see if rkt exists
_, err := exec.Command("rkt", "version").CombinedOutput()
if err != nil {
t.Skip("Must have rkt installed for rkt specific tests to run")
}
}示例14: init
func init() {
os.Setenv("TEST", "1")
// Hack to run sys init during unit testing
if selfPath := utils.SelfPath(); selfPath == "/sbin/init" || selfPath == "/.dockerinit" {
SysInit()
return
}
if uid := syscall.Geteuid(); uid != 0 {
log.Fatal("docker tests need to be run as root")
}
NetworkBridgeIface = unitTestNetworkBridge
// Make it our Store root
if runtime, err := NewRuntimeFromDirectory(unitTestStoreBase, false); err != nil {
log.Fatalf("Unable to create a runtime for tests:", err)
} else {
globalRuntime = runtime
}
// Cleanup any leftover container
for _, container := range globalRuntime.List() {
if err := globalRuntime.Destroy(container); err != nil {
log.Fatalf("Error destroying leftover container: %s", err)
}
}
// Create the "Server"
srv := &Server{
runtime: globalRuntime,
enableCors: false,
pullingPool: make(map[string]struct{}),
pushingPool: make(map[string]struct{}),
}
// If the unit test is not found, try to download it.
if img, err := globalRuntime.repositories.LookupImage(unitTestImageName); err != nil || img.ID != unitTestImageID {
// Retrieve the Image
if err := srv.ImagePull(unitTestImageName, "", os.Stdout, utils.NewStreamFormatter(false), nil, nil, true); err != nil {
log.Fatalf("Unable to pull the test image:", err)
}
}
// Spawn a Daemon
go func() {
if err := ListenAndServe(testDaemonProto, testDaemonAddr, srv, os.Getenv("DEBUG") != ""); err != nil {
log.Fatalf("Unable to spawn the test daemon:", err)
}
}()
// Give some time to ListenAndServer to actually start
time.Sleep(time.Second)
startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
}示例15: setupHome
func setupHome(rw http.ResponseWriter, req *http.Request) {
_, port, _ := net.SplitHostPort(*webserver.Listen)
ourAddr := "127.0.0.1:" + port
uid, err := netutil.AddrPairUserid(req.RemoteAddr, ourAddr)
fmt.Fprintf(rw, "Hello %q\n", req.RemoteAddr)
fmt.Fprintf(rw, "<p>uid = %d\n", syscall.Getuid())
fmt.Fprintf(rw, "<p>euid = %d\n", syscall.Geteuid())
fmt.Fprintf(rw, "<p>http_local_uid(%q => %q) = %d (%v)\n", req.RemoteAddr, ourAddr, uid, err)
}