[Code-review] Make $SAR/instance <- $HOME.
Michael Stone
michael at laptop.org
Thu Apr 24 19:33:37 EDT 2008
In particular, update rainbow-replay-spool and gc.py to deal with the
uid_to_gid table and correctly handle the effects of RAINBOW_CONSTANT_UID.
---
rainbow/bin/rainbow-replay-spool | 8 ++------
rainbow/rainbow/gc.py | 9 ++++-----
rainbow/rainbow/inject.py | 36 +++++++++++++++++-------------------
3 files changed, 23 insertions(+), 30 deletions(-)
diff --git a/rainbow/bin/rainbow-replay-spool b/rainbow/bin/rainbow-replay-spool
index 9acbe99..336521b 100755
--- a/rainbow/bin/rainbow-replay-spool
+++ b/rainbow/bin/rainbow-replay-spool
@@ -1,13 +1,9 @@
#!/usr/bin/env python
-from stat import ST_GID
-from os import listdir, stat
+from os import listdir
from os.path import join, basename, realpath, exists
from subprocess import check_call, CalledProcessError
-def get_gid(path):
- return str(stat(path)[ST_GID])
-
def replay_spool(spool, autocommit):
if not exists(spool):
return
@@ -34,7 +30,7 @@ def replay_spool(spool, autocommit):
# Install our users.
for uid in listdir(join(spool, 'uid_pool')):
home = join(spool, 'uid_to_home_dir', uid)
- gid = get_gid(home)
+ gid = basename(realpath(join(spool, 'uid_to_gid', uid)))
bundle_id = gid__bundle_id[gid]
comment = '%s.%s' % (bundle_id, uid)
diff --git a/rainbow/rainbow/gc.py b/rainbow/rainbow/gc.py
index e7191fe..5edacf3 100644
--- a/rainbow/rainbow/gc.py
+++ b/rainbow/rainbow/gc.py
@@ -1,6 +1,6 @@
from subprocess import call, check_call, CalledProcessError
from os import listdir, unlink
-from os.path import join, isdir, islink, exists
+from os.path import join, isdir, islink, exists, lexists
from .util import trace
def active_uid(uid):
@@ -26,11 +26,10 @@ def gc_uid(spool, uid):
if active_uid(uid):
return
- for table in ('uid_to_instance_dir', 'uid_to_home_dir'):
+ for table in ('uid_to_instance_dir', 'uid_to_home_dir', 'uid_to_gid'):
row = join(spool, table, uid)
- if exists(row):
- assert isdir(row) and not islink(row)
- check_call(['/bin/rm', '-r', '-f', row])
+ # NB: it is important that rm -rf doesn't follow links. <MS>
+ check_call(['/bin/rm', '-r', '-f', row])
# XXX: without -r or -f, we leak mail spools + ?
# XXX: Userdel is also going to try to delete our groups for us too. Grr.
diff --git a/rainbow/rainbow/inject.py b/rainbow/rainbow/inject.py
index ad05626..a4e4433 100644
--- a/rainbow/rainbow/inject.py
+++ b/rainbow/rainbow/inject.py
@@ -1,6 +1,6 @@
import os
from os import F_OK, R_OK, W_OK, X_OK
-from os.path import join, dirname, isabs, basename, realpath, lexists
+from os.path import join, dirname, isabs, basename, realpath, lexists, islink
import sys
from stat import S_IFDIR
import shutil
@@ -117,9 +117,16 @@ def reserve_credentials(log, spool, bundle_id, constant_uid):
uid = constant_uid and gid or reserve_elt(join(spool, 'uid_pool'), 10000, 65534, 2, 'uids')
open(join(spool, 'uid_pool', str(gid)), 'w').close()
log('reserved credentials (%d, %d)', uid, gid)
+
+ path = join(spool, 'uid_to_gid', str(uid))
+ if not lexists(path):
+ os.symlink(str(gid), path)
+ else:
+ assert islink(path) and os.readlink(path) == str(gid)
+
return (uid, gid)
-def grab_home(log, spool, bundle_id, uid, gid, owner_uid):
+def grab_home(log, spool, bundle_id, uid, gid, owner_gid):
home = join(spool, 'uid_to_home_dir', str(uid))
comment = '%s.%d' % (bundle_id, uid)
@@ -142,18 +149,16 @@ def grab_home(log, spool, bundle_id, uid, gid, owner_uid):
else:
raise e
- os.chown(home, owner_uid, gid)
- os.chmod(home, 0750)
+ os.chown(home, uid, owner_gid)
+ os.chmod(home, 0770)
return home
def configure_home(spool, owner_uid, owner_gid, uid, gid, home):
path = join(spool, 'uid_to_instance_dir', str(uid))
- make_dirs(path, uid, owner_gid, 0770)
- os.chown(path, uid, owner_gid)
- os.chmod(path, 0770)
+ os.symlink(home, path)
if not lexists(join(home, 'instance')):
- os.symlink(path, join(home, 'instance'))
+ os.symlink('.', join(home, 'instance'))
path = join(spool, 'gid_to_data_dir', str(gid))
make_dirs(path, owner_uid, gid, 0770)
@@ -179,13 +184,6 @@ def configure_home(spool, owner_uid, owner_gid, uid, gid, home):
os.chown(join(home, path), uid, owner_gid)
os.chmod(join(home, path), 0770)
- if not lexists(join(home, '.fontconfig')):
- os.symlink('instance', join(home, '.fontconfig'))
- if not lexists(join(home, '.macromedia')):
- os.symlink('instance', join(home, '.macromedia'))
- if not lexists(join(home, '.adobe')):
- os.symlink('instance', join(home, '.adobe'))
-
def launch(log, home, uid, gid, argv, env, cwd, pset, safe_fds, strace_hint,
preloader_hint):
env['USER'] = str(uid)
@@ -297,7 +295,8 @@ def check_cwd(uid, gid, cwd):
def check_spool(spool, owner_uid, owner_gid):
spool_dirs = ('uid_pool', 'gid_pool', 'bundle_id_to_gid',
- 'uid_to_instance_dir', 'gid_to_data_dir', 'uid_to_home_dir')
+ 'uid_to_instance_dir', 'gid_to_data_dir', 'uid_to_home_dir',
+ 'uid_to_gid')
for frag in spool_dirs:
make_dirs(join(spool, frag), owner_uid, owner_gid, 0775)
ck = Checker(join(spool, frag), owner_uid, owner_gid)
@@ -313,8 +312,7 @@ def check_home_dirs(uid, gid, home):
def check_home(uid, gid, home):
ck = Checker(home, uid, gid)
- assert ck.positive(R_OK | X_OK, S_IFDIR)
- assert ck.negative(W_OK, 0)
+ assert ck.positive(R_OK | W_OK | X_OK, S_IFDIR)
def run(log, spool, env, argv, cwd, pset, safe_fds, strace_hint,
owner_uid, owner_gid, bundle_path, bundle_id, constant_uid,
@@ -328,7 +326,7 @@ def run(log, spool, env, argv, cwd, pset, safe_fds, strace_hint,
check_spool(spool, owner_uid, owner_gid)
uid, gid = reserve_credentials(log, spool, bundle_id, constant_uid)
- home = grab_home(log, spool, bundle_id, uid, gid, owner_uid)
+ home = grab_home(log, spool, bundle_id, uid, gid, owner_gid)
configure_home(spool, owner_uid, owner_gid, uid, gid, home)
if cwd is None:
--
1.5.3.3
More information about the Code-review
mailing list