App-LXC-Container
view release on metacpan or search on metacpan
lib/App/LXC/Container/Run.pm view on Meta::CPAN
$class eq __PACKAGE__ or fatal 'bad_call_to__1', __PACKAGE__ . '->new';
debug(1, __PACKAGE__, '::new("', join('", "', @_), '")');
my $container = shift;
my $user = shift;
my $dir = shift;
my %configuration = (audio => '-',
command => [@_],
dir => $dir,
gateway => '',
gids => [],
init => '/initialisation/script/is/undefined',
ip => '',
mounts => {},
name => $container,
network => 0,
network_type => 'N',
rc => _ROOT_DIR_ . '/' . $container . '.conf',
root => 'root/of/container/not/found',
running => 0,
uids => [],
lib/App/LXC/Container/Run.pm view on Meta::CPAN
$_ = $self->{ip};
s/\.\d+$/.1/;
$self->{gateway} = $_;
}
elsif (m|^\s*lxc\.idmap\s*=\s*u\s+(\d+)\s+\1\s+1$|)
{
push @{$self->{uids}}, $1 if $1 > 0;
}
elsif (m|^\s*lxc\.idmap\s*=\s*g\s+(\d+)\s+\1\s+1$|)
{
push @{$self->{gids}}, $1 if $1 > 0;
}
elsif (m|^\s*lxc\.mount\.entry\s*=\s*(/\S+)\s|)
{
$self->{mounts}{$1} = 1;
}
}
close $in;
$found == 1 or fatal 'bad_master__1', '???';
return $self;
lib/App/LXC/Container/Run.pm view on Meta::CPAN
{ error('broken_user_mapping__1', ACCOUNT_FILES_STR); }
else
{
my $lxc_etc = $self->{root} . '/etc/';
my $re_ids = $self->{user};
# TODO: Should we distinguish UIDs/GIDs? For now we just simply
# add them all. This has the charm that files of other users
# within the same group will be visible with their names in
# directory listings. The disadvantage is making them known by
# name (but the password hashes are always safe):
foreach (@{$self->{uids}}, @{$self->{gids}})
{ $re_ids .= '|' . $_; }
foreach (ACCOUNT_FILES)
{
# remove first to be sure not to overwrite something linked:
if (-f $lxc_etc . $_)
{
unlink $lxc_etc . $_
or fatal 'can_t_remove__1__2', $lxc_etc . $_, $!;
}
open my $in, '<', $_root_etc . $_
lib/App/LXC/Container/Run.pm view on Meta::CPAN
}
defined $entry
or fatal('call_failed__1__2',
'xauth list', 'no ' . $display);
debug(4, 'Xauthority entry is: ', $entry);
my $xauth_add = 'xauth -b -f ' . $xauth . ' add ' . $entry;
system($xauth_add) == 0
or fatal('call_failed__1__2', $xauth_add, $?);
if ($self->{user} ne 'root')
{
my ($uid, $gid) = (getpwnam($self->{user}))[2..3];
chown $uid, $gid, $xauth_dir, $xauth;
}
}
return $container_path;
}
#########################################################################
1;
#########################################################################
lib/App/LXC/Container/Update.pm view on Meta::CPAN
unshift @paths, $_ while s|/+(?:[^/]+)$|| and $_;
my $root = $self->{root_fs} . '/' . $self->{name};
-d $root or mkdir $root or fatal('can_t_create__1__2', $root, $!);
foreach (@paths)
{
-e $_ or fatal('_1_does_not_exist', $path);
my $target = $root . $_;
next if -e $target;
my $stat = stat($_);
my ($mode, $uid, $gid) = ($stat->mode, $stat->uid, $stat->gid);
if (-d)
{
$mode |= 0200; # prevent blocking ourselves later on
if (-l)
{
# links can be arbitrarily deep, so we use make_path on the
# absolute path and hope for no clashes:
$target = $root . abs_path($_);
my $errors = [];
make_path($target, {chmod => $mode, error => \$errors});
lib/App/LXC/Container/Update.pm view on Meta::CPAN
or error('can_t_create__1__2', $target, $errors);
}
else
{
mkdir $target or fatal('can_t_create__1__2', $target, $!);
}
# There are no standard files known to me meeting condition 2 or
# 4 (but not 1 and 3):
# uncoverable condition right
# uncoverable condition right count:3
$uid == 0 or $gid == 0 or $mode & 0001 or $_ eq $path
or warning('_1_may_be_inaccessible', $_);
}
else
{
open my $f, '>', $target
or fatal('can_t_create__1__2', $target, $!);
close $f;
}
if (-W $target)
{
# ignoring errors as mounting overrules most problems anyway:
chmod $mode, $target;
chown $uid, $gid, $target;
}
}
}
#########################################################################
=head2 B<_parse_filter> - parse filter configuration file
$self->_parse_filter();
lib/App/LXC/Container/Update.pm view on Meta::CPAN
}
say $out 'lxc.idmap = u ', $uid, ' ', 100000 + $uid, ' ', 65536 - $uid;
}
else
{
say $out HEADER_1, '-no privileged users-', HEADER_2;
say $out 'lxc.idmap = u 0 100000 65536';
}
if (0 < keys(%groups))
{
my $gid = 0;
foreach (sort {$a <=> $b} keys %groups)
{
say $out 'lxc.idmap = g ', $gid, ' ', 100000 + $gid, ' ', $_ - $gid
if $_ - $gid > 1;
say $out '#', $groups{$_}, ':';
say $out 'lxc.idmap = g ', $_, ' ', $_, ' 1';
$gid = $_ + 1;
}
say $out 'lxc.idmap = g ', $gid, ' ', 100000 + $gid, ' ', 65536 - $gid;
}
else
{ say $out 'lxc.idmap = g 0 100000 65536'; }
################################
# part 2 - special configuration:
if (@{$self->{specials}})
{
say $out HEADER_1, 'special configuration', HEADER_2;
say $out $_ foreach @{$self->{specials}};
'lxc.mount.entry = tmpfs dev/shm tmpfs create=dir,rw 0 0',
'lxc.mount.entry = /tmp tmp none create=dir,rw,bind 0 0',
'');
$_ = App::LXC::Container::Run->new('run-test-1', 'root', '/', 'do', 'it');
check_config_object($_,
'valid configuration 1',
[[audio => '-'],
[command => ['do', 'it']],
[dir => '/'],
[gateway => '^$'],
[gids => [1]],
[init => CONF_ROOT . '/run-test-1/lxc-run.sh'],
[ip => '^$'],
[mounts => {'/tmp' => 1}],
[name => 'run-test-1'],
[network => 0],
[network_type => 'N'],
[rc => LXC_LINK . '/run-test-1.conf'],
[root => CONF_ROOT . '/run-test-1'],
[running => 0],
[uids => [1]],
'lxc.mount.entry = /tmp tmp none create=dir,rw,bind 0 0',
'');
_setup_dir('/lxc/run-test-2/etc');
$_ = App::LXC::Container::Run->new('run-test-2', 'root', '/', 'do', 'it');
check_config_object($_,
'valid configuration 2',
[[audio => 'A'],
[command => ['do', 'it']],
[dir => '/'],
[gateway => '^10\.0\.3\.1$'],
[gids => []],
[init => CONF_ROOT . '/run-test-2/lxc-run.sh'],
[ip => '^10\.0\.3\.42$'],
[mounts => {'/tmp' => 1}],
[name => 'run-test-2'],
[network => 42],
[network_type => 'G'],
[rc => LXC_LINK . '/run-test-2.conf'],
[root => CONF_ROOT . '/run-test-2'],
[running => 0],
[uids => []],
( run in 0.718 second using v1.01-cache-2.11-cpan-ceb78f64989 )