]>
git.ipfire.org Git - pakfire.git/log
Michael Tremer [Thu, 4 Aug 2022 15:18:54 +0000 (15:18 +0000)]
jail: Implement better logging for the child process
The child process used to dump any logging to the standard output/error
which is not useful when we want to collect any actual output of the
process that was called.
This patch adds extra pipes (one for each log level - I know) and passes
those log messages on to the regular logger (past the jail log
callback).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Aug 2022 13:40:23 +0000 (13:40 +0000)]
jail: Automatically determine how many fds we have in the array
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Aug 2022 13:39:30 +0000 (13:39 +0000)]
jail: Don't open log descriptors are non-blocking
We want write() to block if the pipe is full and not drop any messages.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Aug 2022 10:11:21 +0000 (10:11 +0000)]
jail: Do not remove trailing newline when capturing log
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Aug 2022 10:07:02 +0000 (10:07 +0000)]
python: Add switch to return output on execute
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 16:39:33 +0000 (16:39 +0000)]
jail: Actually connect stdout/stderr to logger
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 16:02:22 +0000 (16:02 +0000)]
tests: Rename execute.py to jail.py
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 15:59:54 +0000 (15:59 +0000)]
tests: command: Rename pid to print-pid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 15:58:08 +0000 (15:58 +0000)]
jail: Implement setting nice level
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 15:32:53 +0000 (15:32 +0000)]
execute: Drop old environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 15:21:49 +0000 (15:21 +0000)]
jail: Unify the wait logic for processes and use pidfd
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 14:22:43 +0000 (14:22 +0000)]
python: Rework Pakfire.execute() using jail
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 10:27:47 +0000 (10:27 +0000)]
jail: Export in libpakfire
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 10:22:27 +0000 (10:22 +0000)]
jail: Move pakfire_execute_shell/ldconfig
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 10:17:37 +0000 (10:17 +0000)]
jail: Add option to collect stdout
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:35:41 +0000 (09:35 +0000)]
execute: Drop unused pakfire_execute_script function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:32:17 +0000 (09:32 +0000)]
build: Replace pakfire_execute_script with new jail functions
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:27:13 +0000 (09:27 +0000)]
scriptlets: Use new jail functions to run scripts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:26:56 +0000 (09:26 +0000)]
jail: Add convenience function to run scripts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:08:07 +0000 (09:08 +0000)]
jail: Configure UID/GID mapping correctly for root
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 09:01:38 +0000 (09:01 +0000)]
jail: Create fds for logging as non-blocking straight away
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 08:59:35 +0000 (08:59 +0000)]
jail: Use struct in execution context
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 08:47:17 +0000 (08:47 +0000)]
jail: Move completed_fd into ctx
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 08:44:05 +0000 (08:44 +0000)]
build: Use factory function to create jail
This jail can be configured and customised for the build process.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Aug 2022 08:42:18 +0000 (08:42 +0000)]
execute: Replace old code with new jail
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 18:26:51 +0000 (18:26 +0000)]
build: Drop separate logging callback
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 18:12:32 +0000 (18:12 +0000)]
execute: Drop unused pakfire_execute_command function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 18:09:46 +0000 (18:09 +0000)]
execute: Use pakfire_jail_run() to call ldconfig
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 18:09:27 +0000 (18:09 +0000)]
execute: Use convenience function to run shell
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 18:07:12 +0000 (18:07 +0000)]
jail: Add convenience function to run simple commands
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:58:25 +0000 (17:58 +0000)]
execute: Use new jail to run shell
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:48:45 +0000 (17:48 +0000)]
jail: Add interface to simply execute scripts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:40:22 +0000 (17:40 +0000)]
jail: Add function to import environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:32:44 +0000 (17:32 +0000)]
jail: Set default logging callback
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:30:07 +0000 (17:30 +0000)]
jail: Implement changing logging callback
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 17:27:28 +0000 (17:27 +0000)]
jail: Import logging stuff from execute.c
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:37:41 +0000 (16:37 +0000)]
jail: Fix signal handling
We need to stricly send uint64_t.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:23:40 +0000 (16:23 +0000)]
mount: Add /dev/shm
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:21:52 +0000 (16:21 +0000)]
mount: Bring back /tmp to jail
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:09:25 +0000 (16:09 +0000)]
mount: Mount a new instance of /dev/pts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:03:57 +0000 (16:03 +0000)]
mount: Make /dev/mqueue available in jail
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 16:01:40 +0000 (16:01 +0000)]
mount: Fix mounting any file systems from the host system
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 15:30:28 +0000 (15:30 +0000)]
jail: Try bind-mounting device nodes when we cannot use mknod()
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:47:34 +0000 (14:47 +0000)]
jail: Apply syscall filter
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:44:38 +0000 (14:44 +0000)]
jail: Execute command
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:40:09 +0000 (14:40 +0000)]
jail: Drop capabilities
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:36:22 +0000 (14:36 +0000)]
jail: Set open file limit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:35:12 +0000 (14:35 +0000)]
jail: Set personality
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:17:34 +0000 (14:17 +0000)]
jail: Mount all default filesystems
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 14:11:08 +0000 (14:11 +0000)]
jail: Fix setting UID/GID in namespace
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 11:07:47 +0000 (11:07 +0000)]
jail: Make the client process wait until the parent has finished initialization
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 10:50:41 +0000 (10:50 +0000)]
jail: Perform UID/GID setup for new namespace
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 10:35:30 +0000 (10:35 +0000)]
jail: Implement first steps of running a command in jail
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 10:29:49 +0000 (10:29 +0000)]
Makefile: Define TEST_STUB_ROOT in testsuite
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 09:11:39 +0000 (09:11 +0000)]
jail: Introduce interactive jails
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 09:02:54 +0000 (09:02 +0000)]
jail: Add flags
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:59:53 +0000 (08:59 +0000)]
jail: Add prototype for execution function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:55:09 +0000 (08:55 +0000)]
jail: Set some default environment variables
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:50:48 +0000 (08:50 +0000)]
jail: Implement setting environment variables
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:23:21 +0000 (08:23 +0000)]
jail: Log when jails are created/destroyed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:13:22 +0000 (08:13 +0000)]
tests: Add a simple test for jails
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 08:01:46 +0000 (08:01 +0000)]
jail: Add basic type
The goal is to split execute.c into a more flexible API.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2022 07:46:33 +0000 (07:46 +0000)]
execute: Split creation of namespaces into two steps
This is needed to create a new user namespace first in which we can do
some first stage of initialization. Then, we will start a new process in
that new namespace which will finish initialization.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jul 2022 09:11:04 +0000 (09:11 +0000)]
execute: Add flags to the environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jul 2022 09:09:44 +0000 (09:09 +0000)]
execute: Drop creating a new cgroup in the parent process
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jul 2022 08:39:50 +0000 (08:39 +0000)]
tests: execute: Check if the process has received PID 1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 10:40:38 +0000 (10:40 +0000)]
tests: execute: Add test to catch exceptions in logger
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 10:36:23 +0000 (10:36 +0000)]
tests: command: Print PID
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 10:34:20 +0000 (10:34 +0000)]
tests: command: Build a fork bomb
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 10:23:15 +0000 (10:23 +0000)]
tests: execute: Check if logger returned the correct output
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 10:12:59 +0000 (10:12 +0000)]
tests: command: All option to exhaust all memory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 09:57:42 +0000 (09:57 +0000)]
tests: execute: Generate some random output for tests
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 08:32:02 +0000 (08:32 +0000)]
tests: execute: Replace former dummy commands
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 08:30:47 +0000 (08:30 +0000)]
tests: execute: Add test to return environment variables
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 08:25:53 +0000 (08:25 +0000)]
tests: execute: Add a simple echo command that prints lines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 08:18:48 +0000 (08:18 +0000)]
tests: execute: Replace exit code tests with the stub command
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Jul 2022 08:18:21 +0000 (08:18 +0000)]
tests: Run execute tests in the stub environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 16:39:56 +0000 (16:39 +0000)]
tests: Build scaffolding for a simple statically linked command
This can then be used to test the execution container.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 16:27:59 +0000 (16:27 +0000)]
snapshot: Show throughput and ETA in progress bar
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 16:23:13 +0000 (16:23 +0000)]
util: Drop any custom timespec functions
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 16:20:38 +0000 (16:20 +0000)]
progressbar: Make this a lot smoother
Previously, the progress bar was redrawn very often which did not look
great on the terminal. We are now redrawing the bar about 20 times a
second which gives us a smooth experience.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:40:33 +0000 (14:40 +0000)]
_pakfire: Adjust flag to enable/disable ccache
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:39:23 +0000 (14:39 +0000)]
_pakfire: Adjust flag to enable/disable snapshot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:34:02 +0000 (14:34 +0000)]
tests: Remove unneeded stuff from snapshot.c
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:33:46 +0000 (14:33 +0000)]
snapshot: Include pakfire.h
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:31:57 +0000 (14:31 +0000)]
tests: Check if snapshot has something in it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:29:32 +0000 (14:29 +0000)]
mount: Don't return error in foreach when there are no mountpoints
The loop returned 1 by default when there were no mountpoints to process
which is not what we need here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:21:28 +0000 (14:21 +0000)]
snapshots: Protect against invalid inputs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 14:11:53 +0000 (14:11 +0000)]
tests: Add a test that creates and restores a snapshot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 11:55:22 +0000 (11:55 +0000)]
Revert "mount: Adjust mount flags for unprivileged users"
This reverts commit
c92f710524a370d8e910b74d7ba062373d02d7a6 .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 09:38:40 +0000 (09:38 +0000)]
mount: Adjust mount flags for unprivileged users
Bind-mounts require us to set MS_REC and remounting any mountpoint
requires us to now downgrade on noexec/nodev/nosuid.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 19 Jul 2022 09:37:30 +0000 (09:37 +0000)]
mount: Use mount(2) to perform any mount operations
libmount did too much voodoo here which prevented us from running
smoothly for unprivileged users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 18:28:55 +0000 (18:28 +0000)]
archive: Don't use path in error message
path seems to have been freed after the extraction has been started and
therefore we cannot use it any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 17:31:16 +0000 (17:31 +0000)]
mount: Don't mount /tmp in container
If /tmp is a ramdisk, any temporary files written during the build
process will be lost between stages. That is rather unintuitive and we
might use excess memory.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 17:30:16 +0000 (17:30 +0000)]
execute: Copy scripts into /
Formerly they were created in /tmp which could be overlayed by a tmpfs.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 09:40:03 +0000 (09:40 +0000)]
file: Make the static analyzer happy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 09:24:54 +0000 (09:24 +0000)]
pakfire: Move cache directory into user's home
This is only happening when running as an unprivileged user.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 09:24:24 +0000 (09:24 +0000)]
util: Fix permissions of temporary directories
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 08:52:12 +0000 (08:52 +0000)]
Move all temporary files directly into /var/tmp
When running Pakfire as an unprivileged user, we cannot create temporary
files in a subdirectory which has been created earlier by a different
user.
Hence we now put everything directly into /var/tmp where everyone should
have write permissions all of the time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jul 2022 08:24:32 +0000 (08:24 +0000)]
util: Store errno when running pakfire_rmtree()
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>