From 0760e10442d137a933dc01afb4ff6f884e4ed9db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=B3=E5=85=89=E5=B0=91=E5=B9=B4?= <849317537@qq.com> Date: Thu, 8 Aug 2024 03:40:27 +0000 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E5=AF=BC=E5=85=A5=E8=B7=AF?= =?UTF-8?q?=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main.rs | 52 ++++++++++++++++++---------------------------------- 1 file changed, 18 insertions(+), 34 deletions(-) diff --git a/src/main.rs b/src/main.rs index 2f1d091..af4bf8e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,25 +1,21 @@ -use std::arch::asm; -use std::ffi::{CStr, CString}; -use std::fs::File; -use std::io::Read; -use std::os::fd::{AsFd, AsRawFd}; -use std::os::unix::fs::PermissionsExt; -use std::os::unix::process::CommandExt; -use nix::libc::{self, setgid, CLONE_NEWCGROUP, MS_NODEV, MS_NOSUID}; +use std::{io, fs, fmt, os, path}; +use io::Read; +use fmt::Display; +use os::fd::{AsFd, AsRawFd}; +use os::unix::{fs::PermissionsExt, process::CommandExt}; +use path::{Path, PathBuf}; + use nix::sched::{clone, CloneCb, CloneFlags, setns}; -use nix::sys::signal::{kill, Signal}; -use nix::sys::wait::{wait, waitpid, waitid, WaitPidFlag}; -use nix::unistd::{chdir, chroot, dup2, execv, pivot_root, setuid, sleep, Gid, Pid, Uid, User, setgroups}; +use nix::sys::{signal::{kill, Signal}, wait::{waitpid, WaitPidFlag}}; +use nix::unistd::{dup2, pivot_root, setuid, setgid, Gid, Pid, Uid, User, setgroups}; use nix::mount::{mount, MntFlags, MsFlags, umount2}; -use std::path::{Path, PathBuf}; -use clap::Parser; -use error::{Result, RockerError}; -mod error; use uuid; -use std::{io, fs}; use toml; use serde::{Deserialize, Serialize}; -use std::fmt::Display; +use clap::Parser; + +use error::{Result, RockerError}; +mod error; static WORKSPACE: &str = "/root/rocker"; static USER_NAME: &str = "rocker"; @@ -197,7 +193,7 @@ fn init_container_env(env: Option<&String>) -> Result<()>{ let env_vec = if env.starts_with("./") || env.starts_with("/") { // 读取出路径指定的文件作为env let env_path = Path::new(env); - let mut env_file = File::open(env_path)?; + let mut env_file = fs::File::open(env_path)?; let text = { let mut s = String::new(); env_file.read_to_string(&mut s)?; @@ -263,7 +259,7 @@ fn init_container_mount() -> Result<()> { fn init_container_log(log: bool) -> Result<()> { let log_path = Path::new("logs"); create_dir(log_path, true)?; - let log_fd = File::create(log_path.join("log"))?; + let log_fd = fs::File::create(log_path.join("log"))?; if log { unsafe { let log_fd_raw = log_fd.as_raw_fd(); @@ -276,10 +272,8 @@ fn init_container_log(log: bool) -> Result<()> { fn init_container_user(uid: Uid, gid: Gid) -> Result<()>{ - unsafe { - setgid(gid.as_raw()); - setgroups(&[gid])?; - } + setgid(gid)?; + setgroups(&[gid])?; setuid(uid)?; Ok(()) } @@ -292,16 +286,6 @@ fn create_dir>(path: P, is_any:bool) -> Result<()> { Ok(()) } - -fn parse_cmd(run: &String) -> Vec{ - let args= run - .split(" ") - .filter_map(|s| CString::new(s).ok()) - .collect::>(); - args -} - - fn check_container_is_running(pid: &Pid, main_exe: &Path) -> Result { // 检查pid对应的exe是否和外部传过来的相同 let child_exe_s= format!("/proc/{pid}/exe"); @@ -317,7 +301,7 @@ fn init_exec_ns(pid: i32) -> Result<()>{ // 把当前进程加入到指定pid的namespace for ns_name in vec!["ipc", "uts", "net", "pid", "mnt"] { let ns_path = format!("/proc/{pid}/ns/{ns_name}"); - let ns_fild = File::open(ns_path)?; + let ns_fild = fs::File::open(ns_path)?; setns(ns_fild.as_fd(), CloneFlags::from_bits_retain(0))? } Ok(()) }