linux.go 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. // +build linux
  2. package system
  3. import (
  4. "bufio"
  5. "fmt"
  6. "os"
  7. "os/exec"
  8. "syscall" // only for exec
  9. "unsafe"
  10. "golang.org/x/sys/unix"
  11. )
  12. // If arg2 is nonzero, set the "child subreaper" attribute of the
  13. // calling process; if arg2 is zero, unset the attribute. When a
  14. // process is marked as a child subreaper, all of the children
  15. // that it creates, and their descendants, will be marked as
  16. // having a subreaper. In effect, a subreaper fulfills the role
  17. // of init(1) for its descendant processes. Upon termination of
  18. // a process that is orphaned (i.e., its immediate parent has
  19. // already terminated) and marked as having a subreaper, the
  20. // nearest still living ancestor subreaper will receive a SIGCHLD
  21. // signal and be able to wait(2) on the process to discover its
  22. // termination status.
  23. const PR_SET_CHILD_SUBREAPER = 36
  24. type ParentDeathSignal int
  25. func (p ParentDeathSignal) Restore() error {
  26. if p == 0 {
  27. return nil
  28. }
  29. current, err := GetParentDeathSignal()
  30. if err != nil {
  31. return err
  32. }
  33. if p == current {
  34. return nil
  35. }
  36. return p.Set()
  37. }
  38. func (p ParentDeathSignal) Set() error {
  39. return SetParentDeathSignal(uintptr(p))
  40. }
  41. func Execv(cmd string, args []string, env []string) error {
  42. name, err := exec.LookPath(cmd)
  43. if err != nil {
  44. return err
  45. }
  46. return syscall.Exec(name, args, env)
  47. }
  48. func Prlimit(pid, resource int, limit unix.Rlimit) error {
  49. _, _, err := unix.RawSyscall6(unix.SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(&limit)), uintptr(unsafe.Pointer(&limit)), 0, 0)
  50. if err != 0 {
  51. return err
  52. }
  53. return nil
  54. }
  55. func SetParentDeathSignal(sig uintptr) error {
  56. if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil {
  57. return err
  58. }
  59. return nil
  60. }
  61. func GetParentDeathSignal() (ParentDeathSignal, error) {
  62. var sig int
  63. if err := unix.Prctl(unix.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0, 0, 0); err != nil {
  64. return -1, err
  65. }
  66. return ParentDeathSignal(sig), nil
  67. }
  68. func SetKeepCaps() error {
  69. if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 1, 0, 0, 0); err != nil {
  70. return err
  71. }
  72. return nil
  73. }
  74. func ClearKeepCaps() error {
  75. if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 0, 0, 0, 0); err != nil {
  76. return err
  77. }
  78. return nil
  79. }
  80. func Setctty() error {
  81. if err := unix.IoctlSetInt(0, unix.TIOCSCTTY, 0); err != nil {
  82. return err
  83. }
  84. return nil
  85. }
  86. // RunningInUserNS detects whether we are currently running in a user namespace.
  87. // Copied from github.com/lxc/lxd/shared/util.go
  88. func RunningInUserNS() bool {
  89. file, err := os.Open("/proc/self/uid_map")
  90. if err != nil {
  91. // This kernel-provided file only exists if user namespaces are supported
  92. return false
  93. }
  94. defer file.Close()
  95. buf := bufio.NewReader(file)
  96. l, _, err := buf.ReadLine()
  97. if err != nil {
  98. return false
  99. }
  100. line := string(l)
  101. var a, b, c int64
  102. fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
  103. /*
  104. * We assume we are in the initial user namespace if we have a full
  105. * range - 4294967295 uids starting at uid 0.
  106. */
  107. if a == 0 && b == 0 && c == 4294967295 {
  108. return false
  109. }
  110. return true
  111. }
  112. // SetSubreaper sets the value i as the subreaper setting for the calling process
  113. func SetSubreaper(i int) error {
  114. return unix.Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
  115. }