????

Your IP : 3.141.45.137


Current Path : /proc/self/root/opt/cloudlinux/venv/lib64/python3.11/site-packages/cllimits/
Upload File :
Current File : //proc/self/root/opt/cloudlinux/venv/lib64/python3.11/site-packages/cllimits/cagefs_lib.py

# -*- coding: utf-8 -*-

# lvectl.py - module for interfacing with cagefsctl utility for get/set CageFs user's status
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
import logging
import os.path

from cllimits.lib import exec_utility
from clcommon.clexception import FormattedException
from clcommon.utils import run_command, ExternalProgramFailed


class CageFsException(FormattedException):
    pass


class CageFs:
    _UTILITY_PATH = '/usr/sbin/cagefsctl'

    def __init__(self, logger=None):
        # List of enabled users in Cagefs
        self._cagefs_enabled_users = None
        self._is_cagefs_error = False
        self._logger = logger or self._create_dummy_logger()

    @staticmethod
    def _create_dummy_logger():
        logger = logging.getLogger(__name__)
        # in order to write messages only to this logger, not global
        logger.propagate = False
        logger.addHandler(logging.NullHandler())
        return logger

    def is_cagefs_present(self):
        """
        Get CageFS presence flag
        :return: True/False - Cagefs present/absent
        """
        return os.path.isfile(self._UTILITY_PATH)

    # WARNING: result is cached, TODO: rework caching
    def get_user_status(self, username):
        """
        Get User status in CageFs
        :param username: User name
        :return: True/False - user enabled/disabled in CageFs
        """
        # Load Cagefs data if need
        self._load_info()
        return username in self._cagefs_enabled_users

    def set_user_status(self, username, status, ignore_cache=False):
        """
        Set user status in CageFs
        :param str username: User name
        :param bool status: new user status - True/False --> enable/disable
        :param bool ignore_cache: ignore data caching
        :return: None
        """
        # Load Cagefs data if need
        if not ignore_cache:
            self._load_info()
            if status and self.get_user_status(username):
                # Enable user: user already in cagefs - do nothing
                return
            if not status and not self.get_user_status(username):
                # Disable user: user already not in cagefs - do nothing
                return
        if status:
            cagefsctl_arg = "--enable"
        else:
            cagefsctl_arg = "--disable"
        self._get_cagefsctl_out([cagefsctl_arg, username])

    def _load_info(self):
        """
        Loads users info from Cagefs
        :return: None
        """
        # Exit if CageFS data already loaded
        if self._cagefs_enabled_users is not None:
            return
        # Exit if CageFS not present or Cagefs error
        if not self.is_cagefs_present() or self._is_cagefs_error:
            raise CageFsException({'message': "%(util)s is disabled",
                                   'context': {'util': 'CageFS'}})
        self._cagefs_enabled_users = []
        s_cagefs_out = self._get_cagefsctl_out(['--list-enabled'])
        # Parse result
        s_enabled_users_parts = s_cagefs_out.split('\n')
        for line in s_enabled_users_parts:
            if "enabled user" in line:
                continue
            self._cagefs_enabled_users.append(line.strip())

    def initialize_cagefs(self):
        """
        Just initialize cagefs
        """
        out = self._get_cagefsctl_out(['--init'])
        return out

    def set_enabled_mode(self):
        # We use run_command because it uses close_fds=True during subprocess opening
        # in case of --enable-all there are problems with lock on cl6
        # so we use close_fds=True to close file descriptor and makes locking works properly
        try:
            cmd = ['cagefsctl', '--enable-all']
            out = run_command(cmd)
            return out
        except ExternalProgramFailed as err:
            raise CageFsException(str(err)) from err

    def get_user_mode(self):
        out = self._get_cagefsctl_out(['--display-user-mode'])
        # Mode: Disable All
        mode = out.split(':')[1].strip()
        return mode

    def toggle_user_mode(self):
        self._get_cagefsctl_out(['--toggle-mode'])

    def enable_cagefs(self):
        # We use run_command because it uses close_fds=True during subprocess opening
        # in case of --enable-cagefs there are problems with lock on cl6
        # so we use close_fds=True to close file descriptor and makes locking works properly
        try:
            cmd = ['cagefsctl', '--enable-cagefs']
            self._logger.info('Running "%s"', ' '.join(cmd))
            out = run_command(cmd)
            return out
        except ExternalProgramFailed as err:
            self._logger.info('cagefsctl exited with error "%s"', str(err))
            raise CageFsException(str(err)) from err

    def _get_cagefsctl_out(self, cmd):
        self._logger.info('Running "cagefsctl %s"', ' '.join(cmd))
        if not self.is_cagefs_present():
            raise CageFsException({'message': "%(util)s is not installed",
                                   'context': {'util': 'CageFS'}})
        ret_code, s_stdout, s_stderr = exec_utility(self._UTILITY_PATH, cmd, stderr=True)
        s_cagefs_out = s_stdout or s_stderr
        if ret_code != 0 or 'Error:' in s_cagefs_out:
            self._logger.info('Cagefs exited with exit code "%s" and output "%s"', (ret_code, s_cagefs_out))
            self._is_cagefs_error = True
            raise CageFsException(s_cagefs_out)
        return s_cagefs_out

    def rebuild_alt_php_ini(self):
        out = self._get_cagefsctl_out(['--rebuild-alt-php-ini'])
        return out