Class: OsCtld::UserControl::Supervisor::NamespacedClientHandler

Inherits:
Generic::ClientHandler show all
Defined in:
lib/osctld/user_control/supervisor.rb

Overview

Client handler for commands called from a container’s user namespace.

The handler finds appropriate osctld user and passes control to standard client handler.

Instance Attribute Summary

Attributes inherited from Generic::ClientHandler

#opts

Instance Method Summary collapse

Methods inherited from Generic::ClientHandler

#communicate, #error, #error!, #initialize, #ok, #parse, #reply_error, #reply_ok, #request_stop, #send_data, #send_update, #server_version, #socket

Constructor Details

This class inherits a constructor from OsCtld::Generic::ClientHandler

Instance Method Details

#handle_cmd(req) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/osctld/user_control/supervisor.rb', line 24

def handle_cmd(req)
  return error('invalid input') unless req.is_a?(Hash)

  # For now, allow only ct_autodev
  unless %w[ct_autodev ct_pre_mount ct_post_mount].include?(req[:cmd])
    return error('invalid cmd')
  end

  # Find out which user has connected
  cred = @sock.getsockopt(Socket::SOL_SOCKET, Socket::SO_PEERCRED)
  pid, uid, gid = cred.unpack('LLL')

  # Locate the user in DB using the uid of the caller process' grandparent:
  # - caller: lxc hook
  # - parent: lxc-start, future /sbin/init
  # - grandparent: lxc-start running within the host namespace
  process = OsCtl::Lib::OsProcess.new(pid)
  gpuid = process.grandparent.ruid

  user = DB::Users.get.detect do |u|
    u.pool.name == req[:opts][:pool] && u.ugid == gpuid
  end

  unless user
    log(:warn, "Unable to find user for pid=#{pid},uid=#{uid},gid=#{gid}")
    return error('invalid user')
  end

  # Just to be sure that we have the right user, compare the caller's
  # uid/gid with the user's uid/gid within user namespace.
  {
    uid: [user.uid_map.ns_to_host(0), uid],
    gid: [user.gid_map.ns_to_host(0), gid]
  }.each do |type, ids|
    expected, got = ids

    next unless expected != got

    log(:warn, "Caller's #{type} does not match the located user: " \
               "user=#{user.ident}, expected #{type}=#{expected}, " \
               "got #{type}=#{got}")
    return error('invalid user')
  end

  req[:opts].update(client_pid: pid) if req[:opts].is_a?(Hash)

  # Forward to a real client handler
  log(:info, "Forwarding request to user #{user.ident}")
  handler = ClientHandler.new(@sock, user:)
  handler.handle_cmd(req)
end

#log_typeObject 



76
77
78
 
# File 'lib/osctld/user_control/supervisor.rb', line 76

def log_type
  self.class.name
end