1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/usr/bin/python
import sys
import pwd
from os import getuid, getgid, environ, chmod, chown, symlink, listdir
from os.path import join, isdir, dirname, exists
from optparse import OptionParser
from shutil import copyfile
from rainbow.util import make_reporter, trace, make_dirs
sys.excepthook = trace
def main():
parser = OptionParser(version='0.1')
parser.add_option('-v', '--verbose', default=0, action='count',
help='Verbosity. Repeat for more verbose output.')
parser.add_option('-q', '--quiet', default=False, action='store_true',
help='Quiet. Disable all output.')
parser.add_option('-u', '--user', default=None,
help="Isolated user.")
parser.add_option('-e', '--envdir', default=None,
help="Envdir to be used for launching.")
opts, args = parser.parse_args()
if not opts.user or not opts.envdir:
parser.print_help()
exit(1)
report = make_reporter(opts.verbose, opts.quiet, sys.stdout)
def check_user(report, opts):
report(1, 'Sugarizing isolated uid %s.', opts.user)
return opts.user
def check_envdir(report, envdir):
report(1, 'Sugarizing envdir %s.', envdir)
assert isdir(envdir)
def write_envvar(k, v):
report(1, '-E %s=%s', k, v)
open(join(envdir, k), 'w').write(v)
return write_envvar
user = check_user(report, opts)
write_envvar = check_envdir(report, opts.envdir)
o = pwd.getpwuid(getuid())
i = pwd.getpwnam(user)
h_o = o.pw_dir
h_i = i.pw_dir
# We want to use xauth generate $DISPLAY . untrusted, but we don't have
# XSECURITY enabled. <MS>
environ.setdefault('XAUTHORITY', join(h_o, '.Xauthority'))
environ.setdefault('ICEAUTHORITY', join(h_o, '.ICEauthority'))
x_cookie_path = join(h_i, '.Xauthority')
make_dirs(dirname(x_cookie_path), getuid(), getgid(), 0777)
copyfile(environ['XAUTHORITY'], x_cookie_path)
chmod(x_cookie_path, 0666)
chown(x_cookie_path, o.pw_uid, i.pw_gid)
ice_cookie_path = join(h_i, '.ICEauthority')
make_dirs(dirname(ice_cookie_path), getuid(), getgid(), 0777)
copyfile(environ['ICEAUTHORITY'], ice_cookie_path)
chmod(ice_cookie_path, 0666)
chown(ice_cookie_path, o.pw_uid, i.pw_gid)
corba_socket_path = join('/tmp', 'orbit-' + o.pw_name)
if exists(corba_socket_path):
chmod(corba_socket_path, 0750)
for socket_name in listdir(corba_socket_path):
chmod(join(corba_socket_path, socket_name), 0660)
for frag in ['owner.key.pub']:
path = join('.sugar/default/', frag)
make_dirs(dirname(join(h_i, path)), getuid(), getgid(), 0777)
copyfile(join(h_o, path), join(h_i, path))
chmod(join(h_i, path), 0666)
write_envvar('USER', i.pw_name)
write_envvar('HOME', h_i)
write_envvar('XAUTHORITY', x_cookie_path)
write_envvar('ICEAUTHORITY', ice_cookie_path)
write_envvar('SUGAR_ACTIVITY_ROOT', h_i)
write_envvar('TMPDIR', join(h_i, 'tmp'))
write_envvar('DISPLAY', environ['DISPLAY'])
symlink(".", join(h_i, "instance"))
symlink(environ["SUGAR_BUNDLE_ID"], join(h_i, "data"))
symlink(environ.get("TMPDIR", "/tmp"), join(h_i, "tmp"))
if __name__ == '__main__':
main()
# vim : et sw=4 ts=4 sts=4 :
|
