Make xephyr optional, drop strace option.

author: Michael Stone <michael@laptop.org> 2009-04-12 08:41:14 (GMT)
committer: Michael Stone <michael@laptop.org> 2009-04-12 08:41:14 (GMT)
commit: e81c6ce196116d6b6afe0efbfb559012820c88f2 (patch)
tree: c8edacc541e45bbbe1fe9584d2b6e693029290e4
parent: 4cb3c824c551be9d6379d851a7090ec2e8ebd673 (diff)
3 files changed, 44 insertions, 44 deletions
diff --git a/rainbow/bin/rainbow-easy b/rainbow/bin/rainbow-easy
index ac6381a..060c13c 100755
--- a/rainbow/bin/rainbow-easy
+++ b/rainbow/bin/rainbow-easy
@@ -23,4 +23,4 @@ for kv in env:
 EOF`
 fi
 
-exec rainbow-run -s /var/spool/rainbow/2 -u "$SUDO_USER" -c "`pwd`" -f 0 -f 1 -f 2 -i "${SUDO_USER}_${ID}" -E "DISPLAY=$DISPLAY" -a /usr/bin/rainbow-xify -o audio -- $@
+exec rainbow-run -v -v -v -s /var/spool/rainbow/2 -u "$SUDO_USER" -c "`pwd`" -f 0 -f 1 -f 2 -i "${SUDO_USER}_${ID}" -E "DISPLAY=$DISPLAY" -a /usr/bin/rainbow-xify -o audio -o xephyr -- $@
diff --git a/rainbow/bin/rainbow-run b/rainbow/bin/rainbow-run
index fc68e4d..2fa8d95 100755
--- a/rainbow/bin/rainbow-run
+++ b/rainbow/bin/rainbow-run
@@ -35,7 +35,7 @@ def main():
     parser.add_option('-i', '--id', default=None,
                       help="ID of shared-data group.")
     parser.add_option('-o', '--option', default=[], action='append',
-                      help="Options: video, audio, serial, constant-uid, strace.")
+                      help="Options: video, audio, serial, constant-uid, xephyr.")
     parser.add_option('-p', '--permissions', default=None,
                       help="Location of a permissions.info file.")
     parser.add_option('-u', '--user', default=None,
@@ -73,8 +73,8 @@ def main():
     def check_groups(opts):
         return [grp.getgrnam(g)[2] for g in opts.group]
 
-    def check_strace(opts):
-        return 'strace' in opts.option
+    def check_xephyr(opts):
+        return 'xephyr' in opts.option
 
     def check_constant_uid(opts):
         return 'constant-uid' in opts.option
@@ -108,15 +108,16 @@ def main():
     pset = PermissionSet(opts.permissions or [])
 
     # Dirty hack -- pass 'constant-uid' and 'strace' in as permissions. <MS>
-    for perm in ('constant-uid', 'strace', 'audio', 'video', 'serial'):
+    for perm in ('constant-uid', 'audio', 'video', 'serial'):
         pset._permissions.setdefault(perm, locals()['check_'+perm.replace('-','_')](opts))
 
     data_id = check_data_id(opts)
     assistant = check_assistant(opts)
+    xephyr = check_xephyr(opts)
 
     resume_uid = None
 
-    args = (report, spool, env, argv, cwd, pset, safe_fds, uid, gid, resume_uid, groups, [data_id], assistant)
+    args = (report, spool, env, argv, cwd, pset, safe_fds, uid, gid, resume_uid, groups, [data_id], assistant, xephyr)
     report(1, 'rainbow:\n%s', pformat(args))
 
     unshare(CLONE_NEWNS)
diff --git a/rainbow/rainbow/inject.py b/rainbow/rainbow/inject.py
index 0b01f3b..7dec051 100644
--- a/rainbow/rainbow/inject.py
+++ b/rainbow/rainbow/inject.py
@@ -87,40 +87,39 @@ def mount_fsen(log, _):
     mount('tmpfs', '/var/tmp', 'tmpfs', 0, '')
 
 def run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups, safe_fds):
-    if assistant:
-        envdir = None
-        try:
-            envdir = mkdtemp()
-            chown(envdir, owner_uid, owner_gid)
-            pid = fork()
-        except:
-            if envdir: check_call(['/bin/rm', '-rf', envdir])
-            raise
+    envdir = None
+    try:
+        envdir = mkdtemp()
+        chown(envdir, owner_uid, owner_gid)
+        pid = fork()
+    except:
+        if envdir: check_call(['/bin/rm', '-rf', envdir])
+        raise
+    else:
+        if not pid:
+            log(1, 'Dropping privilege to run assistant.')
+            setgroups(groups)
+            setgid(owner_gid)
+            setuid(owner_uid)
+            log(1, 'Closing fds.')
+            for fd in get_fds():
+                if fd not in safe_fds:
+                    try: os.close(fd) # propagate failure from EIO or EBADF.
+                    except: pass
+            log(1, 'Running assistant.')
+            assistant_argv = [assistant, '-v', '-v', '-v', '-u', str(uid), '-e', envdir]
+            log(1, '%r %r', assistant_argv, env)
+            execvpe(assistant_argv[0], assistant_argv, env)
+            _exit(55)
         else:
-            if not pid:
-                log(1, 'Dropping privilege to run assistant.')
-                setgroups(groups)
-                setgid(owner_gid)
-                setuid(owner_uid)
-                log(1, 'Closing fds.')
-                for fd in get_fds():
-                    if fd not in safe_fds:
-                        try: os.close(fd) # propagate failure from EIO or EBADF.
-                        except: pass
-                log(1, 'Running assistant.')
-                assistant_argv = [assistant, '-v', '-v', '-v', '-u', str(uid), '-e', envdir]
-                log(1, '%r %r', assistant_argv, env)
-                execvpe(assistant_argv[0], assistant_argv, env)
-                _exit(55)
-            else:
-                try:
-                    pid, status = waitpid(pid, 0)
-                    log(1, 'Assistant returned %d.', status)
-                    assert not WEXITSTATUS(status)
-                    return read_envdir(envdir)
-                finally:
-                    log(1, 'pid %d  uid %d', getpid(), getuid())
-                    if envdir: check_call(['/bin/rm', '-rf', envdir])
+            try:
+                pid, status = waitpid(pid, 0)
+                log(1, 'Assistant returned %d.', status)
+                assert not WEXITSTATUS(status)
+                return read_envdir(envdir)
+            finally:
+                log(1, 'pid %d  uid %d', getpid(), getuid())
+                if envdir: check_call(['/bin/rm', '-rf', envdir])
 
 def launch(log, _, uid, gid, groups, argv, env, cwd, pset, safe_fds):
     # Set appropriate group membership(s), depending on requested permissions
@@ -251,7 +250,7 @@ def check_uid(_, spool, owner_uid, uid):
     assert readlink(join(spool, 'uid_to_owner_uid', str(uid))) == str(owner_uid)
 
 def inject(log, spool, env, argv, cwd, pset, safe_fds, owner_uid, owner_gid,
-           uid, groups, data_groups, assistant):
+           uid, groups, data_groups, assistant, xephyr):
     # Note: exceptions are intended to bubble up to the caller and should
     # terminate execution.
     check_data_groups(data_groups)
@@ -280,10 +279,10 @@ def inject(log, spool, env, argv, cwd, pset, safe_fds, owner_uid, owner_gid,
     check_home(uid, gid, home)
 
     groups = configure_groups(log, owner_uid, groups, gid, data_group_to_gid, pset)
-    env_updates = configure_xephyr(log, spool, owner_gid, uid, env, safe_fds)
-    if env_updates: env.update(env_updates)
-    env_updates = run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups, safe_fds)
-    if env_updates: env.update(env_updates)
+    if xephyr:
+        env.update(configure_xephyr(log, spool, owner_gid, uid, env, safe_fds))
+    if assistant:
+        env.update(run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups, safe_fds))
 
     mount_fsen(log, home)
author	Michael Stone <michael@laptop.org>	2009-04-12 08:41:14 (GMT)
committer	Michael Stone <michael@laptop.org>	2009-04-12 08:41:14 (GMT)
commit	e81c6ce196116d6b6afe0efbfb559012820c88f2 (patch)
tree	c8edacc541e45bbbe1fe9584d2b6e693029290e4
parent	4cb3c824c551be9d6379d851a7090ec2e8ebd673 (diff)