+import os
+import setns
+
+from argparse import ArgumentParser
+
+drop_capabilities='cap_sys_admin,cap_sys_boot,cap_sys_module'
+
+# can set to True here, but also use the -d option
+debug = False
+
+#################### should go into a separate libvirtsystemd.py
+# but we want to keep packaging simple for now
+
+# reproducing libvirt's systemd-oriented escaping mechanism
+# http://code.metager.de/source/xref/lib/virt/src/util/virsystemd.c
+# (see original code at the end of this file)
+
+def virSystemdEscapeName (name):
+ result=''
+ def ESCAPE(c,s):
+ # replace hex's output '0x..' into '\x..'
+ return s+hex(ord(c)).replace('0','\\',1)
+ VALID_CHARS = \
+ "0123456789" + \
+ "abcdefghijklmnopqrstuvwxyz" + \
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + \
+ ":-_.\\"
+ for c in name:
+ if c=='/':
+ result += '-'
+ elif c in '-\\' or c not in VALID_CHARS:
+ result=ESCAPE(c,result)
+ else:
+ result += c
+ return result
+
+#35static void virSystemdEscapeName(virBufferPtr buf,
+#36 const char *name)
+#37{
+#38 static const char hextable[16] = "0123456789abcdef";
+#39
+#40#define ESCAPE(c) \
+#41 do { \
+#42 virBufferAddChar(buf, '\\'); \
+#43 virBufferAddChar(buf, 'x'); \
+#44 virBufferAddChar(buf, hextable[(c >> 4) & 15]); \
+#45 virBufferAddChar(buf, hextable[c & 15]); \
+#46 } while (0)
+#47
+#48#define VALID_CHARS \
+#49 "0123456789" \
+#50 "abcdefghijklmnopqrstuvwxyz" \
+#51 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+#52 ":-_.\\"
+#53
+#54 if (*name == '.') {
+#55 ESCAPE(*name);
+#56 name++;
+#57 }
+#58
+#59 while (*name) {
+#60 if (*name == '/')
+#61 virBufferAddChar(buf, '-');
+#62 else if (*name == '-' ||
+#63 *name == '\\' ||
+#64 !strchr(VALID_CHARS, *name))
+#65 ESCAPE(*name);
+#66 else
+#67 virBufferAddChar(buf, *name);
+#68 name++;
+#69 }
+#70
+#71#undef ESCAPE
+#72#undef VALID_CHARS
+#73}
+
+def virSystemdMakeScopeName (name, drivername, partition):
+ result=''
+ result += virSystemdEscapeName (partition)
+ result += '-'
+ result += virSystemdEscapeName (drivername)
+ result += '\\x2d'
+ result += virSystemdEscapeName (name)
+ result += '.scope'
+ return result
+
+#76char *virSystemdMakeScopeName(const char *name,
+#77 const char *drivername,
+#78 const char *partition)
+#79{
+#80 virBuffer buf = VIR_BUFFER_INITIALIZER;
+#81
+#82 if (*partition == '/')
+#83 partition++;
+#84
+#85 virSystemdEscapeName(&buf, partition);
+#86 virBufferAddChar(&buf, '-');
+#87 virSystemdEscapeName(&buf, drivername);
+#88 virBufferAddLit(&buf, "\\x2d");
+#89 virSystemdEscapeName(&buf, name);
+#90 virBufferAddLit(&buf, ".scope");
+#91
+#92 if (virBufferError(&buf)) {
+#93 virReportOOMError();
+#94 return NULL;
+#95 }
+#96
+#97 return virBufferContentAndReset(&buf);
+#98}
+
+### our own additions
+# heuristics to locate /sys/fs/cgroup stuff
+import os.path
+def find_first_dir (candidates):
+ for candidate in candidates:
+ if os.path.isdir(candidate): return candidate
+ raise Exception,"Cannot find valid dir among\n" + "\n".join([" ->"+c for c in candidates])
+
+def find_sysfs_scope (subsystem, slice_name):
+ subsystem1=subsystem
+ subsystem2=subsystem
+ if subsystem=='cpuacct':
+ subsystem2='cpu,cpuacct'
+ candidates = [
+ # for f16 and our locally brewed libvirt 1.0.4
+ "/sys/fs/cgroup/%s/libvirt/lxc/%s"%(subsystem1, slice_name),
+ "/sys/fs/cgroup/%s/system/libvirtd.service/libvirt/lxc/%s"%(subsystem1, slice_name),
+ # f20 and libvirt 1.1.3
+ "/sys/fs/cgroup/%s/machine.slice/%s"%(subsystem2,
+ virSystemdMakeScopeName(slice_name,'lxc','machine')),
+ ]
+ return find_first_dir (candidates)
+
+#################### end of libvirtsystemd.py
+
+def getarch(f):
+ output = os.popen('readelf -h %s 2>&1'%f).readlines()
+ classlines = [x for x in output if ('Class' in x.split(':')[0])]
+ line = classlines[0]
+ c = line.split(':')[1]
+ if ('ELF64' in c):
+ return 'x86_64'
+ elif ('ELF32' in c):
+ return 'i686'
+ else:
+ raise Exception('Could not determine architecture')
+
+def umount(fs_dir, opts=''):
+ output = os.popen('/bin/umount %s %s 2>&1'%(opts, fs_dir)).read()
+ return ('device is busy' not in output)
+
+def main ():
+ parser = ArgumentParser()
+ parser.add_argument("-n", "--nonet",
+ action="store_true", dest="netns", default=False,
+ help="Don't enter network namespace")
+ parser.add_argument("-m", "--nomnt",
+ action="store_true", dest="mntns", default=False,
+ help="Don't enter mount namespace")
+ parser.add_argument("-p", "--nopid",
+ action="store_true", dest="pidns", default=False,
+ help="Don't enter pid namespace")
+ parser.add_argument("-r", "--root",
+ action="store_true", dest="root", default=False,
+ help="Enter as root: be careful")
+ parser.add_argument("-i","--internal",
+ action="store_true", dest="internal", default=False,
+ help="does *not* prepend '-- -c' to arguments - or invoke lxcsu-internal")
+ parser.add_argument("-d","--debug",
+ action='store_true', dest='debug', default=False,
+ help="debug option")
+ parser.add_argument("-s","--nosliceuid",
+ action='store_true', dest="nosliceuid", default=False,
+ help="do not change to slice uid inside of slice")
+ parser.add_argument("-o","--noslicehome",
+ action='store_true', dest="noslicehome", default=False,
+ help="do not change to slice home directory inside of slice")
+
+ if os.path.exists("/etc/lxcsu_default"):
+ defaults = parser.parse_args(file("/etc/lxcsu_default","r").read().split())
+ parser.set_defaults(**defaults.__dict__)