parser.add_argument("-d","--debug",
action='store_true', dest='debug', default=False,
help="debug option")
+ parser.add_argument("-s","--nosliceuid", dest="nosliceuid", default=False,
+ help="do not change to slice uid inside of slice")
parser.add_argument ("slice_name")
parser.add_argument ("command_to_run",nargs="*")
# unless we run the symlink 'lxcsu-internal', or we specify the -i option, prepend '--' '-c'
if sys.argv[0].find('internal')>=0: args.internal=True
- # plain lxcsu
+ if len(args.command_to_run)>0 and (args.command_to_run[0] == "/sbin/service"):
+ # A quick hack to support nodemanager interfaces.py when restarting
+ # networking in a slice.
+ args.nosliceuid = True
+
+ # plain lxcsu
if not args.internal:
# no command given: enter interactive shell
if not args.command_to_run: args.command_to_run=['/bin/sh']
- args.command_to_run = [ '-c' ] + args.command_to_run
+ args.command_to_run = [ '-c' ] + [" ".join(args.command_to_run)]
# support for either setting debug at the top of this file, or on the command-line
if args.debug:
for (sysctl_file, sysctl_name, sysctl_val) in sysctls:
for fn in ["/sbin/sysctl", "/usr/sbin/sysctl", "/bin/sysctl", "/usr/bin/sysctl"]:
if os.path.exists(fn):
- os.system("mount -o remount,rw none /proc/sys")
os.system('%s -w %s=%s'%(fn, sysctl_name,sysctl_val))
- os.system("mount -o remount,ro none /proc/sys")
break
else:
print "Error: image does not have a sysctl binary"
cap_arg = '--drop='+drop_capabilities
if (not args.root):
- uid = getuid (slice_name)
- if not uid:
- print "lxcsu could not spot %s in /etc/passwd - exiting"%slice_name
- exit(1)
- exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--uid=%s'%uid,'--','--login',]+args.command_to_run
+ if (args.nosliceuid):
+ # we still want to drop capabilities, but don't want to switch UIDs
+ exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login',]+args.command_to_run
+ else:
+ uid = getuid (slice_name)
+ if not uid:
+ print "lxcsu could not spot %s in /etc/passwd - exiting"%slice_name
+ exit(1)
+ exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--uid=%s'%uid,'--','--login',]+args.command_to_run
# once we can drop f12, it would be nicer to instead go for
-# exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
+# exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
else:
exec_args = [arch,'/usr/sbin/capsh','--','--login']+args.command_to_run
os.environ['SHELL'] = '/bin/sh'
os.environ['HOME'] = '/home/%s'%slice_name
- os.environ['LD_PRELOAD'] = '/etc/planetlab/lib/bind_public.so'
+ if os.path.exists('/etc/planetlab/lib/bind_public.so'):
+ os.environ['LD_PRELOAD'] = '/etc/planetlab/lib/bind_public.so'
os.chdir("/home/%s"%(slice_name))
if debug: print 'lxcsu:execv:','/usr/bin/setarch',exec_args
os.execv('/usr/bin/setarch',exec_args)