From e42b91ff38049501d06ec043cf2d49ee43881fb9 Mon Sep 17 00:00:00 2001
From: Daniel Hokka Zakrisson <dhokka@cs.princeton.edu>
Date: Wed, 13 Aug 2008 15:38:57 +0000
Subject: [PATCH] FUSE patch from Jeremy Stribling.

---
 python/vserver.py    | 33 +++++++++++++----
 python/vserverimpl.c | 84 ++++++++++++++++++++++++++++++++++++++++++++
 scripts/vuseradd     |  3 ++
 3 files changed, 114 insertions(+), 6 deletions(-)

diff --git a/python/vserver.py b/python/vserver.py
index d7d208e..69e150c 100644
--- a/python/vserver.py
+++ b/python/vserver.py
@@ -187,18 +187,39 @@ class VServer:
 
         return update
 
-    def set_capabilities(self, capabilities):
-        return vserverimpl.setbcaps(self.ctx, vserverimpl.text2bcaps(capabilities))
+    def get_prefix_from_capabilities(self, capabilities, prefix):
+        split_caps = capabilities.split(',')
+        return ",".join(["%s" % (c) for c in split_caps if c.startswith(prefix.upper()) or c.startswith(prefix.lower())])
+
+    def get_bcaps_from_capabilities(self, capabilities):
+        return self.get_prefix_from_capabilities(capabilities, "cap_")
+
+    def get_ccaps_from_capabilities(self, capabilities):
+        return self.get_prefix_from_capabilities(capabilities, "vxc_")
 
     def set_capabilities_config(self, capabilities):
-        self.config.update('bcapabilities', capabilities)
-        self.set_capabilities(capabilities)
+        bcaps = self.get_bcaps_from_capabilities(capabilities)
+        ccaps = self.get_ccaps_from_capabilities(capabilities)
+        self.config.update('bcapabilities', bcaps)
+        self.config.update('ccapabilities', ccaps)
+        ret = vserverimpl.setbcaps(self.ctx, vserverimpl.text2bcaps(bcaps))
+        if ret > 0:
+            return ret
+        return vserverimpl.setccaps(self.ctx, vserverimpl.text2ccaps(ccaps))
 
     def get_capabilities(self):
-        return vserverimpl.bcaps2text(vserverimpl.getbcaps(self.ctx))
+        bcaps = vserverimpl.bcaps2text(vserverimpl.getbcaps(self.ctx))
+        ccaps = vserverimpl.ccaps2text(vserverimpl.getccaps(self.ctx))
+        if bcaps and ccaps:
+            ccaps = "," + ccaps
+        return (bcaps + ccaps)
  
     def get_capabilities_config(self):
-        return self.config.get('bcapabilities', '')
+        bcaps = self.config.get('bcapabilities', '')
+        ccaps = self.config.get('ccapabilities', '')
+        if bcaps and ccaps:
+            ccaps = "," + ccaps
+        return (bcaps + ccaps)
 
     def set_ipaddresses(self, addresses):
         vserverimpl.netremove(self.ctx, "all")
diff --git a/python/vserverimpl.c b/python/vserverimpl.c
index cb30228..b9a06aa 100644
--- a/python/vserverimpl.c
+++ b/python/vserverimpl.c
@@ -60,6 +60,7 @@ static inline PyObject *inc_and_ret_none(void)
 #define NONE  inc_and_ret_none()
 
 #define PL_INSECURE_BCAPS	(vc_get_insecurebcaps() | (1 << VC_CAP_NET_BIND_SERVICE))
+#define PL_INSECURE_CCAPS	vc_get_insecureccaps()
 
 /*
  * context create
@@ -369,6 +370,81 @@ vserver_bcaps2text(PyObject *self, PyObject *args)
   return list;
 }
 
+static PyObject *
+vserver_set_ccaps(PyObject *self, PyObject *args)
+{
+  xid_t ctx;
+  struct vc_ctx_caps caps;
+
+  if (!PyArg_ParseTuple(args, "IK", &ctx, &caps.ccaps))
+    return NULL;
+
+  caps.cmask = PL_INSECURE_CCAPS;
+  caps.bmask = caps.bcaps = 0;
+  if (vc_set_ccaps(ctx, &caps) == -1 && errno != ESRCH)
+    return PyErr_SetFromErrno(PyExc_OSError);
+
+  return NONE;
+}
+
+static PyObject *
+vserver_text2ccaps(PyObject *self, PyObject *args)
+{
+  struct vc_ctx_caps caps = { .ccaps = 0 };
+  const char *list;
+  int len;
+  struct vc_err_listparser err;
+
+  if (!PyArg_ParseTuple(args, "s#", &list, &len))
+    return NULL;
+
+  vc_list2ccap(list, len, &err, &caps);
+
+  return Py_BuildValue("K", caps.ccaps);
+}
+
+static PyObject *
+vserver_get_ccaps(PyObject *self, PyObject *args)
+{
+  xid_t ctx;
+  struct vc_ctx_caps caps;
+
+  if (!PyArg_ParseTuple(args, "I", &ctx))
+    return NULL;
+
+  if (vc_get_ccaps(ctx, &caps) == -1) {
+    if (errno != ESRCH)
+      return PyErr_SetFromErrno(PyExc_OSError);
+    else
+      caps.ccaps = 0;
+  }
+
+  return Py_BuildValue("K", caps.ccaps & PL_INSECURE_CCAPS);
+}
+
+static PyObject *
+vserver_ccaps2text(PyObject *self, PyObject *args)
+{
+  struct vc_ctx_caps caps = { .ccaps = 0 };
+  PyObject *list;
+  const char *cap;
+
+  if (!PyArg_ParseTuple(args, "K", &caps.ccaps))
+    return NULL;
+
+  list = PyString_FromString("");
+
+  while ((cap = vc_loccap2text(&caps.ccaps)) != NULL) {
+    if (list == NULL)
+      break;
+    PyString_ConcatAndDel(&list, PyString_FromFormat(
+			  (PyString_Size(list) > 0 ? ",%s" : "%s" ),
+			  cap));
+  }
+
+  return list;
+}
+
 static inline int
 convert_address(const char *str, struct vc_net_addr *addr)
 {
@@ -728,6 +804,14 @@ static PyMethodDef  methods[] = {
     "Translate a string of capabilities to a bitmap" },
   { "bcaps2text", vserver_bcaps2text, METH_VARARGS,
     "Translate a capability-bitmap into a string" },
+  { "setccaps", vserver_set_ccaps, METH_VARARGS,
+    "Set context capabilities of a vserver context" },
+  { "getccaps", vserver_get_ccaps, METH_VARARGS,
+    "Get context capabilities of a vserver context" },
+  { "text2ccaps", vserver_text2ccaps, METH_VARARGS,
+    "Translate a string of context capabilities to a bitmap" },
+  { "ccaps2text", vserver_ccaps2text, METH_VARARGS,
+    "Translate a context-capability-bitmap into a string" },
   { "netadd", vserver_net_add, METH_VARARGS,
     "Assign an IP address to a context" },
   { "netremove", vserver_net_remove, METH_VARARGS,
diff --git a/scripts/vuseradd b/scripts/vuseradd
index ba5c9cf..f77d58b 100755
--- a/scripts/vuseradd
+++ b/scripts/vuseradd
@@ -167,6 +167,9 @@ if [ -d "$__DEFAULT_VSERVERDIR/$NAME" ] ; then
        ! grep -q "^$NAME" "$__DEFAULT_VSERVERDIR/$NAME/etc/sudoers" ; then
 	echo "$NAME	ALL=(ALL)	ALL" >> "$__DEFAULT_VSERVERDIR/$NAME/etc/sudoers"
     fi
+
+    cp -a /dev/fuse $__DEFAULT_VSERVERDIR/$NAME/dev/
+
 fi
 
 exit 0
-- 
2.43.0