--- /dev/null
+#!/usr/bin/perl
+use strict;
+
+#######################################################
+#
+# run any (allowed) progam in the root context
+#
+#######################################################
+
+my @allowed = ("/bin/df"); # allowed commands
+my $cmdline;
+my $path;
+my $p;
+
+# read command line
+$cmdline = <STDIN>;
+chomp($cmdline);
+
+# identify the path
+if ($cmdline =~ /\s*(.+)\s+/) {
+ $path = $1;
+} else {
+ $path = $cmdline;
+}
+
+# run the program if it's executable and allowed to run
+if (-x $path) {
+ foreach $p (@allowed) {
+ if ($p eq $path) {
+ system($cmdline);
+ exit(0);
+ }
+ }
+ print "fatal: '$cmdline' is not allowed to run\n";
+} else {
+ print "fatal: $path either does not exist or is not executable\n";
+}
+
+# some error occurred
+exit(-1);
--- /dev/null
+#!/bin/sh
+# Remove hide_netif network attribute. Attribute is used to hide interfaces that don't have an IP attached.
+
+# $Id$
+
+nattribute --set --nid $1 --flag ~hide_netif
--- /dev/null
+#!/bin/sh
+# Mount the planetflow directory in a slice
+
+#mount --bind /usr/local/fprobe /vservers/$1/pf
+# changed from request of Faiyaz
+DEST="/vservers/$1/pf"
+mount | grep "on $DEST type" > /dev/null
+if [ $? -eq 1 ]; then
+ mount --bind /var/local/fprobe $DEST
+fi
--- /dev/null
+#!/usr/bin/perl
+use strict;
+
+###############################################
+# pl-ps for slicestat by KyoungSoo Park
+###############################################
+
+my %slice_id;
+my %slice;
+
+open THIS_PIPE, "/bin/awk -F: \'{print \$1, \$3}\' /etc/passwd |";
+while(<THIS_PIPE>) {
+ if (/(.+)\s+(\d+)/) {
+ $slice_id{$1} = $2;
+ $slice{$2} = $1;
+ }
+}
+close THIS_PIPE;
+
+open THIS_PIPE, "/usr/sbin/vps -eo pid,user | sed 1d | awk \'{print \$1, \$2}\' | sort -k 2 |";
+while(<THIS_PIPE>) {
+ if (/(\d+)\s+(.+)$/) {
+ my $pid = $1;
+ my ($id, $sl);
+
+ if (defined($slice_id{$2})) {
+ $id = $slice_id{$2};
+ $sl = $2;
+ } else {
+ $id = $2;
+ $sl = $slice{$2};
+ }
+ print sprintf("%s %s %s\n", $id, $sl, $pid);
+ }
+}
+close THIS_PIPE;
--- /dev/null
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+read INDEX
+read REMOTE
+read KEY
+
+LINK=${KEY}if${INDEX}
+
+modprobe ip_gre
+modprobe etun
+
+### Setup EGRE tunnel
+EGRE=d$LINK
+$IP tunnel add $EGRE mode gre/eth remote $REMOTE key $KEY
+$IP link set $EGRE up
+
+### Setup etun
+ETUN0=a$LINK
+ETUN1=b$LINK
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN0 mtu 1458 up
+ifconfig $ETUN1 up
+
+### Setup bridge
+BRIDGE=c$LINK
+brctl addbr $BRIDGE
+brctl addif $BRIDGE $EGRE
+brctl addif $BRIDGE $ETUN1
+ifconfig $BRIDGE up
+
+### Setup iptables so that packets are visible in the vserver
+iptables -t mangle -A FORWARD -o $BRIDGE -j MARK --set-mark $SLICEID
+
+### Create "grab link" script
+GRAB=/vsys/local_grab-$ETUN0
+echo $SLICE > $GRAB.acl
+rm -f $GRAB
+cat > $GRAB <<EOF
+#!/bin/sh
+
+read PID
+
+chcontext --ctx 1 -- echo \$PID > /sys/class/net/$ETUN0/new_ns_pid
+EOF
+chmod +x $GRAB
+
+### Create script for setting link rate
+BIND=/vsys/local_rate-$ETUN0
+echo $SLICE > $BIND.acl
+rm -f $BIND
+cat > $BIND <<EOF
+#!/bin/sh
+
+read rt
+
+tc qdisc add dev $EGRE root handle 1: htb default 10
+tc class add dev $EGRE parent 1: classid 1:10 htb rate \$rt ceil \$rt
+
+rm -rf $BIND.acl
+touch $BIND.acl
+
+EOF
+chmod +x $BIND
+
+### Create "delete link" script
+DELETE=/vsys/local_delete-$ETUN0
+echo $SLICE > $DELETE.acl
+rm -f $DELETE
+cat > $DELETE <<EOF
+#!/bin/sh
+
+read NULL
+
+# Remove iptables rule
+iptables -t mangle -D FORWARD -o $BRIDGE -j MARK --set-mark $SLICEID
+
+# Get rid of etun devices, only need name of one of them
+echo $ETUN1 > /sys/module/etun/parameters/delif
+
+# Get rid of bridge
+ifconfig $BRIDGE down
+brctl delbr $BRIDGE
+
+# Get rid of EGRE tunnel
+ip tunnel del $EGRE
+
+# Clean up files
+rm -f $GRAB $GRAB.acl
+rm -f $DELETE $DELETE.acl
+rm -f $BIND $BIND.acl
+EOF
+chmod +x $DELETE
--- /dev/null
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+read KEY
+
+modprobe etun
+
+### Setup etun
+ETUN0=nat$KEY
+ETUN1=natx$KEY
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN1 10.0.$KEY.1 up
+
+/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+### Create "grab link" script
+GRAB=/vsys/local_grab-$ETUN0
+echo $SLICE > $GRAB.acl
+rm -f $GRAB
+cat > $GRAB <<EOF
+#!/bin/sh
+
+read PID
+
+chcontext --ctx 1 -- echo \$PID > /sys/class/net/$ETUN0/new_ns_pid
+EOF
+chmod +x $GRAB
+
+### Create "delete link" script
+DELETE=/vsys/local_delete-$ETUN0
+echo $SLICE > $DELETE.acl
+rm -f $DELETE
+cat > $DELETE <<EOF
+#!/bin/sh
+
+read NULL
+
+# Remove iptables rules
+/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -D FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -D FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+# Get rid of etun devices, only need name of one of them
+echo $ETUN1 > /sys/module/etun/parameters/delif
+
+# Clean up files
+rm -f $GRAB $GRAB.acl
+rm -f $DELETE $DELETE.acl
+
+EOF
+chmod +x $DELETE
+
--- /dev/null
+First checkin. Vsys scripts will live here in the future.
+
+--This line, and those below, will be ignored--
+
+A vsys-factory
--- /dev/null
+#
+# Vsys filesystem
+#
+# RPM spec file
+#
+# $Id: vsys-factory.spec 9786 2008-07-02 08:54:09Z thierry $
+#
+
+%define name vsys
+%define version 0.8
+%define taglevel 16
+
+%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+
+Vendor: PlanetLab
+Packager: PlanetLab Central <support@planet-lab.org>
+Distribution: PlanetLab %{plrelease}
+URL: %(echo %{url} | cut -d ' ' -f 2)
+
+Summary: Vsys factory scripts
+Name: %{name}
+Version: %{version}
+Release: %{release}
+License: GPL
+Group: System Environment/Kernel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+Requires: vsys
+
+Source0: vsys-factory-%{version}.tar.gz
+
+%description
+Vsys scripts for privileged operations on PlanetLab. These scripts are defined by maintainers of various components,
+to which users require privileged access.
+
+%prep
+%setup
+
+%build
+rm -rf $RPM_BUILD_ROOT
+make
+
+%install
+mkdir -p $RPM_BUILD_ROOT/vsys
+cp * $RPM_BUILD_ROOT/vsys
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+/vsys/*
+
+%post
+if [ "$PL_BOOTCD" != "1" ] ; then
+ service vsys restart
+fi
+
+%postun
+
+%changelog
+
--- /dev/null
+#
+# Vsys filesystem
+#
+# RPM spec file
+#
+# $Id: vsys.spec 9786 2008-07-02 08:54:09Z thierry $
+#
+
+%define url $URL: svn+ssh://sapanb@poppins/svn/vsys/trunk/vsys.spec $
+
+%define name vsys
+%define version 0.8
+%define taglevel 16
+
+%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+
+Vendor: PlanetLab
+Packager: PlanetLab Central <support@planet-lab.org>
+Distribution: PlanetLab %{plrelease}
+URL: %(echo %{url} | cut -d ' ' -f 2)
+
+Summary: Vsys filesystem
+Name: %{name}
+Version: %{version}
+Release: %{release}
+License: GPL
+Group: System Environment/Kernel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+#Requires:
+BuildRequires: inotify-tools-devel
+BuildRequires: ocaml
+BuildRequires: ocaml-docs
+
+Source0: vsys-%{version}.tar.gz
+
+%description
+vsys is a file-system-based interface that lets slices on PlanetLab safely
+invoke services installed by the PlanetLab administration. Slices invoke and
+interact with these services through fifo pipes. Services can be added and
+removed dynamically.
+
+%prep
+%setup
+
+%build
+rm -rf $RPM_BUILD_ROOT
+make
+
+%install
+mkdir -p $RPM_BUILD_ROOT/usr/bin
+mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/vsys
+cp factory/* $RPM_BUILD_ROOT/vsys
+cp vsys $RPM_BUILD_ROOT/usr/bin
+cp vsys-initscript $RPM_BUILD_ROOT/etc/init.d/vsys
+cp vsys.conf $RPM_BUILD_ROOT/etc
+
+install -D -m 644 vsys.logrotate $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/vsys
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+/usr/bin/vsys
+/etc/init.d/vsys
+/vsys/*
+%config(noreplace) /etc/vsys.conf
+%{_sysconfdir}/logrotate.d/vsys
+
+%post
+chkconfig --add vsys
+chkconfig vsys on
+
+%postun
+
+%changelog
+* Wed Jul 02 2008 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - vsys-0.7-16
+- Usability changes that are necessary for the stability of CoMon
+
+* Wed Jun 25 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-15
+- added patch to pl-ps needed by slicestat
+-
+-
+
+* Mon Jun 23 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-14
+- This change is an attempt to fix unexpected blocking after many days of uptime, reported by KyoungSoo.
+
+* Thu Jun 19 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-13
+- accept '-' in filenames also
+-
+
+* Wed Jun 18 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-12
+- don't overwrite the config file that already exists.
+-
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-11
+- Suppress some temp file that RPM creates frmo showing up as a vsys script.
+-
+-
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-10
+- Changed a policy in vsys. When an acl is empty, the script doesn't show up in ANY slice. The previous behavior was for
+- it to show up in all slices.
+-
+-
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-9
+- Added a vsys script for CoMon.
+-
+
+* Mon Jun 16 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-8
+- ignore non-existent directories after restart.
+-
+
+* Fri May 16 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-7
+- added logrotate configuration to package.
+-
+
+* Mon May 12 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-6
+- Added two new scripts for CoMon on 4.2
+-
+
+* Tue May 06 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-5
+-
+- Corrected directory that the script mounts to the correct one:
+- /var/local/fprobe
+-
+
+* Wed Apr 23 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-4
+- Pulling the latest changes for the 4.2rc2 release
+-
+
+* Fri Feb 15 2008 Faiyaz Ahmed <faiyaza@cs.princeton.edu> - vsys-0.7-2 vsys-0.7-3
+- * daemonization, writing to a logfile, and saving the pid
+-
+
--- /dev/null
+#!/usr/bin/perl
+use strict;
+
+###############################################
+# vtop for slicestat by KyoungSoo Park
+###############################################
+
+open THIS_PIPE, "/usr/sbin/vtop bn1 |";
+while(<THIS_PIPE>) {
+ print;
+}
+close THIS_PIPE;