mirror of
https://github.com/ethereum/go-ethereum.git
synced 2026-03-10 05:09:03 +00:00
388d8ccd9f
* simv2: wip * simulation: exec adapter start/stop * simulation: add node status to exec adapter * simulation: initial simulation code * simulation: exec adapter, configure path to executable * simulation: initial docker adapter * simulation: wip kubernetes adapter * simulation: kubernetes adapter proxy * simulation: implement GetAll/StartAll/StopAll * simulation: kuberentes adapter - set env vars and resource limits * simulation: discovery test * simulation: remove port definitions within docker adapter * simulation: simplify wait for healthy loop * simulation: get nat ip addr from interface * simulation: pull docker images automatically * simulation: NodeStatus -> NodeInfo * simulation: move discovery test to example dir * simulation: example snapshot usage * simulation: add goclient specific simulation * simulation: add peer connections to snapshot * simulation: close rpc client * simulation: don't export kubernetes proxy server * simulation: merge simulation code * simulation: don't export nodemap * simulation: rename SimulationSnapshot -> Snapshot * simulation: linting fixes * simulation: add k8s available helper func * simulation: vendor * simulation: fix 'no non-test Go files' when building * simulation: remove errors from interface methods where non were returned * simulation: run getHealthInfo check in parallel
155 lines
3.8 KiB
Go
155 lines
3.8 KiB
Go
// +build linux
|
|
|
|
package system
|
|
|
|
import (
|
|
"os"
|
|
"os/exec"
|
|
"syscall" // only for exec
|
|
"unsafe"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/user"
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// If arg2 is nonzero, set the "child subreaper" attribute of the
|
|
// calling process; if arg2 is zero, unset the attribute. When a
|
|
// process is marked as a child subreaper, all of the children
|
|
// that it creates, and their descendants, will be marked as
|
|
// having a subreaper. In effect, a subreaper fulfills the role
|
|
// of init(1) for its descendant processes. Upon termination of
|
|
// a process that is orphaned (i.e., its immediate parent has
|
|
// already terminated) and marked as having a subreaper, the
|
|
// nearest still living ancestor subreaper will receive a SIGCHLD
|
|
// signal and be able to wait(2) on the process to discover its
|
|
// termination status.
|
|
const PR_SET_CHILD_SUBREAPER = 36
|
|
|
|
type ParentDeathSignal int
|
|
|
|
func (p ParentDeathSignal) Restore() error {
|
|
if p == 0 {
|
|
return nil
|
|
}
|
|
current, err := GetParentDeathSignal()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if p == current {
|
|
return nil
|
|
}
|
|
return p.Set()
|
|
}
|
|
|
|
func (p ParentDeathSignal) Set() error {
|
|
return SetParentDeathSignal(uintptr(p))
|
|
}
|
|
|
|
func Execv(cmd string, args []string, env []string) error {
|
|
name, err := exec.LookPath(cmd)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return syscall.Exec(name, args, env)
|
|
}
|
|
|
|
func Prlimit(pid, resource int, limit unix.Rlimit) error {
|
|
_, _, err := unix.RawSyscall6(unix.SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(&limit)), uintptr(unsafe.Pointer(&limit)), 0, 0)
|
|
if err != 0 {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func SetParentDeathSignal(sig uintptr) error {
|
|
if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func GetParentDeathSignal() (ParentDeathSignal, error) {
|
|
var sig int
|
|
if err := unix.Prctl(unix.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0, 0, 0); err != nil {
|
|
return -1, err
|
|
}
|
|
return ParentDeathSignal(sig), nil
|
|
}
|
|
|
|
func SetKeepCaps() error {
|
|
if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 1, 0, 0, 0); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func ClearKeepCaps() error {
|
|
if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 0, 0, 0, 0); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func Setctty() error {
|
|
if err := unix.IoctlSetInt(0, unix.TIOCSCTTY, 0); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// RunningInUserNS detects whether we are currently running in a user namespace.
|
|
// Originally copied from github.com/lxc/lxd/shared/util.go
|
|
func RunningInUserNS() bool {
|
|
uidmap, err := user.CurrentProcessUIDMap()
|
|
if err != nil {
|
|
// This kernel-provided file only exists if user namespaces are supported
|
|
return false
|
|
}
|
|
return UIDMapInUserNS(uidmap)
|
|
}
|
|
|
|
func UIDMapInUserNS(uidmap []user.IDMap) bool {
|
|
/*
|
|
* We assume we are in the initial user namespace if we have a full
|
|
* range - 4294967295 uids starting at uid 0.
|
|
*/
|
|
if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// GetParentNSeuid returns the euid within the parent user namespace
|
|
func GetParentNSeuid() int64 {
|
|
euid := int64(os.Geteuid())
|
|
uidmap, err := user.CurrentProcessUIDMap()
|
|
if err != nil {
|
|
// This kernel-provided file only exists if user namespaces are supported
|
|
return euid
|
|
}
|
|
for _, um := range uidmap {
|
|
if um.ID <= euid && euid <= um.ID+um.Count-1 {
|
|
return um.ParentID + euid - um.ID
|
|
}
|
|
}
|
|
return euid
|
|
}
|
|
|
|
// SetSubreaper sets the value i as the subreaper setting for the calling process
|
|
func SetSubreaper(i int) error {
|
|
return unix.Prctl(PR_SET_CHILD_SUBREAPER, uintptr(i), 0, 0, 0)
|
|
}
|
|
|
|
// GetSubreaper returns the subreaper setting for the calling process
|
|
func GetSubreaper() (int, error) {
|
|
var i uintptr
|
|
|
|
if err := unix.Prctl(unix.PR_GET_CHILD_SUBREAPER, uintptr(unsafe.Pointer(&i)), 0, 0, 0); err != nil {
|
|
return -1, err
|
|
}
|
|
|
|
return int(i), nil
|
|
}
|