1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Merge pull request #30729 from dmcgowan/update-go-connections

Update go-connections package
This commit is contained in:
Kenfe-Mickaël Laventure 2017-03-01 18:24:32 -08:00 committed by GitHub
commit d8b0d2b9e9
7 changed files with 49 additions and 57 deletions

View file

@ -0,0 +1,32 @@
// +build !windows
package listeners
import (
"fmt"
"strconv"
"github.com/opencontainers/runc/libcontainer/user"
"github.com/pkg/errors"
)
func lookupGID(name string) (int, error) {
groupFile, err := user.GetGroupPath()
if err != nil {
return -1, errors.Wrap(err, "error looking up groups")
}
groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
return g.Name == name || strconv.Itoa(g.Gid) == name
})
if err != nil {
return -1, errors.Wrapf(err, "error parsing groups for %s", name)
}
if groups != nil && len(groups) > 0 {
return groups[0].Gid, nil
}
gid, err := strconv.Atoi(name)
if err == nil {
return gid, nil
}
return -1, fmt.Errorf("group %s not found", name)
}

View file

@ -18,7 +18,11 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) (ls []net.List
} }
ls = append(ls, l) ls = append(ls, l)
case "unix": case "unix":
l, err := sockets.NewUnixSocket(addr, socketGroup) gid, err := lookupGID(socketGroup)
if err != nil {
return nil, err
}
l, err := sockets.NewUnixSocket(addr, gid)
if err != nil { if err != nil {
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err) return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
} }

View file

@ -31,7 +31,11 @@ func Init(proto, addr, socketGroup string, tlsConfig *tls.Config) ([]net.Listene
} }
ls = append(ls, l) ls = append(ls, l)
case "unix": case "unix":
l, err := sockets.NewUnixSocket(addr, socketGroup) gid, err := lookupGID(socketGroup)
if err != nil {
return nil, err
}
l, err := sockets.NewUnixSocket(addr, gid)
if err != nil { if err != nil {
return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err) return nil, fmt.Errorf("can't create unix socket %s: %v", addr, err)
} }

View file

@ -16,7 +16,7 @@ github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674 golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 golang.org/x/sys 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9
github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
github.com/docker/go-connections 4ccf312bf1d35e5dbda654e57a9be4c3f3cd0366 github.com/docker/go-connections 7da10c8c50cad14494ec818dcdfb6506265c0086
golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756 golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5 github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5

View file

@ -1,30 +1,26 @@
// +build linux freebsd solaris // +build !windows
package sockets package sockets
import ( import (
"fmt"
"net" "net"
"os" "os"
"strconv"
"syscall" "syscall"
"github.com/Sirupsen/logrus"
"github.com/opencontainers/runc/libcontainer/user"
) )
// NewUnixSocket creates a unix socket with the specified path and group. // NewUnixSocket creates a unix socket with the specified path and group.
func NewUnixSocket(path, group string) (net.Listener, error) { func NewUnixSocket(path string, gid int) (net.Listener, error) {
if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) { if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
return nil, err return nil, err
} }
mask := syscall.Umask(0777) mask := syscall.Umask(0777)
defer syscall.Umask(mask) defer syscall.Umask(mask)
l, err := net.Listen("unix", path) l, err := net.Listen("unix", path)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if err := setSocketGroup(path, group); err != nil { if err := os.Chown(path, 0, gid); err != nil {
l.Close() l.Close()
return nil, err return nil, err
} }
@ -34,47 +30,3 @@ func NewUnixSocket(path, group string) (net.Listener, error) {
} }
return l, nil return l, nil
} }
func setSocketGroup(path, group string) error {
if group == "" {
return nil
}
if err := changeGroup(path, group); err != nil {
if group != "docker" {
return err
}
logrus.Debugf("Warning: could not change group %s to docker: %v", path, err)
}
return nil
}
func changeGroup(path string, nameOrGid string) error {
gid, err := lookupGidByName(nameOrGid)
if err != nil {
return err
}
logrus.Debugf("%s group found. gid: %d", nameOrGid, gid)
return os.Chown(path, 0, gid)
}
func lookupGidByName(nameOrGid string) (int, error) {
groupFile, err := user.GetGroupPath()
if err != nil {
return -1, err
}
groups, err := user.ParseGroupFileFilter(groupFile, func(g user.Group) bool {
return g.Name == nameOrGid || strconv.Itoa(g.Gid) == nameOrGid
})
if err != nil {
return -1, err
}
if groups != nil && len(groups) > 0 {
return groups[0].Gid, nil
}
gid, err := strconv.Atoi(nameOrGid)
if err == nil {
logrus.Warnf("Could not find GID %d", gid)
return gid, nil
}
return -1, fmt.Errorf("Group %s not found", nameOrGid)
}

View file

@ -14,7 +14,7 @@ import (
func SystemCertPool() (*x509.CertPool, error) { func SystemCertPool() (*x509.CertPool, error) {
certpool, err := x509.SystemCertPool() certpool, err := x509.SystemCertPool()
if err != nil && runtime.GOOS == "windows" { if err != nil && runtime.GOOS == "windows" {
logrus.Warnf("Unable to use system certificate pool: %v", err) logrus.Infof("Unable to use system certificate pool: %v", err)
return x509.NewCertPool(), nil return x509.NewCertPool(), nil
} }
return certpool, err return certpool, err

View file

@ -118,7 +118,7 @@ func Server(options Options) (*tls.Config, error) {
return nil, fmt.Errorf("Error reading X509 key pair (cert: %q, key: %q): %v. Make sure the key is not encrypted.", options.CertFile, options.KeyFile, err) return nil, fmt.Errorf("Error reading X509 key pair (cert: %q, key: %q): %v. Make sure the key is not encrypted.", options.CertFile, options.KeyFile, err)
} }
tlsConfig.Certificates = []tls.Certificate{tlsCert} tlsConfig.Certificates = []tls.Certificate{tlsCert}
if options.ClientAuth >= tls.VerifyClientCertIfGiven { if options.ClientAuth >= tls.VerifyClientCertIfGiven && options.CAFile != "" {
CAs, err := certPool(options.CAFile) CAs, err := certPool(options.CAFile)
if err != nil { if err != nil {
return nil, err return nil, err