Добавлено создание файла filecaps для восстановления fcaps в lxc контейнерах

6 years ago · 0e69aaadc9
parent 29b83a4ec9
commit 0e69aaadc9
3 changed files with 60 additions and 4 deletions
--- a/pym/builder/builder.py
+++ b/pym/builder/builder.py
@ -37,7 +37,7 @@ from calculate.lib.utils.files import (
    find, FindFileType, removeFileWithEmptyDirectory, check_rw,
    tar_xz_directory, sha256sum, quite_unlink,
    copyWithPath, countFiles, listDirectory, getRunCommands, readFile,
-    DirectoryRCS, RCSError)
+    DirectoryRCS, RCSError, readLinesFile)
 from calculate.lib.utils.mount import isMount
 from calculate.lib.utils.git import Git
 from calculate.builder.variables.action import Actions
@ -1157,6 +1157,52 @@ class Builder(Update):
            self.unstash_cache(rpath, laymanname)
        return True

+    cap_file = "/var/lib/calculate/filecaps"
+
+    def save_file_capabilities(self):
+        """
+        Сохранить информацию о file capabilities при помощи команды filecap
+        """
+        chroot_path = self.clVars.Get('cl_builder_path')
+        filecap = getProgPath("/usr/bin/filecap")
+        p = process(filecap, chroot_path)
+        with writeFile(pathJoin(chroot_path, self.cap_file)) as f:
+            for line in (x.strip() for x in p):
+                if not line or line.startswith("file"):
+                    continue
+                fn, caps = line.partition(" ")[::2]
+                fn = fn[len(chroot_path):]
+                f.write("%s %s\n"% (fn, " ".join(x.strip() for x in caps.split(","))))
+        return True
+
+    def clear_file_capabilities(self):
+        chroot_path = self.clVars.Get('cl_builder_path')
+        filecap_fn = pathJoin(chroot_path, self.cap_file)
+        if path.exists(filecap_fn):
+            os.unlink(filecap_fn)
+        return True
+
+    def restore_file_capabilities(self):
+        """
+        Восстановить информацию о file capabilities при помощи команды filecap
+        """
+        chroot_path = self.clVars.Get('cl_builder_path')
+        filecap = getProgPath("/usr/bin/filecap")
+        p = process(filecap, chroot_path)
+        filecap_fn = pathJoin(chroot_path, self.cap_file)
+        if path.exists(filecap_fn):
+            self.startTask(_("Restoring file capabilities"))
+            for line in readLinesFile(filecap_fn):
+                line = line.strip()
+                if not line:
+                    continue
+                fn, caps = line.partition(" ")[::2]
+                fn = pathJoin(chroot_path, fn)
+                caps = [x.strip() for x in caps.split()]
+                process(filecap, fn, *caps).success()
+            self.endTask()
+        return True
+
    def _update_binhost_packages(self):
        """
        Выполнить команду обновления файла binhost (Packages.gz)
--- a/pym/builder/utils/cl_builder_image.py
+++ b/pym/builder/utils/cl_builder_image.py
@ -161,6 +161,13 @@ class ClBuilderImageAction(Action):
              'method': 'Builder.applyTemplates(cl_builder_target,'
                        'False,False,None)',
              },
+             {'name': 'container_data',
+              'condition': lambda Get: Get('cl_builder_container_set') == 'on'
+              },
+             {'name': 'container_data:filecap',
+              'message': __("Prepare file capabilities"),
+              'method': 'Builder.save_file_capabilities()',
+              },
             {'name': 'squash_action',
              'method': 'Builder.set_builder_action("%s")' % Actions.ImageIso,
              },
@ -187,9 +194,6 @@ class ClBuilderImageAction(Action):
                        'cl_builder_image_filename)',
              'condition': lambda Get: Get('cl_builder_container_set') == 'off'
              },
-             {'name': 'container_data',
-              'condition': lambda Get: Get('cl_builder_container_set') == 'on'
-              },
             {'name': 'container_data:prepare_container_data',
              'message': __('Preparing container meta data'),
              'method': 'Builder.prepare_container_data('
@ -199,6 +203,9 @@ class ClBuilderImageAction(Action):
              'method': 'Builder.pack_container_data('
                        'cl_builder_container_data_path,cl_builder_image)',
              },
+             {'name': 'container_data:clear_filecap',
+              'method': 'Builder.clear_file_capabilities()',
+              },
             {'name': 'pack_container_data:digest_container_data',
              'message': __('Calculating SHA256 checksum'),
              'method': 'Builder.create_digest_container(cl_builder_image)',
--- a/pym/builder/utils/cl_builder_prepare.py
+++ b/pym/builder/utils/cl_builder_prepare.py
@ -74,6 +74,9 @@ class ClBuilderPrepareAction(Action):
        {'name': 'detach',
         'method': 'Builder.detach_target(cl_builder_target)',
         },
+        {'name': 'set_caps',
+         'method': 'Builder.restore_file_capabilities()',
+         },
        {'name': 'close_build',
         'warning': _("Umount distributives"),
         'method': 'Builder.close_build(cl_builder_build)',