libreoffice-online/common/JailUtil.hpp
Ashod Nakashian 29a5a1f1e9 wsd: move jail setup to the script to support readonly systemplate
We now gracefully fallback to copying when/if systemplate
is readonly.

The bulk of the change is to support proper cleanup in
both cases.

First, we had to move as much of the jail bootstrapping
into the loolwsd-systemplate-setup script, so systemplate
will be as complete as possible before it is locked down.
Next, we needed to update the jail with graceful fallback
to linking/copying upon failure. For that, the jail setup
logic in Kit.cpp has been reworked to support not just
update failures, but also more comprehensive mounting
failures as well.

Finally, jail cleanup now is seamless. To support proper
cleanup when we had mounting enabled but had to fallback,
we mark jails that aren't mounted so we can 'rm -rf' the
contents safely and without fear or causing undue damage
(as unlikely as that is, technically we wouldn't want to
rm systemplate files, if mounting read-only had failed).

There are a few minor refactorings of JailUtil to make
it cleaner and more robust.

Change-Id: Iac34869cb84f45acf64fbbc46d46898367b496d2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101260
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-08-25 07:58:30 +02:00

74 lines
2.3 KiB
C++

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#pragma once
#include <string>
#include <Poco/File.h>
#include <Poco/Path.h>
namespace JailUtil
{
/// Bind mount a jail directory.
bool bind(const std::string& source, const std::string& target);
/// Remount a bound mount point as readonly.
bool remountReadonly(const std::string& source, const std::string& target);
/// Unmount a bind-mounted jail directory.
bool unmount(const std::string& target);
/// Marks a jail as having been copied instead of mounted.
void markJailCopied(const std::string& root);
/// Returns true iff the jail in question was copied and not mounted.
bool isJailCopied(const std::string& root);
/// Remove the jail directory and all its contents.
void removeJail(const std::string& root);
/// Remove all jails.
void cleanupJails(const std::string& jailRoot);
/// Setup the jails.
void setupJails(bool bindMount, const std::string& jailRoot, const std::string& sysTemplate);
/// Setup /dev/random and /dev/urandom in the given jail path.
void setupJailDevNodes(const std::string& root);
/// Enable bind-mounting in this process.
void enableBindMounting();
/// Disable bind-mounting in this process.
void disableBindMounting();
/// Returns true iff bind-mounting is enabled in this process.
bool isBindMountingEnabled();
namespace SysTemplate
{
/// Setup links for /dev/random and /dev/urandom in systemplate.
void setupRandomDeviceLinks(const std::string& root);
/// Setup the dynamic files within the sysTemplate by either
/// copying or linking. See updateJail_DynamicFilesInSysTemplate.
/// If the dynamic files need updating and systemplate is read-only,
/// this will fail and mark files for copying.
void setupDynamicFiles(const std::string& sysTemplate);
/// Update the dynamic files within the sysTemplate before each child fork.
/// Returns false on failure.
bool updateDynamicFiles(const std::string& sysTemplate);
} // namespace SysTemplate
} // end namespace JailUtil
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */