diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-11 17:33:18 +0300 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-02-12 15:27:26 +0300 |
commit | 88e8fb2a91372ec8a64b82a976a0e51c8f925446 (patch) | |
tree | 968eaa1baa3f48699fdbc70a595c87cf1a14d2c2 | |
parent | 6afb9dd3775d7b16110a320c4e1968934ab430d7 (diff) |
Daemonize
-rw-r--r-- | Godeps/Godeps.json | 4 | ||||
-rw-r--r-- | daemon.go | 66 | ||||
-rw-r--r-- | main.go | 23 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/LICENSE | 27 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/README.md | 14 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/osext.go | 27 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/osext_plan9.go | 20 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/osext_procfs.go | 34 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/osext_sysctl.go | 79 | ||||
-rw-r--r-- | vendor/github.com/kardianos/osext/osext_windows.go | 34 |
10 files changed, 328 insertions, 0 deletions
diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 90a4d113..85d3b49d 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -6,6 +6,10 @@ ], "Deps": [ { + "ImportPath": "github.com/kardianos/osext", + "Rev": "efacde03154693404c65e7aa7d461ac9014acd0c" + }, + { "ImportPath": "golang.org/x/crypto/ssh/terminal", "Rev": "1351f936d976c60a0a48d728281922cf63eafb8d" }, diff --git a/daemon.go b/daemon.go new file mode 100644 index 00000000..54592de8 --- /dev/null +++ b/daemon.go @@ -0,0 +1,66 @@ +package main + +import ( + "log" + "os" + "os/exec" + "os/user" + + "fmt" + "github.com/kardianos/osext" + "strconv" + "syscall" +) + +func daemonize() { + if *pagesUser == "" { + return + } + + path, err := osext.Executable() + if err != nil { + log.Fatalln(err) + } + + u, err := user.Lookup(*pagesUser) + if err != nil { + log.Fatalln(err) + } + + uid, err := strconv.Atoi(u.Uid) + if err != nil { + log.Fatalln(err) + } + + gid, err := strconv.Atoi(u.Gid) + if err != nil { + log.Fatalln(err) + } + + cmd := &exec.Cmd{ + Path: path, + Args: append(os.Args, "-pages-user", "", "-pages-root", "/"), + Stdin: os.Stdin, + Stdout: os.Stdout, + Stderr: os.Stderr, + SysProcAttr: &syscall.SysProcAttr{ + Chroot: *pagesRoot, + Credential: &syscall.Credential{ + Uid: uint32(uid), + Gid: uint32(gid), + }, + //Setsid: true, + Setpgid: true, + }, + } + //cmd.SysProcAttr = nil + + fmt.Println("Deamonizing as", uid, "and", gid, "...") + err = cmd.Run() + if err != nil { + log.Fatalln(err) + os.Exit(1) + } else { + os.Exit(0) + } +} @@ -25,6 +25,7 @@ func main() { var useHTTP2 = flag.Bool("use-http2", true, "Enable HTTP2 support") var pagesRoot = flag.String("pages-root", "shared/pages", "The directory where pages are stored") var pagesDomain = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages") + var pagesUser = flag.String("pages-user", "", "Drop privileges to this user") fmt.Printf("GitLab Pages Daemon %s (%s)\n", VERSION, REVISION) fmt.Printf("URL: https://gitlab.com/gitlab-org/gitlab-pages\n") @@ -48,6 +49,28 @@ func main() { app.RootKey = readFile(*pagesRootKey) } +<<<<<<< 9042f5171c4bddc3da330b0e236e5faa78e657c3 +======= + //daemonize() + + fmt.Println("Starting...") + + // We don't need root privileges any more + // if err := syscall.Setgid(33); err != nil { + // log.Fatalln("setgid:", err) + // } + if err := syscall.Setuid(33); err != nil { + log.Fatalln("setuid:", err) + } + + err := syscall.Chroot(*pagesRoot) + if err != nil { + log.Fatalln("chroot:", err) + } + *pagesRoot = "/" + + // Listen for HTTP +>>>>>>> Daemonize if *listenHTTP != "" { var l net.Listener l, app.ListenHTTP = createSocket(*listenHTTP) diff --git a/vendor/github.com/kardianos/osext/LICENSE b/vendor/github.com/kardianos/osext/LICENSE new file mode 100644 index 00000000..74487567 --- /dev/null +++ b/vendor/github.com/kardianos/osext/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2012 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/kardianos/osext/README.md b/vendor/github.com/kardianos/osext/README.md new file mode 100644 index 00000000..820e1ecb --- /dev/null +++ b/vendor/github.com/kardianos/osext/README.md @@ -0,0 +1,14 @@ +### Extensions to the "os" package. + +## Find the current Executable and ExecutableFolder. + +There is sometimes utility in finding the current executable file +that is running. This can be used for upgrading the current executable +or finding resources located relative to the executable file. + +Multi-platform and supports: + * Linux + * OS X + * Windows + * Plan 9 + * BSDs. diff --git a/vendor/github.com/kardianos/osext/osext.go b/vendor/github.com/kardianos/osext/osext.go new file mode 100644 index 00000000..4ed4b9aa --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext.go @@ -0,0 +1,27 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Extensions to the standard "os" package. +package osext + +import "path/filepath" + +// Executable returns an absolute path that can be used to +// re-invoke the current program. +// It may not be valid after the current program exits. +func Executable() (string, error) { + p, err := executable() + return filepath.Clean(p), err +} + +// Returns same path as Executable, returns just the folder +// path. Excludes the executable name. +func ExecutableFolder() (string, error) { + p, err := Executable() + if err != nil { + return "", err + } + folder, _ := filepath.Split(p) + return folder, nil +} diff --git a/vendor/github.com/kardianos/osext/osext_plan9.go b/vendor/github.com/kardianos/osext/osext_plan9.go new file mode 100644 index 00000000..655750c5 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_plan9.go @@ -0,0 +1,20 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package osext + +import ( + "os" + "strconv" + "syscall" +) + +func executable() (string, error) { + f, err := os.Open("/proc/" + strconv.Itoa(os.Getpid()) + "/text") + if err != nil { + return "", err + } + defer f.Close() + return syscall.Fd2path(int(f.Fd())) +} diff --git a/vendor/github.com/kardianos/osext/osext_procfs.go b/vendor/github.com/kardianos/osext/osext_procfs.go new file mode 100644 index 00000000..07a2a09e --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_procfs.go @@ -0,0 +1,34 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build linux netbsd openbsd solaris dragonfly + +package osext + +import ( + "errors" + "fmt" + "os" + "runtime" + "strings" +) + +func executable() (string, error) { + switch runtime.GOOS { + case "linux": + const deletedSuffix = " (deleted)" + execpath, err := os.Readlink("/proc/self/exe") + if err != nil { + return execpath, err + } + return strings.TrimSuffix(execpath, deletedSuffix), nil + case "netbsd": + return os.Readlink("/proc/curproc/exe") + case "openbsd", "dragonfly": + return os.Readlink("/proc/curproc/file") + case "solaris": + return os.Readlink(fmt.Sprintf("/proc/%d/path/a.out", os.Getpid())) + } + return "", errors.New("ExecPath not implemented for " + runtime.GOOS) +} diff --git a/vendor/github.com/kardianos/osext/osext_sysctl.go b/vendor/github.com/kardianos/osext/osext_sysctl.go new file mode 100644 index 00000000..b66cac87 --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_sysctl.go @@ -0,0 +1,79 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build darwin freebsd + +package osext + +import ( + "os" + "path/filepath" + "runtime" + "syscall" + "unsafe" +) + +var initCwd, initCwdErr = os.Getwd() + +func executable() (string, error) { + var mib [4]int32 + switch runtime.GOOS { + case "freebsd": + mib = [4]int32{1 /* CTL_KERN */, 14 /* KERN_PROC */, 12 /* KERN_PROC_PATHNAME */, -1} + case "darwin": + mib = [4]int32{1 /* CTL_KERN */, 38 /* KERN_PROCARGS */, int32(os.Getpid()), -1} + } + + n := uintptr(0) + // Get length. + _, _, errNum := syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, 0, uintptr(unsafe.Pointer(&n)), 0, 0) + if errNum != 0 { + return "", errNum + } + if n == 0 { // This shouldn't happen. + return "", nil + } + buf := make([]byte, n) + _, _, errNum = syscall.Syscall6(syscall.SYS___SYSCTL, uintptr(unsafe.Pointer(&mib[0])), 4, uintptr(unsafe.Pointer(&buf[0])), uintptr(unsafe.Pointer(&n)), 0, 0) + if errNum != 0 { + return "", errNum + } + if n == 0 { // This shouldn't happen. + return "", nil + } + for i, v := range buf { + if v == 0 { + buf = buf[:i] + break + } + } + var err error + execPath := string(buf) + // execPath will not be empty due to above checks. + // Try to get the absolute path if the execPath is not rooted. + if execPath[0] != '/' { + execPath, err = getAbs(execPath) + if err != nil { + return execPath, err + } + } + // For darwin KERN_PROCARGS may return the path to a symlink rather than the + // actual executable. + if runtime.GOOS == "darwin" { + if execPath, err = filepath.EvalSymlinks(execPath); err != nil { + return execPath, err + } + } + return execPath, nil +} + +func getAbs(execPath string) (string, error) { + if initCwdErr != nil { + return execPath, initCwdErr + } + // The execPath may begin with a "../" or a "./" so clean it first. + // Join the two paths, trailing and starting slashes undetermined, so use + // the generic Join function. + return filepath.Join(initCwd, filepath.Clean(execPath)), nil +} diff --git a/vendor/github.com/kardianos/osext/osext_windows.go b/vendor/github.com/kardianos/osext/osext_windows.go new file mode 100644 index 00000000..72d282cf --- /dev/null +++ b/vendor/github.com/kardianos/osext/osext_windows.go @@ -0,0 +1,34 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package osext + +import ( + "syscall" + "unicode/utf16" + "unsafe" +) + +var ( + kernel = syscall.MustLoadDLL("kernel32.dll") + getModuleFileNameProc = kernel.MustFindProc("GetModuleFileNameW") +) + +// GetModuleFileName() with hModule = NULL +func executable() (exePath string, err error) { + return getModuleFileName() +} + +func getModuleFileName() (string, error) { + var n uint32 + b := make([]uint16, syscall.MAX_PATH) + size := uint32(len(b)) + + r0, _, e1 := getModuleFileNameProc.Call(0, uintptr(unsafe.Pointer(&b[0])), uintptr(size)) + n = uint32(r0) + if n == 0 { + return "", e1 + } + return string(utf16.Decode(b[0:n])), nil +} |