PNG  IHDR pHYs   OiCCPPhotoshop ICC profilexڝSgTS=BKKoR RB&*! J!QEEȠQ, !{kּ> H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3- cHRMz%u0`:o_F@8N ' p @8N@8}' p '#@8N@8N pQ9p!i~}|6-ӪG` VP.@*j>[ K^<֐Z]@8N'KQ<Q(`s" 'hgpKB`R@Dqj '  'P$a ( `D$Na L?u80e J,K˷NI'0eݷ(NI'؀ 2ipIIKp`:O'`ʤxB8Ѥx Ѥx $ $P6 :vRNb 'p,>NB 'P]-->P T+*^h& p '‰a ‰ (ĵt#u33;Nt̵'ޯ; [3W ~]0KH1q@8]O2]3*̧7# *p>us p _6]/}-4|t'|Smx= DoʾM×M_8!)6lq':l7!|4} '\ne t!=hnLn (~Dn\+‰_4k)0e@OhZ`F `.m1} 'vp{F`ON7Srx 'D˸nV`><;yMx!IS钦OM)Ե٥x 'DSD6bS8!" ODz#R >S8!7ّxEh0m$MIPHi$IvS8IN$I p$O8I,sk&I)$IN$Hi$I^Ah.p$MIN$IR8I·N "IF9Ah0m$MIN$IR8IN$I 3jIU;kO$ɳN$+ q.x* tEXtComment

Viewing File: /opt/cloudlinux/venv/lib/python3.11/site-packages/cllimits/cagefs_lib.py

# -*- coding: utf-8 -*-

# lvectl.py - module for interfacing with cagefsctl utility for get/set CageFs user's status
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
import logging
import os.path

from cllimits.lib import exec_utility
from clcommon.clexception import FormattedException
from clcommon.utils import run_command, ExternalProgramFailed


class CageFsException(FormattedException):
    pass


class CageFs:
    _UTILITY_PATH = '/usr/sbin/cagefsctl'

    def __init__(self, logger=None):
        # List of enabled users in Cagefs
        self._cagefs_enabled_users = None
        self._is_cagefs_error = False
        self._logger = logger or self._create_dummy_logger()

    @staticmethod
    def _create_dummy_logger():
        logger = logging.getLogger(__name__)
        # in order to write messages only to this logger, not global
        logger.propagate = False
        logger.addHandler(logging.NullHandler())
        return logger

    def is_cagefs_present(self):
        """
        Get CageFS presence flag
        :return: True/False - Cagefs present/absent
        """
        return os.path.isfile(self._UTILITY_PATH)

    # WARNING: result is cached, TODO: rework caching
    def get_user_status(self, username):
        """
        Get User status in CageFs
        :param username: User name
        :return: True/False - user enabled/disabled in CageFs
        """
        # Load Cagefs data if need
        self._load_info()
        return username in self._cagefs_enabled_users

    def set_user_status(self, username, status, ignore_cache=False):
        """
        Set user status in CageFs
        :param str username: User name
        :param bool status: new user status - True/False --> enable/disable
        :param bool ignore_cache: ignore data caching
        :return: None
        """
        # Load Cagefs data if need
        if not ignore_cache:
            self._load_info()
            if status and self.get_user_status(username):
                # Enable user: user already in cagefs - do nothing
                return
            if not status and not self.get_user_status(username):
                # Disable user: user already not in cagefs - do nothing
                return
        if status:
            cagefsctl_arg = "--enable"
        else:
            cagefsctl_arg = "--disable"
        self._get_cagefsctl_out([cagefsctl_arg, username])

    def _load_info(self):
        """
        Loads users info from Cagefs
        :return: None
        """
        # Exit if CageFS data already loaded
        if self._cagefs_enabled_users is not None:
            return
        # Exit if CageFS not present or Cagefs error
        if not self.is_cagefs_present() or self._is_cagefs_error:
            raise CageFsException({'message': "%(util)s is disabled",
                                   'context': {'util': 'CageFS'}})
        self._cagefs_enabled_users = []
        s_cagefs_out = self._get_cagefsctl_out(['--list-enabled'])
        # Parse result
        s_enabled_users_parts = s_cagefs_out.split('\n')
        for line in s_enabled_users_parts:
            if "enabled user" in line:
                continue
            self._cagefs_enabled_users.append(line.strip())

    def initialize_cagefs(self):
        """
        Just initialize cagefs
        """
        out = self._get_cagefsctl_out(['--init'])
        return out

    def set_enabled_mode(self):
        # We use run_command because it uses close_fds=True during subprocess opening
        # in case of --enable-all there are problems with lock on cl6
        # so we use close_fds=True to close file descriptor and makes locking works properly
        try:
            cmd = ['cagefsctl', '--enable-all']
            out = run_command(cmd)
            return out
        except ExternalProgramFailed as err:
            raise CageFsException(str(err)) from err

    def get_user_mode(self):
        out = self._get_cagefsctl_out(['--display-user-mode'])
        # Mode: Disable All
        mode = out.split(':')[1].strip()
        return mode

    def toggle_user_mode(self):
        self._get_cagefsctl_out(['--toggle-mode'])

    def enable_cagefs(self):
        # We use run_command because it uses close_fds=True during subprocess opening
        # in case of --enable-cagefs there are problems with lock on cl6
        # so we use close_fds=True to close file descriptor and makes locking works properly
        try:
            cmd = ['cagefsctl', '--enable-cagefs']
            self._logger.info('Running "%s"', ' '.join(cmd))
            out = run_command(cmd)
            return out
        except ExternalProgramFailed as err:
            self._logger.info('cagefsctl exited with error "%s"', str(err))
            raise CageFsException(str(err)) from err

    def _get_cagefsctl_out(self, cmd):
        self._logger.info('Running "cagefsctl %s"', ' '.join(cmd))
        if not self.is_cagefs_present():
            raise CageFsException({'message': "%(util)s is not installed",
                                   'context': {'util': 'CageFS'}})
        ret_code, s_stdout, s_stderr = exec_utility(self._UTILITY_PATH, cmd, stderr=True)
        s_cagefs_out = s_stdout or s_stderr
        if ret_code != 0 or 'Error:' in s_cagefs_out:
            self._logger.info('Cagefs exited with exit code "%s" and output "%s"', (ret_code, s_cagefs_out))
            self._is_cagefs_error = True
            raise CageFsException(s_cagefs_out)
        return s_cagefs_out

    def rebuild_alt_php_ini(self):
        out = self._get_cagefsctl_out(['--rebuild-alt-php-ini'])
        return out
Back to Directory=ceiIENDB`