diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-27 14:52:25 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-02-27 14:53:12 -0700 |
| commit | 61e5e3b024664d2b2549562efd915cf8b165b8e1 (patch) | |
| tree | 5f597672205c7a3eb30e856f08d5e75569824057 /src/connection/chroot.lisp | |
| parent | 63cc03e228e0fe40aa3b7a7f973b18b734fcd338 (diff) | |
| download | consfigurator-61e5e3b024664d2b2549562efd915cf8b165b8e1.tar.gz | |
add :CHROOT and :CHROOT.SHELL connection types
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection/chroot.lisp')
| -rw-r--r-- | src/connection/chroot.lisp | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/connection/chroot.lisp b/src/connection/chroot.lisp new file mode 100644 index 0000000..b597333 --- /dev/null +++ b/src/connection/chroot.lisp @@ -0,0 +1,42 @@ +;;; Consfigurator -- Lisp declarative configuration management system + +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> + +;;; This file is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3, or (at your option) +;;; any later version. + +;;; This file is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. + +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see <http://www.gnu.org/licenses/>. + +(in-package :consfigurator.connection.chroot) + +;; currently we only check whether we're root, but, for example, on Linux, we +;; might have a CAP_* which lets us chroot as non-root +(defun can-chroot () + (zerop (foreign-funcall "geteuid" :int))) + +(defun can-probably-fork () + "Return nil if we can detect other running threads, and the Lisp +implementation is known not to support forking when there are other threads. +A return value other than nil indicates only that we couldn't detect +circumstances in which it is known that we cannot fork, not that we are sure +we can fork -- a thread might be only partly initialised at the time we check, +for example, such that we don't see it." + (and + #+sbcl (not (sb-thread:list-all-threads)))) + +(defmethod establish-connection ((type (eql :chroot)) remaining &key into) + (establish-connection (if (and (lisp-connection-p) + (can-chroot) + (can-probably-fork)) + :chroot.fork + :chroot.shell) + remaining + :into into)) |