Submit
Path:
~
/
/
opt
/
alt
/
python37
/
lib
/
python3.7
/
site-packages
/
File Content:
cl_proc_hidepid.py
# -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT # Module contains functions for remounting /proc with hidepid=2 option # see CAG-796 for details from __future__ import print_function from __future__ import absolute_import import subprocess from clcommon.cpapi import Feature, is_panel_feature_supported from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE from clcommon.utils import grep, proc_can_see_other_uid_and_hidepid_synced def hidepid_found(): """ Search for line like "proc /proc proc defaults,hidepid=2,gid=clsupergid 0 0" in /etc/fstab Return True if /proc is mounted with hidepid option in /etc/fstab """ fstab = '/etc/fstab' try: with open(fstab, 'r') as f: for line in f: line = line.strip() if line and not line.startswith('#'): splitted_line = line.split() if splitted_line and splitted_line[0] == 'proc' and 'hidepid=' in splitted_line[3]: return True except (IOError, IndexError) as e: print('Error: failed to parse', fstab, ':', str(e)) return False def execute(cmd, verbose): if verbose: print('executing', ' '.join(cmd)) return subprocess.call(cmd) def remount_proc(verbose=False): """ Remount /proc with hidepid=2 option when needed """ # In latest versions of the kernel on CL8 # no need to remount /proc with hidepid option # because it is synchronized with fs.proc_can_see_other_uid option if proc_can_see_other_uid_and_hidepid_synced(): return if not is_panel_feature_supported(Feature.LVE): if verbose: print('environment without LVE detected - remounting /proc is skipped') return sysctl = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE) if verbose: print('apply sysctl settings') if hidepid_found(): # admin can override hidepid option via /etc/fstab if verbose: print('hidepid option is found in /etc/fstab - remounting /proc with options from /etc/fstab') return execute(['/bin/mount', '-o', 'remount', '/proc'], verbose) proc_can_see_other_uid = sysctl.get('fs.proc_can_see_other_uid') super_gid = sysctl.get('fs.proc_super_gid') if proc_can_see_other_uid != '0': if verbose: print('virtualized procfs feature is not enabled in sysctl conf - disable hidepid') return execute(['/bin/mount', '-o', 'remount,hidepid=0,gid=0', '/proc'], verbose) if verbose: print('enable hidepid for /proc') return execute(['/bin/mount', '-o', 'remount,hidepid=2,gid='+super_gid, '/proc'], verbose) def get_gid_from_mounts(): """ Retrieve hidepid gid from /proc/mounts :return: gid, 0 if absent """ lines_gen = grep(',hidepid=', '/proc/mounts') gid_prefix = ',gid=' try: for line in lines_gen: line = line.strip() if gid_prefix not in line: continue # Search gid=xxxx in line pos = line.find(gid_prefix) if pos == -1: continue pos += 5 line = line[pos:] pos = line.find(',') if pos != -1: line = line[:pos] else: pos = line.find(' ') if pos != -1: line = line[:pos] else: # Invalid or unsupported proc format return -1 return int(line) except (IOError, IndexError, ValueError): pass # hidepid not found in /proc/mounts return -1 def get_hidepid_typing_from_mounts() -> int: """ Retrieve hidepid value from /proc/mounts :return: hidepid, 0 is absent """ mounts_path = '/proc/mounts' hidepid_prefix = 'hidepid=' try: # Parse mounts file output for proc lines and get the hidepid with open(mounts_path, mode='r') as file: for line in file: if (not line.strip().startswith('proc /proc') or hidepid_prefix not in line): continue pos = line.find(hidepid_prefix) + len(hidepid_prefix) return int(line[pos]) except (OSError, IOError, IndexError, ValueError): pass # hidepid not found in /proc/mounts return 0
Edit
Rename
Chmod
Delete
FILE
FOLDER
Name
Size
Permission
Action
Babel-2.9.1-py3.7.egg-info
---
0755
Beaker-1.11.0-py3.7.egg-info
---
0755
Jinja2-3.0.3-py3.7.egg-info
---
0755
Mako-1.1.0-py3.7.egg-info
---
0755
OpenSSL
---
0755
Paste-1.7.5.1-py3.7.egg-info
---
0755
PyJWT-1.7.1-py3.7.egg-info
---
0755
Tempita-0.5.1-py3.7.egg-info
---
0755
__pycache__
---
0755
_distutils_hack
---
0755
aiosignal
---
0755
aiosignal-1.2.0a0-py3.7.egg-info
---
0755
alembic
---
0755
alembic-0.8.3-py3.7.egg-info
---
0755
asn1crypto
---
0755
asn1crypto-0.22.0-py3.7.egg-info
---
0755
async_timeout
---
0755
async_timeout-4.0.2-py3.7.egg-info
---
0755
attr
---
0755
attrs-17.4.0-py3.7.egg-info
---
0755
babel
---
0755
beaker
---
0755
beautifulsoup4-4.5.1-py3.7.egg-info
---
0755
bs4
---
0755
certifi
---
0755
certifi-2018.4.16-py3.7.egg-info
---
0755
chardet
---
0755
chardet-3.0.4-py3.7.egg-info
---
0755
charset_normalizer
---
0755
charset_normalizer-2.0.12-py3.7.egg-info
---
0755
cl_dom_collector
---
0755
clcommon
---
0755
clconfig
---
0755
clconfigure
---
0755
cldashboard
---
0755
clevents
---
0755
cllicense
---
0755
cllimits
---
0755
cllimits_validator
---
0755
cllimitslib_v2
---
0755
clpackages
---
0755
clquota
---
0755
clselect
---
0755
clselector
---
0755
clsentry
---
0755
clsummary
---
0755
clveconfig
---
0755
clwizard
---
0755
clwpos
---
0755
cssselect
---
0755
cssselect-0.9.2-py3.7.egg-info
---
0755
distlib
---
0755
docopt-0.6.2-py3.7.egg-info
---
0755
filelock
---
0755
filelock-0.0.0-py3.7.egg-info
---
0755
future
---
0755
future-0.17.0-py3.7.egg-info
---
0755
html5lib
---
0755
html5lib-1.0.1-py3.7.egg-info
---
0755
idna
---
0755
idna-2.5-py3.7.egg-info
---
0755
importlib_metadata
---
0755
importlib_metadata-0.0.0-py3.7.egg-info
---
0755
jinja2
---
0755
jsonschema
---
0755
jsonschema-3.2.0-py3.7.egg-info
---
0755
jwt
---
0755
libfuturize
---
0755
libpasteurize
---
0755
lve_utils
---
0755
lvemanager
---
0755
lvestats
---
0755
mako
---
0755
nose
---
0755
nose-1.3.7-py3.7.egg-info
---
0755
packaging
---
0755
packaging-16.8-py3.7.egg-info
---
0755
past
---
0755
paste
---
0755
pip
---
0755
pip-20.2.4.dist-info
---
0755
pkg_resources
---
0755
platformdirs
---
0755
platformdirs-0.0.0-py3.7.egg-info
---
0755
ply
---
0755
ply-3.8-py3.7.egg-info
---
0755
prettytable-0.7.2-py3.7.egg-info
---
0755
pyOpenSSL-17.3.0-py3.7.egg-info
---
0755
pycparser
---
0755
pycparser-2.14-py3.7.egg-info
---
0755
pyparsing-2.1.10-py3.7.egg-info
---
0755
python_editor-0.4-py3.7.egg-info
---
0755
pytz
---
0755
pytz-2017.2-py3.7.egg-info
---
0755
raven
---
0755
raven-6.3.0-py3.7.egg-info
---
0755
requests
---
0755
requests-2.26.0-py3.7.egg-info
---
0755
schema-0.7.1-py3.7.egg-info
---
0755
sentry_sdk
---
0755
sentry_sdk-0.19.4-py3.7.egg-info
---
0755
setuptools
---
0755
setuptools-58.3.0.dist-info
---
0755
six-1.15.0-py3.7.egg-info
---
0755
ssa
---
0755
svgwrite
---
0755
svgwrite-1.3.0-py3.7.egg-info
---
0755
tempita
---
0755
typing_extensions-3.7.4.3-py3.7.egg-info
---
0755
urllib3
---
0755
urllib3-1.26.6-py3.7.egg-info
---
0755
vendors_api
---
0755
virtualenv
---
0755
virtualenv-20.13.0-py3.7.egg-info
---
0755
webencodings
---
0755
webencodings-0.5.1-py3.7.egg-info
---
0755
wmt
---
0755
zipp-0.0.0-py3.7.egg-info
---
0755
Paste-1.7.5.1-py3.7-nspkg.pth
534 bytes
0644
PySocks-1.5.7-py3.7.egg-info
322 bytes
0644
cl_proc_hidepid.py
4549 bytes
0644
clcontrollib.py
53127 bytes
0644
cldetectlib.py
18745 bytes
0644
cldiaglib.py
48675 bytes
0644
clhooklib.py
1432 bytes
0644
cli_utils.py
1775 bytes
0644
cllicenselib.py
8220 bytes
0644
clsetuplib.py
4422 bytes
0644
clsudo.py
15049 bytes
0644
cpanel.py
29687 bytes
0644
distlib-0.3.4-py3.7.egg-info
1162 bytes
0644
distutils-precedence.pth
152 bytes
0644
docopt.py
19946 bytes
0644
editor.py
2550 bytes
0755
lve_stats-2.0-py3.7.egg-info
185 bytes
0644
lveapi.py
19697 bytes
0644
lvectllib.py
94545 bytes
0644
lvestat.py
7106 bytes
0644
prettytable.py
54204 bytes
0644
pyparsing.py
229867 bytes
0644
remove_ubc.py
5670 bytes
0755
schema.py
29198 bytes
0644
secureio.py
17387 bytes
0644
six.py
34159 bytes
0644
socks.py
29952 bytes
0644
sockshandler.py
2913 bytes
0644
typing_extensions.py
83727 bytes
0644
zipp.py
8425 bytes
0644
N4ST4R_ID | Naxtarrr
