From b33e0e782a3a1fb66d8166cb6bf8a68c63632091 Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Wed, 12 Apr 2017 19:13:27 +0200 Subject: [PATCH] Hide container-manager command and print out a warning when not called as root --- src/anbox/cli.cpp | 12 +++++++----- src/anbox/cli.h | 12 ++++++++---- src/anbox/cmds/container_manager.cpp | 9 ++++++++- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/src/anbox/cli.cpp b/src/anbox/cli.cpp index 2e828bc..d4e4240 100644 --- a/src/anbox/cli.cpp +++ b/src/anbox/cli.cpp @@ -78,9 +78,11 @@ cli::Usage cli::Command::usage() const { return usage_; } cli::Description cli::Command::description() const { return description_; } +bool cli::Command::hidden() const { return hidden_; } + cli::Command::Command(const cli::Name& name, const cli::Usage& usage, - const cli::Description& description) - : name_(name), usage_(usage), description_(description) {} + const cli::Description& description, bool hidden) + : name_(name), usage_(usage), description_(description), hidden_(hidden) {} cli::CommandWithSubcommands::CommandWithSubcommands( const Name& name, const Usage& usage, const Description& description) @@ -117,7 +119,7 @@ void cli::CommandWithSubcommands::help(std::ostream& out) { out << std::endl << pattern::commands << std::endl; for (const auto& cmd : commands_) { - if (cmd.second) + if (cmd.second && !cmd.second->hidden()) out << boost::format(pattern::command) % cmd.second->name() % cmd.second->description() << std::endl; @@ -168,8 +170,8 @@ int cli::CommandWithSubcommands::run(const cli::Command::Context& ctxt) { } cli::CommandWithFlagsAndAction::CommandWithFlagsAndAction( - const Name& name, const Usage& usage, const Description& description) - : Command{name, usage, description} {} + const Name& name, const Usage& usage, const Description& description, bool hidden) + : Command{name, usage, description, hidden} {} cli::CommandWithFlagsAndAction& cli::CommandWithFlagsAndAction::flag( const Flag::Ptr& flag) { diff --git a/src/anbox/cli.h b/src/anbox/cli.h index e398919..b7e094c 100644 --- a/src/anbox/cli.h +++ b/src/anbox/cli.h @@ -243,6 +243,9 @@ class Command : public DoNotCopyOrMove { /// @brief description returns a longer string explaining the command. virtual Description description() const; + /// @brief hidden returns if the command is hidden from the user or not. + virtual bool hidden() const; + /// @brief run puts the command to execution. virtual int run(const Context& context) = 0; @@ -252,7 +255,7 @@ class Command : public DoNotCopyOrMove { protected: /// @brief Command initializes a new instance with the given name, usage and /// description. - Command(const Name& name, const Usage& usage, const Description& description); + Command(const Name& name, const Usage& usage, const Description& description, bool hidden = false); /// @brief name adjusts the name of the command to n. // virtual void name(const Name& n); @@ -265,6 +268,7 @@ class Command : public DoNotCopyOrMove { Name name_; Usage usage_; Description description_; + bool hidden_; }; /// @brief CommandWithSubcommands implements Command, selecting one of a set of @@ -275,7 +279,7 @@ class CommandWithSubcommands : public Command { typedef std::function Action; /// @brief CommandWithSubcommands initializes a new instance with the given - /// name, usage and description + /// name, usage and description. CommandWithSubcommands(const Name& name, const Usage& usage, const Description& description); @@ -302,9 +306,9 @@ class CommandWithFlagsAndAction : public Command { typedef std::function Action; /// @brief CommandWithFlagsAndAction initializes a new instance with the given - /// name, usage and description + /// name, usage and description. Optionally the command can be marked as hidden. CommandWithFlagsAndAction(const Name& name, const Usage& usage, - const Description& description); + const Description& description, bool hidden = false); /// @brief flag adds the given flag to the set of known flags. CommandWithFlagsAndAction& flag(const Flag::Ptr& flag); diff --git a/src/anbox/cmds/container_manager.cpp b/src/anbox/cmds/container_manager.cpp index b4d7a19..7dad7a8 100644 --- a/src/anbox/cmds/container_manager.cpp +++ b/src/anbox/cmds/container_manager.cpp @@ -37,7 +37,7 @@ constexpr unsigned int unprivileged_user_id{100000}; anbox::cmds::ContainerManager::ContainerManager() : CommandWithFlagsAndAction{ cli::Name{"container-manager"}, cli::Usage{"container-manager"}, - cli::Description{"Start the container manager service"}} { + cli::Description{"Start the container manager service"}, true} { flag(cli::make_flag(cli::Name{"android-image"}, cli::Description{"Path to the Android rootfs image file if not stored in the data path"}, @@ -51,6 +51,13 @@ anbox::cmds::ContainerManager::ContainerManager() action([&](const cli::Command::Context&) { try { + if (getuid() != 0) { + ERROR("You're not running the container-manager as root. Generally you don't"); + ERROR("want to run the container-manager manually unless you're a developer"); + ERROR("as it is started by the init system of your operating system."); + return EXIT_FAILURE; + } + auto trap = core::posix::trap_signals_for_process( {core::posix::Signal::sig_term, core::posix::Signal::sig_int}); trap->signal_raised().connect([trap](const core::posix::Signal& signal) {