�

�ʘfG���dd
lm
Z

ddlmZ
ddlZddlZddlmZmZ
ddlm	Z	m
Z

ddlmZm
Z

ddddd	�Zd
�Zd�Zdd
�
Zd�Zdefd�ZdS)�)
�print_function)
�absolute_importN)�Feature�is_panel_feature_supported)�
SysCtlConf�SYSCTL_CL_CONF_FILE)�grep�)proc_can_see_other_uid_and_hidepid_synced�
�)�noaccess�	invisible�
1�
2c	�
�d
}	t
|d��5}
|
D]g}|�
��}|rO|�d�
�
s:|���}|r$|ddkrd|dvr
ddd��
d	S�h	ddd��
n#1swxYw

Y

n=#tt
f$r)}t
d
|dt|�
�
��
Yd}~nd}~w
wxYw
dS)
z�
    Search for line like "proc /proc proc defaults,hidepid=2,gid=clsupergid 0 0" in /etc/fstab
    Return True if /proc is mounted with hidepid option in /etc/fstab
    z
/etc/fstab�
r�
#r�proczhidepid=�NTzError: failed to parse�
:F)�open�strip�
startswith�split�IOError�
IndexError�print�str)�fstab�
f�line�
splitted_line�
es     �py/cl_proc_hidepid.py�
hidepid_foundr%sc
��

�E�	<�
�%��
�
�	$���
$�
$���z�z�|�|���$����� 4� 4�$�$(�J�J�L�L�M�$�
$��q�)9�V�)C�)C�
�Vc�de�Vf�Hf�Hf�#�
	$�	$�	$�	$�	$�	$�	$�	$��
$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$���
�Z� �
<�
<�
<�
�&��s�C�
�F�F�;�;�;�;�;�;�;�;�����
<�����5sG�B�AB�1B�>
B�B�B�B�
B�B�C�)C
�
Cc�t�|
r#t
d
d�
|�
�
��
tj|�
�
S)N�	executing�
 )r�join�
subprocess�call)�cmd�verboses  r$�executer./s4���
*�
�k�3�8�8�C�=�=�)�)�)��?�3����Fc
��t
��rd
Sttj�
�
s|rt	d�
�

d
Stt��
�
}
|rt	d�
�

t��r#|rt	d�
�

tgd�
|��S|
�	d�
�
}|
�	d�
�
}|d	kr#|rt	d
�
�

tgd�
|��S|rt	d�
�

td
dd|zdg|��S)z9
    Remount /proc with hidepid=2 option when needed
    Nz>environment without LVE detected - remounting /proc is skipped)
�config_filezapply sysctl settingszUhidepid option is found in /etc/fstab - remounting /proc with options from /etc/fstab)�
/bin/mount�-o�remount�/proczfs.proc_can_see_other_uidzfs.proc_super_gid�
0zJvirtualized procfs feature is not enabled in sysctl conf - disable hidepid)r2r3zremount,hidepid=0,gid=0r5zenable hidepid for /procr2r3zremount,hidepid=2,gid=r5)
r
rr�LVErrrr%r.�get)r-�sysctl�proc_can_see_other_uid�	super_gids    r$�remount_procr<5sA
��1�2�2�
���%�g�k�2�2���
	T
��R�S�S�S���
�$7�
8�
8�
8�F��
'�
�%�&�&�&����J
��
	k
��i�j�j�j��?�?�?��I�I�I�#�Z�Z�(C�D�D���
�
�.�/�/�I���$�$��
	`
��^�_�_�_��O�O�O�QX�Y�Y�Y��
*�
�(�)�)�)��L�$�(@��(J�G�T�V]�^�^�^r/c�
�t
d
d��}d}
	|D]�}|�
��}|
|v
r
�|�|
�
�
}|dkr
�7|dz
}||d�}|�d�
�
}|dkr|d|�}n)|�d�
�
}|dkr|d|�}n
dSt|�
�
c
Sn#tt
tf$r
YnwxYw
dS)	zN
    Retrieve hidepid gid from /proc/mounts
    :return: gid, 0 if absent
    z	,hidepid=�/proc/mountsz,gid=����N�
,r()r	r�find�intrr�
ValueError)�	lines_gen�
gid_prefixr!�poss    r$�get_gid_from_mountsrHUs
��
�[�.�1�1�I��J�
��	�	�D��:�:�<�<�D���%�%���)�)�J�'�'�C��b�y�y���1�H�C�����:�D��)�)�C�.�.�C��b�y�y��D�S�D�z����i�i��n�n���"�9�9�����:�D�D��2�2��t�9�9����)	��*
�Z��,�

�

�

���

�����2s�BB=�+B=�=C�
C�returnc	�
�d
}d}
	t
|d���5}|D]~}tjd|��}|����d�
�
s
�?|r=t
�t|�d�
�
�
�
d��}

n
�ddd��
n#1swxYw

Y

n##ttttf$r
YnwxYw
|
S)	zT
    Retrieve hidepid value from /proc/mounts
    :return: hidepid, 0 if absent
    r>rr)
�modezhidepid=(\d|\w+)z
proc /procrN)
r�re�searchrr�HidepidValuesDictr8r�group�OSErrorrrrD)�mounts_path�res�filer!�
ms     r$�get_hidepid_typing_from_mountsrUxs$
��
!�K�
�C�
�
�+�C�
(�
(�
(�	�D��
�
���I�1�4�8�8�
��z�z�|�|�.�.�|�<�<�����+�/�/��A�G�G�A�J�J����C�C�C��E��	�	�	�	�	�	�	�	�	�	�	����	�	�	�	���
�W�j�*�5�

�

�

���

�����Js5�B1�BB%�B1�%B)�)B1�,
B)�-B1�1C�
C)
F)�
__future__rrr*rL�clcommon.cpapirr�clcommon.sysctlrr�clcommon.utilsr	r
rNr%r.r<rHrCrU�r/r$�<module>r[
s
�


�
&�%�%�%�%�%�&�&�&�&�&�&�����	�	�	�	�>�>�>�>�>�>�>�>�;�;�;�;�;�;�;�;�J�J�J�J�J�J�J�J���	
�	
�	���
�
�
�&
 �
 �
 �
_
�
_
�
_
�
_
�@
 
� 
� 
�F

��
�
�
�
�
�
r/