diff options
| author | vvvv <[email protected]> | 2025-10-06 11:26:09 +0300 |
|---|---|---|
| committer | vvvv <[email protected]> | 2025-10-06 11:53:26 +0300 |
| commit | 60f45e69a4d7dbc6131208e16c45faf35aa5a985 (patch) | |
| tree | 4daa45b52c295a178c7620e4c93921465fcf7950 /yql/essentials/utils/sys | |
| parent | 1bded1a65a7e6e9171418f3e1c691d390125b64e (diff) | |
YQL-20086 utils
init
commit_hash:54feccd520ebd0ab23612bc0cb830914dff9d0e8
Diffstat (limited to 'yql/essentials/utils/sys')
| -rw-r--r-- | yql/essentials/utils/sys/become_user.cpp | 46 | ||||
| -rw-r--r-- | yql/essentials/utils/sys/become_user.h | 2 | ||||
| -rw-r--r-- | yql/essentials/utils/sys/become_user_dummy.cpp | 2 | ||||
| -rw-r--r-- | yql/essentials/utils/sys/linux_version.cpp | 58 | ||||
| -rw-r--r-- | yql/essentials/utils/sys/linux_version.h | 12 | ||||
| -rw-r--r-- | yql/essentials/utils/sys/ya.make | 2 |
6 files changed, 62 insertions, 60 deletions
diff --git a/yql/essentials/utils/sys/become_user.cpp b/yql/essentials/utils/sys/become_user.cpp index bbb6b5735ca..af24dc0d555 100644 --- a/yql/essentials/utils/sys/become_user.cpp +++ b/yql/essentials/utils/sys/become_user.cpp @@ -1,29 +1,29 @@ #include "become_user.h" #ifdef _linux_ -#include <yql/essentials/utils/sys/linux_version.h> + #include <yql/essentials/utils/sys/linux_version.h> -#include <util/generic/yexception.h> -#include <util/system/user.h> + #include <util/generic/yexception.h> + #include <util/system/user.h> -#include <memory> -#include <vector> -#include <errno.h> + #include <memory> + #include <vector> + #include <errno.h> -#include <grp.h> -#include <pwd.h> -#include <unistd.h> + #include <grp.h> + #include <pwd.h> + #include <unistd.h> -#include <sys/prctl.h> -#include <contrib/libs/libcap/include/sys/capability.h> -#include <contrib/libs/libcap/include/sys/securebits.h> + #include <sys/prctl.h> + #include <contrib/libs/libcap/include/sys/capability.h> + #include <contrib/libs/libcap/include/sys/securebits.h> -// strange, but sometimes we have to specify values manually -#define PR_CAP_AMBIENT 47 -#define PR_CAP_AMBIENT_IS_SET 1 -#define PR_CAP_AMBIENT_RAISE 2 -#define PR_CAP_AMBIENT_LOWER 3 -#define PR_CAP_AMBIENT_CLEAR_ALL 4 + // strange, but sometimes we have to specify values manually + #define PR_CAP_AMBIENT 47 + #define PR_CAP_AMBIENT_IS_SET 1 + #define PR_CAP_AMBIENT_RAISE 2 + #define PR_CAP_AMBIENT_LOWER 3 + #define PR_CAP_AMBIENT_CLEAR_ALL 4 namespace NYql { @@ -90,7 +90,7 @@ void EnsureCapFlagsVectorCannotBeRaised(const std::vector<cap_value_t>& flags) { for (auto f : flags) { try { // one-by-one - SetCapFlagsVector({ f }); + SetCapFlagsVector({f}); } catch (const TSystemError&) { continue; } @@ -141,14 +141,14 @@ void DoBecomeUser(const char* username, const char* groupname) { } } -} +} // namespace void BecomeUser(const TString& username, const TString& groupname) { DoBecomeUser(username.data(), groupname.data()); } void TurnOnBecomeUserAmbientCaps() { - SetCapFlagsVector({ CAP_SETUID, CAP_SETGID, CAP_SETPCAP, CAP_KILL }); + SetCapFlagsVector({CAP_SETUID, CAP_SETGID, CAP_SETPCAP, CAP_KILL}); if (prctl(PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP | SECBIT_NO_SETUID_FIXUP_LOCKED, 0, 0, 0) == -1) { ythrow TSystemError() << "can't set secure bits for a process"; } @@ -157,7 +157,7 @@ void TurnOnBecomeUserAmbientCaps() { void TurnOffBecomeUserAbility() { ClearAmbientCapFlags(); SetCapFlagsVector({}); - EnsureCapFlagsVectorCannotBeRaised({ CAP_SETUID, CAP_SETGID, CAP_SETPCAP, CAP_KILL }); + EnsureCapFlagsVectorCannotBeRaised({CAP_SETUID, CAP_SETGID, CAP_SETPCAP, CAP_KILL}); // ensure we cannot get root access back if (setuid(0) != -1) { @@ -183,6 +183,6 @@ void SendSignalOnParentThreadExit(int signo) } } -} +} // namespace NYql #endif diff --git a/yql/essentials/utils/sys/become_user.h b/yql/essentials/utils/sys/become_user.h index c5c2025d8b3..dc7710e2dba 100644 --- a/yql/essentials/utils/sys/become_user.h +++ b/yql/essentials/utils/sys/become_user.h @@ -23,4 +23,4 @@ void DumpCaps(const TString& title); // subscribe child process on receiving signal on parent process death (particularly on parent thread exit) void SendSignalOnParentThreadExit(int signo); -} +} // namespace NYql diff --git a/yql/essentials/utils/sys/become_user_dummy.cpp b/yql/essentials/utils/sys/become_user_dummy.cpp index 897d9c39774..ef8ca8ccafa 100644 --- a/yql/essentials/utils/sys/become_user_dummy.cpp +++ b/yql/essentials/utils/sys/become_user_dummy.cpp @@ -22,5 +22,5 @@ void SendSignalOnParentThreadExit(int signo) Y_UNUSED(signo); } -} +} // namespace NYql #endif diff --git a/yql/essentials/utils/sys/linux_version.cpp b/yql/essentials/utils/sys/linux_version.cpp index 5d10af82948..e2be5fcce40 100644 --- a/yql/essentials/utils/sys/linux_version.cpp +++ b/yql/essentials/utils/sys/linux_version.cpp @@ -4,43 +4,43 @@ #include <util/system/platform.h> #ifdef _linux_ -# include <sys/utsname.h> + #include <sys/utsname.h> #endif namespace NYql { - std::tuple<int, int, int> DetectLinuxKernelVersion3() { +std::tuple<int, int, int> DetectLinuxKernelVersion3() { #ifdef _linux_ - // see https://github.com/torvalds/linux/blob/master/Makefile - // version is composed as follows: - // VERSION = 4 - // PATCHLEVEL = 18 - // SUBLEVEL = 0 - // EXTRAVERSION = -rc4 - // KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) + // see https://github.com/torvalds/linux/blob/master/Makefile + // version is composed as follows: + // VERSION = 4 + // PATCHLEVEL = 18 + // SUBLEVEL = 0 + // EXTRAVERSION = -rc4 + // KERNELVERSION = $(VERSION)$(if $(PATCHLEVEL),.$(PATCHLEVEL)$(if $(SUBLEVEL),.$(SUBLEVEL)))$(EXTRAVERSION) - utsname buf = {}; - if (uname(&buf)) { - ythrow TSystemError() << "uname call failed"; - } + utsname buf = {}; + if (uname(&buf)) { + ythrow TSystemError() << "uname call failed"; + } - int v = 0; - int p = 0; - int s = 0; - if (sscanf(buf.release, "%d.%d.%d", &v, &p, &s) != 3) { - ythrow yexception() << "Failed to parse linux kernel version " << buf.release; - } - return std::make_tuple(v, p, s); + int v = 0; + int p = 0; + int s = 0; + if (sscanf(buf.release, "%d.%d.%d", &v, &p, &s) != 3) { + ythrow yexception() << "Failed to parse linux kernel version " << buf.release; + } + return std::make_tuple(v, p, s); #else - return {}; + return {}; #endif - } +} - std::pair<int, int> DetectLinuxKernelVersion2() { - auto v = DetectLinuxKernelVersion3(); - return std::make_pair(std::get<0>(v), std::get<1>(v)); - } +std::pair<int, int> DetectLinuxKernelVersion2() { + auto v = DetectLinuxKernelVersion3(); + return std::make_pair(std::get<0>(v), std::get<1>(v)); +} - bool IsLinuxKernelBelow4_3() { - return DetectLinuxKernelVersion2() < std::make_pair(4, 3); - } +bool IsLinuxKernelBelow4_3() { + return DetectLinuxKernelVersion2() < std::make_pair(4, 3); } +} // namespace NYql diff --git a/yql/essentials/utils/sys/linux_version.h b/yql/essentials/utils/sys/linux_version.h index 7ae893d257d..567c92bedb3 100644 --- a/yql/essentials/utils/sys/linux_version.h +++ b/yql/essentials/utils/sys/linux_version.h @@ -3,11 +3,11 @@ #include <tuple> namespace NYql { - // returns version, patch level, sublevel, e.g. (4, 4, 114) for `uname -r` == "4.4.114-50" - std::tuple<int, int, int> DetectLinuxKernelVersion3(); +// returns version, patch level, sublevel, e.g. (4, 4, 114) for `uname -r` == "4.4.114-50" +std::tuple<int, int, int> DetectLinuxKernelVersion3(); - // returns version, patch level - std::pair<int, int> DetectLinuxKernelVersion2(); +// returns version, patch level +std::pair<int, int> DetectLinuxKernelVersion2(); - bool IsLinuxKernelBelow4_3(); // NOLINT(readability-identifier-naming) -} +bool IsLinuxKernelBelow4_3(); // NOLINT(readability-identifier-naming) +} // namespace NYql diff --git a/yql/essentials/utils/sys/ya.make b/yql/essentials/utils/sys/ya.make index 698aeb8ba8c..b1d6f8be96c 100644 --- a/yql/essentials/utils/sys/ya.make +++ b/yql/essentials/utils/sys/ya.make @@ -1,5 +1,7 @@ LIBRARY() +ENABLE(YQL_STYLE_CPP) + SRCS( become_user.h become_user_dummy.cpp |