public Container() { this.handle = new ContainerHandle(); this.user = new ContainerUser(handle, shouldCreate: true); this.directory = new ContainerDirectory(this.handle, this.user, true); this.state = ContainerState.Born; this.processManager = new ProcessManager(this.user); }
public ProcessManager(ContainerUser containerUser) { if (containerUser == null) { throw new ArgumentNullException("containerUser"); } this.containerUser = containerUser; this.processMatchesUser = (process) => { string processUser = process.GetUserName(); return processUser == containerUser && !process.HasExited; }; }
private static DirectoryInfo CreateContainerDirectory(ContainerHandle handle, ContainerUser user) { var dirInfo = GetContainerDirectoryInfo(handle); var inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; var accessRule = new FileSystemAccessRule(user, FileSystemRights.FullControl, inheritanceFlags, PropagationFlags.None, AccessControlType.Allow); DirectoryInfo containerBaseInfo = dirInfo.Item1; DirectorySecurity security = containerBaseInfo.GetAccessControl(); security.AddAccessRule(accessRule); string containerDirectory = dirInfo.Item2; return Directory.CreateDirectory(containerDirectory, security); }
public ContainerDirectory(ContainerHandle handle, ContainerUser user, bool shouldCreate = false) { if (handle == null) { throw new ArgumentNullException("handle"); } if (shouldCreate) { this.containerDirectory = CreateContainerDirectory(handle, user); } else { this.containerDirectory = FindContainerDirectory(handle); } }
/// <summary> /// Used for restore. /// </summary> private Container(string handle, ContainerState containerState) { if (handle.IsNullOrWhiteSpace()) { throw new ArgumentNullException("handle"); } this.handle = new ContainerHandle(handle); if (containerState == null) { throw new ArgumentNullException("containerState"); } this.state = containerState; this.user = new ContainerUser(handle); this.directory = new ContainerDirectory(this.handle, this.user); this.processManager = new ProcessManager(this.user); if (this.state == ContainerState.Active) { this.RestoreProcesses(); } }
/// <summary> /// Give read access to bind mount directories. /// TODO: move to centralized permission manager. /// </summary> /// <param name="bindMounts"></param> /// <param name="containerUser"></param> private void ProcessBindMounds(IEnumerable<CreateRequest.BindMount> bindMounts, ContainerUser containerUser) { var inheritanceFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; if (!bindMounts.IsNullOrEmpty()) { foreach (var bindMount in bindMounts) { FileSystemRights rights = FileSystemRights.Read; switch (bindMount.BindMountMode) { case CreateRequest.BindMount.Mode.RO: // TODO: these rights aren't quite enough - rights = FileSystemRights.Read; rights = FileSystemRights.FullControl; break; case CreateRequest.BindMount.Mode.RW: // TODO: these rights aren't quite enough - rights = FileSystemRights.Read | FileSystemRights.Write; rights = FileSystemRights.FullControl; break; } var accessRule = new FileSystemAccessRule(containerUser, rights, inheritanceFlags, PropagationFlags.InheritOnly, AccessControlType.Allow); log.Trace("Adding access rule to SrcPath '{0}', DstPath '{1}'", bindMount.SrcPath, bindMount.DstPath); AddAccessRuleTo(accessRule, bindMount.SrcPath); AddAccessRuleTo(accessRule, bindMount.DstPath); } } }