PATH:
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
# -*- coding: utf-8 -*- # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT # Module contains functions for remounting /proc with hidepid=2 option # see CAG-796 for details import subprocess import re from clcommon.cpapi import Feature, is_panel_feature_supported from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE from clcommon.utils import grep, proc_can_see_other_uid_and_hidepid_synced # on some systems hidepid value is str HidepidValuesDict = { 'noaccess': 1, 'invisible': 2, '1': 1, '2': 2, } def hidepid_found(): """ Search for line like "proc /proc proc defaults,hidepid=2,gid=clsupergid 0 0" in /etc/fstab Return True if /proc is mounted with hidepid option in /etc/fstab """ fstab = '/etc/fstab' try: with open(fstab, 'r', encoding='utf-8') as f: for line in f: line = line.strip() if line and not line.startswith('#'): splitted_line = line.split() if splitted_line and splitted_line[0] == 'proc' and 'hidepid=' in splitted_line[3]: return True except (IOError, IndexError) as e: print('Error: failed to parse', fstab, ':', str(e)) return False def execute(cmd, verbose): if verbose: print('executing', ' '.join(cmd)) return subprocess.call(cmd) def remount_proc(verbose=False): """ Remount /proc with hidepid=2 option when needed """ # In latest versions of the kernel on CL8 # no need to remount /proc with hidepid option # because it is synchronized with fs.proc_can_see_other_uid option if proc_can_see_other_uid_and_hidepid_synced(): return if not is_panel_feature_supported(Feature.LVE): if verbose: print('environment without LVE detected - remounting /proc is skipped') return sysctl = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE) if verbose: print('apply sysctl settings') if hidepid_found(): # admin can override hidepid option via /etc/fstab if verbose: print('hidepid option is found in /etc/fstab - remounting /proc with options from /etc/fstab') return execute(['/bin/mount', '-o', 'remount', '/proc'], verbose) proc_can_see_other_uid = sysctl.get('fs.proc_can_see_other_uid') super_gid = sysctl.get('fs.proc_super_gid') if proc_can_see_other_uid != '0': if verbose: print('virtualized procfs feature is not enabled in sysctl conf - disable hidepid') return execute(['/bin/mount', '-o', 'remount,hidepid=0,gid=0', '/proc'], verbose) if verbose: print('enable hidepid for /proc') return execute(['/bin/mount', '-o', 'remount,hidepid=2,gid=' + super_gid, '/proc'], verbose) def get_gid_from_mounts(): """ Retrieve hidepid gid from /proc/mounts :return: gid, 0 if absent """ lines_gen = grep(',hidepid=', '/proc/mounts') gid_prefix = ',gid=' try: for line in lines_gen: line = line.strip() if gid_prefix not in line: continue # Search gid=xxxx in line pos = line.find(gid_prefix) if pos == -1: continue pos += 5 line = line[pos:] pos = line.find(',') if pos != -1: line = line[:pos] else: pos = line.find(' ') if pos != -1: line = line[:pos] else: # Invalid or unsupported proc format return -1 return int(line) except (IOError, IndexError, ValueError): pass # hidepid not found in /proc/mounts return -1 def get_hidepid_typing_from_mounts() -> int: """ Retrieve hidepid value from /proc/mounts :return: hidepid, 0 if absent """ mounts_path = '/proc/mounts' res = 0 try: # Parse mounts file output for proc lines and get the hidepid with open(mounts_path, mode='r', encoding='utf-8') as file: for line in file: m = re.search(r'hidepid=(\d|\w+)', line) if not line.strip().startswith('proc /proc'): continue if m: res = HidepidValuesDict.get(str(m.group(1)), 0) break except (OSError, IOError, IndexError, ValueError): pass # hidepid not found in /proc/mounts return res
[+]
..
[-] cllicenselib.py
[open]
[+]
cffi-1.15.1.dist-info
[+]
packaging
[+]
past
[-] _lvdmap.cpython-311-x86_64-linux-gnu.so
[open]
[+]
prettytable-3.8.0.dist-info
[+]
pylint_celery-0.3.dist-info
[+]
prometheus_client-0.8.0.dist-info
[+]
mako
[+]
wcwidth
[+]
testfixtures
[+]
mock
[+]
idna
[+]
pyvirtualdisplay
[+]
lvemanager
[+]
charset_normalizer
[-] pep8ext_naming.py
[open]
[-] distutils-precedence.pth
[open]
[+]
lazy_object_proxy-1.9.0.dist-info
[+]
clcommon
[-] simple_rpm.so
[open]
[+]
numpy.libs
[+]
aiohttp_session-2.9.0.dist-info
[+]
clcagefslib
[+]
cryptography
[+]
dodgy
[+]
virtualenv-20.21.1.dist-info
[+]
tomlkit
[+]
future-0.18.3.dist-info
[-] docopt.py
[open]
[+]
filelock-3.13.1.dist-info
[+]
pip-25.3.dist-info
[-] schema.py
[open]
[+]
__pycache__
[+]
distlib
[+]
frozenlist-1.4.0.dist-info
[+]
pyflakes
[+]
backports
[+]
prospector-1.10.2.dist-info
[-] pam.py
[open]
[+]
six-1.16.0.dist-info
[+]
pycodestyle-2.9.1.dist-info
[+]
psutil-5.9.5.dist-info
[+]
future
[+]
cllimits_validator
[+]
pycparser
[+]
pymysql
[+]
_yaml
[+]
cl_website_collector
[+]
toml
[+]
jsonschema-3.2.0.dist-info
[+]
sentry_sdk-1.29.2.dist-info
[+]
pylint_celery
[+]
coverage-7.2.7.dist-info
[+]
clwizard
[+]
semver
[+]
flake8_polyfill-1.0.2.dist-info
[+]
alembic
[+]
lve_stats-2.0.dist-info
[+]
psutil
[-] cli_utils.py
[open]
[+]
yarl-1.9.2.dist-info
[+]
ddt-1.4.4.dist-info
[+]
libpasteurize
[+]
attrs-23.1.0.dist-info
[+]
attr
[+]
libfuturize
[+]
svgwrite-1.4.3.dist-info
[+]
iniconfig
[+]
platformdirs-3.11.0.dist-info
[+]
snowballstemmer
[+]
aiohttp_security-0.4.0.dist-info
[+]
jinja2
[+]
wcwidth-0.2.6.dist-info
[-] cl_proc_hidepid.py
[open]
[-] cldiaglib.py
[open]
[+]
PyMySQL-1.1.0.dist-info
[+]
clwpos
[+]
pytest-7.4.0.dist-info
[+]
GitPython-3.1.32.dist-info
[+]
flake8
[+]
gitdb-4.0.10.dist-info
[+]
pylint_plugin_utils
[+]
pylint
[+]
snowballstemmer-2.2.0.dist-info
[+]
pytest_tap
[-] lveapi.py
[open]
[+]
lvestats
[+]
pylve-2.1-py3.11.egg-info
[-] unshare.cpython-311-x86_64-linux-gnu.so
[open]
[+]
cl_dom_collector
[+]
MarkupSafe-2.1.3.dist-info
[+]
urllib3
[+]
prettytable
[+]
raven-6.10.0.dist-info
[+]
lxml-4.9.2.dist-info
[+]
cllimitslib_v2
[+]
pylint_flask-0.6.dist-info
[+]
chardet
[+]
simplejson-3.19.1.dist-info
[+]
smmap-5.0.0.dist-info
[+]
requests-2.31.0.dist-info
[+]
jwt
[+]
cllimits
[+]
yaml
[+]
cllicense
[+]
unshare-0.22.dist-info
[+]
sentry_sdk
[+]
python_pam-1.8.4.dist-info
[+]
pycparser-2.21.dist-info
[+]
prometheus_client
[-] mccabe.py
[open]
[+]
pylint_plugin_utils-0.7.dist-info
[+]
requests
[+]
aiohttp_session
[+]
pyrsistent-0.19.3.dist-info
[+]
pyfakefs
[+]
lve_utils
[+]
configparser-5.0.2.dist-info
[+]
aiohttp_jinja2
[+]
pydocstyle
[+]
pytest_tap-3.5.dist-info
[+]
clevents
[+]
guppy3-3.1.3.dist-info
[+]
guppy
[+]
packaging-23.1.dist-info
[-] cldetectlib.py
[open]
[+]
filelock
[+]
pluggy-1.2.0.dist-info
[+]
xray
[+]
svgwrite
[+]
multidict
[+]
markupsafe
[+]
PyVirtualDisplay-3.0.dist-info
[+]
numpy-1.25.1.dist-info
[+]
pytest_snapshot-0.9.0.dist-info
[+]
setuptools
[+]
tomlkit-0.11.8.dist-info
[+]
iniconfig-2.0.0.dist-info
[+]
schema-0.7.5.dist-info
[+]
astroid
[+]
virtualenv
[-] ddt.py
[open]
[-] _cffi_backend.cpython-311-x86_64-linux-gnu.so
[open]
[+]
urllib3-2.0.4.dist-info
[+]
pyparsing
[+]
isort
[+]
requirements_detector
[+]
websiteisolation
[-] py.py
[open]
[+]
contextlib2
[-] clcontrollib.py
[open]
[+]
tap_py-3.2.1.dist-info
[-] pycodestyle.py
[open]
[-] configparser.py
[open]
[+]
pylint_django-2.5.3.dist-info
[+]
wrapt
[+]
clsentry
[+]
clconfigure
[+]
cllvectl
[+]
aiohttp_security
[+]
pylint_flask
[+]
clselect
[+]
aiosignal
[+]
yarl
[+]
idna-3.4.dist-info
[+]
psycopg2
[-] lvestat.py
[open]
[+]
numpy
[-] clhooklib.py
[open]
[+]
pyflakes-2.5.0.dist-info
[+]
certifi
[+]
pytest_subprocess
[+]
aiosignal-1.3.1.dist-info
[+]
lxml
[+]
toml-0.10.2.dist-info
[+]
pydocstyle-6.3.0.dist-info
[-] secureio.py
[open]
[+]
isort-5.12.0.dist-info
[+]
setoptconf
[+]
vendors_api
[-] six.py
[open]
[+]
wmt
[+]
Jinja2-3.0.3.dist-info
[+]
dill
[+]
smmap
[+]
certifi-2023.7.22.dist-info
[+]
cffi
[+]
sqlalchemy
[-] clsetuplib.py
[open]
[+]
setuptools-80.9.0.dist-info
[+]
setoptconf_tmp-0.3.1.dist-info
[+]
pytest_check
[+]
typing_extensions-4.7.1.dist-info
[+]
flake8_polyfill
[+]
pyrsistent
[+]
psycopg2_binary.libs
[+]
pylint-2.17.4.dist-info
[+]
clflags
[-] lvectllib.py
[open]
[+]
distlib-0.3.8.dist-info
[+]
pluggy
[+]
attrs
[+]
_pytest
[+]
gitdb
[+]
multidict-6.0.4.dist-info
[+]
git
[-] pylve.cpython-311-x86_64-linux-gnu.so
[open]
[+]
pytest
[+]
platformdirs
[+]
alembic-1.11.1.dist-info
[+]
pep8_naming-0.10.0.dist-info
[+]
dill-0.3.7.dist-info
[+]
charset_normalizer-2.1.1.dist-info
[+]
contextlib2-21.6.0.dist-info
[+]
pylint_django
[+]
pytest_snapshot
[+]
chardet-5.2.0.dist-info
[+]
wrapt-1.15.0.dist-info
[+]
prospector
[+]
semver-3.0.1.dist-info
[+]
ssa
[+]
mccabe-0.7.0.dist-info
[+]
cryptography-41.0.2.dist-info
[+]
_distutils_hack
[-] clsudo.py
[open]
[+]
mock-5.1.0.dist-info
[+]
pkg_resources
[+]
pyparsing-3.0.9.dist-info
[+]
clveconfig
[+]
clselector
[+]
testfixtures-7.1.0.dist-info
[+]
docopt-0.6.2.dist-info
[+]
aiohttp_jinja2-1.5.dist-info
[-] typing_extensions.py
[open]
[+]
aiohttp-3.9.2.dist-info
[+]
requirements_detector-1.2.2.dist-info
[+]
sqlalchemy-1.3.24.dist-info
[+]
pytest_subprocess-1.5.3.dist-info
[+]
clconfig
[+]
clpackages
[-] _pyrsistent_version.py
[open]
[+]
tap
[+]
pyfakefs-5.10.2.dist-info
[+]
frozenlist
[+]
lazy_object_proxy
[+]
pip
[+]
psycopg2_binary-2.9.6.dist-info
[+]
pytest_check-2.5.3.dist-info
[+]
clsummary
[+]
cldashboard
[+]
PyYAML-6.0.1.dist-info
[+]
dodgy-0.2.1.dist-info
[+]
coverage
[+]
astroid-2.15.6.dist-info
[+]
jsonschema
[+]
aiohttp
[+]
clquota
[-] remove_ubc.py
[open]
[+]
flake8-5.0.4.dist-info
[+]
PyJWT-2.8.0.dist-info
[+]
Mako-1.2.4.dist-info
[+]
raven
[+]
simplejson