REDROOM
PHP 8.3.31
Path:
Logout
Edit File
Size: 3.58 KB
Close
/opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/cli.py
Text
Base64
# -*- coding: utf-8 -*- # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # """ CLI helper utilities for CageFS user commands. Provides functions for: - Re-entering CageFS environment - Calling commands via proxyexec for privilege escalation """ import logging import os import pwd import subprocess import sys from clcommon import clcagefs logger = logging.getLogger(__name__) CAGEFS_TOKEN_PATH = "/var/.cagefs/.cagefs.token" def get_cagefs_token(): """ Read the CageFS token from the token file. Returns: str: The CageFS token, or None if not found """ try: with open(CAGEFS_TOKEN_PATH, "r") as f: return f.read().strip() except (IOError, OSError): return None PROXYEXEC_DAEMON_PATH = "/usr/sbin/proxyexec" def _is_parent_proxyexec(): """ Verify that the parent process is the proxyexec daemon by checking /proc/<ppid>/exe (kernel-controlled, not spoofable). Returns: bool: True if parent process is the proxyexec daemon """ try: ppid = os.getppid() parent_exe = os.readlink("/proc/%d/exe" % ppid) # Kernel appends " (deleted)" when binary is replaced during upgrade if parent_exe.endswith(" (deleted)"): parent_exe = parent_exe[:-len(" (deleted)")] return parent_exe == PROXYEXEC_DAEMON_PATH except (OSError, IOError): return False def is_running_via_proxyexec(): """ Check if the script is running via proxyexec. Verifies both that the PROXYEXEC_UID environment variable is set and that the parent process is the proxyexec daemon binary. This prevents spoofing via environment variable injection. Returns: bool: True if running via proxyexec, False otherwise """ if os.environ.get("PROXYEXEC_UID") is None: return False return _is_parent_proxyexec() def call_via_proxyexec(alias, args_list): """ Call a command via proxyexec to execute with root privileges. Args: alias: The proxyexec command alias (e.g., "CAGEFSCTL_USER_SITE_ISOLATION_LIST") args_list: Additional arguments to pass Returns: int: Exit code from the proxyexec command, or None on error """ token = get_cagefs_token() if not token: logger.error("Failed to read CageFS token") return None username = pwd.getpwuid(os.getuid()).pw_name cwd = os.getcwd() pid = str(os.getpid()) # Build proxyexec command # Format: /usr/sbin/proxyexec -c cagefs.sock USER CWD ALIAS PID [ARGS...] cmd = [ "/usr/sbin/proxyexec", "-c", "cagefs.sock", username, cwd, alias, pid, ] + args_list env = {"CAGEFS_TOKEN": token} p = subprocess.Popen(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sys.stdin, env=env) p.communicate() return p.returncode def reenter_cagefs(argv=None): """ Re-execute inside CageFS when running outside. Args: argv: Command line arguments to pass (defaults to sys.argv) Returns: int: Exit code from the re-executed command """ if argv is None: argv = sys.argv cmd = ["/bin/cagefs_enter"] + argv p = subprocess.Popen(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sys.stdin, env={}) p.communicate() return p.returncode def in_cagefs(): """ Check if currently running inside CageFS. Returns: bool: True if inside CageFS, False otherwise """ return clcagefs.in_cagefs()
Save
Close
Exit & Reset
Text mode: syntax highlighting auto-detects file type.
Directory Contents
Dirs: 3 × Files: 7
Delete Selected
Select All
Select None
Sort:
Name
Size
Modified
Enable drag-to-move
Name
Size
Perms
Modified
Actions
selector
DIR
-
drwxr-xr-x
2026-06-03 06:31:45
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
webisolation
DIR
-
drwxr-xr-x
2026-06-03 06:31:45
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
__pycache__
DIR
-
drwxr-xr-x
2026-06-03 06:31:45
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
cli.py
3.58 KB
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
const.py
936 B
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
domain.py
21.10 KB
lrwxr-xr-x
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
exceptions.py
402 B
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
fs.py
1020 B
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
io.py
2.68 KB
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
__init__.py
180 B
lrw-r--r--
2026-05-18 13:29:04
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
Zip Selected
If ZipArchive is unavailable, a
.tar
will be created (no compression).