mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-16 03:48:42 +00:00
Compare commits
4 Commits
c930926853
...
d1492ff896
| Author | SHA1 | Date | |
|---|---|---|---|
|
d1492ff896 | ||
|
|
0c23595e41 | ||
|
|
57d38e35a2 | ||
|
|
71cc7a77a0 |
@ -1,5 +1,10 @@
|
||||
0.5.0 - 2023-10-00
|
||||
* Access to /dev/kvm (for token users).
|
||||
|
||||
0.4.9p3 - 2023-09-20
|
||||
* Helix (hx)
|
||||
* /dev/shm mounted exec (for UML support)
|
||||
* Restrict /tmp to SHM_SIZE
|
||||
|
||||
0.4.9p2 - 2023-09-18
|
||||
* xpra-x11 is back.
|
||||
|
||||
11
Makefile
11
Makefile
@ -1,8 +1,9 @@
|
||||
VER := 0.4.9p3
|
||||
VER := 0.5.0a
|
||||
|
||||
all:
|
||||
make -C router
|
||||
make -C tools/cg
|
||||
make -C tools/logpipe
|
||||
make -C master
|
||||
make -C host
|
||||
make -C tor
|
||||
@ -84,6 +85,7 @@ FILES_MASTER += "segfault-$(VER)/master/cgi-bin/rpc"
|
||||
FILES_HOST += "segfault-$(VER)/host/Dockerfile"
|
||||
FILES_HOST += "segfault-$(VER)/host/Makefile"
|
||||
FILES_HOST += "segfault-$(VER)/host/docker-exec-sigproxy.c"
|
||||
FILES_HOST += "segfault-$(VER)/host/unix-socket-client.c"
|
||||
FILES_HOST += "segfault-$(VER)/host/mk_sshd.sh"
|
||||
FILES_HOST += "segfault-$(VER)/host/sf-sshd.patch"
|
||||
FILES_HOST += "segfault-$(VER)/host/setup.sh"
|
||||
@ -137,6 +139,7 @@ FILES_CONFIG += "segfault-$(VER)/config/etc/resolv.conf"
|
||||
FILES_CONFIG += "segfault-$(VER)/config/etc/loginmsg-new.sh-example"
|
||||
FILES_CONFIG += "segfault-$(VER)/config/etc/loginmsg-all.sh-example"
|
||||
FILES_CONFIG += "segfault-$(VER)/config/etc/logoutmsg-all.sh-example"
|
||||
FILES_CONFIG += "segfault-$(VER)/config/etc/logpipe/config.yaml"
|
||||
|
||||
FILES_ROOT += "segfault-$(VER)/Makefile"
|
||||
FILES_ROOT += "segfault-$(VER)/ChangeLog"
|
||||
@ -156,6 +159,12 @@ FILES_CLEANER += "segfault-$(VER)/tools/cg/go.sum"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/cg/main.go"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/cg/Makefile"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/cg/sysinfo_linux.go"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/Makefile"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/Dockerfile"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/go.sum"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/go.mod"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/main.go"
|
||||
FILES_CLEANER += "segfault-$(VER)/tools/logpipe/metrics.go"
|
||||
|
||||
FILES_CONTRIB += "segfault-$(VER)/contrib/sfwg"
|
||||
FILES_CONTRIB += "segfault-$(VER)/contrib/cronjob"
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
#SF_GUEST_CONTAINER_NAME_SUFFIX="-v${SF_VER}"
|
||||
|
||||
#Some limits are automatically adjusted during an attack.
|
||||
#SF_USER_MEMORY_LIMIT=256MB
|
||||
#SF_USER_MEMORY_LIMIT=256m
|
||||
#SF_USER_MEMORY_AND_SWAP_LIMIT= # Not set=no swap. Example =4g
|
||||
#SF_USER_PIDS_LIMIT=128
|
||||
#SF_USER_CPU_SHARE=8 # 2..1024. docker's default is 1024. 2048 gives 2x and 512 half.
|
||||
@ -22,7 +22,6 @@
|
||||
#SF_SHM_SIZE= # Hard limit is USER_MEMORY_LIMIT
|
||||
#SF_CPUS= # automatic between 1..4 depending on host's cpu count
|
||||
|
||||
|
||||
#SF_USER_SYN_BURST=8196 # Can send 8k tcp sync packets
|
||||
#SF_USER_SYN_LIMIT=1 # Thereafter refill with 1 syn/second, 0=unlimited
|
||||
#SF_SYN_BURST=10000 # Global limit. (0-10000)
|
||||
@ -37,6 +36,7 @@
|
||||
#SF_USER_FS_SIZE= # =128m, xfs only, Not set=unlimited
|
||||
#SF_USER_FS_INODE= # =16384, xfs only, Not set=unlimited
|
||||
|
||||
#SF_USER_DEV_KVM= # =1 to allow access to /dev/kvm (Warning: User can DoS PHY)
|
||||
#SF_ALLOW_SRC_TOR= # =1 to allow connections from TOR
|
||||
|
||||
# Limit to 8 concurrently running servers per IP
|
||||
|
||||
@ -105,11 +105,9 @@ services:
|
||||
container_name: sf-logpipe
|
||||
restart: ${SF_RESTART:-on-failure}
|
||||
cgroup_parent: sf.slice
|
||||
pid: "host"
|
||||
network_mode: host
|
||||
volumes:
|
||||
- "${SF_BASEDIR:-.}/config/etc/logpipe/config.yaml:/app/config.yaml:ro"
|
||||
- /dev/shm/sf/run/logpipe/:/app/sock/:rw
|
||||
- "/dev/shm/sf/run/logpipe/:/app/sock/:rw"
|
||||
|
||||
sf-portd:
|
||||
build: encfsd
|
||||
|
||||
@ -138,7 +138,7 @@ load_limits()
|
||||
# Then Token
|
||||
[[ -f "/config/db/user/lg-${lid}/token" ]] && {
|
||||
token=$(<"/config/db/user/lg-${lid}/token")
|
||||
source "/config/db/token/token-${token}.conf" 2>/dev/null
|
||||
source "/config/db/token/token-${token,,}.conf" 2>/dev/null
|
||||
}
|
||||
# Then source user specific limits
|
||||
[[ -f "/config/db/user/lg-${lid}/limits.conf" ]] && eval "$(grep ^SF_ "/config/db/user/lg-${lid}/limits.conf")"
|
||||
|
||||
@ -149,6 +149,7 @@ RUN /pkg-install.sh HACK apt-get install -y --no-install-recommends \
|
||||
thc-ipv6 \
|
||||
tnscmd10g \
|
||||
tshark \
|
||||
tsocks \
|
||||
upx \
|
||||
webshells \
|
||||
weevely
|
||||
@ -230,17 +231,27 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
proxychains \
|
||||
python2-minimal \
|
||||
python-is-python3 \
|
||||
python3-bitcoinlib \
|
||||
python3-cheroot \
|
||||
python3-confuse \
|
||||
python3-decouple \
|
||||
python3-dotenv \
|
||||
python3-dotenv-cli \
|
||||
python3-full \
|
||||
python3-scapy \
|
||||
python3-poetry \
|
||||
python3-pwntools \
|
||||
python3-pyaudio \
|
||||
python3-pygments \
|
||||
python3-pyte \
|
||||
python3-python-telegram-bot \
|
||||
python3-venv \
|
||||
python3-virtualenv \
|
||||
python3-ipython \
|
||||
python3-all-dev \
|
||||
python3-schedule \
|
||||
python3-setuptools \
|
||||
python3-telethon \
|
||||
python-all-dev \
|
||||
radare2 \
|
||||
recon-ng \
|
||||
@ -306,9 +317,12 @@ RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||
seclists
|
||||
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||
cloud-image-utils \
|
||||
debootstrap \
|
||||
libguestfs-tools \
|
||||
qemu-efi \
|
||||
qemu-efi-arm \
|
||||
qemu-system \
|
||||
qemu-user \
|
||||
qemu-utils \
|
||||
u-boot-qemu
|
||||
@ -530,10 +544,12 @@ RUN /pkg-install.sh HACK pipx install aort \
|
||||
&& /pkg-install.sh HACK pipx install git+https://github.com/soxoj/maigret `### 2023-03-07 pipx repo fails on aiohttp/longintrepr.h` \
|
||||
&& /pkg-install.sh HACK pipx install raccoon-scanner \
|
||||
&& /pkg-install.sh HACK pipx install git+https://github.com/EntySec/Shreder \
|
||||
&& /pkg-install.sh HACK pipx install trevorspray \
|
||||
&& /pkg-install.sh HACK pipx install userefuzz \
|
||||
&& /pkg-install.sh HACK pipx install webtech \
|
||||
&& /pkg-install.sh DEVEL pipx install dulwich \
|
||||
&& /pkg-install.sh DEVEL pipx install names
|
||||
&& /pkg-install.sh DEVEL pipx install names \
|
||||
&& /pkg-install.sh DEVEL pipx install Red-DiscordBot
|
||||
RUN /pkg-install.sh WEB bash -c '{ apt-get remove -y pelican; true; }' \
|
||||
&& /pkg-install.sh WEB pipx install 'grip' \
|
||||
&& /pkg-install.sh WEB pipx install 'pelican[Markdown]' `### apt/pelican causes missing /onion/theme directory` \
|
||||
@ -545,7 +561,24 @@ RUN /pkg-install.sh DEVEL pip install --break-system-packages \
|
||||
pyTelegramBotAPI \
|
||||
tgcrypto \
|
||||
uploadserver \
|
||||
wsgidav
|
||||
wsgidav \
|
||||
&& /pkg-install.sh DEVEL pip install \
|
||||
aiogram \
|
||||
aospdtgen \
|
||||
booru \
|
||||
discum \
|
||||
disnake \
|
||||
donna25519 \
|
||||
heroku3 \
|
||||
jishaku \
|
||||
lastversion \
|
||||
libgen_api \
|
||||
openai \
|
||||
pyrogram \
|
||||
python-json-logger \
|
||||
python-nmap \
|
||||
telegram \
|
||||
timer
|
||||
RUN /pkg-install.sh LARGE pipx install gdown \
|
||||
&& /pkg-install.sh LARGE pipx install udocker
|
||||
RUN /pkg-install.sh LARGE bin 'https://gitlab.com/api/v4/projects/32089582/packages/generic/geonet-rs/0.4.3/geonet_0.4.3_%arch:x86_64=amd64:DEFAULT=SKIP%.deb' `# x86_64 only` \
|
||||
@ -569,6 +602,7 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
krb5-user \
|
||||
krb5-config \
|
||||
parallel \
|
||||
ranger \
|
||||
sshuttle
|
||||
RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
||||
gopls \
|
||||
@ -610,7 +644,7 @@ RUN /pkg-install.sh HACK ghbin shadow1ng/fscan 'fscan_%arch:x86_64=amd64:aarch64
|
||||
&& /pkg-install.sh HACK ghbin projectdiscovery/alterx '_linux_%arch:x86_64=amd64:aarch64=arm64%' alterx \
|
||||
&& /pkg-install.sh HACK ghbin projectdiscovery/notify 'linux_%arch:x86_64=amd64:aarch64=arm64%' notify \
|
||||
&& /pkg-install.sh HACK ghbin projectdiscovery/interactsh 'linux_%arch:x86_64=amd64:aarch64=arm64%' interactsh-client \
|
||||
&& /pkg-install.sh HACK ghbin projectdiscovery/mapcidr 'linux_%arch:x86_64=amd64:aarch64=arm64%' mapcidr \
|
||||
&& /pkg-install.sh HACK bin 'https://github.com/projectdiscovery/mapcidr/releases/download/v1.1.9/mapcidr_1.1.9_linux_%arch1%.zip' mapcidr `# often missing binary assets.` \
|
||||
&& /pkg-install.sh HACK ghbin glebarez/cero 'linux-amd64' cero `# x86_64 only` \
|
||||
&& /pkg-install.sh HACK ghbin dwisiswant0/crlfuzz 'inux_%arch:x86_64=amd64:aarch64=arm64%' crlfuzz \
|
||||
&& /pkg-install.sh HACK ghbin hahwul/dalfox 'inux_%arch:x86_64=amd64:aarch64=arm64%' dalfox \
|
||||
@ -714,11 +748,11 @@ RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
gcc-multilib \
|
||||
lib32ncurses-dev lib32z1-dev || { [ $(uname -m) != x86_64 ] && true; }
|
||||
RUN /pkg-install.sh HACK ghbin wader/fq '_linux_%arch1%' fq \
|
||||
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardcidr/master/hardCIDR.sh hardcidr \
|
||||
&& /pkg-install.sh HACK bin https://raw.githubusercontent.com/trustedsec/hardcidr/master/hardCIDR.sh hardcidr \
|
||||
&& /pkg-install.sh HACK ghbin hahwul/dalfox '_linux_%arch1%' dalfox
|
||||
RUN /pkg-install.sh NET bin https://github.com/hackerschoice/binary/raw/main/gsocket/latest/gsocket_latest_all.deb `# x86_64 only` \
|
||||
RUN /pkg-install.sh NET ghbin hackerschoice/gsocket '_%arch%.deb' \
|
||||
&& /pkg-install.sh NET ghbin ginuerzh/gost 'linux-%arch:x86_64=amd64:aarch64=armv8%.*gz$' gost \
|
||||
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch%' gomuks \
|
||||
&& /pkg-install.sh NET ghbin tulir/gomuks 'linux-%arch1%' gomuks \
|
||||
&& /pkg-install.sh NET ghbin Snawoot/hola-proxy 'linux-%arch1%' hola-proxy \
|
||||
&& /pkg-install.sh NET ghbin maxmind/mmdbinspect 'linux_amd64.tar.gz$' mmdbinspect `# x86_64 only` \
|
||||
&& /pkg-install.sh NET ghbin shadowsocks/shadowsocks-rust '%arch%-unknown-linux-musl.tar' \
|
||||
@ -748,7 +782,9 @@ RUN /pkg-install.sh HUGE bash -c 'mkdir -p /usr/share/wordlists; curl -fsSL http
|
||||
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
bpytop \
|
||||
btop \
|
||||
ncdu
|
||||
db-util \
|
||||
ncdu \
|
||||
pass
|
||||
RUN /pkg-install.sh GUI apt-get install -y --no-install-recommends \
|
||||
alsa-utils \
|
||||
alsamixergui \
|
||||
@ -756,13 +792,15 @@ RUN /pkg-install.sh GUI apt-get install -y --no-install-recommends \
|
||||
RUN /pkg-install.sh LARGE apt-get install -y --no-install-recommends \
|
||||
php8.2-fpm \
|
||||
php8.2-xml
|
||||
RUN /pkg-install.sh HACK pipx install git+https://github.com/bluet/proxybroker2.git \
|
||||
RUN /pkg-install.sh HACK ghbin ekzhang/bore '%arch:aarch64=arm%-unknown-linux' \
|
||||
&& pipx install git+https://github.com/bluet/proxybroker2.git \
|
||||
&& /pkg-install.sh HACK pipx install pwncat-cs \
|
||||
&& /pkg-install.sh HACK ghbin praetorian-inc/noseyparker 'linux-' noseyparker \
|
||||
&& /pkg-install.sh HACK bin 'https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb' `# x86_64 only` \
|
||||
&& /pkg-install.sh HACK bin 'https://github.com/RustScan/RustScan/releases/download/2.0.1/rustscan_2.0.1_amd64.deb' `# x86_64 only` \
|
||||
&& /pkg-install.sh HACK ghbin hueristiq/xurlfind3r 'linux_%arch:x86_64=amd64:aarch64=arm64%' xurlfind3r
|
||||
RUN /pkg-install.sh LARGE ghbin PaddiM8/kalker 'linux' kalker
|
||||
RUN /pkg-install.sh LARGE ghbin PaddiM8/kalker 'linux' kalker \
|
||||
&& /pkg-install.sh LARGE ghbin PowerShell/PowerShell 'deb_%arch1%.deb'
|
||||
RUN /pkg-install.sh HACK bash -c '{ wget -O "/usr/bin/favfreak.py" https://raw.githubusercontent.com/devanshbatham/FavFreak/master/favfreak.py \
|
||||
&& chmod 755 /usr/bin/favfreak.py \
|
||||
&& ln -s favfreak.py /usr/bin/FavFreak; }' \
|
||||
|
||||
@ -62,25 +62,43 @@ Read how the pros do it: ${CB}${CUL}https://thc.org/segfault/faq/nokiddie${CN}"
|
||||
command -v puredns >/dev/null && puredns(){ _nokiddie_warning "puredns" "$@"; }
|
||||
command -v masscan >/dev/null && masscan(){ _nokiddie_warning "masscan" "$@"; }
|
||||
command -v shuffledns >/dev/null && shuffledns(){ _nokiddie_warning "shuffledns" "$@"; }
|
||||
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "$@"; }
|
||||
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "$@"; }
|
||||
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "$@"; }
|
||||
command -v nuclei >/dev/null && nuclei(){ _nokiddie_warning "nuclei" "$@"; }
|
||||
command -v ffuf >/dev/null && ffuf(){ _nokiddie_warning "ffuf" "$@"; }
|
||||
command -v naabu >/dev/null && naabu(){ _nokiddie_warning "naabu" "$@"; }
|
||||
command -v zmap >/dev/null && zmap(){ _nokiddie_warning "zmap" "$@"; }
|
||||
}
|
||||
|
||||
### for 'curl -x socks5h://$(PROXY) ipinfo.io'
|
||||
TOR(){ echo "${SF_TOR_IP}:9050"; }
|
||||
PROXY(){
|
||||
local IFS
|
||||
local IFS=" "
|
||||
local fmt="$*"
|
||||
local arr
|
||||
local n
|
||||
local h
|
||||
local p
|
||||
local str
|
||||
[[ -z $fmt ]] && fmt="%h:%p"
|
||||
|
||||
[[ ! -f /sf/share/proxies.txt ]] && { TOR; return; }
|
||||
IFS=$'\n'
|
||||
arr=($(<"/sf/share/proxies.txt"))
|
||||
n=${#arr[@]}
|
||||
RANDOM=$(date '+%N')
|
||||
[[ ! $n -gt 0 ]] && { TOR; return; }
|
||||
echo "${arr[$((RANDOM % n))]}"
|
||||
if [[ -f /sf/share/proxies.txt ]]; then
|
||||
IFS=$'\n' arr=($(<"/sf/share/proxies.txt"))
|
||||
n=${#arr[@]}
|
||||
RANDOM=$(date '+%N')
|
||||
[[ ! $n -gt 0 ]] && { TOR; return; }
|
||||
str="${arr[$((RANDOM % n))]}"
|
||||
h="${str%:*}"
|
||||
p="${str#*:}"
|
||||
else
|
||||
h="${SF_TOR_IP}"
|
||||
p="9050"
|
||||
fi
|
||||
# Store in global variable
|
||||
_PROXY_HOST="$h"
|
||||
_PROXY_PORT="$p"
|
||||
# format
|
||||
fmt="${fmt//\%h/$h}"
|
||||
fmt="${fmt//\%p/$p}"
|
||||
echo "$fmt"
|
||||
}
|
||||
|
||||
docker(){
|
||||
|
||||
@ -32,11 +32,15 @@ This system will ${CRY}SELF-DESTRUCT${CN} in 10 seconds."
|
||||
exit 0; }
|
||||
|
||||
echo -e "${CDR}***DESTRUCT***${CN}"
|
||||
|
||||
# SF_HOSTNAME might be empty if bash was started from gs-netcat.
|
||||
[[ -z $SF_HOSTNAME ]] && {
|
||||
str=$(hostname)
|
||||
SF_HOSTNAME="${str##*-}"
|
||||
}
|
||||
curl -s sf/net/del -dname=all -dnocolor=1 >/dev/null
|
||||
shopt -s dotglob
|
||||
rm -rf /onion/*
|
||||
rm -rf "/everyone/${SF_HOSTNAME,,}/"*
|
||||
[[ -d "/everyone/${SF_HOSTNAME,,}" ]] && rm -rf "/everyone/${SF_HOSTNAME,,}/"* 2>/dev/null
|
||||
# Bloody at-spi-bu re-creates a fuse-hidden file when the parent directory is deleted.
|
||||
# Force kill it.
|
||||
rm -rf /sec/* 2>/dev/null
|
||||
|
||||
@ -25,4 +25,4 @@ CUL="\e[4m"
|
||||
CRY="\e[0;33;41m" # YELLOW on RED (warning)
|
||||
}
|
||||
# BINDIR="$(cd "$(dirname "${0}")" || exit; pwd)"
|
||||
|
||||
:
|
||||
|
||||
@ -44,6 +44,7 @@ cp -a /etc/skel /sec/root
|
||||
ln -s /sec/root /root
|
||||
cd . # Prevent 'getcwd() failed' after deleting my own directory
|
||||
ln -s /sec/home /home
|
||||
mkdir /run/mysqld
|
||||
|
||||
echo "NOT ENCRYPTED" >/sec/THIS-DIRECTORY-IS-NOT-ENCRYPTED--DO-NOT-USE.txt
|
||||
|
||||
|
||||
@ -353,7 +353,9 @@ init_vars()
|
||||
|
||||
# Set the number of CPU's a guest can use up to a max of 4.
|
||||
# Min is 1 or NPROC / 4 to a max of 4.
|
||||
[[ -z $SF_CPUS ]] && {
|
||||
if [[ -n $SF_CPUS ]]; then
|
||||
[[ $SF_CPUS -gt $NPROC ]] && SF_CPUS="$NPROC"
|
||||
else
|
||||
SF_CPUS=$((NPROC / 4))
|
||||
if [[ $SF_CPUS -le 1 ]]; then
|
||||
SF_CPUS=1
|
||||
@ -361,7 +363,7 @@ init_vars()
|
||||
elif [[ $SF_CPUS -gt 4 ]]; then
|
||||
SF_CPUS=4
|
||||
fi
|
||||
}
|
||||
fi
|
||||
|
||||
# Check if we are still in sshd's Network Namespace
|
||||
IS_SSHD_NS_NET=1
|
||||
@ -611,7 +613,7 @@ load_limits()
|
||||
# then root is mounted read-only
|
||||
#SF_USER_ROOT_FS_SIZE=2GB
|
||||
SF_USER_ROOT_FS_INODE=65536
|
||||
SF_USER_MEMORY_LIMIT=256MB
|
||||
SF_USER_MEMORY_LIMIT=256m
|
||||
SF_USER_PIDS_LIMIT=128
|
||||
SF_USER_CPU_SHARE=8
|
||||
SF_USER_OOM_SCORE=500
|
||||
@ -639,10 +641,10 @@ load_limits()
|
||||
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
||||
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
||||
# Delete user token if token no longer exists
|
||||
[[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]] && {
|
||||
rm -f "${SF_USER_DB_DIR}/token"
|
||||
unset SF_TOKEN
|
||||
}
|
||||
# [[ ! -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]] && {
|
||||
# rm -f "${SF_USER_DB_DIR}/token"
|
||||
# unset SF_TOKEN
|
||||
# }
|
||||
}
|
||||
else
|
||||
# HERE: SF_TOKEN is user supplied.
|
||||
@ -654,7 +656,14 @@ load_limits()
|
||||
tofile "${SF_TOKEN}" "${SF_USER_DB_DIR}/token"
|
||||
fi
|
||||
fi
|
||||
[[ -n $SF_TOKEN ]] && [[ -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]] && eval "$(<"${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf")"
|
||||
[[ -n $SF_TOKEN ]] && {
|
||||
if [[ -f "${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf" ]]; then
|
||||
eval "$(<"${SF_TOKEN_DIR}/token-${SF_TOKEN,,}.conf")"
|
||||
else
|
||||
# token-<TOKEN>.conf does not exist.
|
||||
unset SF_TOKEN
|
||||
fi
|
||||
}
|
||||
|
||||
# Then source user specific limits
|
||||
[[ -f "${SF_USER_DB_DIR}/limits.conf" ]] && eval "$(<"${SF_USER_DB_DIR}/limits.conf")"
|
||||
@ -683,6 +692,8 @@ load_limits()
|
||||
DOCKER_ARGS+=("--oom-score-adj=${SF_USER_OOM_SCORE}")
|
||||
DOCKER_ARGS+=("--blkio-weight=${SF_USER_BLKIO_WEIGHT}")
|
||||
|
||||
[[ -n $SF_USER_DEV_KVM ]] && DOCKER_ARGS+=("--device=/dev/kvm")
|
||||
|
||||
if [[ -z $SF_USER_ROOT_FS_SIZE ]]; then
|
||||
DOCKER_ARGS+=("--read-only")
|
||||
else
|
||||
@ -697,7 +708,8 @@ load_limits()
|
||||
}
|
||||
fi
|
||||
|
||||
[[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
||||
# NOTE: This is no longer used because /dev/shm is now mounted as tmpfs to make UML work
|
||||
# [[ -n $SF_SHM_SIZE ]] && DOCKER_ARGS+=("--shm-size=$SF_SHM_SIZE")
|
||||
|
||||
[[ -n $SF_SYSBOX ]] && SYSBOX_ARGS+=("--runtime=sysbox-runc")
|
||||
|
||||
@ -1241,9 +1253,10 @@ exec_devnull docker run \
|
||||
-e SF_IS_GOLD_PROMPT \
|
||||
-e SF_DEBUG \
|
||||
--log-driver "${SF_DOCKER_LOG}" \
|
||||
--tmpfs /tmp:exec `# GoLang needs /tmp to be executeable` \
|
||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs)` \
|
||||
--sysctl net.ipv4.tcp_tw_reuse=1 `# Immediately reuse TIME_WAIT sockets` \
|
||||
--tmpfs /tmp:exec,size="${SF_SHM_SIZE:-64m}" `# GoLang needs /tmp to be executeable ` \
|
||||
--tmpfs /dev/shm:exec,size="${SF_SHM_SIZE:-64m}" `# UML needs /dev/shm to be executeable` \
|
||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 `# Allow IPv6 (used by WireGuard FOBs) ` \
|
||||
--sysctl net.ipv4.tcp_tw_reuse=1 `# Immediately reuse TIME_WAIT sockets ` \
|
||||
--sysctl net.ipv4.tcp_fin_timeout=10 \
|
||||
-v "${SF_BASEDIR}/data/share/:/sf/share:ro" \
|
||||
-v "${SF_CFG_GUEST_DIR:?}/:/config/guest:ro" \
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
#include <sys/un.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define SOCKET_PATH "/dev/shm/sf/run/logpipe/logPipe.sock"
|
||||
#define SOCKET_PATH "/sf/run/logpipe/logPipe.sock"
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
int sockfd;
|
||||
@ -44,4 +44,4 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
close(sockfd);
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
28
tools/logpipe/Makefile
Normal file
28
tools/logpipe/Makefile
Normal file
@ -0,0 +1,28 @@
|
||||
VERSION := $(shell git rev-parse --short HEAD)
|
||||
BUILDTIME := $(shell date -u '+%Y-%m-%dT%H:%M:%SZ')
|
||||
|
||||
GOLDFLAGS += -s -w
|
||||
GOLDFLAGS += -X main.Version=$(VERSION)
|
||||
GOLDFLAGS += -X main.Buildtime=$(BUILDTIME)
|
||||
GOFLAGS = -ldflags "$(GOLDFLAGS)"
|
||||
|
||||
all:
|
||||
docker build --network host -t sf-logpipe .
|
||||
|
||||
build: pre
|
||||
GOOS=linux GOARCH=amd64 go build $(GOFLAGS)
|
||||
|
||||
build-arm: pre
|
||||
GOOS=linux GOARCH=arm go build -o cg-arm
|
||||
|
||||
pre:
|
||||
go mod tidy
|
||||
|
||||
docker: all
|
||||
docker run -it --rm sf-logpipe
|
||||
|
||||
release: build
|
||||
sha256sum cg | tee cg.sum
|
||||
tar czvf cg.tgz cg cg.sum
|
||||
rm -f cg cg.sum
|
||||
git add cg.tgz
|
||||
@ -1,44 +0,0 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define SOCKET_PATH "/dev/shm/sf/run/logpipe/logPipe.sock"
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
int sockfd;
|
||||
struct sockaddr_un addr;
|
||||
|
||||
sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (sockfd == -1) {
|
||||
perror("socket");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
memset(&addr, 0, sizeof(struct sockaddr_un));
|
||||
addr.sun_family = AF_UNIX;
|
||||
strncpy(addr.sun_path, SOCKET_PATH, sizeof(addr.sun_path) - 1);
|
||||
|
||||
if (connect(sockfd, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) {
|
||||
perror("connect");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
char buf[1024];
|
||||
ssize_t nread;
|
||||
while ((nread = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
|
||||
if (write(sockfd, buf, nread) != nread) {
|
||||
perror("write");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
|
||||
if (nread == -1) {
|
||||
perror("read");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
close(sockfd);
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user