adZddlZddlZddlZddlZddlZddlmZddlm Z m Z m Z m Z ddl mZejeZdZdZeejd dZd Zd Zd Zd ZdZdZdZdZddZ dZ!dZ"dS)uXPublic command API for isolatectl limits — per-domain (LVD) resource limit management.N) userdomains) DomainEntry LvdConfig get_usernameresolve_docroot)LvdErrorz(/usr/share/lve-utils/lvd-registry-helperz&/usr/share/lve-utils/lvd-limits-helper PYLVE_DEBUGc ddi|S)Nresultsuccess)kwargss py/websiteisolation/commands.py_okrs i *6 **ct|} t|pg}n(#t$r}td|d||d}~wwxYwd|DS)zCReturn set of domain names that belong to the user (via panel API).z"failed to query domains for user 'z': Nch|]\}}|Srr).0name_docroots r z _user_domains..)s - - -^T8D - - -r)rr Exceptionr )lve_idusernamepairsexcs r _user_domainsr"sF##HYH%%+ YYYNHNNNNOOUXXY - -u - - --s# AAAcNt|}|std|d|S)zResolve domain -> docroot.z)cannot resolve document root for domain '')rr )domaindocroots r _docroot_forr#,s7f%%G NL6LLLMMM NrcZtj}trd|d<|S)z/Build environment for SUID helper subprocesses.1LIBLVE_DEBUG_ENABLED)osenvironcopy_DEBUG)envs r _helper_envr,4s+ *//  C *&) "# JrcTtr td|tjdSdS)NzDEBUG [lvdctl]: file)r*printsysstderr)msgs r_dbgr4<s8 9 &&&SZ88888899rc tdt||g}tdtd|d| tj|dddt }n-#t $r }tdtd ||d }~wwxYwtd |jd |j d |j |jdkr+|j }td||j }|sd S t|S#t$r}td||d }~wwxYw)zHCall lvd-registry-helper get and return domain_id, or None if not found.getcall z get uid=z docroot=TFcapture_outputtextcheckr+failed to run : N rc=z stdout= stderr=rzlvd-registry-helper failed: z-lvd-registry-helper returned invalid output: )REGISTRY_HELPERstrr4 subprocessrunr,OSErrorr returncodestdoutstripr2int ValueError)uidr"argvr er2outrs r_get_domain_lve_idrNAs UCHHg 6D B B B3 B B B BCCCG D     GGG>>>1>>??QFG  ." . .FM,?,?,A,A . .M'')) . .///A$$&&>f>>??? -    C tY3xx YYYNsNNOOUXXYs/%A B'BB)D88 EEEc|dd}|r|dznd}|dd}|r|dznd}|dd}|dd}|dd} |dd} |d d} tt|t|t|t|t|t| t| t| t|g } td td |d |d |d|d|d|d| d| d| d|d|d t j| dddt } n-#t$r }tdtd||d}~wwxYwtd| j d| j | j r)td| j | j dkr+| j }td|dS) uCall lvd-limits-helper to apply limits to kernel. Unit conversions (user-facing → kernel): cpu — centipercent, pass as-is pmem — bytes → 4 KB pages io — KB/s, pass as-is nproc, iops, ep — pass as-is vmem — bytes → 4 KB pages pmemrivmemcpuionprociopsepr7z uid=z domain_id=z cpu=z pmem=zpages(z bytes) io=z nproc=z iops=z ep=z vmem=zbytes)TFr8r<r=Nr>r?z stdout=zlvd-limits-helper failed: ) r6 LIMITS_HELPERrAr4rBrCr,rDr rEr2rGrF)rJ domain_idlimits pmem_bytes pmem_pages vmem_bytes vmem_pagesrRrSrTrUrVrKr rLr2s r_call_limits_helperr^]sFA&&J'18t##qJFA&&J'18t##qJ **UA  C D!  B JJw " "E ::fa D D!  B C#i.. C#j//3r77CJJD  BZ  D   ? ? ?S ? ?Y ? ? ? ?& ? ?.8 ? ? ? ?  ? ?(, ? ? ? ?% ? ?-7 ? ? ?@@@E D     EEE< <<<<==1DE E" E EFM,?,?,A,A E EFFF }4 2,,.. 2 2333 A$$&&zcmd_list..s%:::6)9)91)9)9)9r)rrrY)rj) rrhrrjrrkrYrlr)rr!rrrqrjr rys ` rcmd_listr{s ^F # #F & ! !EnG ::::g::: F    6    Fh&&((      v   rct|}||vrtd|d|tj|}t |||S)z/Push one domain's limits from config to kernel.r`ra)rr rrh _apply_domain)rr!rqrrs r cmd_applyr~s[ & ! !E UX&XXPVXXYYY ^F # #F  0 00rc ||}|td|dt|}t||}|td|d|d|j} t jt jd|d|d |n5#t$r(}td |tj Yd}~nd}~wwxYwt|||t|| S) a& Push one domain's limits from config to kernel via SUID helpers. Looks up the domain ID that was assigned by the admin via ``lvectl enable-domain-limits``. Domain ID assignment is a root-only operation; users can only read existing mappings and apply limits to them. rdNr`z&' not found in config; use 'set' firstrbrczlvdctl apply: lve_id=rez limits=rfr.rg)rir r#rNrYrlrorprDr0r1r2r^r)rr!rrrsr"rXapplied_limitsrLs rr}r}sl   F  + +E }P&PPPQQQ6""G"6733I ::: f^ 4 4 44s=(B&& C0CC)NN)#__doc__loggingr'rBr1roclcommon.cpapirrrrrrr exceptionsr getLogger__name__logr@rWrHr(r6r*rrr#r,r4rNr^rvr{r~r}rrrrs _^  &&&&&&! g!!<8 RZ^^M1 - - . .+++...999 YYY8+>+>+>\)1)1)1X.111#5#5#5#5#5r