D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
clcagefslib
/
webisolation
/
Filename :
libenter.py
back
Copy
# -*- coding: utf-8 -*- # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # """Library functions for executing commands inside CageFS for a site.""" import os import pwd import subprocess from pathlib import Path from typing import List from clcommon import cpapi from .jail_utils import get_website_id, get_user_var_cagefs_path def enter_site(site: str, command: List[str]) -> int: """ Execute a command inside CageFS for a site (document root or domain). User only! Inside cagefs only! :site: Document root or domain name :command: Command and arguments to execute Returns: int: Exit code from the executed command Raises: ValueError: If site cannot be resolved or isolation is not configured """ # Resolve site to document root document_root = site if not document_root.startswith("/"): try: document_root = cpapi.docroot(site)[0] except cpapi.cpapiexceptions.NoDomain: raise ValueError(f"Domain {site} not found") if not os.path.exists(document_root): raise ValueError(f"Document root {document_root} does not exist") docroot_md5 = get_website_id(document_root) inside_cagefs_path = Path("/var/.cagefs/") if inside_cagefs_path.exists(): # we are inside cagefs -> call proxyexec wrapper website_token_path = inside_cagefs_path / f"website/{docroot_md5}/.cagefs.token" if not website_token_path.exists(): raise ValueError(f"Website {site} not found or isolation is not enabled") return subprocess.call( ["/bin/cagefs_enter.proxied", *command], env={**os.environ, "WEBSITE_TOKEN_PATH": website_token_path}, ) else: # we are outside cagefs -> a bit different path to token jail_path = Path(get_user_var_cagefs_path(pwd.getpwuid(os.getuid()).pw_name)) website_token_path = jail_path / f".cagefs/website/{docroot_md5}/.cagefs.token" return subprocess.call( ["/bin/cagefs_enter", *command], env={**os.environ, "WEBSITE_TOKEN_PATH": website_token_path}, )