-
Notifications
You must be signed in to change notification settings - Fork 0
/
sandbox.go
90 lines (67 loc) · 2.28 KB
/
sandbox.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright 2018 The PDX Blockchain Hybercloud Authors
// This file is part of the PDX chainmux implementation.
//
// The PDX Blcockchain Hypercloud is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// The PDX Blockchain Hypercloud is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with the software. If not, see <http://www.gnu.org/licenses/>.
// PDX sandbox, a secure docker service supporting signed images and fine-grained access control
package main
import (
"fmt"
"log"
"net/http"
"net"
"os"
"flag"
)
var pdxHome string
var imgHome string
var crtFile string
var imgVerifierScript string
var lockfile string
var datafile string
var tcpAddr string
func main() {
flag.Usage = func() {
fmt.Println("")
fmt.Println("PDX sandbox, a secure privileged service for hardcore docker sandboxing")
fmt.Println("")
fmt.Println("Please visit https://github.com/PDXbaap/pdx-sandbox for more information")
fmt.Println("")
fmt.Println("Use with elevated privileged with PDX iaas-compute installed at $PDX_HOME")
fmt.Println("")
flag.PrintDefaults()
}
flag.StringVar(&tcpAddr, "addr", "127.0.0.1:0", "TCP host:port to listen on")
flag.StringVar(&pdxHome, "home", os.Getenv("PDX_HOME"), "PDX iaas-compute directory")
flag.Parse()
if pdxHome == "" {
flag.Usage()
os.Exit(1)
}
// set files & directories needed for it to function
imgHome = pdxHome + "/bin/image"
crtFile = pdxHome + "/conf/signer.crt"
imgVerifierScript = pdxHome + "/bin/img-verify.sh"
lockfile = pdxHome + "/temp/sandbox.lock"
datafile = pdxHome + "/temp/sandbox.data"
lock()
defer unlock()
listener, err := net.Listen("tcp", tcpAddr)
if err != nil {
log.Fatalln(err)
}
log.Printf("listening on: %s", listener.Addr().String())
save(listener.Addr().String())
http.HandleFunc("/", handler)
log.Fatalln(http.Serve(listener, nil))
}