+ added sandbox script

* handle sigterm
This commit is contained in:
Kevin Froman 2020-11-02 23:47:38 +00:00
parent 130e9de5e9
commit a9d0524ccc
4 changed files with 62 additions and 10 deletions

33
sandboxed-onionr.py Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env python3
import os, sys
import tempfile, shutil
import stat
env_var = "firejailed-onionr"
def copytree(src, dst, symlinks=False, ignore=None):
for item in os.listdir(src):
if item in (".git", ".vscode", ".github"):
continue
s = os.path.join(src, item)
d = os.path.join(dst, item)
if os.path.isdir(s):
shutil.copytree(s, d, symlinks, ignore)
else:
shutil.copy2(s, d)
env_var = "firejailed-onionr"
directory = os.path.dirname(os.path.realpath(sys.argv[0]))
if not os.getenv(env_var):
temp_dir = tempfile.mkdtemp()
print(temp_dir)
copytree(directory, temp_dir)
os.system(f"firejail --env={env_var}={temp_dir} --private={temp_dir} python3 ./sandboxed-onionr.py")
sys.exit(0)
os.system(f"python3 -m pip install -r ./requirements.txt --user")
os.system(f"./onionr.sh start &")

View File

@ -72,6 +72,8 @@ def advertise_service(specific_ips=None):
MULTICAST_TTL = 3 MULTICAST_TTL = 3
ips = best_ip ips = best_ip
if not ips:
return
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL) sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL)

View File

@ -6,6 +6,8 @@ from ipaddress import IPv4Address
from psutil import net_if_addrs from psutil import net_if_addrs
from socket import AF_INET from socket import AF_INET
import logger
""" """
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -24,13 +26,18 @@ from socket import AF_INET
lan_ips = [] lan_ips = []
# https://psutil.readthedocs.io/en/latest/#psutil.net_if_addrs # https://psutil.readthedocs.io/en/latest/#psutil.net_if_addrs
for interface in net_if_addrs().keys(): def _get_lan_ips():
for interface in net_if_addrs().keys():
for address in net_if_addrs()[interface]: for address in net_if_addrs()[interface]:
# Don't see benefit in ipv6, so just check for v4 addresses # Don't see benefit in ipv6, so just check for v4 addresses
if address[0] == AF_INET: if address[0] == AF_INET:
# Mark the address for use in LAN if it is a private address # Mark the address for use in LAN if it is a private address
if IPv4Address(address[1]).is_private and not IPv4Address(address[1]).is_loopback: if IPv4Address(address[1]).is_private and not IPv4Address(address[1]).is_loopback:
lan_ips.append(address[1]) lan_ips.append(address[1])
try:
_get_lan_ips()
except OSError:
logger.warn("Could not identify LAN ips due to OSError.")
# These are more likely to be actual local subnets rather than VPNs # These are more likely to be actual local subnets rather than VPNs
for ip in lan_ips: for ip in lan_ips:

View File

@ -5,6 +5,7 @@ launch the api servers and communicator
import os import os
import sys import sys
import platform import platform
import signal
from threading import Thread from threading import Thread
from stem.connection import IncorrectPassword from stem.connection import IncorrectPassword
@ -117,7 +118,8 @@ def _setup_online_mode(
cleanup.delete_run_files() cleanup.delete_run_files()
sys.exit(1) sys.exit(1)
if len(net.myID) > 0 and security_level == 0: if len(net.myID) > 0 and security_level == 0:
logger.debug('Started .onion service: %s' % logger.debug(
'Started .onion service: %s' %
(logger.colors.underline + net.myID)) (logger.colors.underline + net.myID))
else: else:
logger.debug('.onion service disabled') logger.debug('.onion service disabled')
@ -125,6 +127,13 @@ def _setup_online_mode(
def daemon(): def daemon():
"""Start Onionr's primary threads for communicator, API server, node, and LAN.""" """Start Onionr's primary threads for communicator, API server, node, and LAN."""
def _handle_sig_term(signum, frame):
logger.info(
"Received sigterm, shutting down gracefully", terminal=True)
localcommand.local_command('/shutdownclean')
signal.signal(signal.SIGTERM, _handle_sig_term)
# Determine if Onionr is in offline mode. # Determine if Onionr is in offline mode.
# When offline, Onionr can only use LAN and disk transport # When offline, Onionr can only use LAN and disk transport
offline_mode = config.get('general.offline_mode', False) offline_mode = config.get('general.offline_mode', False)
@ -184,7 +193,8 @@ def daemon():
_setup_online_mode(use_existing_tor, net, security_level) _setup_online_mode(use_existing_tor, net, security_level)
_show_info_messages() _show_info_messages()
logger.info(
"Onionr daemon is running under " + str(os.getpid()), terminal=True)
events.event('init', threaded=False) events.event('init', threaded=False)
events.event('daemon_start') events.event('daemon_start')
if config.get('transports.lan', True): if config.get('transports.lan', True):