+ added sandbox script
* handle sigterm
This commit is contained in:
parent
130e9de5e9
commit
a9d0524ccc
33
sandboxed-onionr.py
Normal file
33
sandboxed-onionr.py
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
import os, sys
|
||||||
|
import tempfile, shutil
|
||||||
|
import stat
|
||||||
|
|
||||||
|
env_var = "firejailed-onionr"
|
||||||
|
|
||||||
|
def copytree(src, dst, symlinks=False, ignore=None):
|
||||||
|
for item in os.listdir(src):
|
||||||
|
if item in (".git", ".vscode", ".github"):
|
||||||
|
continue
|
||||||
|
s = os.path.join(src, item)
|
||||||
|
d = os.path.join(dst, item)
|
||||||
|
if os.path.isdir(s):
|
||||||
|
shutil.copytree(s, d, symlinks, ignore)
|
||||||
|
else:
|
||||||
|
shutil.copy2(s, d)
|
||||||
|
|
||||||
|
env_var = "firejailed-onionr"
|
||||||
|
directory = os.path.dirname(os.path.realpath(sys.argv[0]))
|
||||||
|
|
||||||
|
if not os.getenv(env_var):
|
||||||
|
temp_dir = tempfile.mkdtemp()
|
||||||
|
print(temp_dir)
|
||||||
|
copytree(directory, temp_dir)
|
||||||
|
os.system(f"firejail --env={env_var}={temp_dir} --private={temp_dir} python3 ./sandboxed-onionr.py")
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
os.system(f"python3 -m pip install -r ./requirements.txt --user")
|
||||||
|
os.system(f"./onionr.sh start &")
|
||||||
|
|
||||||
|
|
@ -72,6 +72,8 @@ def advertise_service(specific_ips=None):
|
|||||||
MULTICAST_TTL = 3
|
MULTICAST_TTL = 3
|
||||||
|
|
||||||
ips = best_ip
|
ips = best_ip
|
||||||
|
if not ips:
|
||||||
|
return
|
||||||
|
|
||||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
|
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
|
||||||
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL)
|
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL)
|
||||||
|
@ -6,6 +6,8 @@ from ipaddress import IPv4Address
|
|||||||
|
|
||||||
from psutil import net_if_addrs
|
from psutil import net_if_addrs
|
||||||
from socket import AF_INET
|
from socket import AF_INET
|
||||||
|
|
||||||
|
import logger
|
||||||
"""
|
"""
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
@ -24,13 +26,18 @@ from socket import AF_INET
|
|||||||
lan_ips = []
|
lan_ips = []
|
||||||
|
|
||||||
# https://psutil.readthedocs.io/en/latest/#psutil.net_if_addrs
|
# https://psutil.readthedocs.io/en/latest/#psutil.net_if_addrs
|
||||||
for interface in net_if_addrs().keys():
|
def _get_lan_ips():
|
||||||
for address in net_if_addrs()[interface]:
|
for interface in net_if_addrs().keys():
|
||||||
# Don't see benefit in ipv6, so just check for v4 addresses
|
for address in net_if_addrs()[interface]:
|
||||||
if address[0] == AF_INET:
|
# Don't see benefit in ipv6, so just check for v4 addresses
|
||||||
# Mark the address for use in LAN if it is a private address
|
if address[0] == AF_INET:
|
||||||
if IPv4Address(address[1]).is_private and not IPv4Address(address[1]).is_loopback:
|
# Mark the address for use in LAN if it is a private address
|
||||||
lan_ips.append(address[1])
|
if IPv4Address(address[1]).is_private and not IPv4Address(address[1]).is_loopback:
|
||||||
|
lan_ips.append(address[1])
|
||||||
|
try:
|
||||||
|
_get_lan_ips()
|
||||||
|
except OSError:
|
||||||
|
logger.warn("Could not identify LAN ips due to OSError.")
|
||||||
|
|
||||||
# These are more likely to be actual local subnets rather than VPNs
|
# These are more likely to be actual local subnets rather than VPNs
|
||||||
for ip in lan_ips:
|
for ip in lan_ips:
|
||||||
|
@ -5,6 +5,7 @@ launch the api servers and communicator
|
|||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import platform
|
import platform
|
||||||
|
import signal
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
|
|
||||||
from stem.connection import IncorrectPassword
|
from stem.connection import IncorrectPassword
|
||||||
@ -117,14 +118,22 @@ def _setup_online_mode(
|
|||||||
cleanup.delete_run_files()
|
cleanup.delete_run_files()
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
if len(net.myID) > 0 and security_level == 0:
|
if len(net.myID) > 0 and security_level == 0:
|
||||||
logger.debug('Started .onion service: %s' %
|
logger.debug(
|
||||||
(logger.colors.underline + net.myID))
|
'Started .onion service: %s' %
|
||||||
|
(logger.colors.underline + net.myID))
|
||||||
else:
|
else:
|
||||||
logger.debug('.onion service disabled')
|
logger.debug('.onion service disabled')
|
||||||
|
|
||||||
|
|
||||||
def daemon():
|
def daemon():
|
||||||
"""Start Onionr's primary threads for communicator, API server, node, and LAN."""
|
"""Start Onionr's primary threads for communicator, API server, node, and LAN."""
|
||||||
|
|
||||||
|
def _handle_sig_term(signum, frame):
|
||||||
|
logger.info(
|
||||||
|
"Received sigterm, shutting down gracefully", terminal=True)
|
||||||
|
localcommand.local_command('/shutdownclean')
|
||||||
|
signal.signal(signal.SIGTERM, _handle_sig_term)
|
||||||
|
|
||||||
# Determine if Onionr is in offline mode.
|
# Determine if Onionr is in offline mode.
|
||||||
# When offline, Onionr can only use LAN and disk transport
|
# When offline, Onionr can only use LAN and disk transport
|
||||||
offline_mode = config.get('general.offline_mode', False)
|
offline_mode = config.get('general.offline_mode', False)
|
||||||
@ -184,7 +193,8 @@ def daemon():
|
|||||||
_setup_online_mode(use_existing_tor, net, security_level)
|
_setup_online_mode(use_existing_tor, net, security_level)
|
||||||
|
|
||||||
_show_info_messages()
|
_show_info_messages()
|
||||||
|
logger.info(
|
||||||
|
"Onionr daemon is running under " + str(os.getpid()), terminal=True)
|
||||||
events.event('init', threaded=False)
|
events.event('init', threaded=False)
|
||||||
events.event('daemon_start')
|
events.event('daemon_start')
|
||||||
if config.get('transports.lan', True):
|
if config.get('transports.lan', True):
|
||||||
|
Loading…
Reference in New Issue
Block a user