Mini Shell

Direktori : /usr/share/cagefs/__pycache__/
Upload File :
Current File : //usr/share/cagefs/__pycache__/cagefsctl.cpython-311.pyc

�

?��p����ddlmZddlmZddlmZddlmZddlmZddlmZm	Z	m
Z
ej��ddlTddl
mZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	lZdd	l Z dd	l!Z!dd	l"Z"dd	l#Z#dd	l$Z$dd	l%Z%dd	l&Z&dd
l'm(Z(ddl)m*Z*ddl+m,Z,m-Z-dd
l.m/Z/m0Z0ddl1m2Z2ddl3m4Z4m5Z5m6Z6m7Z7ddl8m9Z9ddl:m;Z;m<Z<ddl=m>Z>m?Z?m@Z@mAZAmBZBddlCmDZDddlEmFZFmGZGmHZHmIZIddlJmKZKmLZLddlMmNZNmOZOmPZPmQZQmRZRmSZSddlTmUZUdd	lVZVdd	lWZWdd	lXZXdd	lYZYdd	lZZZdZ[eS��rdZ[dZ\dZ]dZ^dZ_da`dZad Zbd!Zcd"Zdd#Zeecd$zZfedd%zZgd&Zhd'Zid(Zjd)Zkd*Zld+Zmd,Znd-Zod.Zpd/Zqd0ard1Zsd2Ztd3Zud4Zvd5Zwd6Zxd7Zyd8Zzd9Z{d:Z|d;Z}d<Z~d=Zd>Z�d?Z�d@Z�dAZ�ecdBzZ�ecdCzZ�dDZ�dEZ�ej���j�Z�GdF�dGe*��Z�dHej���j�����vre�j�j�e�j�j�zZ�ne�j�j�e�j�j�zZ�dIZ�ej���eb��dd	lMZMdd	l�Z�ddJl�m�Z�eieM_iejeM_jt�eM_`dKdLgZ��d\dM�Z�dN�Z��d]dO�Z�dP�Z�dQ�Z�dR�Z�dS�Z�dT�Z�dU�Z�dVZ�da�da�dW�Z�dXdYdZd[d\d]d^d_d`dadbdcexdddedfdge���dh��e���di��gZ�dXZ�djZ�dkZ�gdl�Z�dmgZ�dndogZ�dp�Z�dq�Z�dr�Z��d^dt�Z�t�fdu�Z�dv�Z�dw�Z�dx�Z�dyZ�dz�Z��d_d{�Z�d|�Z�d}�Z�d~�Z�d�Z�d��Z�d��Z��d^d��Z�d��Z��d`d��Z�ia�epfd��Z�d��ZŐd\d��Z�d��Zǐdad��Z�d��Z�d��Zʐd^d��Z�d��Z�d��Z͐d\d��Z�d��Z�d��Z�d��Z�d�ej�ej�zfd��Z�d��Z�d��Z�d��Z�d�Z�d	a�d��Z�d��Zېd^d��Z�d��Zݐd^d��Z�d��Z�d�e
e�fd��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d\d��Z�d��Z�d��Z�d��Z�d��Z�dbd��Z�d��Z�d��Z�d��Z��dcd��Z�ehfd��Z�d��Z�d�ej�fd��Z�d��Z�d��Z�ehdsdsfd��Z��ddd��Z�d„Z�GdÄd�e*���ZGdńdƦ��ZdDŽ�ZdȄ�ZdɄ�Zdʄ�Zd�d�d�eM�jd�d�d�g�Zdф�Z�ddd҄�Z	dӐe
d�d	fdԄ�Z�d^dՄ�Zdք�Z
Gdׄdؐe���Zdل�Zdڄ�Z�dedۄ�Zd	eM�jfd܄�Z�d\d݄�Z�d\dބ�Zd߄�Zd��Zd��Zd��Zd��Zd��Zd��Zg�ai�ad��Z �d\d��Z!d��Z"�d^d��Z#d��Z$d��Z%d��Z&d��Z'�d^d��Z(d��Z)�d_d��Z*�d^d��Z+d��Z,d��Z-d��Z.�d^d���Z/d���Z0d���Z1�d^d���Z2d���Z3d���Z4d���Z5�d^d���Z6d���Z7d���Z8ds�a9d���Z:�d��Z;�d��Z<�d��Z=�d��Z>�d��Z?�d^�d��Z@�d^�d��ZA�d^�d��ZB�d^�d��ZC�d	��ZD�d
��ZE�d��ZF�d��ZG�d
��ZH�d��ZI�d��ZJ�d��ZK�d��ZL�d��ZM�d��ZNd	�aO�df�d��ZP�d��ZQi�aR�d�deM�jSz�dz�deM�jTz�dz�deM�jSz�dzg�aU�d��ZV�d\�d��ZW�d��ZX�dg�d��ZY�d\�d��ZZ�dh�d��Z[�d��Z\�di�d��Z]�d ��Z^�d_�d!��Z_�d"�Z`�d#��Za�d$��Zb�d%��Zc		�dj�d&��Zd�d\�d'��Ze�d\�d(��Zf�d\�d)��Zg�d*��Zh�d+��Zi�d,��Zj�d-��Zk�d.��Zl�d/��Zm�d0��Zn�d1��Zo�d2��Zp�dk�d3��Zq�d\�d4��Zr�di�d5��Zs�d6��Zt�d7��Zui�av�d8��Zw�d9��Zx�d:��Zy�d;��Zz�d<��Z{�d=��Z|�d\�d>��Z}�d?��Z~�d@��Z�dA��Z��dB��Z��dC��Z��dD��Z��dE��Z��dF��Z��dG�e��dHe
e�d�d	f�dI��Z��dG�e�d�d	f�dJ��Z��dKe
�e�d�d	f�dL��Z��dM��Z��dN��Z��dO��Z��dP��Z��dQ��Z��e����dRe
�e�d�e
�e�f�dS��Z��dT��Z��dU��Z��d_d�e	e
�e��dV�e
d��e
f�dW��Z��d\d�e	e
�e�d��e
f�dX��Z�d�e�f�dY��Z��dZ��Z��e��d[kr
�e���d	Sd	S(l�)�print_function)�absolute_import)�division)�unicode_literals)�standard_library)�Dict�Optional�List)�*)�
native_strN)�defaultdict)�Enum)�BASEDIR�SYMLINKS)�get_linksafe_gid�get_user_prefix)�	read_file)�configure_alt_php�is_ea4_enabled�read_cpanel_ea4_php_conf�switch_symlink)�
get_alt_paths)�is_plesk�	is_cpanel)�ExternalProgramFailed�create_symlink�is_socket_file�is_may_detach_mounts_enabled�mod_makedirs)�ProcLve)�ClPwd�reload_processes�
clconfpars�	clcaptain)�
unicodeify�byteify)�
stripslash�CageFSException�SYSTEMD_JOURNAL_SOCKET�is_new_syslog_socket_used�relative_symlink�is_running_without_lve)�loggerz/usr/sbin/lvectlz	/bin/truez/bin/umountz
/bin/mountz/bin/lve_umountz/var/cagefs.uid�/usr/share/cagefs-skeletonz/cagefs-skeleton/z/usr/share/cagefsz/etc/cagefs/z/usr/share/cagefs/z/etc/cagefs/conf.d/z	cagefs.mpzcagefs.mp.prevz/usr/share/cagefs/.lockz/etc/cagefs/etc.safe/etc.systemz/etc/cagefs/etc.safe/etc.safe�/etc/cagefs/etc.safez%/usr/share/cagefs/skeleton.files.listz$/usr/share/cagefs/skeleton.libs.listz/usr/share/cagefs/passwd.cachez/usr/share/cagefs/conf.dz/etc/cagefs/excludez/usr/share/cagefs/excludei�z/etc/cagefs/cagefs.min.uidz/var/lock/subsys/cagefsz"/etc/cagefs/etc.safe/disable.etcfsz
/usr/bin/diffz/var/run/proxyexec/cagefs.sockz/var/lib/proxyexec/cagefs.sockz/etc/cagefs/black.listz2/usr/share/cagefs-plugins/install-cagefs-plugin.pyz/usr/share/cagefs/.cagefs.emptyz"/usr/share/cagefs/exclude.packagesz/etc/cagefs/proxy.commandsz/usr/share/cagefs/need.remountz/var/log/cagefs.logz/var/lve/lveinfo.verz/usr/share/l.v.e-manager/cl.{}z/etc/cagefs/dev.shm.optionsz/etc/cagefs/enabled_debug�users.disabled�
users.enabled�InitializedzNot initializedc��eZdZdZgd�Zgd�d�d�d�d�d�d	�d
�de���d�d
�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d �d!�d"�d#�d$�d%�d&�d�d'�d(�d)�d*�d+�d,�d-�d.�d/�d0�d1�d2�d3�d4�d5�d6�d7�d8�d9�d:�Zgd;�Zd<S)=�DefaultPackagesz'Default packages, used in cagefs --init)�tcl�cpp�gcc�automake�autoconf�m4�mc�ghostscript�
fontconfig�aspellz	aspell-en�hunspell�	coreutilszpython3-virtualenv�libxml2�recodezcrypto-policies�	snmptrapd�unixodbc�opensslz
alt-libicu�enchant�curlz
cpanel-git�git�imagemagickzlibmagick++-dev�
perlmagick�expatz
libexpat1-dev�libltdl7�libnss3zbuild-essentialzlinux-headers-�gfortranzlib32gcc-10-devzg++zlibtext-pdf-perl�libedit2zhunspell-en-uszlibcogl-pango-devz	python3.8zlibc-client2007e�libodbc1�	libmhash2�
libmcrypt4z
libxslt1.1�libtidy5deb1�libicu66z
libicu-dev�	tmpreaperz
libgpg-error0�
postgresqlzpostgresql-contribz
libpng-devzlibgmp3-devzlibpam-modules�bzip2zlibpam-cracklib�ncdu�libidn11z
db5.3-util�libncurses6�slapd�libxpm4�libgcrypt20z
libsasl2-2�zlib1g�snmpd�snmpzlibsnmp-devz	libmm-dev�libfreetype6zlibfreetype6-devz	libssh2-1zgeoip-database�ffmpeg�dnsutils�libgs9z	libgs-devz
libgs9-common)N�ImageMagickzImageMagick-c++zImageMagick-c++-develzImageMagick-develzImageMagick-perlzcloudlinux-ImageMagickzcloudlinux-ImageMagick-c++z cloudlinux-ImageMagick-c++-develzcloudlinux-ImageMagick-develrKzexpat-develzlibtool-ltdl�nssznss-softoknzcompat-glibc-headersz
glibc-headerszkernel-headerszcompat-libgcc-296zgcc-gfortranzcompat-gcc-34-c++zcompat-gcc-34-g77�libgcczgcc-c++z
compat-gcc-34zredhat-rpm-configzfontpackages-filesystemz
perl-Text-PDFz	pdf-toolszperl-PDF-Reuse�libeditzhunspell-enzgit-core�pango�mktempz	scl-utils�python36zlibc-client-2007ez
unixODBC-libs�mhash�tcp_wrapperszcompat-libstdc++�	libmcrypt�libxslt�libtidy�libicuzlibicu-devel�tmpwatchznet-snmpzlibgpg-errorzpostgresql-libs�libpng�gmp�pamz
bzip2-libs�cracklib�ncurses�libidnzlibc-client-2004g�db4zncurses-libs�openldap�libXpm�	libgcryptzcyrus-sasl-lib�zlibz
net-snmp-libs�libmm�freetypezfreetype-develz
curl-devel�libssh2�GeoIPz
cyrus-saslzffmpeg-libs�termcapz
bind-utils�libgszlibgs-develN)�__name__�
__module__�__qualname__�__doc__�common_packages�
kernel_header�ubuntu�centos���]/builddir/build/BUILDROOT/cagefs-7.6.19-1.el9.cloudlinux.x86_64/usr/share/cagefs/cagefsctl.pyr4r4�s�������1�1����O�8:��:��:�	�:�	�	:�
	�:�	�
:�	�:�	�:�	)��(�(�:�	�:�	�:�	�:�	�:�	�:�	�:� 	�!:�"	�#:�$	�%:�&	�':�(	�):�*	�+:�,	�-:�.	�/:�0	�1:�2	�3:�4	�5:�6	�7:�8	�9:�:	�;:�<	�=:�>	�?:�@	�A:�B	�C:�D	�E:�F	�G:�H	�I:�J	�K:�L	�M:�N	�O:�P	�Q:�R	�S:�T	�U:�V	�W:�X	�Y:�Z	�[:�\	�]:�^	�_:�`	�a:�b	�c:�d	�e:�f	�g:�h	�i:�j	�k:�l	�m:�n	�o:�p	�q:�r	�s:�F�xO�O�O�F�F�Fr�r4r�z7.6.19-1.el9.cloudlinux)�
sigterm_checkz/usr/local/cpanel/3rdparty/binz/var/lib/spamassassinc��|dkrtj��}	tjd��}t	t
d��}t
jt|��|d���|�	��tj|��tj
t
d��dS#t$r'}tjdt
d|��Yd}~dSd}~wwxYw)N�?�wb�)�protocol��saving�-)
�secureio�get_pwd_dict�os�umask�open�PASSWD_CACHE�pickle�dumpr&�close�chmod�	Exception�print_error)�pw�umask_saved�pf�errs    r��save_passwd_cacher�Gs���	�T�z�z�
�
"�
$�
$��
?��h�t�n�n��
�,��
%�
%��	��G�B�K�K��a�0�0�0�0�
���
�
�
�
������
���u�%�%�%�%�%���?�?�?���X�|�S�#�>�>�>�>�>�>�>�>�>�����?���s�BB,�,
C�6C�Cc�v�i}tj�t��r�	t	td��}tt
j|tj	�������}|�
��n3#t$r&}tj
dtd|��Yd}~nd}~wwxYw|S)N�rb)�encoding�loadingr�)r��path�isfiler�r�r%r��load�locale�getpreferredencodingr�r�r�r�)r�r�r�s   r��load_passwd_cacher�Ws���	�B�	�w�~�~�l�#�#�D�	D��l�D�)�)�B��F�K��V�5P�5R�5R�S�S�S�T�T�B��H�H�J�J�J�J���	D�	D�	D�� ��L�#�s�C�C�C�C�C�C�C�C�����	D����
�Is�AB�
B6�B1�1B6c�&�|dkrt��}|dkrtj��}g}|D]O}	||||kr|�|���+#t$r|�|��Y�LwxYwt|��|S�N)r�r�r��append�KeyErrorr�)�pw_old�pw_new�users�users    r��get_modified_usersr�fs���
��~�~�"�$�$��
��~�~��&�(�(���E�����	��d�|�v�d�|�+�+����T�"�"�"����	�	�	��L�L������H�	�����f�����Ls�'A�A?�>A?c��t��tj�t��sg	ttd��dS#ttf$r;tj	dtztd��tjd��YdSwxYw	tj
td��dS#ttf$r;tj	dtztd��tjd��YdSwxYw)N��zError: failed to create �z$Error: failed to set permissions to )r�r�r��lexists�	EMPTY_DIRr�IOError�OSErrorr��logging�SILENT�sys�exitr�r�r�r��create_empty_dirr�ws����O�O�O�
�7�?�?�9�%�%��	���E�*�*�*�*�*����!�	�	�	���7�)�C�V�Q�O�O�O��H�Q�K�K�K�K�K�K�	����	��H�Y��&�&�&�&�&����!�	�	�	���C�i�O�QW�YZ�[�[�[��H�Q�K�K�K�K�K�K�	���s%�A�AB�B�B7�7AD�Dc�@�t|z}tj�|��rrtddddt
|gtdddt
|gfD]N}t
j|��}|dkr0tj	dt
d|��tjd	���MdSdS)
N�-n�-o�nosuidz--bind�remount,ro,nosuid,bindr�failed to mountz->r�)�SKELETONr�r��isdir�MOUNTr��
subprocess�callr�r�r�r�)r��dest�cmd�rets    r��mount_empty_dirr��s����D�=�D�	�w�}�}�T�����D�$��(�I�t�L�u�VZ�\`�bz�}F�HL�OM�N�	�	�C��/�#�&�&�C��a�x�x��$�%6�	�4��N�N�N��������
��	�	r�c�J�tj�t��Sr�)r�r��exists�
DISABLE_ETCFSr�r�r��etcfs_is_disabledr��s��
�7�>�>�-�(�(�(r�c�p�|tjz}tj�|��r�	t|d��}|���}|���n#ttf$rYdSwxYw|�
��}	t|��S#t$rYdSwxYwdS)N�rr)
�	cagefslib�ETC_VERSIONr�r�r�r��readliner�r�r��rstrip�int�
ValueError)r��fpath�f�vers    r��get_etc_versionr��s����9�(�(�E�	�w�~�~�e����	��U�C� � �A��*�*�,�,�C�
�G�G�I�I�I�I����!�	�	�	��1�1�	�����j�j�l�l��	��s�8�8�O���	�	�	��1�1�	����
�qs#�8A)�)A>�=A>�B%�%
B3�2B3c��|tjz}tjd��}	t	|d��}|�d|z��|���nI#ttf$r5tj
d|ztd��tj
d��YnwxYwtj|��dS)Nr��wz%d
zError: failed to write r�)r�r�r�r�r��writer�r�r�r�r�r�r�r�)r�r�r�r�r�s     r��set_etc_versionr��s����9�(�(�E��(�4�.�.�K��������	���������	���	�	�	�	���W�������2�U�:�F�A�F�F�F��������������H�[�����s�<A"�"AB(�'B(c��|tjz}|tjz}	tj||��dS#tt
tjf$rYdSwxYwr�)r�r��shutil�copy2r�r��Error)�src�dst�srcpath�dstpaths    r��copy_etc_versionr��sd���I�)�)�G��I�)�)�G�
���W�g�&�&�&�&�&���W�f�l�+�
�
�
����
���s�7�A�Az/var/log/cagefs-update.logc�,�tj�t��r0t	jtd��t
jd��dStj�t��rtj	t��dSdS)Nzis a directoryr�)
r�r�r��LOGFILEr�r�r�r�r��remover�r�r��remove_log_filer��ss��	�w�}�}�W������W�&6�7�7�7���������	�����	 �	 ��
�	�'�������r�z/var/lib/mysqlz/var/lib/dav�/var/www/cgi-binz/optz/var/www/php-bin�/dev/shmz
/var/www/htmlz/var/run/pgsqlz/var/passengerz/dev/pts�/usr/local/apache/domlogs�/procz
/var/spool/atz
/var/run/dbusz/usr/local/cpanel/varz
/var/run/nscd�nodejs�pythonz/var/lib/mysql/mysql.sockz/usr/local/lsws)*z/libz/usr/libz/lib64z
/usr/lib64z/usr/includez/usr/share/localez/usr/share/terminfoz/usr/share/zoneinfoz/usr/share/vimz/usr/local/lib/perl5z/usr/local/lib/phpz/usr/local/cpanel/etcz/usr/local/cpanel/Cpanelz/usr/local/cpanel/3rdparty/perlz/usr/local/cpanel/3rdparty/libz /usr/local/cpanel/3rdparty/lib64z /usr/local/cpanel/3rdparty/sharez/usr/local/cpanel/3rdparty/phpz/usr/local/cpanel/installz/usr/local/cpanel/libz/usr/local/cpanel/htdocsz/usr/local/cpanel/sharedz/usr/local/cpanel/whostmgrz/usr/local/cpanel/sharez/usr/local/cpanel/phpz/usr/local/cpanel/libexecz/usr/local/cpanel/langz/usr/local/cpanel/cgi-privz/usr/local/cpanel/cpaddonsz/usr/local/cpanel/Whostmgrz/usr/local/cpanel/img-sysz!/usr/local/cpanel/modules-installz/usr/local/cpanel/localez/usr/local/cpanel/scriptsz/usr/local/cpanel/sbinz/usr/local/cpanel/basez/usr/local/cpanel/hooksz	/usr/javaz
/usr/saasez/usr/local/easyz/var/cpanel/ea4z/usr/share/manz/var/cpanel/userdataz/var/clwpos/uidsz/usr/share/alt-php-xray-tasksc�J�tj�t��S)zT
    Return True when /dev/shm isolation is enabled
    see CAG-954 for details
    )r�r�r��DEV_SHM_OPTIONSr�r�r��is_dev_shm_isolatedrs��
�7�>�>�/�*�*�*r�c��tj|��}tD])}|ddkr|�|dz��rdS�*dS)Nr�/FT)r��addslash�MPDIRS�
startswith)r��tmpdirs  r��is_outside_mp_pathrsR����d�#�#�D������!�9��������s�
� ;� ;���5�5���4r�c���	tjtt��t	jtd��dS#t
jdtdt��YdSxYw)Nr��copying�to)r��copyfile�
ETC_MPFILE�PREV_MPFILEr�r�r�r�r�r�r��save_cagefs_mp_backuprs\��G���
�K�0�0�0�
���e�$�$�$�$�$��G���Y�
�D�+�F�F�F�F�F�F���s	�9=�#A#Fc�N�|s;tj�t��rt	td��dStjd��}t
td��}|�d��tD]�}t��r|dkr�|dkrt��r�,|ddkrItj�|��r*|�|��|�d	����dd
lm
}m}m}tj�|��rptj�|��r|�d|z��n�tj�|��r|�d|z��notj�|��r|�d|z��n7tj�|��r|�d|z��tj�t"��t"k�rDtj�t"��}tj�|��}	|	dkr�t	d
t"d|��t	d��t	d��t	d��t	dt"��|rA|���tjt��t+jd��n^|	dkrXtj�|	��r9t/|	��r*|�|	��|�d	��tj�t0��r/|�t0��|�d	��|�d��|�d��|�d��|�d��|�d��|�dt2jzdz��|�d��|�d��|�d��t6D]H}|ddkr:tj�|��r|�d|zd	z���I|�d��t8D]H}|ddkr:tj�|��r|�d |zd	z���I|�d!��t:D]H}|ddkr:tj�|��r|�d"|zd	z���It=��r�|�d	��dd#lm}
t@D]<}tj�|��r|�d|zd	z���=tj�|
��r|�d|
zd	z��|�d	��|���tj|��tj!td$��tE��tG��t��rdd%lm$}|��tj�tJ��stM��dSdS)&Nr��r�zN# Lines, which start with "/", specify mounts, that are common for all users:
r�r�rr�
)�POSTGRES_CL7_FOLDER�
POSTGRES_CONF�DEFAULT_POSTGRES_FOLDER�%s
�/tmpz8Warning: MySQL socket is located in /tmp directory: pathz	points toz#This is not compatible with CageFS.zqPlease move socket outside of /tmp directory by changing socket= directive in /etc/my.cnf file and restart MySQL.z"Then execute cagefsctl --create-mpzDefault socket location -r�zB# You can add personal (individual) mounts for users, like below.
z_# Please, start line with "@" symbol, and then specify path and permissions (comma separated).
z7# These directories will be virtualized for each user.
z@/var/spool/cron,700
z@/var/run/screen,777
�@z,700
z!@/var/cache/php-eaccelerator,777
z@/var/php/apm/db,777
zl# Please add exclamation sign at the beginning of the line if you want to mount path read-only, like below.
�!zi# Please add "%" sign at the beginning of the line if you want to "split" mount by username, like below.
�%zd# Please add "*" sign at the beginning of the line if you want to "split" mount by UID, like below.
r)�BOX_TRAPPER_DIRr�)�add_php_session_dir_plesk)'r�r�r�r�printr�r�r�rrrr��cagefsreconfigurerrr�realpath�
MYSQL_SOCK�dirnamer��unlinkr�r�r�	LITESPEEDr��VAR_RUN_CAGEFS�READ_ONLY_MOUNTS�SPLITTED_MOUNTS�SPLITTED_UID_MOUNTSrr�SPAMASSASSIN_DIRS_FOR_CAGEFSr��add_mounts_for_php_selector�add_mounts_for_ea_php_sessionsrr
r)
�force�
exit_on_errorr�r�rrrr�rpath�rdirr�liners
             r��	create_mpr/$sW����R�W�^�^�J�/�/��
�j�(�#�#�#����(�4�.�.�K��Z����A��G�G�]�^�^�^������:�:�	�&�$6�6�6���Z���$7�$9�$9����!�9������
�
�f� 5� 5��
�G�G�F�O�O�O�
�G�G�D�M�M�M��^�]�]�]�]�]�]�]�]�]�	�w�}�}�]�#�#�	6�
�7�=�=�0�1�1�	2�
�G�G�F�4�4�5�5�5�5�
�W�]�]�.�
/�
/�	2�
�G�G�F�0�0�1�1�1��
�7�=�=�,�-�-�	6�
�G�G�F�0�0�1�1�1�1�
�W�]�]�2�
3�
3�	6�
�G�G�F�4�4�5�5�5�
�w���
�#�#�z�1�1��� � ��,�,���w���u�%�%���6�>�>��L�j�Ze�gl�m�m�m��7�8�8�8��F�
G�
G�
G��6�7�7�7��-�z�:�:�:��
����	�	�	��	�*�%�%�%��������
�S�[�[�R�W�]�]�4�0�0�[�5G��5M�5M�[�
�G�G�D�M�M�M�
�G�G�D�M�M�M�	�w�}�}�Y����	���	����	����
�
�
��G�G�Q�R�R�R��G�G�n�o�o�o��G�G�F�G�G�G��G�G�$�%�%�%��G�G�$�%�%�%��G�G�C�	�(�(��1�2�2�2��G�G�0�1�1�1��G�G�$�%�%�%��G�G�{�|�|�|�"�%�%���!�9������
�
�f� 5� 5��
�G�G�C��J�t�O�$�$�$���G�G�x�y�y�y�!�%�%���!�9������
�
�f� 5� 5��
�G�G�C��J�t�O�$�$�$���G�G�s�t�t�t�%�%�%���!�9������
�
�f� 5� 5��
�G�G�C��J�t�O�$�$�$���{�{�
�	����
�
�
�5�5�5�5�5�5�0�	'�	'�D��w�}�}�T�"�"�
'�����D���
�&�&�&��
�7�=�=��)�)�	.�
�G�G�C��'��,�-�-�-�	����
�
�
��G�G�I�I�I��H�[�����H�Z������!�!�!�"�$�$�$��z�z�$�?�?�?�?�?�?�!�!�#�#�#��7�>�>�+�&�&� ������� � r�c��|D]J}||vrD|���}	tj||z���3#ttf$rY�FwxYw�KdSr�)r�r��
removedirsr�r�)�mounts�
old_mounts�	base_path�mounts    r��remove_mount_pointsr6�sz�����������L�L�N�N�E�
��
�i�%�/�0�0�0�0���W�%�
�
�
���
����	��s�6�A
�	A
c���tj�t���r+t	tdd���}|j�rt	��}t
|j|j��t
|j|j��t
|j|j��t
|j	|j	��tj���}|D]u}||}tj|j��}|dz}tj|j|j��t
|j|j|��tj���vt)��dS)NT)r��skip_errors�skip_cpanel_checkz/.cagefs)r�r�r�r
�MountpointConfig�
common_mountsr6�personal_mounts�splitted_by_username_mounts�splitted_by_uid_mountsr��clpwd�
get_user_dictr�r'�pw_dir�
set_user_perm�pw_uid�pw_gid�
set_root_permr)�
mp_config_old�	mp_configr�r�r.�homepath�
cagefspaths       r��remove_unused_mount_pointsrJ�si��	�w�~�~�k�"�"�#)�(�k�59�;?�A�A�A�
�
�&�	)�(�*�*�I�
 �	� 7��9T�U�U�U�
 �	� 9�=�;X�Y�Y�Y�
 �	� E� -� I�
K�
K�
K�
 �	� @� -� D�
F�
F�
F���-�-�/�/�B��
)�
)���$�x��$�/���<�<��%�
�2�
��&�t�{�D�K�@�@�@�#�I�$=�$1�$A�$.�0�0�0��&�(�(�(�(������r�c�Z�|ddkr|dz}||dt|���kS)N���r)�len)�testdir�jails  r��	dirinjailrP�s4�����c����#�+���G�J�S��Y�Y�J�'�'�(r�c�B�|tj���vSr�)r�r?r@�r�s r��user_existsrS�s���8�>�/�/�1�1�1�1r�z.savec���tj�t��r(tj�t��rdSdStj�t��rdSdS)Nr��
Enable All�Disable All�Not Initialized�r�r�r��disabled_dir�enabled_dirr�r�r��
get_user_moder[�sY��	�w�}�}�\�"�"�!�
�7�=�=��%�%�	 ��7��<�	����{�	#�	#�!��}� � r�c��|dkrt��}|dkrv|rt�tjdtdt
ddtjdddt
d	d
tjdddt��t
jd
��dS|dkr�|rt�tj
�tdz��rItjddtjdddt
dtjdddt��n*tjdtjdzdz��t
jd
��dSdS)Nr�zboth directories�andzexist.
z+Please, run one of the following commands:
rz
--enable-all
z(to enable all users, except specified inrzor
z--disable-all
z)to disable all users, except specified inr�rW�/binz mode has not been selected yet.
z
or
z CageFS is not initialized. Use "z --init" to initialize CageFS)
r[r(r�r�rZrYr��argvr�r�r�r�r�)�mode�raise_exceptions  r��check_mode_errorrb�sK���t�|�|������w����	"�!�!���/��e�\�S]� N� #����-=� J�L�Y]� &� #����->� K�[�
	Z�	Z�	Z�	��������	
�"�	"�	"��	"�!�!�
�7�=�=��&��)�)�		q�� �!D�$R�$'�H�Q�K�1A�$N�P\�$,�$'�H�Q�K�1B�$O�Q\�

^�
^�
^�
^�
� �!C�C�H�Q�K�!O�Po�!o�p�p�p���������
#�	"r�c��tj�t��p#tj�t��Sr�rXr�r�r��cagefs_is_enabledrd�s)��
�7�=�=��&�&�D�"�'�-�-��*D�*D�Dr�c��tj�ttz��p+tj�t
tz��Sr�)r�r�r�rY�save_postfixrZr�r�r��save_dir_existsrg�s4��
�7�=�=��l�2�3�3�^�r�w�}�}�[�Q]�E]�7^�7^�^r�c��tj�|��r�tj�|tz��r!t	jd|tzz��dS	tj||tz��dS#ttf$r#t	j	d|d|tz��YdSwxYwdS�Nz#Error : directory %s already exists�failed to renamer
�
r�r�r�rfr�r��renamer�r�r���_dirs r��save_dirros���	�w�}�}�T���X�
�7�=�=��l�*�+�+�	X���B�d�<�FW�X�Y�Y�Y�Y�Y�
X��	�$��\� 1�2�2�2�2�2���W�%�
X�
X�
X��$�%7��t�T�,�EV�W�W�W�W�W�W�
X����X�Xs�)B�0B<�;B<c�r�tj�|tz��r�tj�|��rt	jd|z��dS	tj|tz|��dS#ttf$r#t	j	d|tzd|��YdSwxYwdSrirkrms r��restore_dirrqs���	�w�}�}�T�,�&�'�'�X�
�7�=�=����	X���B�T�I�J�J�J�J�J�
X��	�$�|�+�T�2�2�2�2�2���W�%�
X�
X�
X��$�%7��l�9J�D�RV�W�W�W�W�W�W�
X����X�Xs�!B�0B4�3B4c���t��std��dSt��tt��tt
��t��std��dSdS)NzCageFS is disabledzCageFS has been disabled)rdrrbrorYrZr�r�r��disable_cagefsrssy������
�"�#�#�#��������\�����[�������*�
�(�)�)�)�)�)�*�*r�c���t��rtd��dStt��tt��t��t��rtd��dSdS)NzCageFS is enabledzCageFS has been enabled)rdrrqrYrZrbr�r�r��
enable_cagefsru%sy������
�!�"�"�"��������������������)�
�'�(�(�(�(�(�)�)r�c�F�t��r�t��rG|rt�tjddt
zdztz��tjd��dS|rt�td��td��tjd��dSdS)N�4CageFS is enabled, but "saved" lists of users exist
�Please, remove rr�zCageFS is disabled.z9Please, run "cagefsctl --enable-cagefs" to enable CageFS.)
rgrdr(r�r��	INIPREFIXrfr�r�r)ras r��check_save_dirrz0s����������
	��
&�%�%�� �!X�$5�i�$?��$C�L�$P�
R�
R�
R��H�Q�K�K�K�K�K��
&�%�%��'�(�(�(��M�N�N�N��H�Q�K�K�K�K�K��r�c�^�t��t��}td|��dS)NzMode:)rzr[r)r`s r��print_user_moder|Bs-�������?�?�D�	�'�4�����r�Tc���t��	tjtd��n"#tt
tjf$rYnwxYw	tjtd��n"#tt
tjf$rYnwxYw|r'	ttd��n7#t$rYn+wxYw	ttd��n#t$rYnwxYwt��t��dS)NF��)rzr��rmtreerZr�r�r�rYr�
check_excluder|)�
enable_alls r��
set_user_moder�Hs+������
��
�k�5�)�)�)�)���W�f�l�+�
�
�
���
����
��
�l�E�*�*�*�*���W�f�l�+�
�
�
���
������	���u�-�-�-�-���	�	�	��D�	����	���e�,�,�,�,���	�	�	��D�	�����O�O�O������sE�+�A
�	A
�A)�)B�B�B$�$
B1�0B1�5C�
C�Cc�d�|tvr
t|Sg}tj�|��r�tj|��D]�}tj�||��}tj�|��r�|dkr�	t|d��}|���D]2}|�	��}|dkr�|�
|���3|�����#t$rtjd|��Y��wxYw��|t|<|S)Nz	.htaccessr���reading)�exclude_user_list_cacher�r�r��listdir�joinr�r��	readlinesr�r�r�r�r�r�)�exclude_path�	user_list�exclude_file_pathr�r�r.s      r��get_exclude_user_listr�js=���.�.�.�&�|�4�4��I�	�w�}�}�\�"�"�
G�!#��L�!9�!9�	G�	G���7�<�<��.?�@�@�D��w�~�~�d�#�#�

G�(9�[�(H�(H�	G��T�3���A� !���
�
�/�/��#�{�{�}�}���2�:�:�$�!�(�(��.�.�.�.��G�G�I�I�I�I���G�G�G��(��4E�F�F�F�F�F�G�����,5��L�)��s�A+D�D"�!D"c�r�tt|��tt����z
��Sr�)�list�setr�)r�s r��filter_usersr��s*����I����%:�%<�%<�!=�!=�=�>�>�>r�c�H�|dkrt|��}d|zdz|z}|rz	tj||z��n#ttf$rYnwxYwt|dz|z��	tj|dz|z��dS#ttf$rYdSwxYw	t|dz|zd��n#ttf$rYnwxYw	t||zd���	��tj
||zd��dS#ttf$rYdSwxYw)Nrr~r��)rr�r�r�r��remove_htaccess�rmdirrr�r�r�)rn�username�enable�prefix�fnames     r��toggle_filer��s���
��~�~� ��*�*����J�s�N�8�#�E�
��	��I�d�U�l�#�#�#�#����!�	�	�	��D�	����	��s�
�6�)�*�*�*�	��H�T�C�Z��&�'�'�'�'�'����!�	�	�	��D�D�	����
	���c��&��%�0�0�0�0����!�	�	�	��D�	����	�����s�#�#�)�)�+�+�+��H�T�E�\�5�)�)�)�)�)����!�	�	�	��D�D�	���sE�<�A�A�)B�B�B�B5�5C	�C	�
=D�D!� D!c�(�t��t��}t|��	tj�|��}n,#tj$rtjd|d��YdSwxYw|j	tkrtjd|dt��dStj�|j	��}|dkr|D]}tt||���dS|dkr|D]}tt||���dSdS)Nr��does not existzshould have UID >=rUrV)rzr[rbr�r?�get_pw_by_namer!�NoSuchUserExceptionr�rC�MIN_UID�	get_namesr�rYrZ)r�r�r`r��
username_list�tmp_usernames      r��toggle_userr��s;�������?�?�D��T�����
�^�
*�
*�8�
4�
4�����$������V�X�/?�@�@�@��������
�y�7�����V�X�/C�W�M�M�M����N�,�,�R�Y�7�7�M��|���)�	<�	<�L���l�F�;�;�;�;�	<�	<�	
��	�	�)�	?�	?�L���\�v�:�>�>�>�>�
�	�	?�	?s�A
�
%A6�5A6�r�c	�p�t|��}|dkr�|���t||��d}t||z��D]5}td�|||z|dz|z������6td�||dz|zd�����dSdS)NrrL�	r�)rM�sortr�ranger�)r��users_per_line�message�users_count�names     r��print_usersr��s����e�*�*�K��a���
�
�
����
�k�7�#�#�#����+��7�8�8�	Q�	Q�D��$�)�)�E�$�~�"5�t�A�v�~�6M�"M�N�O�O�P�P�P�P�
�d�i�i��t�A�v�~�5�6�6�7�8�8�9�9�9�9�9�
�r�c��g}tj���}tj|��D]�}tj�tj�||����ratjtj�||����D].}||vr(|t|��kr|�	|���/��|Sr�)
r�r?r@r�r�r�r�r�rr�)rnr�r��subdir�_files     r��!get_list_of_users_from_config_dirr��s����E�	��	%�	%�	'�	'�B��*�T�"�"�(�(��
�7�=�=�����d�F�3�3�4�4�	(���B�G�L�L��v�$>�$>�?�?�
(�
(���R�K�K�f���0F�0F�&F�&F��L�L��'�'�'����Lr�c��ttj�����}tt	|����}t||z
��Sr�)r�r�r?r@r�r�)rnr��	exc_userss   r��get_list_of_users_from_passwdr��sF�����,�,�.�.�/�/�E��5�d�;�;�<�<�I���	�!�"�"�"r�c� �t|��t��}t||��|dkr*|rtt��Stt��S|dkr*|rtt��Stt��SdS)NrUrV)rzr[rbr�rYr�rZ)�enabledrar`s   r��get_list_of_usersr��s����?�#�#�#��?�?�D��T�?�+�+�+��|����	C�0��>�>�>�4�\�B�B�B�	
��	�	��	>�4�[�A�A�A�0��=�=�=�	
�	r�c�@�t��rtd��SgS�NT)rdr�r�r�r��get_enabled_usersr��s#�����'� ��&�&�&�
�Ir�c���t��t��}t|��|dkrY|r%tt	t
��dd��dStt
tt
����dd��dS|dkrY|r%ttt��dd��dStt
t	t����dd��dSdS)NrUr�zenabled user(s)zdisabled user(s)rV)	rzr[rbr�r�rYr�r�rZ)r�r`s  r��
list_usersr��s��������?�?�D��T�����|����	n��5�l�C�C�Q�HY�Z�Z�Z�Z�Z���%F�|�%T�%T�U�U�WX�Zl�m�m�m�m�m�	
��	�	��	i��9�+�F�F��K\�]�]�]�]�]���%B�;�%O�%O�P�P�RS�Ug�h�h�h�h�h�	
�	r�c�r�t��rMt��r=tjddtzdzt
z��t
jd��ndSt��}|dkrt��}tj
���}|D]?}||vr9|dkrtt|d���#|dkrtt|d���@tt��}|D]C}||vr=||vr9|dkrtt|d���'|dkrtt|d���Dt j�t&���rZt j�t��s'	t)td	��n#t*$rYnwxYwd}	t!jt��D]�}t j�t|��}t j�t&|��}t j�|��rEt j�|��s&	t!j|����#t*$rY��wxYw��t5jt�
��}t!jt&��D]�}t j�||��}	t9jt j�t&|��|	��t!j|	t j�t|������nC#t*t>t8j f$r$tjdt&dt��YnwxYw|rt9j!|d��dSdS#|rt9j!|d��wwxYwdS)
Nrwrxrr�rUFrVTi�)�dirr	r
)"rgrdr�r�ryrfr�r�r[r�r?r@r�rYrZ�EXCLUDE_SAVE_PATHr�r�r��EXCLUDE_PATHrr�r�r�r�r!�tempfile�mkdtempr��copyrlr�r�r)
�ex_listr`r�r��old_ex_list�tmp_dirr�r��	orig_path�tmp_paths
          r�r�r�s����������	�� �!X�$5�i�$?��$C�L�$P�
R�
R�
R��H�Q�K�K�K�K�
�F��?�?�D��$���'�)�)��
��	%�	%�	'�	'�B��9�9���r�>�>��|�#�#��L�(�E�:�:�:�:���&�&��K��4�8�8�8��(�(9�:�:�K� �:�:���7�"�"�x�2�~�~��|�#�#��L�(�D�9�9�9�9���&�&��K��5�9�9�9��
�w�}�}�\�"�"�-��w�}�}�.�/�/�	�
��.��6�6�6�6���
�
�
���
������	-��Z� 1�2�2�
�
���w�|�|�$5�q�9�9���G�L�L��q�9�9�	��7�>�>�$�'�'������y�0I�0I����	�$������"������������&�+<�=�=�=�G��Z��-�-�
H�
H���7�<�<���3�3����B�G�L�L��q�9�9�8�D�D�D��	�(�B�G�L�L�1B�A�$F�$F�G�G�G�G�
H����&�,�/�	S�	S�	S�� ��L�$�@Q�R�R�R�R�R�	S�����
-��
�g�t�,�,�,�,�,�
-�
-��w�
-��
�g�t�,�,�,�,�
-����1-�-sb�F�
F%�$F%�+B#L<�I$�#L<�$
I1�.L<�0I1�1C
L<�;N�<=M<�9N�;M<�<N�N4c��d}tj���}tj�|���rFtj|��D�]2}tj�tj�||�����r�tjtj�||����D�]n}tj�|||��}tj�|��s4|�	d��sLtj�
|��r-	tj|����#ttf$rY��wxYwtj�
|��r`|dtd���}||vs|t|��kr/	tj|����	#ttf$rY��wxYw��#tj�|��r,||vs|t|��krt!j|d����p	tjtj�||������#ttf$rY��,wxYw��2dSdS)N�/var/cagefs�.lockT)r�r?r@r�r�r�r�r��islink�endswithr�r�r�r�rMrr�rr�)�bdir�pw_dbr�r�r�s     r��clean_var_cagefsr�Isc���D��N�(�(�*�*�E�	�w�}�}�T�����j��&�&�	�	�F��w�}�}�R�W�\�\�$��7�7�8�8�
� "�
�2�7�<�<��f�+E�+E� F� F�6�6�H��7�<�<��f�h�?�?�D��w�~�~�d�+�+�6�T�]�]�7�5K�5K�6�QS�QX�Q_�Q_�`d�Qe�Qe�6�!��I�d�O�O�O�O�� '��1�!�!�!� �D�!���������-�-�	6�#+�N�c�'�l�l�]�N�#;��$�E�1�1�v��QY�AZ�AZ�7Z�7Z�%� "�	�$������$+�W�#5�%�%�%� $��%����8[�
����t�,�,�6�$�E�1�1�v��QY�AZ�AZ�7Z�7Z�"�M�$��5�5�5����H�R�W�\�\�$��7�7�8�8�8�8����)�����D�����)
���	�	s6�E�E)�(E)�;G�G&�%G&�92I-�-J�Jc���t��}tj���}t	j|��D]�}tj�tj�||����rbt	jtj�||����D]/}||vr)||vs|t|��krt||d|���0��dSr�)r�r�r?r@r�r�r�r�r�rr�)rnr�r�r�r�s     r��clean_config_dirr�fs���#�%�%�G��N�(�(�*�*�E��*�T�"�"�;�;��
�7�=�=�����d�F�3�3�4�4�	;���B�G�L�L��v�$>�$>�?�?�
;�
;����(�(��e�1C�1C��Sb�ch�Si�Si�Ii�Ii���e�T�6�:�:�:���	;�;r�c���tj�t��rt	t��tj�t
��rt	t
��dSdSr�)r�r�r�rYr�rZr�r�r��clean_config_dirsr�qsZ��	�w�}�}�\�"�"�'���&�&�&�	�w�}�}�[�!�!�&���%�%�%�%�%�&�&r��c�`��d��fd�t|��D����S)Nr�c3�@�K�|]}tj���V��dSr�)�random�choice)�.0�_�charss  �r��	<genexpr>zid_generator.<locals>.<genexpr>zs-�����=�=�A�6�=��'�'�=�=�=�=�=�=r�)r�r�)�sizer�s `r��id_generatorr�ys0���
�7�7�=�=�=�=��t���=�=�=�=�=�=r�c�&�|dzt��z}	tj||��nB#ttf$r.tjd|d|��tjd��YnwxYw	t|d��n@#ttf$r,tjd|��tjd��YnwxYwt
j
���}tj|��D]�}tj
�tj
�||����rJtjtj
�||����D]}||vrt!||d�����t#j|d��dS)	N�.rjr
r�r~�failed to createFT)r�r�rlr�r�r�r�r�r�rr?r@r�r�r�r�r�r�r)rn�temp_dirr�r�r�s     r��migrate_config_dirr�}s����c�z�L�N�N�*�H��
�	�$��!�!�!�!���W�������/��t�X�F�F�F���������������T�5�!�!�!�!���W�������/��6�6�6�������������
�N�(�(�*�*�E��*�X�&�&�4�4��
�7�=�=�����h��7�7�8�8�	4���B�G�L�L��6�$B�$B�C�C�
4�
4���E�>�>���e�U�3�3�3����M�(�D�!�!�!�!�!s!�,�<A+�*A+�/B�:B=�<B=c�$�tj���}tttt
ztt
zfD]�}tj�|��r�t
j	|��D]�}tj�tj�
||����rQt
j	tj�
||����D]}||vr|t|��krdS�����dS�NFT)r�r?r@rZrYrfr�r�r�r�r�r)r�rnr�r�s    r��new_prefixes_are_usedr��s����N�(�(�*�*�E��l�K��,D�l�S_�F_�`�)�)��
�7�=�=����	)��*�T�*�*�
)�
)���7�=�=�����d�F�!;�!;�<�<�)�!#��B�G�L�L��v�,F�,F�!G�!G�)�)��!�U�N�N��?�5�;Q�;Q�1Q�1Q�#(�5�5�5�5�����4r�c�,�t���stj�t��rtt��tj�t��rtt��tj�ttz��rtttz��tj�ttz��r tttz��dSdSdSr�)r�r�r�r�rYr�rZrfr�r�r��migrate_to_new_prefixesr��s��� �"�"�9�
�7�=�=��&�&�	-��|�,�,�,�
�7�=�=��%�%�	,��{�+�+�+�
�7�=�=��l�2�3�3�	:��|�L�8�9�9�9�
�7�=�=��\�1�2�2�	9��{�<�7�8�8�8�8�8�9�9�	9�	9r�z!/etc/cagefs/cagefs.base.home.dirsc���tj�t��rDtdkrtt��atd���dkrdSdS)Nr�mount_basedir=1TF)r�r�r��
BASEDIRS_FILE�basedirsrr�r�r�r��mount_base_dir_enabledr��sV��	�w�~�~�m�$�$���t��� ��/�/�H��A�;�����#4�4�4��4��5r�c��tD]T}|���}|dks|dkr�#tj||��}|dkr|���cS�UdS)Nr�zmount_basedir=0r�)r�r��re�search�group)rH�reg_exp�ms   r��get_base_dirr��sr�������.�.�"�"���'�'�'�7�6G�+G�+G���I�g�x�(�(����9�9��7�7�9�9�����
�2r�c��t��}tj���}t	��}t
j�t���rStj	t��D�]8}t
j�t
j�
t|�����r�tj	t
j�
t|����D�]�}	||}n#t$rY�wxYw|rEt|j
��}|dkr�:t
j�
t||��|z}n.t
j�
t||��|j
z}t
j�|���r|rM	tj|d����#t$r)}	t!d|dt#|	����Yd}	~	��d}	~	wwxYwt%|��	tj|��nB#t$r5t)j|j��D]}
|�|
���Y��dwxYw	tjd��}tj|d��tj|�����#t$rY���wxYw�����:t5|��S)a?
    Returns list of users which are currently mounted in CageFS.
    Used when /proc/sys/fs/may_detach_mounts set to 0 (disabled) or does not exist
    :param fix_permissions: when True == fix permissions of directories (mount points) for users' home directories inside /var/cagefs
    :type fix_permissions: bool
    r�r�z-Error: failed to set permissions to directory�:Nr)r�r�r?r@r�r�r�r�rr�r�r�r�rAr�r�r�strr�r�r��get_all_users_with_uidrC�addr��mkdirr�)�fix_permissions�
base_dir_flagr��resr�r�r��base_dir�mount_point_path�e�user2r�s            r��get_mounted_users_oldr�s���+�,�,�M��N�(�(�*�*�E�

�%�%�C�	�w�}�}�W���'%��j��)�)�&	%�&	%�F��w�}�}�R�W�\�\�'�6�:�:�;�;�%
%��J�r�w�|�|�G�V�'D�'D�E�E�$%�$%�D�!�"�4�[����#�!�!�!� ��!����%�[�#/��	�#:�#:��#�r�>�>�$�+-�7�<�<����+N�+N�QY�+Y�(�(�+-�7�<�<����+N�+N�QS�QZ�+Z�(��w�}�}�%5�6�6�%�*�%�v� "��)9�5� A� A� A� A��#*�v�v�v� %�&U�Wg�il�nq�rs�nt�nt� u� u� u� u� u� u� u� u�����v����,�,<�=�=�=�)� "��)9� :� :� :� :��#*�)�)�)�-6�-M�b�i�-X�-X�!3�!3�E�$'�G�G�E�N�N�N�N� (��	)����%�.0�h�q�k�k�� "��)9�5� A� A� A� "��� 5� 5� 5� 5��#*�%�%�%� $��%����)%��.��9�9�sN�:D�
D�D�+G�
G4�G/�/G4�H�;I�I�=J�
J,�+J,c	��t��}tj���}g}|D]V}t	jddt
||j��ddgdd���}|jdkr|�	|���W|S)	z�
    Returns list of users which are currently mounted in CageFS.
    Used when /proc/sys/fs/may_detach_mounts set to 1 (enabled)

    �/bin/lve_suwrapperz-meckz
/usr/bin/stat�/var/.cagefsTr)�capture_output�cwdr)
r�r�r?r@r��runr�rC�
returncoder�)r�r��
mounted_usersr�r�s     r��get_mounted_users_newrs���
���E��N�(�(�*�*�E��M��'�'���n�2�G�S��t��AS�=T�=T�-�~�?�OS�Y\�^�^�^���>�Q���� � ��&�&�&���r�c�X�t��rt��St|��S)zF
    Returns list of users which are currently mounted in CageFS.
    )rrr�r�s r��get_mounted_usersrs,��$�%�%�'�$�&�&�&� ��1�1�1r�c���	tjddgtjd������d}n:#t$r-tjddd��tjd��YnwxYwtj
d	tj��}g}|�d
��D]�}|���}t|��dkr�d�|dd���}|�|��r�	t!|d��}|�t
j�|������#t($r|�|d��Y��t,j$rtjd
|��Y��wxYw��t1|��}t1t3����}||z}	t5|	��S)N�/bin/ps�auxT)�stdout�textr�
failed to run�psr�zsshd:[a-z_][a-z0-9_-]*[$]?@ptsrr��
zCan`t get user name for UID )r��Popen�PIPE�communicater�r�r�r�r�r��compile�
IGNORECASE�splitrMr��matchr��extendr?r�r�r�r!r�r�rr�)
�pl�pattern�lst�ir.�command�uid�sshd_set�mounted_set�
result_sets
          r��get_logged_in_usersr)s����
�
�y��/�
��d�
S�
S�
S�
_�
_�
a�
a�bc�
d����������_�d�E�:�:�:��������������j�:�2�=�I�I�G�
�C��h�h�t�n�n�N�N���w�w�y�y���t�9�9�q�=�=��g�g�d�2�3�3�i�(�(�G��}�}�W�%�%�

N�	N��d�1�g�,�,�C��J�J�x�~�7�7��<�<�=�=�=�=��!�����J�J�t�A�w�'�'�'��D��0�N�N�N��(�)G��M�M�M�M�M�N������3�x�x�H��'�)�)�*�*�K��K�'�J��
���s(�;>�4A5�4A5�
AE�%F�9#F�F�returnc�0�g}t��}|���D]}|�|���|���rE|���D]0}|�|���D]}|�|����1|S)z/
    Return list of id's for existing LVEs
    )�lvp_id)r �lve_id_listr��resellers_supported�lvp_id_list)�lve_list�proc_lve�lve_idr,s    r��get_lve_listr3=s����H��y�y�H��&�&�(�(� � �����������#�#�%�%�(��*�*�,�,�	(�	(�F�"�.�.�f�.�=�=�
(�
(������'�'�'�'�
(��Or�c���|���|���d}|D]�}t|��dkr�|ddkr�|���}	t	jtd|gtjtj���}|���|j	dkrd}��#t$r!tjdtd|��d}Y��wxYw��|S)NFrr�-l�r�stderrTr)
r��reverserMr�r�r�UMOUNTrrr
r�r�r�)�_list�errorr.�ps    r��umount_listr=Ms���	�J�J�L�L�L�	�M�M�O�O�O��E��
�
���t�9�9�q�=�=�T�!�W��^�^��;�;�=�=�D�

��$�f�d�D�%9�GQ��_i�_n�p�p�p���
�
�����<�1�$�$� �E����
�
�
��$�_�f�d�D�I�I�I�����
������Ls�#AB8�8(C#�"C#c��	tjtdt|zg��}|dkrt	jdt|z��dSn5#t$r(t	jdtdt|z��YdSwxYwdS)Nr5rzfailed to unmountTrF)r�r�r9r�r�r�r�)r�r�s  r��
umount_dirr?ds�����o�v�t�X�d�]�;�<�<���!�8�8�� �!4�h�t�m�D�D�D��4���������_�f�d�H�T�M�J�J�J��t�t������5s�AA�.A>�=A>c�r�d}t|��D]�}d}	tjtdgtjtj���}|���|jdkrd}nn.�\#t$r tj	dtd��d}Y��wxYw|rtj	td��|S)	zD
    Run lvectl apply all
    Returns True if error has occured
    �Fzdestroy-and-recreate-allr6rTrzdestroy-and-recreate-all failed�
r�r�r�LVECTLrrr
r�r�r���ATTEMPTSr�r;r<s    r��destroy_and_recreate_allrFqs���
�H�
�8�_�_������	�� ��3�5�!��!�����A�

�M�M�O�O�O��|�q� � ���������	�	�	�� ��&�:T�U�U�U��E�E�E�	����
�H���V�%F�G�G�G��Ls�AA.�.'B�Bc�v�d}t|��D]�}d}	tjtdddgtjtj���}|���|jdkrd}nn.�^#t$r tj	d	td
��d}Y��wxYw|rtj	td��|S)z@
    Destroy all LVEs
    Returns True if error has occured
    rAF�destroy�all�--forcer6rTrzdestroy allzdestroy all failedrBrDs    r��destroy_allrK�s���
�H�
�8�_�_������	�� �&�)�U�I�!F�;E�?�S]�Sb�d�d�d�A�
�M�M�O�O�O��|�q� � ���������	�	�	�� ��&�-�H�H�H��E�E�E�	����
�;���V�%9�:�:�:��Ls�AA0�0'B�Bc�F�d}d}|D]}|t|��zdz}�	tjtdgtjtjtjd���}|�|��n-#t$r tjdtd��d}YnwxYw|S)z�
    Run lvectl destroy for specified uids
    :param uids: list of integers (UIDs)
    :type uids: iterable
    Returns True if error has occured
    Fr�rzdestroy-manyT��stdinrr7rr�	r�r�rrCrrr�r�r���uidsr;�sr%r<s     r��destroy_lverS�s���
�E�	�A�� � ��
��C���L�4�������f�n�5�#-�?�$.�O�$.�O�"&�	
(�
(�
(��	
�
�
�a������������_�f�n�E�E�E����������L��AA4�4'B�Bc�F�d}d}|D]}|t|��zdz}�	tjtdgtjtjtjd���}|�|��n-#t$r tjdtd��d}YnwxYw|S)z�
    Run lvectl apply for specified uids
    :param uids: list of integers (UIDs)
    :type uids: iterable
    Returns True if error has occured
    Fr�rz
apply-manyTrMrrOrPs     r��	apply_lverV�s���
�E�	�A�� � ��
��C���L�4�������f�l�3�#-�?�$.�O�$.�O�"&�	
(�
(�
(��	
�
�
�a������������_�f�l�C�C�C����������LrTc��tj���}g}|D]3}	|�||j���$#t
$rY�0wxYw|Sr�)r�r?r@r�rCr�)r�r�rQr�s    r��get_uidsrX�so���N�(�(�*�*�E�
�D�����	��K�K��d��*�+�+�+�+���	�	�	��H�	�����Ks� A�
A�Ac�F�g}|D]}||vr|�|���|Sr�)r�)r:r�r#s   r��remove_duplicatesrZ�s4��
�C�
�����C�<�<��J�J�q�M�M�M���Jr�c��d}t��r&t|��rd}t|d���rd}|St|��}t	|��}t|��rd}t
jd��t|��rd}|S)z�
    Remount list of users. Skeleton should be mounted/unmounted before call of this function
    Returns True if error has occured
    :param users: list of usernames
    :type users: iterable
    FT��
do_mount_skelr�)	r,�delete_namespaces�create_namespacesrXrZrS�time�sleeprV)r�r;rQs   r��remountrb�s���
�E������U�#�#�	��E��U�%�8�8�8�	��E����E�?�?�D��T�"�"�D��4�������J�q�M�M�M���������Lr�c��d}t��r#t��rd}td���rd}nt��rd}|S)NFTr\)r,r^r_rF)r;s r��remount_allrdsY���E��������	��E��5�1�1�1�	��E��#�%�%�	��E��Lr�c�d�|D],}tj�t|z��sdS�-dSr�)r�r�r�r�)r:r�s  r��files_existrf,s<�������w�~�~�h�u�n�-�-�	��5�5�	��4r�c��|�t}tdd��}	|���}|dkrn3|�|dz��dkr|���dS�N|���dS)Nz/proc/mountsr�Tr�rrLF)r�r�r��findr�)�skeletonr2r.s   r��skeleton_is_mountedrj4s�������
�.�#�
&�
&�F����� � ���2�:�:���9�9�X�c�\�"�"�b�(�(��L�L�N�N�N��4�
��L�L�N�N�N��5r�c�`�t��rtdg��Stddg��S)Nz/var/log/messages�/etc/passwd)r�rfr�r�r��cagefs_fuse_is_mountedrmCs7�����A��/�0�1�1�1��M�+>�?�@�@�@r�c��d}t|��D]�}d}	tjdd|gtjtj���}|���|jdkrd}n,#t$rtjd|zd	z��d}YnwxYw|d
krt��rd}n<d}d}��|dkrt��rd}nd}��|dkrt��sd}nd}��|rtjd
d|d	z��|S)NrAF�
/sbin/servicezcagefs-fuser6rTz#failed to run "service cagefs-fuse �"�start�restart�stop�	executingz"service cagefs-fuse)
r�r�rrrr
r�r�r�rm)r$rEr�r;r<s     r��cagefs_fuseruLsd���H�
�8�_�_�"�"����
	�� �/�=�'�!J�;E�?�S]�Sb�d�d�d�A�
�M�M�O�O�O��|�q� � ������	�	�	�� �!F�w�!N�s�!R�S�S�S��E�E�E�	�����g���%�'�'�
�����#�����
�	�
!�
!�%�'�'�
��������
��
�
�)�+�+�
����������O���[�*@�'�#�+�N�N�N��Ls�AA'�'&B�Bc��tj�tj�td����S)N�socket)r�r�r�r��PROXYEXEC_SOCKET_DIRr�r�r��proxyexecd_is_socketryws'��
�7�?�?�2�7�<�<�(<�h�G�G�H�H�Hr�c���d}	tjdd|gtjtj���}|���|jdkrd}|dks|dkrNtjgd	�tjtj���}|���|jdkrd}n,#t$rtjd
|zdz��d}YnwxYw|rtjdd
|dz��|S)NFro�
proxyexecdr6rTrqrr)ror{�statusz"failed to run "service proxyexecd rprtz"service proxyexecd)	r�rr�STDOUTrr
r�r�r�)r$r;r<s   r��cagefs_proxyexecdr~{s&���E����o�|�W�E�OY��gq�gx�
z�
z�
z��	�
�
�����<�1����E��g����I�!5�!5�� �!J�!J�!J�KU�?�cm�ct�v�v�v�A�
�M�M�O�O�O��|�q� � �����������A�'�I�#�M�N�N�N���������
�N���[�*?����M�M�M��Ls�B)B.�.&C�Cr�c���tjd��}|D]�}tj�t|z��r5	tjt|z��n#ttf$rYnwxYwtj�t|z��s1	tt|z|����#ttf$rY��wxYw��tj|��dS�Nr)
r�r�r�r�r�r!r�r�r�r)r:r`r�r�s    r��create_mount_pointsr��s����(�1�+�+�K��
�
��
�7�>�>�(�4�-�(�(�	�
��	�(�4�-�(�(�(�(���W�%�
�
�
���
�����w�}�}�X�d�]�+�+�	�
��X�d�]�D�1�1�1�1���W�%�
�
�
���
����	�
�H�[�����s$�A�A2�1A2�B6�6C
�	C
c�^�tj�t��sIts.tjdtddtjdd��tj	d��tt��}t|��rtj
t|��dSdS)N�filez
not found
zPlease, run
r�--create-mpr�)r�r�r�rr�r�r�r�r_r�r�add_new_liner��
write_file)�mp_files r��
check_mp_filer��s���
�7�>�>�*�%�%���	o�� ���]�?�SV�S[�\]�S^�`m�n�n�n��������
�#�#�G��G���2���Z��1�1�1�1�1�2�2r�c�j�	tjt��dS#ttf$rYdSwxYwr�)r�r��SERVICE_CAGEFS_LOCKr�r�r�r�r��remove_service_lockfiler��sE��
�
�	�%�&�&�&�&�&���W��
�
�
����
���s��2�2c��	ttd�����dS#ttf$rYdSwxYw)Nr�)r�r�r�r�r�r�r�r��create_service_lockfiler��sQ��
��
 �#�&�&�,�,�.�.�.�.�.���W��
�
�
����
���s�'+�A�Ac�����fd�}|st��|��}|rt��tj�d��r�|r&|r#tjddd���|��p|}nj|rht��tj	d��td�����D]$}|r tjd	|zd
zdzdd����%|S)Nc���d}td��D]+}tj���}|sd}nt|���,ttg��|S)NTrF)r�r��get_mounted_dirsr=r�)r;r�r2�all_cagefs_mountss   �r��unmountz umount_skeleton.<locals>.unmount�sf������r���	 �	 �A��/�0A�B�B�F��
������������X�J�����r��/usr/bin/systemctlz/bin/umount -l /usr &>/dev/nullT�	/bin/bash)�shell�
executabler�z/bin/ps --no-headers -xao pidz/usr/bin/nsenter -m -t z8 /bin/bash -c 'if /bin/grep -q cagefs /proc/mounts; thenz6 /usr/sbin/cagefsctl --unmount-cur-ns; fi' &>/dev/null)r��lvectl_startr�r�r�r�r	rKr`ra�Executer)�save_mountsr��current_namespace_only�all_namespacesr�r;�pids `     r��umount_skeletonr��s7���	�	�	�	�	�"�"��!�!�!��G�I�I�E�������
�w�~�~�*�+�+�
G�!�	G��
+���@��Yd�e�e�e�e���	�	�*�U���
�	G��M�M�M��J�q�M�M�M��>�?�?�E�E�G�G�
G�
G���G��N�#<�s�#B�#]�$^�#[�$\�*.�+�G�G�G�G��
�Lr�c�T�	tj|tj��n,#ttf$rtjd|��YnwxYw	|���n#ttf$rYnwxYw	tj	|��dS#ttf$rYdSwxYw)Nzfailed to unlock)
�fcntl�lockf�LOCK_UNr�r�r�r�r�r�r!)�lockfile�locknames  r��unlockr��s���;�
��H�e�m�,�,�,�,���W��;�;�;���/��:�:�:�:�:�;����
����������W��
�
�
���
����
�
�	�(��������W��
�
�
����
���s3�"�&A�
A�A$�$A8�7A8�<B�B'�&B'c�~�tj|ddtjdd���}|���dS)NTr�rL)r�r�rr�bufsizer)r�rrr)r$�procs  r�r�r��sE����G�"&�'2�#-�?�!%�$&�(�(�(�D������a� � r��processc��g}|���}|�+|�|��|���}|�+|S)z(
    Helper to get all parents list
    )�parentr�)r��parentss  r��get_parentsr��sN���G��n�n���G�
�
����w�����.�.�"�"���
��Nr�c
���	tjtj����}|���}t|��}n#t$rg}g}YnwxYw|�dd�|���d���|D]J}|�d|j	�d|�
���d|����d����K|���dS)	z8
    Saves info about parent processes to lock file
    zCommand line: � rzpid: "z
", name: "z", command line "z"
N)�psutil�Processr��getpid�cmdliner�r�r�r�r�r��flush)�file_like_io�current_process�cmd_liner�r�s     r��save_processesr�	s��� �.�����5�5��"�*�*�,�,���o�.�.���������������������>�����(:�(:�>�>�>�?�?�?��t�t�����r�G�K�r�r�7�<�<�>�>�r�r�\c�\k�\k�\m�\m�r�r�r�s�s�s�s��������s�AA�A�Ac�4�tj�|��rxt|d��5}|���}ddd��n#1swxYwYtjd�d�|������dSdS)z-
    Prints to stdout info from lockfile
    r�Nz,Currently running cagefsctl process info:
{}r)	r�r�r�r�r�r�r��formatr�)r�r��lock_contents   r��print_lock_datar�s���
�w�~�~�h���n�
�(�C�
 �
 �	)�A��;�;�=�=�L�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)�	)����	)�	)�	)�	)���L�S�S�TX�T]�T]�^j�Tk�Tk�l�l�m�m�m�m�m�n�ns�A�A�Ac��	tj�|��s"t|d�����t|d��}	tj|t
jt
jz��nP#t$rC|s�td��tj|t
j��td��YnwxYwtj�t��r$|�d��t|��|S#ttf$r�|s�|s�tt!d���d����dkrut%jd	��tj�t��r<t%jd
��tt(j��t-|��nt%jd|��t)jd��YdSwxYw)Nr��r+z!Acquiring lock... Please wait... z
Lock acquiredrzps aux | grep cagefsctlrr�z5cagefsctl is already running. please try again later.z%current cagefsctl process informationzfailed to acquire lock file)r�r�r�r�r�r�r��LOCK_EX�LOCK_NBr�r�DEBUG_CAGEFS_MARKER�truncater�r�rMr�rr�r�r�rr�r�)r��wait�quietr�s    r��acquire_lockr�%s�����w�~�~�h�'�'�	(���3���%�%�'�'�'���$�'�'��	#��K��%�-�%�-�"?�@�@�@�@���	#�	#�	#��
���5�6�6�6��K��%�-�0�0�0��/�"�"�"�"�"�
	#�����7�>�>�-�.�.�	%����a� � � ��8�$�$�$�����W��
�
�
��	N��
N�c�'�*C�"D�"D�"J�"J�4�"P�"P�Q�Q�TU�U�U��$�%\�]�]�]��7�>�>�"5�6�6�.��(�)P�Q�Q�Q�"�3�:�.�.�.�#�H�-�-�-���$�%B�H�M�M�M����������
���s9�AD�,B�D�A
C�D�
C�AD�C&H�Hc
��t|��dk�rh|ddk�r]|���}tj�|��s4tjtd|d��|rdStj	d��t|g��tjtdddd	|t|zg��}|r.|dkr'tjtddd
|t|zg��}n[|dkrU|dkr(tjtddd|t|zg��}n'tjtddd
|t|zg��}|dkr/tjd|��tj	d��dSdSdSdS)Nrrzfile contains incorrect path -z$is NOT a directory or does NOT existr�r�r�r��--rbindr�r�z remount,nosuid,noexec,nodev,bind�remount,nosuid,bindr�)rMr�r�r�r�r�r�rr�r�r�r�r�r�r�)r.�	read_only�
ignore_errorsr�s    r��	mount_dirr�Gs~��
�4�y�y�1�}�}��a��C����{�{�}�}���w�}�}�T�"�"�	�� ��-M�t�U{�|�|�|��
����H�Q�K�K�K��T�F�#�#�#��o�u�d�D�(�I�t�X�VZ�]�[�\�\���		k��a�x�x� �o�u�d�D�:R�TX�Zb�cg�Zg�&h�i�i����a�x�x��:�%�%�$�/�5�$��>`�bf�hp�qu�hu�*v�w�w�C�C�$�/�5�$��>S�UY�[c�dh�[h�*i�j�j�C��!�8�8�� �!2�D�9�9�9��H�Q�K�K�K�K�K�+�}���&�8r�c��tjdtd��tjdtd��tjdtd��dS)NzaPlease ensure that the following option in cPanel/WHM is set to blank value (not default "home"):r�zdWHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directorieszZWhen this option is set to "home", cPanel can create home directories in incorrect places.)r�r�r�r�r�r��print_cpanel_home_warningr�`sr����x�{A�CD�E�E�E���{�~D�FG�H�H�H���q�sy�{|�}�}�}�}�}r�c�"�eZdZdZdZdZdZdZdS)�MountpointTyperrrrrN)r�r�r��COMMON�PERSONAL�SPLITTED_BY_USERNAME�SPLITTED_BY_UID�	READ_ONLYr�r�r�r�r�fs(������
�F��H����O��I�I�Ir�r�c	�@�eZdZUiZeeeeeeffed<edddfdede	de	de	fd�Z
deeeeffd	�Zdeeeeffd
�Zdedeeeefdd
fd�Z
dededeeeefdd
fd�Zdede	fd�Zdeeeefdd
fd�Zdeeeefdd
fd�Zedeeeeffd���Zedeefd���Zed���Zed���Zed���Zed���Zd
S)r:�mpconfig_cacheFr�r8r9�ignore_cachec�p�||_||_||_||_|���|_dSr�)r�r8r9r��_load�data)�selfr�r8r9r�s     r��__init__zMountpointConfig.__init__|s6��
��	�&���!2���(����J�J�L�L��	�	�	r�r*c��|js|j|jvr!|���|j|j<t	j|j|j��S)z�
        Load a list of mount points from the config file.
        Use cached value if exists unless special option specified.
        )r�r�r��_read_configr��deepcopy�r�s r�r�zMountpointConfig._load�sT��
��	A��	��1D� D� D�-1�->�->�-@�-@�D���	�*��}�T�0���;�<�<�<r�c���tt��}	t|j��5}|D]}|�||���	ddd��n#1swxYwYnI#t
$r<|jr|cYStjd|j��tj
d��YnwxYw|js#t��r|�
|��|�|��|S)z]
        Read the config file and construct
        a complete list of mount points.
        Nzfailed to readr�)r
r�r�r��_process_mount_liner�r8r�r�r�r�r9r�_process_cpanel_mounts� _process_proxyexec_socket_mounts)r�r2r�r.s    r�r�zMountpointConfig._read_config�sA��
�T�"�"��	��d�i���
;�A��;�;�D��,�,�T�6�:�:�:�:�;�
;�
;�
;�
;�
;�
;�
;�
;�
;�
;�
;����
;�
;�
;�
;����	�	�	���
��
�
�
�� �!1�4�9�=�=�=��H�Q�K�K�K�K�K�		�����%�	0�)�+�+�	0��'�'��/�/�/��-�-�f�5�5�5��
s:�A�A�A�A�A�A�A�B%�4.B%�$B%r.r2Nc���|�d��rdS|���}tD]6}|�|j��r|�|||��dS�7dS)z�
        Process the line specifying a mount point.
        Determine whether the line belongs to
        any of predefined types and process it accordingly.
        �#N)rr�r��value�
_process_line)r�r.r2�
mount_types    r�r�z$MountpointConfig._process_mount_line�s����?�?�3���	��F��{�{�}�}��)�	�	�J����z�/�0�0�
��"�"�4��V�<�<�<����
�	�	r�r�c��|tjkrdnd}|tjkr|�d��nd}|dkr
|||�n	||d�}|���}|�|��r9|jrdStjd|d|j	��tjd��|tjkr%||j�
|dz��dS||j�
|��|tjkr/|tjj�
|dz��dSdS)Nrr��,rLzInvalid mount point�in filer)r�r�r��rfindr��_is_invalid_mount_pointr8r�r�r�r�r�r�r�r�)r�r.r�r2rq�endr�s       r�r�zMountpointConfig._process_line�sD�� �>�#8�8�8���a��!+�~�/F�!F�!F�d�j�j��o�o�o�B��"%��)�)�t�E�#�I����e�f�f����{�{�}�}���'�'��-�-�	���
���� �!6��i���S�S�S��H�Q�K�K�K���.�.�.��:�?�#�*�*�4�$�;�7�7�7�7�7��:�?�#�*�*�4�0�0�0��^�5�5�5��~�,�1�2�9�9�$��+�F�F�F�F�F�6�5r�c�l�|dkp.|�d��pd|vp|�d��S)zA
        Check if a given path is an invalid mount path.
        r�/../�/..)rr�)r�r�s  r�r�z(MountpointConfig._is_invalid_mount_point�sI���s�{�$��?�?�3�'�'�'�$���~�$��}�}�U�#�#�	$r�c��|tjj}|D]`}|���}d|vrFt	��r8tjd|j�d|�d�td��t��dS�adS)z1
        Check invalid paths for cPanel.
        �homezWarning: file z contains line "rpr�N)
r�r�r�r��invalid_homes_existr�r�r�r�r�)r�r2r;r.s    r�r�z'MountpointConfig._process_cpanel_mounts�s����~�4�9�:�
�!�	�	�D��;�;�=�=�D���~�~�"5�"7�"7�~�� �!T�$�)�!T�!T�T�!T�!T�!T�V\�^_�`�`�`�)�+�+�+�����	�	r�c���|tjj}t�d�}t�d�}||vr|�|��||vr|�|��dSdS)z@
        Add correct path to the proxyexec socket file.
        rN)r�r�r��PROXYEXEC_SOCKET_DIR_OLDrxr�r�)r�r2r;�proxyexec_socket_dir_old_line�proxyexec_socket_dir_lines     r�r�z1MountpointConfig._process_proxyexec_socket_mounts�s����~�4�9�:�
�+C�(G�(G�(G�%�';�$?�$?�$?�!�(�M�9�9�� � �!>�?�?�?�$�M�9�9�� � �!:�;�;�;�;�;�:�9r�c��|jSr�)r�r�s r��
all_mountszMountpointConfig.all_mounts�s
���y�r�c�:�|jtjjSr�)r�r�r�r�r�s r�r;zMountpointConfig.common_mounts�s���y��.�3�4�4r�c�:�|jtjjSr�)r�r�r�r�r�s r�r<z MountpointConfig.personal_mounts�s���y��0�5�6�6r�c�:�|jtjjSr�)r�r�r�r�r�s r�r=z,MountpointConfig.splitted_by_username_mountss���y��<�A�B�Br�c�:�|jtjjSr�)r�r�r�r�r�s r�r>z'MountpointConfig.splitted_by_uid_mountss���y��7�<�=�=r�c�:�|jtjjSr�)r�r�r�r�r�s r��read_only_mountsz!MountpointConfig.read_only_mountss���y��1�6�7�7r�)r�r�r�r�rr�r
�__annotations__r�boolr�r�r�r�r�r�r�r�r��propertyr�r;r<r=r>rr�r�r�r:r:ns��������79�N�D��d�3��S�	�>�2�2�3�8�8�8�(�%*�+0�&+�		!�	!��	!�"�	!�%)�	!� $�		!�	!�	!�	!�=�t�C��c��N�+�=�=�=�=��d�3��S�	�>�2�����,���T�#�t�C�y�.�5I��d�����"G��G�"0�G�#�3��S�	�>�2�G�8<�G�G�G�G�4$�C�$�D�$�$�$�$�
�T�#�t�C�y�.�-A�
�d�
�
�
�
�<�t�C��c��N�7K�<�PT�<�<�<�<���D��d�3�i��0�����X���5�t�C�y�5�5�5��X�5��7�7��X�7��C�C��X�C��>�>��X�>��8�8��X�8�8�8r�r:c�4�ttdz��dS)Nz start > /dev/null 2>&1)r�rCr�r�r�r�r�s���F�,�,�-�-�-�-�-r�c��|�d��rdStj|��}|D].}tj|��}|�|��rdS�/dS)z�
    Return True when path is included in one of the read-only paths
    :param path: mount path to check
    :type path: string
    :param read_only_mounts: list of read-only mounts from cagefs.mp file
    :type read_only_mounts: list
    z/opt/cpanel/ea-phpTF)rr�r)r�rr5s   r��mount_should_be_readonlyrsr�����+�,�,���t���d�#�#�D�!�����"�5�)�)���?�?�5�!�!�	��4�4�	��5r�c��tjd���}ttd�|����}|rdSt	��}tjd���}|D].}tj|��}t
||j��rdS�/dS)z�
    Search CageFS for mounts that do not have 'nosuid' option
    Also search for read-write mounts that should be read-only
    Return True when found, False otherwise
    For details see CAG-526, CAG-634
    T��without_nosuidc�
�d|vS)Nz/proc/sys/fs/binfmt_miscr�)�xs r��<lambda>z%unsafe_mounts_exist.<locals>.<lambda>,s��)C�1�)L�r���rw_mounts_onlyF)r�r�r��filterr:�
strip_pathrr)�no_suid_dirsrG�	rw_mountsr5r�s     r��unsafe_mounts_existr$s����-�t�D�D�D�L���L�L�l�[�[�\�\�L����t� �"�"�I��*�D�A�A�A�I������#�E�*�*��#�D�)�*D�E�E�	��4�4�	��5r�c	��dd�}|tt��ttjd�����}|D]2}tj|��}|||t||������3ttjd�����|z
}|D]4}tj|��}t||��r|||d����5dS)	z�
    Remount all CageFS "unsafe" mounts, so that they become "safe".
    Make all mounts "nosuid", and make some mounts "read-only" (when needed)
    For details see CAG-526, CAG-634
    Fc���|r#tjtdddd|z|g��}n"tjtdddd|z|g��}|dkrtjd|��dSdS)Nr�r�r�z(/usr/share/cagefs/not-existing-directoryr�rr�)r�r�r�r�r�)�old�newr�r�s    r��remount_dirz*remount_unsafe_mounts.<locals>.remount_dir>s����	C��/�5�$��6N�Pz�{~�P~�AD�#E�F�F�C�C��/�5�$��6K�Mw�x{�M{�~A�#B�C�C�C��!�8�8�� �!2�C�8�8�8�8�8��8r�Tr)r�r
N�F)r�r�r�r�rr)rr�	wo_nosuid�path_new�path_oldrs      r��remount_unsafe_mountsr8s��9�9�9�9��K��(�#�#�#��I�.��E�E�E�F�F�I��h�h���'��1�1����H�h�2J�8�Ue�2f�2f�g�g�g�g�g��I�.��E�E�E�F�F��R�I��<�<���'��1�1��#�H�.>�?�?�	<��K��(�d�;�;�;�;��<�<r��/etcz/var/logz/var/run/screenz/var/spool/cron�/var/cache/php-eacceleratorrc�P�	tj|��S#t$rYnwxYwdS)zs
    Return value of symlink or None when error occurs
    :param path: path to symlink
    :type path: string
    N)r��readlinkr�)r�s r��read_symlinkr"^s<��
��{�4� � � ���
�
�
���
�����4s��
#�#c�"�tj�|��st|��sdStj�|��}t
|z}tj�|��}|dz}tj�||��}tj	|dd���tj�
|��r tj�||��s�tj|��	tj
||��n�#t$r�}tj�|��r tj�||��s=tjd|zdz|zdzt#|��zt$d	��Yd}~dSYd}~nd}~wwxYwtj	t
|zddd�
��t'|��}||kr�tj|��	tj||��ni#t$r\}t'|��}||kr=tjd|zdz|zdzt#|��zt$d	��Yd}~dSYd}~nd}~wwxYw|rt+||��dSdS)a7
    Mount one separate file to CageFS using hardlink & mount
    :param path: path to file
    :type path: string
    :param do_mount: when True mount directory with hardlink to CageFS
    :type do_mount: bool
    :param read_only: when True mount read-only, read-write otherwise
    :type read_only: bool
    N�.cagefsr�F��
allow_symlinkz!Error: failed to create hardlink � to � : r��r&�update_perm� Error: failed to create symlink )r�r�r�rrr��basenamer�r��make_dirr��samefiler!�linkr�r�r�r�r�r"�symlinkr�)	r��do_mountr��	skel_path�filename�dir_path�
hardlink_pathr�spaths	         r��
mount_filer7ks����7�>�>�$�����t�(<�(<����
�7���D�!�!�D��4��I��w����%�%�H��i��H��G�L�L��8�4�4�M�
��x��e�<�<�<�<�
�7�?�?�=�)�)����1A�1A�$�
�1V�1V�����'�'�'�	��G�D�-�(�(�(�(���	�	�	��7�>�>�-�0�0�
���8H�8H��}�8]�8]�
�� �!D�}�!T�W]�!]�`d�!d�gl�!l�or�st�ou�ou�!u�w}�@A�B�B�B�������
�
�
�
�
�����	������x�(�*�E��TY�Z�Z�Z�Z���#�#�E��
������#�#�#�	��J�}�i�0�0�0�0���	�	�	� ��+�+�E��
�%�%�� �!C�i�!O�RX�!X�[h�!h�kp�!p�sv�wx�sy�sy�!y�|B�DE�F�F�F�������&�%�%�%�%�����	����
�'��(�I�&�&�&�&�&�'�'s2�	D�
F/�)A6F*�*F/�<H�
I8�AI3�3I8r1c�p�t��sdStt|���tj�td��}tj�|��stj	|ddd���tttj�|d����dS)z|
    Mount socket of systemd-journal into CageFS
    :param do_mount: when True mount directory with hardlink to CageFS
    N�r1�devr�F)r��permr&r*�log)r*r7r)r�r�r�r�r�r�r-r)r1�skeleton_dev_dirs  r��_mount_systemd_journal_socketr>�s���%�&�&�����%��9�9�9�9��w�|�|��
�����7�>�>�*�+�+�
���!����		
�	
�	
�	
���
������	
�	
�����r�c	�z�t��td��tt��|st	��s#td��rt
jd��tdg��td���tj
tddd	d
ttg��}|dkrtjdt��t��}|j}|j}|jt&_t|��t+jd��}t/t&j��D]K}|���}|d
kr/|dkr)|�d��st5|||vd����L	d}t+j|��D]�}t*j�||��}	t*j�|	��rOt?|	d��5}
|
D]#}tA|������$	ddd��n#1swxYwY��n,#tB$r}tjd|��Yd}~nd}~wwxYwtEd���tGtHdd���tKd���t5d
��tM|��tt��t|��t+j|��tO��|r8tQ��tS��tU��tW��tY��dS)z�
    Function remounts skeleton and all users
    !!WARNING!!: part of this logic is duplicated in jail.c from kmoc-lve project
    :param remount_users: when True, destroy&create LVE&namespaces for all users
    :type remount_users: bool
    z,/bin/mount --make-rprivate / >/dev/null 2>&1rrr�rF)r�r�r�r�r�rr�r�z/tmp/T)r�r�z/etc/cagefs/empty.dirsr�NzError while reading file.r9)r1r�)-r�r�r��MOUNT_POINTSryr~r�r�r�r�r�r�r�r�r�r:rr<r;r�r2r�r��sortedr�rr�r�r�r�r�r�r�r��setup_cpanel_multiphpr7�LICENSE_TIMESTAMP_FILEr>rr�r�rdrJ�remove_remount_flagr�)
�
remount_usersr�rGrr<r�r.�emptied_dirs_pathr3�emptied_config�emptied_dirs_file�emptied_dirrs
             r��mount_skeletonrJ�ss���O�O�O��:�;�;�;���%�%�%���1�3�3���Y�'�'�	��H�Q�K�K�K����!�!�!��%�(�(�(�(�
�/�5�$��h�	�8�X�V�
W�
W�C�
�a�x�x���.��9�9�9�!�"�"�I� �1���/�O� �.�I����(�(�(��(�1�+�+�K��y�'�(�(�Z�Z���{�{�}�}���7�?�?�t�v�~�~�d�o�o�g�6N�6N�~��d��1A�)A�TX�Y�Y�Y�Y��	=�4���
�#4�5�5�	>�	>�H��W�\�\�*;�X�F�F�N��w�~�~�n�-�-�
>��.�#�.�.�>�2C�'8�>�>��'��(:�(:�(<�(<�=�=�=�=�>�>�>�>�>�>�>�>�>�>�>�>����>�>�>�>��	>���=�=�=���8�!�<�<�<�<�<�<�<�<�����=�����4�(�(�(�(��%���E�E�E�E�!�4�0�0�0�0��g�����*�+�+�+���%�%�%���(�(�(��H�[�����N�N�N��������
�
�
�"�$�$�$����������s=�A'H-�,'H �H-� H$	�$H-�'H$	�(H-�-
I�7I�Ic�F�|D]�}tj�|��}|dz}|�tdz��rZtjd|d��tj|��}||krtjd|d��tj
d����dS)Nrr�zis incorrectz
(it refers to�)r�)r�r�rrr�r�r�r�r'r�r�)�pathsr��path2s   r��verify_pathsrO	s��������� � ��&�&���������H�S�L�)�)�	�� ���~�>�>�>��(��/�/�E���}�}��$�_�e�S�A�A�A��H�Q�K�K�K���r�c�4�eZdZd�Zd	d�Zd�Zd�Zd�Zd�ZdS)
�cagefs_initc�L�g|_g|_g|_g|_g|_dSr�)�didfiles�didsections�
diddevices�didusers�	didgroupsr�s r�r�zcagefs_init.__init__&	s*����
���������
�����r�rc
��|rQt|��tj|||d|dd|dd||j|d��
�
|_dSdS)Nr*�verboser��hardlink�update)�
check_libs�try_hardlink�retain_owner�try_glob_matching�handledfilesr[)rOr��copy_binaries_and_libsrS)r��config�chrootrM�try_globs     r��update_pathszcagefs_init.update_paths.	s����	V������%�<�V�U�F�SZ�O�]c�dm�]n�{|�!'�
�!3�!�W_�nr�n{�EK�LT�EU�V�V�V�D�M�M�M�	V�	Vr�c�Z�tj��}|�|||��dSr�)r��get_alt_php_libsre)r�rbrcrMs    r��update_alt_php_libszcagefs_init.update_alt_php_libs5	s.���*�,�,�����&�&�%�0�0�0�0�0r�c	�~�|ddkr
|dd�}tj�|��s7td|z��t	|d��tj|d��t
j||d��}|D]K}t��||j	vr2|�
||||��|j	�|���Lt
j||d��}|dkr'	|�d��n#t$rYnwxYw|t
j||d	��z}|t
j||d
��z}|t
j||d��z}|t
j||d��z}|�|||d
���t
j||d��}|�|||d
���t
j||d��}	|	D]"}
t
j||
|dd
dd
����#g}g}t
j||d��}
|
D] }||jvr|�|���!t
j||d��}
|
D] }||jvr|�|���!t
jt$|||d��t
jt$|||d��t
jtjdz|||d��t
jtjdz||d��|j|z|_|j|z|_t
j||d��}|D]~}||jvrst
j|tj�|��|dd
dd
���t
j|||d��|j�|���dS)NrLrzCreating jail r��includesectionsrM�directadminz/usr/local/awstats/�	libraries�executables�regularfiles�directoriesr�)rd�
paths_w_owner�	emptydirsrYr)�copy_permissions�
allow_suid�copy_ownershipr��groupsr�devices)r�r�r�rrr�r��config_get_option_as_listr�rT�handle_cfg_sectionr�r�r�re�create_parent_pathrV�init_passwd_and_group�FUSE_DIR�init_safe_users_and_groups�ETC_TEMPLATE_NEW_DIR�init_shadowrWrUr �copy_device)r�rbrc�cfg�section�sections�tmprMrprq�edirr�ru�tmplistrvs               r�rxzcagefs_init.handle_cfg_section:	s���"�:�����C�R�C�[�F�����v�&�&�	$��"�6�)�*�*�*����'�'�'��H�V�U�#�#�#��6�s�7�CT�U�U���	-�	-�C��O�O�O��4�+�+�+��'�'��v�c�#�>�>�>�� �'�'��,�,�,���3�C���H�H���m�#�#�
����2�3�3�3�3���
�
�
���
�����	�;�C���T�T�T���	�;�C��
�V�V�V���	�;�C���W�W�W���	�;�C��
�V�V�V�����&�&�%�A��>�>�>�!�;�C���X�X�
����&�&�-�A��F�F�F��7��G�K�P�P�	��	}�	}�D��(���f�Y�6G�Z[�hi�z{�|�|�|�|�|������5�c�'�'�J�J���	"�	"�C��4�=�(�(����S�!�!�!���5�c�'�(�K�K���	#�	#�C��4�=�(�(��
�
�c�"�"�"���'��%���	�AR�S�S�S��,�X�u�f�f�Y�FW�X�X�X��'�	�(F�v�(M�u�V\�^d�en�^o�p�p�p���i�<�V�C�U�F�S\�L]�^�^�^��
��-��
����/����5�c�'�)�L�L���	,�	,�C��4�?�*�*��,�V�B�G�O�O�C�4H�4H�&�QZ�J[�no�|}�OP�Q�Q�Q�Q��%�f�S��	�1B�C�C�C���&�&�s�+�+�+��		,�	,s�.D�
D�Dc�T�|r%t|��tj|��dSdSr�)rOr��copy_to_etc)r�rMs  r��update_etc_pathszcagefs_init.update_etc_pathsz	s9���	)�������!�%�(�(�(�(�(�	)�	)r�c���tj||d��}|D]<}||jvr1|�|||��|j�|���=tj||d��}|tj||d��z}|tj||d��z}|tj||d��z}|tj||d��z}|�|��tj||d��}|�|��g}g}	tj||d��}
|
D] }||jvr|�|���!tj||d	��}
|
D] }||jvr|	�|���!tjtjd
z||	|d��tj	tjd
z||d��|j|z|_|j|	z|_
dS)NrjrMrlrmrnrorpr�rurrY)r�rwrT�update_etc_from_sectionr�r�rVrzr}r~rW)r�rbr�r�r�r�rMrpr�rur�s           r�r�z#cagefs_init.update_etc_from_section	s���6�s�7�CT�U�U���	-�	-�C��4�+�+�+��,�,�V�C��<�<�<�� �'�'��,�,�,���3�C���H�H���	�;�C���T�T�T���	�;�C��
�V�V�V���	�;�C���W�W�W���	�;�C��
�V�V�V�����e�$�$�$�!�;�C���X�X�
����m�,�,�,������5�c�'�'�J�J���	"�	"�C��4�=�(�(����S�!�!�!���5�c�'�(�K�K���	#�	#�C��4�=�(�(��
�
�c�"�"�"���'�	�(F�v�(M�u�V\�^d�en�^o�p�p�p���i�<�V�C�U�F�S\�L]�^�^�^��
��-��
����/����r�N)r)	r�r�r�r�rerhrxr�r�r�r�r�rQrQ$	sx���������V�V�V�V�1�1�1�
=,�=,�=,�@)�)�)�
"0�"0�"0�"0�"0r�rQc���|D]�}tj�t|z��r�tj�t|z��s�	tjt|zd��n$#ttt
j	f$rYdSwxYw	tj
d��}tjt|z��tj
|����#ttf$rY��wxYw��dS)NFTr)r�r�r�r�r�r�rr�r�r�r�r�)r:r�r�s   r��mount_points_busyr��	s�������
�7�=�=��$��'�'�	�������
�1N�1N�	�
��
�h�t�m�U�3�3�3�3���W�f�l�3�
�
�
��t�t�t�
����
� �h�q�k�k�����$��'�'�'����%�%�%�%���W�%�
�
�
���
������5s%�A2�2B�B�AC�C0�/C0c�z�tdg��r*tjd��tjd��dSdS)Nrz6failed to unmount CageFS - skeleton directory is busy.r�)r�r�r�r�r�r�r�r��check_skeleton_not_busyr��	sA���&��"�"����U�V�V�V����������r�c���t��rt��t|d���tjd��t��r(t
jd��tj	d��|rdt��s"t��rtj	d��t��tjd��|rt��dSdSdS)NT�r�r�r��!failed to unmount cagefs-skeleton)
r,r^r�r`rarjr�r�r�r�rdrJr��rE�
check_busyr�s   r��unmount_allr��	s������������(9�D�Q�Q�Q�Q�	�J�q�M�M�M�������@�A�A�A��������&�%�'�'�	�K�M�M�	��H�Q�K�K�K�"�$�$�$��
�1�
�
�
��	&�#�%�%�%�%�%�
&�&�
	&�	&r�c�R�t��jt_tj||��rdS|dkrtj��}tjtj�	|����}|D]%}tj|��}|||��rdS�&dS�NTF)
r:r;r�r2�mounts_are_foundr�rr�r�r)r��proc_mounts�
comparatorrNr5s     r�r�r��	s���'�)�)�7�I���!�$�
�3�3���t��d����0�2�2����r�w�/�/��5�5�6�6�E������"�5�)�)���:�e�U�#�#�	��4�4�	��5r�c�:�t||tj���S�N)r�r�)r�r��$path_includes_mount_point_comparator�r�r�s  r��path_includes_mount_pointr��	s���D��)�Jx�y�y�y�yr�c�:�t||tj���Sr�)r�r��path_is_mounted_comparatorr�s  r��path_is_mountedr��	s���D��)�Jn�o�o�o�or�c���	ttd�����dS#t$r3}t	jdtt
|����Yd}~dSd}~wwxYw)Nr�r�)r��REMOUNT_FLAGr�r�r�r�r�)rs r��create_remount_flagr��	s{��G��\�3���%�%�'�'�'�'�'���G�G�G���/��s�1�v�v�F�F�F�F�F�F�F�F�F�����G���s�'+�
A(�(A#�#A(c�\�	tjt��dS#t$rYdSwxYwr�)r�r!r�r�r�r�r�rDrD�	s?��
�
�	�,��������
�
�
����
���s��
+�+c�@�tj�d��S)Nz$/etc/cagefs/disable.home.dirs.search)r�r�r�r�r�r��home_dirs_search_is_disabledr��	s��
�7�>�>�@�A�A�Ar�c
�	�t��rdStj��}|sdStj��}t	��}d}|D�]j}t
|z}	|�r�tj�|���r_tj�	|��r�|dkr@|stdd���d}t
j|��t
j|d���n�t
j
|��}|dkr>|stdd���d}t
j|��t
jd|���n>|dkrJtj�|��s)t
j|��t
j|d���n�t!||��s>|stdd���d}tj|��t
jd|���n�t
jd|���n�tj�	|���rktj�|��}|dd�}tj�|���rtj�	|��rRt't
j
|����}||kr)t
j|��t
j||���n�tj�|��rQt!||��s?|stdd���d}t)j|d��t
j||���n=t
j|��t
j||���nt
j||��n�tj�|��r�tj�|��r�tj�	|��r?|stdd���d}t
j|��t
j|d��n`tj�|��r���t
j|��t
j|d��nt
j|d����0#t,$r/}t/jd	|d
t3|����Yd}~��dd}~wwxYw|rt5��|S)a
    Create /usr/share/cagefs-skeleton/home* directories and symlinks when needed,
    so they have the same meaning as in real file system. Make all symlinks relative to /usr/share/cagefs-skeleton.
    Create need.remount flag when needed. Return True if remount is needed.
    Fz/homeT�rEr�r�r�r�Nr�r�)r�r��get_homeN_dirsr�r�r�r�r�r�r�r�r!r�r!r0r�r��remove_file_or_dirrr'r�rr�r�r�r�r�)	�homesr��!always_home_mounting_mode_enabled�	unmountedr�r��skel_link_to�link_tor�s	         r��create_homeN_dirs_in_skeletonr�
s��������u��$�&�&�E����u��,�.�.�K�(D�(F�(F�%��I��FJ�FJ���$���D	J�0�A
.��7�?�?�4�(�(�-��w�~�~�d�+�+�1��7�?�?�#,�1� +�D�u� U� U� U� U�,0�	��I�d�O�O�O��H�T�5�1�1�1�1�+-�;�t�+<�+<�L�+�v�5�5�'0�!5�$/��SX�$Y�$Y�$Y�$Y�04�I� "�	�$���� "�
�6�4� 8� 8� 8������!�w�}�}�T�2�2�2��I�d�O�O�O��H�T�5�1�1�1��-�d�K�@�@�1�(�-�'��5�Q�Q�Q�Q�(,�I�!�4�T�:�:�:��
�6�4�0�0�0���J�v�t�,�,�,�,��7�>�>�$�'�'�#.� �g�.�.�t�4�4�G�%�a�b�b�k�G��w���t�,�,�2��7�>�>�$�/�/�6�+5�b�k�$�6G�6G�+H�+H�L�+�w�6�6� "�	�$���� "�
�7�D� 9� 9� 9���W�]�]�4�0�0�	6�#3�D�+�#F�#F�:�'0�!5�$/��SX�$Y�$Y�$Y�$Y�04�I� &�
�d�D� 9� 9� 9� "�
�7�D� 9� 9� 9���I�d�O�O�O��J�w��5�5�5�5��
�7�D�1�1�1�1��W�]�]�4�(�(�.��w���t�,�,�
.��7�>�>�$�/�/�
2�#,�1� +�D�u� U� U� U� U�,0�	��I�d�O�O�O��H�T�5�1�1�1�1��W�]�]�4�0�0�2�$��I�d�O�O�O��H�T�5�1�1�1�1����u�-�-�-����	J�	J�	J�� �!3�T�3��C���I�I�I�I�I�I�I�I�����	J�����������s�OQ=�<?Q=�=
R6�$R1�1R6c
���tj�t��r/t	��s!t��st
j��sdSt
jd���}|D]�}t|z}	tj�|��r�tj�|��rytj�	|��}|dd�}ttj|����}||kr)tj|��tj
||����#t$r.}tjd|dt#|����Yd}~��d}~wwxYwdS)zu
    Update symlinks /usr/share/cagefs-skeleton/home*, so they point to the same location as in real file system
    NT)�use_globr�zfailed to process symlinkr�)r�r�r�r�r�r�r�r�r�rr'r!r!r0r�r�r�r�)r�r�r�r�r�r�s      r��!update_homeN_symlinks_in_skeletonr�\
sv���7�=�=��"�"��&<�&>�&>��B^�B`�B`��hq�iA�iC�iC�����$�d�3�3�3�E��S�S���$���		S��w�~�~�d�#�#�
.�����t�(<�(<�
.��'�*�*�4�0�0��!�!�"�"�+��)�"�+�d�*;�*;�<�<���7�*�*��I�d�O�O�O��J�w��-�-�-����	S�	S�	S�� �!<�d�C��S���R�R�R�R�R�R�R�R�����	S����S�Ss�:B7D2�2
E*�<$E%�%E*c�Z�d}t|t��s&d}t|t��st|��}t��}|D]�}tj�|��}|�d��r�tj�|��}|dkr_||vr6||vr2|�|��|rd||<n|�|��tj�|��}|dk�_��|�	t|����dS)zP Add parent directories to list_of_files if they do not present in set_of_files TFrr�N)�
isinstance�dictr�r�r��normpathrr r�rr�)�
list_of_files�set_of_files�is_dictr�r3r�s      r��add_parentsr�q
s-���G��l�D�)�)�-����,��,�,�	-��|�,�,�L��e�e�G�!�1�1���7�#�#�H�-�-�����s�#�#�		1��W�_�_�X�.�.�F��C�-�-��,�.�.�V�7�5J�5J��K�K��'�'�'��1�/0��V�,�,�$�(�(��0�0�0������0�0���C�-�-������g���'�'�'�'�'r�c�D�t��i}ttj��}t	t|����D]-}||�ddd��||<d|||<�.t||��|���tj
d��}ttd��}|D]}|�
d|z���|���tj
|��tjtd��dS)Nrr�r�rr�rr�)r�r�r��
white_listr�rM�replacer�r�r�r�r��FUSE_WHITE_LISTr�r�r�)r��white_list_copy�indr�r�r3s      r��save_etc_white_listr��
s���O�O�O��J��9�/�0�0�O��S��)�)�*�*�-�-��.�s�3�;�;�F�B��J�J����+,�
�?�3�'�(�(����,�,�,��������(�4�.�.�K���#�&�&�E�#�'�'��
���F�X�%�&�&�&�&�	�K�K�M�M�M��H�[�����H�_�e�$�$�$�$�$r�c��ttj��atjat	tt��dSr�)r�r��
files_list�	list_copyr�r�r�r��add_parents_to_listsr��
s0���Y�)�*�*�I��%�J��	�:�&�&�&�&�&r�c��t��|�t}|���tjd��}	ttd��}|D]}|�d|z���|���nF#t$r9}tjdtzdzt|��z��Yd}~nd}~wwxYwtj|��	tj
td��dS#t$r:}tjdtzdzt|��z��Yd}~dSd}~wwxYw)Nr�r�r�Failed to write r(r�z Failed to change permissions of )r�r�r�r�r�r��
FILES_LISTr�r�r�r�r�r�r�r�)r�r�r�r3rs     r��save_list_of_files_in_skeletonr��
sg���O�O�O����
��O�O�����(�4�.�.�K�O���S�!�!��"�	'�	'�H�
�G�G�F�X�%�&�&�&�&�	���	�	�	�	���O�O�O���/�*�<�u�D�s�1�v�v�M�N�N�N�N�N�N�N�N�����O�����H�[����_�
���U�#�#�#�#�#���_�_�_���?�*�L�u�T�WZ�[\�W]�W]�]�^�^�^�^�^�^�^�^�^�����_���s1�AB�
C�/C�C�#C?�?
E�	/D>�>Ec�j�	t|d��}n#t$rYdSwxYw	|���}|dkrn_|ddkrR|���}|dkr"|ddkr|�|��ntjd|d���z|���dS)	Nr�Tr�rrrr�zis relative)r�r�r�r�r�r�r�r�)r3r:r�r.s    r��	load_listr��
s�����X�s�#�#���������������	B��~�~�����2�:�:����7�d�?�?��;�;�=�=�D��r�z�z�d�1�g��n�n����T�"�"�"�"��$�V�T�=�A�A�A�	B�
�K�K�M�M�M�M�Ms��
!�!c��g}t|��}d}||kr�||}||vr�|stj�|��}|s||vr�|�|��|dz
}||krb||�|dz��rD|�||��|dz
}||kr||�|dz���D��|dz
}||k��|S)Nrr�r)rMr�r�rr�r)rr�ignore_realpath�diff�old_len�itemr.r�s        r��
compare_listsr��
s��
�D��#�h�h�G��D�
��.�.��4�y���s�?�?�"�
.��w�'�'��-�-���
�4�s�?�?����D�!�!�!���	���g�~�~�3�t�9�+?�+?��S��+I�+I�~��K�K��D�	�*�*�*��A�I�D��g�~�~�3�t�9�+?�+?��S��+I�+I�~����	����.�.��Kr�c��t��|ddks|ddkrdSg}tt|��t|t��}tj��}|D�]�}t��tj|��tj|��}t|z}|�
d���s�t||���sp|ddkr%tj
d|zt|d����tj�|��r�tj�|��sw	t'j|d��tj
d	|ztd����#t*t,t&jf$r"tj
d
|ztd��Y��LwxYwtj�|��rk	tj|��tj
d|ztd�����#t*t,f$r"tj
d|ztd��Y���wxYw���dS)
N�reinitr��initz/dev/�
dont-clean�	Skipping rYF�Removed directory �Error while removing directory �
Removed file �Error while removing file )r�r�r�r�r�r�r��del_libs_from_listrr�rr�r�r�r�r�r�r�r�r�rr�r�r�r�r!)rb�old_list�files_to_deleter�r��file2r�s       r��delete_files_from_skeletonr��
sG���O�O�O�
�h��1����v��!� 3� 3����H�
�j�(�#�#�#�#�H�j�9�9�O��,�.�.�K� �R�R�������$�U�+�+�+��"�5�)�)���%���� � ��)�)�	R�4D�T�;�4W�4W�	R��l�#�q�(�(�� ��d�!2�6�&��:K�L�L�L���w�}�}�T�"�"�
R�B�G�N�N�4�,@�,@�
R�W��M�$��.�.�.��$�%9�4�%?��q�I�I�I�I����&�,�7�W�W�W��$�%F��%L�V�TU�V�V�V�V�V�W���������&�&�
R�R��I�d�O�O�O��$�_�d�%:�6�!�D�D�D�D����)�R�R�R��$�%A�4�%G��q�Q�Q�Q�Q�Q�R�����'R�Rs$�3E9�9:F7�6F7�2H�/I�Ic��td�����D].}tjt	|��t
j���/dS)Nz/sbin/pidof cagefs-fuse)r�rr��killr��signal�SIGUSR1)r�s r��reload_fuse_confr�sM���0�1�1�7�7�9�9�*�*��
���C���&�.�)�)�)�)�*�*r�c��tj�|��rtj�|��sdS	tjt
d||gtjtj���}|���|jdkrdSn?#t$r2tjdt
zdz|zdz|ztd	��YnwxYwdS)
NF�-rr6rTzfailed to run z -r r�r�)
r�r�r�r�r�DIFFrrr
r�r�r�r�)�dir1�dir2r<s   r��are_dirs_equalr�s����G�M�M�$��������t�)<�)<���u�
Z���d�D�$��5�?I��Wa�Wf�
h�
h�
h��	�
�
�����<�1����4����Z�Z�Z���)�D�0�6�9�D�@�3�F��M�v�WX�Y�Y�Y�Y�Y�Z�����5s�AB�9C�Cc�n�tj�tjd�|����}t�|��}	t||��dS#t$r?}tj
d|zdz|zt|��ztd��Yd}~dSd}~wwxYw)z�
    Create symlink to NodeJS/Python/etc selector config directory
    inside template for user etc directory
    For details see CAG-797, CAG-828
    :param selector_name: name of selector: nodejs, python, etc
    z	etc/cl.{}�Error while creating symlink r'r�N)
r�r�r�r�r}r��SELECTOR_CONF_DIR_TEMPLATErr�r�r�r�r�)�
selector_name�	temp_pathr�rs    r��&create_symlink_for_selector_config_dirr�'s�������Y�;�[�=O�=O�P]�=^�=^�_�_�I�(�/�/�
�>�>�G�m��w�	�*�*�*�*�*���m�m�m���8�9�D�v�M�PW�W�Z]�^_�Z`�Z`�`�bh�jk�l�l�l�l�l�l�l�l�l�����m���s�A+�+
B4�54B/�/B4c���tjtjdzd��t	d��t	d��t��tj�tj	dz��r�ttj	dz��}ttj	dztjdz��|s3tjtjdztj	dzd���rdSttjdz|d	z��nttjdzd	��tjtj	dzd��	t
jtjdztj	dz��dS#tt f$rSt#jd
tjzdztj	zdzt&d	��t)jd	��YdSwxYw)Nz	/etc/mailTr�r�rlrF)�shallowr�z
Error moving z/etc to )r�rr�r}r��remove_blacklisted_filesr�r�r��ETC_TEMPLATE_DIRr�r�r�r�rlr�r�r�r�r�r�r�)�force_update_etc�old_etc_versions  r��compare_etc_templatesr�7s���
�M�)�0��<�d�C�C�C�*�8�4�4�4�*�8�4�4�4�����
�w�~�~�i�0��>�?�?�
B�)�)�*D�V�*K�L�L����3�F�:�I�<Z�[a�<a�b�b�b� �	V�i�&>�y�?]�^d�?d�fo�gA�BH�gH�TY�'Z�'Z�'Z�	V��F��I�:�6�A�?�ST�CT�U�U�U�U�	�	�6�v�=�q�A�A�A��M�)�,�V�3�T�:�:�:��
�	�)�0��7��9S�TZ�9Z�[�[�[�[�[���W���������)G�G�
�R�S\�Sm�m�nt�t�v|�~�	A�	A�	A�������������s�/F�A G,�+G,c��t��d}tj�||z��r�	tj�||z��r;tj�||z��st
j||zd��ntj||z��n]#tttjf$r>}tj
d|z|zdzt|��ztd��Yd}~nd}~wwxYwtj�||z��r8tj
d|z|zdztd��t!jd��|dz}tj�|��r�	tj�|��r5tj�|��st
j|d��ntj|��nZ#tttjf$r;}tj
d|zdzt|��ztd��Yd}~nd}~wwxYwtj�|��r#tj
d|zdztd��dSdS)	Nr.F�Error: failed to remove r(r��Error: �  exists. Please remove manually.r�)r�r�r�r�r�r�r�rr!r�r�r�r�r�r�r�r�r�)r�rr�s   r��remove_nested_skeletonr�\s}���O�O�O�+�H�	�w���x��(�)�)�c�	c��w�}�}�X�h�.�/�/�
-������QY�HY�9Z�9Z�
-��
�h�x�/��7�7�7�7��	�(�8�+�,�,�,�����&�,�/�	c�	c�	c���7��@��I�%�O�PS�TU�PV�PV�V�X^�`a�b�b�b�b�b�b�b�b�����	c����	�w���x��(�)�)�����8�+�H�4�5W�W�Y_�ab�c�c�c��������M�!�D�	�w���t���V�	V��w�}�}�T�"�"�
 �B�G�N�N�4�,@�,@�
 ��
�d�E�*�*�*�*��	�$��������&�,�/�	V�	V�	V���7��<�U�B�3�q�6�6�I�6�ST�U�U�U�U�U�U�U�U�����	V����	�w���t���W����4��(J�J�F�TU�V�V�V�V�V�W�Ws1�A4B)�)D�4C>�>D�A(G.�.I�
1I�Ic�v�t��t��}t��}tj��t��t
jd��}tj	tj
dzd��tj�tj
dz��se	ttj
dzd��nF#t$r9tjdtj
dz��t#jd��YnwxYw|���D]'}|�|||��t+���(|�t/tj�������|r�tj���D]{\}}tj�|��}	|	�d��rBtj|	d���s,tj|��rtjd	|��dS�|tj��t
j|��tA��tC��tE��tG|d
���|dkrtI|d���ntI||�
��dS)NrrTr��creatingr��/etc/��etcz CloudLinux Selector setup, path:�force-update-etc)r���	all_users�r�F)%r�rQ�read_configr��read_native_conf�load_black_listr�r�r�rr}r�r�rr�r�r�r�r�r�r�r�r�r��
orig_binaries�values�itemsrr�move_to_alternatives�is_mandatory�!remove_unwanted_users_from_groups�#create_files_for_symlink_protection�"create_dirs_for_symlink_protection�sync_etc_cl_selector_dirr��
update_etc)
rbr��print_selector_errors�cir�r�r��aliasr��
orig_path2s
          r��update_etc_onlyrzs�������	���B�
�-�-�C�
�� � � ������(�1�+�+�K��M�)�0��7��>�>�>�
�7�=�=��7��>�?�?��	���7��>��F�F�F�F���	�	�	�� ��Y�-K�F�-R�S�S�S��H�Q�K�K�K�K�K�	����
�<�<�>�>�!�!��
�"�"�6�3��8�8�8�� � � � �����Y�4�;�;�=�=�>�>�?�?�?�� � )� 7� =� =� ?� ?�	 �	 ��E�9���)�)�)�4�4�J��$�$�W�-�-�
 �!�6�z��N�N�N� �T]�Tj�kp�Tq�Tq� ��(�)K�Y�W�W�W��4�4��
�/�1�1�1��H�[����'�)�)�)�&�(�(�(������V�4F�-G�H�H�H�H���}�}��6�t�,�,�,�,�,�	�6�5�)�)�)�)��5s�/C
�
AD�Dc���t��\}}tj�|��tj�|��|�rt��jt_tj��}tjD]�}tj
�|��r�t|z}t||��s�tj
�|��rtj|���otj
�|��sNtjttj
�|��dd���tj|����dSdS)Nr�)rrrt)�build_wrappers_dictsr��wrappersr[�wrappers_namesr:r;r2r�r�r�r�r�r��install_wrapperr�ryr )�update_wrappersrrr�r�r�s      r��
load_wrappersr �s<��3�5�5��H�n�
����h�'�'�'�
��#�#�N�3�3�3��
9�+�-�-�;�	���0�2�2���'�	9�	9�E��w�~�~�e�$�$�
9���~��&�t�[�9�9�9��w�~�~�d�+�+�9�!�1�%�8�8�8�8��W�^�^�D�1�1�9�!�4�X�r�w���u�?U�?U�hi�z{�|�|�|�|�!�1�%�8�8�8��
9�
9�
	9�	9r�c��||vrdS|�|��}t|��dkrdS|d|dfS)N�NNr�rr�)rrM)�	separatorr.�
line_partss   r��check_separatorr%�sL�������z����I�&�&�J�
�:���!����z��a�=�*�Q�-�'�'r�c�p�|�/tj|��}|�|��}|�dSdS|rdSdSr�)r�rr)�regex�part�can_be_none�regexp_comp�p1s     r��validate_with_regexr,�sK�����j��'�'��
�
�
�t�
$�
$��
�:��5��t����t��5r�c��|�d��s|���rdStd|��\}}|�|�dSd|vrtd|��\}}n|}d}d|vrtd|��\}}n|}d}|�|�dStj�|��sdS|���ddkrdStd	|d�
��sdStd|d�
��sdStd|d�
��sdSdS)
z+
    Return False if line is corrupted
    r�T�=NFr�rLrz^[a-z][-a-z0-9]*$)r)z^[a-zA-Z][-a-zA-Z0-9_]*$z^[a-zA-Z.][-a-zA-Z0-9_.]*$)r�isspacer%r�r��isabs�stripr,)r.�
alias_wrapper�user_commandr�wrapperr�r$s       r��check_proxy_liner5�sN�����s����t�|�|�~�~���t�"1�#�t�"<�"<��M�<���� 4��u�
�m���(��m�<�<���w�w�����
�l���'��\�:�:�
��g�g������}����u��7�=�=��!�!���u��}�}���r��c�!�!��u��3�T��N�N�N���u��:�E�QV�W�W�W���u��<�g�UY�Z�Z�Z���u��4r�c���d}t��}i}i}|D�]�}t|��sG|r"tdt|��zdz���t	dt|��zdz���Y|�d��r�o|����dd��}t|��dk�r,|d����d	d��}t|��dkr
|dd
kr��|d���}t|��dkr|d���}	n|}	|d�	d	��dkr|d���}
nH|d����d	d��}|d���}
|
|vr|||
<|
|vr|	||
<���||fS)Nzcagefs.proxy.programzWarning: Found corrupted line:z. Skip line.r�r.r�r�rr��	noproceedrL)
�load_wrappers_commandsr5r�r�rrr1rrMrh)ra�DEFAULT_PROXY_NAME�commandsrrr.�words�
words_leftr�wrapper_namer$�words_rights            r�rr
s���/��%�'�'�H��H��N�� 7� 7����%�%�	��
U�� @�3�t�9�9� L�~� ]�^�^�^��6��T���B�^�S�T�T�T���?�?�3���	���
�
���"�"�3��*�*���u�:�:��?�?��q����)�)�/�/��Q�7�7�J��:���!�#�#�
�1�
��(D�(D���q�M�'�'�)�)�E��:���!�#�#�)�!�}�2�2�4�4���1���Q�x�}�}�S�!�!�R�'�'���(�.�.�*�*���#�A�h�n�n�.�.�4�4�S�!�<�<��%�a�.�.�.�0�0���h�&�&�$)���!��n�,�,�*6��w�'���^�#�#r�c����tj�t��}tj�t���t�fd�tj|��D����}|����g}|D]c}tj�||��}tj�	|��r"|�
t|�����d|S)Nc�J��g|]}|����r|�k�|�� Sr�)r�)r�r3�proxy_commands_names  �r��
<listcomp>z*load_wrappers_commands.<locals>.<listcomp>?sF����������0�1�1��6>�BU�6U�6U�	�6U�6U�6Ur�)r�r�r �PROXY_COMMANDSr,rAr�r�r�r�rr)�proxy_commands_dir�	filenamesr:r3r�rAs     @r�r8r8:s���������8�8���'�*�*�>�:�:�������!#��,>�!?�!?������I����(�)�)�)��H��-�-���w�|�|�.��9�9��
�7�>�>�$���	-��O�O�I�d�O�O�,�,�,���Or�c�4�tj��}tjD�]�}t��|dkr�|�d��}|rtj|z}n
t|z}tj�	|���r�|sdt||��r"tjd|zdztd����t||��r"tjd|zdztd����	tj�|��r5tj�|��st#j|d��ntj|��tjd|ztt(��nZ#t*t,t"jf$r;}tjd	|zd
zt1|��ztd��Yd}~nd}~wwxYwtj�	|��r!tjd|zdztd�����dS)N�/usr/local/cpanel/bin/jailshellrzWarning: blacklisted path z is mountedr�z includes mount pointFzRemoved r�r(r�)r�r��
black_listr�rr}r�r�r�r�r�r�r�r�r�r�r�r�rr!�VERBOSEr�r�r�r�)r��black_list_file�	is_in_etcr�rs     r�r�r�Os���,�.�.�K�$�/�r�r�������?�?�?��#�.�.�w�7�7�	��	.��1�O�C�D�D��o�-�D�
�7�?�?�4� � �	r��
�"�4��5�5���$�%A�/�%Q�R_�%_�ag�ij�k�k�k��,�T�;�?�?���$�%A�/�%Q�Ri�%i�kq�st�u�u�u��
Z��7�=�=��&�&�$�����t�0D�0D�$��M�$��.�.�.�.��I�d�O�O�O�� ��D��&�'�B�B�B�B���W�f�l�3�
Z�
Z�
Z�� �!;�D�!@��!F�s�1�v�v�!M�v�WX�Y�Y�Y�Y�Y�Y�Y�Y�����
Z�����w���t�$�$�
r�� �!=�d�!B�Ce�!e�gm�op�q�q�q��=r�rs�0BE<�<G�1G�Gc���tj�t��}tj�t��}gt
_tj|��D�]T}tj�||��}|�	|���rtj�
|��r�t|��}|D]�}tj|�
����}|�d��r�|dks.|�d��dks|�	d��rt!jd|d|����|�d��stj�|��}|t
jvrt
j�|�����Vt)��jt
_|rt/��dSdS)Nrr�rLr�zInvalid pathr�r)r�r�r �BLACK_LIST_FILEr,r�rHr�r�r�r�rrr�rrhr�r�rr�r:r;r2r�)r��black_list_dir�black_list_namer3r�rHr.s       r�r
r
rs����W�_�_�_�5�5�N��g�&�&��7�7�O��I���J�~�.�.�:�:���w�|�|�N�H�5�5�����_�-�-�	:�"�'�.�.��2F�2F�	:�"�4���J�"�	
:�	
:�� �+�D�K�K�M�M�:�:���?�?�3�'�'�:��c�z�z�T�Y�Y�v�%6�%6�"�%<�%<��
�
�e�@T�@T�%<� �,�^�T�9�d�S�S�S� ��?�?�7�3�3�6�!�w�/�/��5�5���9�#7�7�7�!�,�3�3�D�9�9�9���'�)�)�7�I��
�#� �"�"�"�"�"�#�#r�c��ddg}d}|D�]}ttj�|��z}t|z}tj�|��r�tj�|��s�tj�|��rtj|d���	tj	||����#ttf$r.tj
d|d|��tjd��Y��wxYw��dS)	NrGz/usr/local/psa/bin/chrootshr�T)�check_mountszcreating symlinkr
r�)r�r�r�r r�r�r�r�r�r0r�r�r�r�r�r�)�bin_listr��bin_name�
parent_dir�	link_names     r��replace_jailshellrV�s	��1�3P�Q�H��D����������� 9� 9�9�
��x�'�	�
�7�=�=��$�$�	�b�g�n�n�Y�.G�.G�	��w���y�)�)�
M��,�Y�t�L�L�L�L�
��
�4��+�+�+�+���W�%�
�
�
��$�%7��D�$�O�O�O���������
������s�1C�<D�Dc	��|�|��D]-}|�|||�||�����.dSr�)�optionsr��get)r�r�r��new_section�options     r��copy_optionsr\�sN���+�+�g�&�&�?�?������V�S�W�W�W�f�%=�%=�>�>�>�>�?�?r�c���|�|��r�|�|��sA|���dkr)|�|��t||||��dSd}t	d��D]-}|t|��z}|�|��sd}n�.|r|t
��z}|�|��t||||��dSdS)N�defaultT�dF)�has_section�lower�add_sectionr\r�r�r�)r�r�r�r;�numrZs      r��copy_sectionrd�s��
���w���9�����(�(�
	9�w�}�}���)�/K�/K��O�O�G�$�$�$���g�s�G�4�4�4�4�4��E��S�z�z�
�
��%��C���0�����{�3�3��!�E��E���
7�%����6���O�O�K�(�(�(���g�s�K�8�8�8�8�8�9�9r�c��tjd���}i}tjt��D]�}|�d��r�t|z}tjd���}|�|��|re|���D]P}||vrEtj	d|zdz||zdz|ztd��tjd���K|||<�Q|���D]}t|||�����tj�t ���rtjt ��D]�}|�d��r�tj�t |��}tjd���}|�|��|re|���D]P}||vrEtj	d|zdz||zdz|ztd��tjd���K|||<�Q|���D]}t|||�����|S)	NF)�strictz.cfgzError: duplicated section [z] in files z and r��.work)�configparser�RawConfigParserr�r��
CONFIG_DIRr��readr�r�r�r�r�r�rdr�r��WORK_CONFIG_DIRr�)�fail_if_sections_are_duplicatedr�r�r�r�r�r�s       r�rr�su��
�
&�e�
4�
4�
4�C��H���J�'�'�0�0���>�>�&�!�!�	0��e�#�D��.�e�<�<�<�C��H�H�T�N�N�N�.�
1�"�|�|�~�~�1�1�G��(�*�*� �(�)F�w�)N�}�)\�]e�fm�]n�)n�ov�)v�w{�){�~D�FG�H�H�H��������,0���)�)��<�<�>�>�
0�
0���S�#�w�/�/�/�/��
�w�}�}�_�%�%�4��Z��0�0�	4�	4�E��~�~�g�&�&�
4��w�|�|�O�U�;�;��"�2�%�@�@�@���������2�5�#&�<�<�>�>�5�5��"�h�.�.�$�,�-J�7�-R�S`�-`�ai�jq�ar�-r�sz�-z�{�-�BH�JK�L�L�L��H�Q�K�K�K�K�04�H�W�-�-�"�|�|�~�~�4�4�G� ��c�7�3�3�3�3���Jr�c�Z�tdzdtdzdi}tj|��dS)z,
    Create symlinks in CageFS skeleton
    z/var/tmpz../tmpz/var/runz../runN)r�r��write_symlinks)�symlinkss r��create_symlinks_in_skeletonrq�s8��
	���h����h��H���X�&�&�&�&�&r�c	��|ddkrF|ddkr:tj��s'tstd��td��dSt	��t��t
��t��}|ddkrtdd	�
��t��j
t_t��}tj
��t��t��|ddkr%|ddkrtjt"��tj�r3tj�r&t(j�t.dz���r�td
dd	���t1t.dzd��}t3|�����}|���td��|�r�tdt9tj����tdt9|����tddd	���	|D]K}||D]@}|tj|vr*t;jdtj��d|��n�A�Ln?#t@$r2}t;jdtj��d|��Yd}~nd}~wwxYw	tjD]K}tj|D]6}|||vr*t;jdtj��d|��n�7�Ln?#t@$r2}t;jdtj��d|��Yd}~nd}~wwxYwtd��tCd	��tE��t)j#d��}tI��tKj&tj'dzd	��t(j�(tj'dz��se	tStj'dzd��nF#tT$r9t;jdtj'dz��tWj,d��YnwxYw|�-��D];}	tI��|�.|t^||	��ta���<|�1|t^tetj3�4������|�5|t^��tj6��totp��t)j#|��tj9t^dzddd	���tj:t^dzdd��tj;ddg��ty��t{|��t}��t��t�jAt^��t���tjCt"��tjr�t1t.d zd!��}
t�tj��D]@}|
�E|�d"d�Ftj|���d#����A|
���td$dd	���t1t.dzd!��}|�Et�tj����|���td��t���t���t���t���r0t���st�|��n,t�|d	�%��n|ddkrt���|ddkrd&|vrt���t���tjQ��t�d�'��t�t�d�'��tjU��t�d�'��t���}t���dd(lYmZ}
|
��|ddks|ddkrvt���sht�d	��d}t(j�d)��r8t�j]gd*�t�j^t�j^t�j^�+��|rt�d	��t���r)t;j`d,td��t���tjb��dS)-Nr[r��force-updaterzWcagefs-skeleton has been updated recently, if you want to force the update, please run:z"cagefsctl --force-update"r�FT�r+r�z	/libs.datzLoading libs.datr��r�r�r��Donez
Pickle lenzEval len�	Comparingr.z : NOT EQUALz : Key Errorrr�rz/rootihr)�/passwdz/groupz	/libs.txtr�r(rzSaving libs.datr�cagefs_was_enabledr9)�add_mounts_for_passengerr�)r�rq�cagefs)rr7rNzUpdating statuses of users ...)cr��#update_of_cagefs_skeleton_is_neededr�r�update_rpm_packages�"add_default_rpm_packages_to_cagefsr�rQr/r:r;r2rr	rr�	load_libs�	LIBS_LIST�debug_option�	libs_listr�r�r��LIBDIRr��evalrkr�rMr�r��linenor�r r
r�r�r�rr}r�rr�r�r�r�rxr�r�rer�rrrhrr�r@r-�	set_owner�save_etc_safe_listr�r�rVrq�
cagefs_da_lib� create_symlink_to_php_ini_for_DAr��	save_libsrAr�r��reprr�rr�r�rgrr�rur��create_utmp_in_skeletonrBr7rC�add_syslog_socketr>r�r�rrzrJr�r�DEVNULLrdr��update_users_status�save_last_update_time)rbrr��rtf�td�keyr�rr�r��tf2�tfr�rzs              r��
update_cagefsr��s����x��A���F�>�$:�a�$?�$?��<�>�>�	��
4��o�p�p�p��2�3�3�3��F�����&�(�(�(�����	���B��f�~�����%�t�,�,�,�,�'�)�)�7�I��
�-�-�C�
�� � � �'�)�)�)�&�(�(�(�
�h��1������1�!4�!4���I�&�&�&����)�"5��"�'�.�.��P[�I[�:\�:\��
� �c��6�6�6�6��6�+�%�s�+�+��
�#�(�(�*�*�
�
���	�	����
�f�
�
�
�
�	��,��I�$7� 8� 8�9�9�9��*�c�"�g�g�&�&�&��+�3�d�3�3�3�3�
T��"�"�C� "�3��"�"���y�':�3�'?�?�?�$�0���9I�9K�9K�^�]`�a�a�a�!�E�@��"��
�
T�
T�
T��$�V�Y�-=�-?�-?��QR�S�S�S�S�S�S�S�S�����
T����
T�$�.�"�"�C� )� 3�C� 8�"�"���r�#�w�.�.�$�0���9I�9K�9K�^�]`�a�a�a�!�E�/��"��
�
T�
T�
T��$�V�Y�-=�-?�-?��QR�S�S�S�S�S�S�S�S�����
T����
�&�M�M�M��$���������(�1�+�+�K��O�O�O�
�M�)�0��7��>�>�>�
�7�=�=��7��>�?�?��	���7��>��F�F�F�F���	�	�	�� ��Y�-K�F�-R�S�S�S��H�Q�K�K�K�K�K�	����
�<�<�>�>�!�!������
���f�h��W�=�=�=�� � � � ��O�O�F�H�d�9�+B�+I�+I�+K�+K�&L�&L�M�M�M����6�8�,�,�,�
�/�1�1�1���%�%�%��H�[������x��'��e�QU�V�V�V�V�
����(�!�Q�/�/�/�
� �)�X�!6�7�7�7������v�&�&�&������!�!�!��2�8�<�<�<�#�$�$�$���	�"�"�"���
��6�+�%�s�+�+���)�-�.�.�	O�	O�C��I�I�S�S�S�#�(�(�9�3F�s�3K�*L�*L�*L�*L�M�N�N�N�N��	�	����
��S��5�5�5�5�
�&��$�c�
*�
*��
����i�)�*�*�+�+�+�
���
�
�
�
�f�
�
�
������������������!�!�	1��v�����
�v�4�0�0�0�0�0�	��	�Q�	�	������x��A���$8�F�$B�$B����������%�'�'�'��5�)�)�)�)��%��6�6�6�6�
��!�!�!�!�5�1�1�1�1�-�/�/�I�%�'�'�'�:�:�:�:�:�:������	�x��A������1�!4�!4��?P�?P�!4��t�����	�
�7�>�>�.�/�/�		7�
��F�F�F�$.�$6�$.�$6�#-�#5�
7�
7�
7�
7�
���t����������9�6�1�E�E�E�����
�#�%�%�%�%�%sE�=AJ�
K�(K�K�AL%�%
M!�/(M�M!�P�AQ"�!Q"c��t|dd���trtd��dS	tj���}|dkrdS|dkr#td��tjd��td	���_)
Nr�Tru�yeszyes
zno
�Abortingr�zPlease, reply with yes or no)r�do_not_ask_optionr�rNr�r�)r�r.s  r��confirmr��
s���	�'�s�$�'�'�'�'���
�e������.��y�!�!�#�#���7�?�?��E�
�V�^�^��*�����H�Q�K�K�K�
�,�-�-�-�.r�c���tddd���tdd���r(tjd��t	jd��t
jd��td��dS)	NzUnmounting skeleton    r�Trur�zunmounting skeletonr��[DONE])rr�r�r�r�r�r`rar�r�r��"unmount_skeleton_in_all_namespacesr��
sh��	�
#��D�9�9�9�9���d�C�C�C����2�3�3�3��������J�q�M�M�M�	�(�O�O�O�O�Or�c��td��tddd���tjtdzd��tjtdzd��td���td	��t
��rztd
dd���t��r(tj	d��tjd��tj
d��td	��t��nyt��td
dd���t��r(tj	d��tjd��tj
d��td	��t!��t#��r(tj	d
��tjd��t%j��rtd��nCtdt(zdd���tjt(d��td��tdt*zdd���tjt*d��td��t*dz}t,j�|��rJt#|��s=td|zdd���tj|d��td��dSdSdS)Nz�WARNING: If you continue, CageFS will be disabled, and all related files and directories will be removed. Do you want to continue (yes/no)? zDisabling CageFS    r�Trur0r1��disable_allr�zUnmounting users   zunmounting usersr�r�zPUsers with invalid pathes to home directories exist! DO NOT REMOVE /var/cagefs !z	Removing z	   [DONE]�.old)r�rr�rryr�r,r^r�r�r�r�r`rar�rdr�rj�repair_homesr�rr�r�r�r�)�old_skels r��
remove_allr��
s����
`�a�a�a�
�
 �c��6�6�6�6�
�M�)�,�,�d�3�3�3�
�M�)�O�+�T�2�2�2��d�+�+�+�+�	�(�O�O�O�����
�#��D�9�9�9�9����	�� �!3�4�4�4��H�Q�K�K�K��
�1�
�
�
�
�h����*�,�,�,�,�*�,�,�,�	�#��D�9�9�9�9��=�=�	�� �!3�4�4�4��H�Q�K�K�K��
�1�
�
�
�
�h��������������@�A�A�A��������'�)�)��
�`�a�a�a�a�
�k�'�!�s�$�7�7�7�7��
�g�t�$�$�$�
�k����	�+�h�
�C�t�4�4�4�4�
�M�(�D�!�!�!�	�+�����&� �H�	�w�}�}�X����':�8�'D�'D��
�k�(�"��4�8�8�8�8��
�h��%�%�%�
�k���������r�c�
�td��td��ttjddz��td��td��td��td��td	��td
��td��td��td
��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td��td ��ttjdd!z��td��td"��td#��td$��td%��td&��td'��td(��td)��td*��td+��td,t��td-t��td.��td/��td0��td1��td2��td3��td4��td��td5��td6��td7��td8��td9��td:��td;��td<��td=��td>��td?��td@��td��tdA��tdB��tdC��tdD��tdE��tdF��tdG��tdH��tdI��tdJ��tdKt
jzdLz��tdM��tdN��t��r<tdO��tdP��tdQ��tdR��tdS��tdT��tdU��td��dS)VNr�z&Use following syntax to manage CageFS:rz
 [OPTIONS]zOptions:zU -i | --init                 : initialize CageFS (create CageFS if it does not exist)zT -r | --reinit               : reinitialize CageFS (make backup and recreate CageFS)z\ -u | --update               : update files in CageFS (add new and modified files to CageFS,z5                               remove unneeded files)z] -f | --force                : recreate CageFS (do not make backup, overwrite existing files)z_ -d | --dont-clean           : do not delete any files from skeleton (use with --update option)z8 -k | --hardlink             : use hardlinks if possibleze      --create-mp            : Recreates /etc/cagefs/cagefs.mp file with default set of mount points.zr                               WARNING: Any previous changes made to file by admin or by any software will be lostz>      --mount-skel           : mount CageFS skeleton directoryz@      --unmount-skel         : unmount CageFS skeleton directoryzY      --remove-all           : disable CageFS, remove templates and /var/cagefs directoryzx      --sanity-check         : perform basic self-diagnistics of common cagefs-related issues(mostly useful for support)zp      --addrpm               : add rpm-packages into CageFS (run "cagefsctl --update" in order to apply changes)zj                             : only package name should be specified (without package version and release)zF                             : example: cagefsctl --addrpm ImageMagickzs      --delrpm               : remove rpm-packages from CageFS (run "cagefsctl --update" in order to apply changes)zM      --list-rpm             : list rpm-packages that are installed in CageFSz? -e | --enter                : enter into user's CageFS as rootzV      --update-list          : update specified files only (paths are read from stdin)zM      --update-etc           : update etc directory of all or specified usersz[      --set-update-period    : set min period of update of CageFS in days (default = 1 day)zO      --force-update         : force update of CageFS (ignore period of update)zS      --force-update-etc     : force update of /etc directories for users in CageFSz`      --reconfigure-cagefs   : configure CageFS integration with other software (control panels,z5                               database servers, etc)z%Use following syntax to manage users:z$ [OPTIONS] username [more usernames]z5 -m | --remount           : remount specified user(s)zK -M | --remount-all       : remount CageFS skeleton directory and all userszP                            (use this each time you have changed cagefs.mp file)z5 -w | --unmount           : unmount specified user(s)zI    | --unmount-dir       : unmount specified dir in all mount namespaceszK -W | --unmount-all       : unmount CageFS skeleton directory and all usersz= -l | --list              : list users that entered in CageFSzE      --list-logged-in    : list users that entered in CageFS via SSHz6      --enable            : enable CageFS for the userz7      --disable           : disable CageFS for the userzA      --enable-all        : enable all users, except specified inzB      --disable-all       : disable all users, except specified inzP      --display-user-mode : display current mode ("Enable All" or "Disable All")zE      --toggle-mode       : toggle mode saving current lists of userszR                            (lists of enabled and disabled users remain unchanged)z.      --list-enabled      : list enabled usersz/      --list-disabled     : list disabled userszP      --user-status       : print status of specified user (enabled or disabled)z3      --getprefix         : display prefix for userzPHP Selector related options:zW      --setup-cl-selector         : setup PHP Selector or register new alt-php versionszp      --remove-cl-selector        : unregister alt-php versions, switch users to default php version when neededzq      --rebuild-alt-php-ini       : rebuild alt_php.ini file for specified users (or all users if none specified)zi      --validate-alt-php-ini      : same as --rebuild-alt-php-ini but also validates alt_php.ini options zt      --cl-selector-reset-versions: reset php version for specifed users to default (or all users if none specified)z�      --cl-selector-reset-modules : reset php modules (extensions) for specific users to defaults (or all users if none specified)zL      --create-virt-mp            : create virtual mount points for the userzM      --create-virt-mp-all        : create virtual mount points for all userszP      --remount-virtmp            : create virtual mount points and remount userzh      --apply-global-php-ini      : use with 0, 1 or 2 arguments from the list: error_log, date.timezonezh                                    without arguments applies all global php options including two abovezCommon options:z4      --enable-cagefs                : enable CageFSz5      --disable-cagefs               : disable CageFSzP      --cagefs-status                : print CageFS status (enabled or disabled)ze      --check-cagefs-initialized     : properly checks whether CageFS is initialized and print resultz2      --set-min-uid                  : Set min UIDzF      --get-min-uid                  : Display current MIN_UID settingzW      --print-suids                  : Print list of SUID and SGID programs in skeletonzj      --do-not-ask                   : assume "yes" in all queries (should be the first option in command)zf      --clean-var-cagefs             : clean /var/cagefs directory (remove data of non-existent users)zT      --set-tmpwatch                 : set tmpwatch command and parameters (save to z file)zz      --tmpwatch                     : execute tmpwatch (remove outdated files in tmp directories in CageFS for all users)zC      --toggle-plugin                : disable/enable CageFS pluginzZ      --create-namespace USER        : create namespace for the USER (only for containers)z\      --create-namespaces            : create namespaces for all users (only for containers)zY      --delete-namespace USER        : delete namespace or the USER (only for containers)z\      --delete-namespaces            : delete namespaces for all users (only for containers)z5 -v | --verbose                      : verbose outputz�      --wait-lock                    : wait for end of execution of other cagefsctl processes (when needed) before execution of the commandz3 -h | --help                         : this message)rr�r_rYrZr��
CAGEFS_INIr,r�r�r��usager�s���	�"�I�I�I�	�
2�3�3�3�	�#�(�1�+�l�
"�#�#�#�	�*����	�
a�b�b�b�	�
`�a�a�a�	�
h�i�i�i�	�
A�B�B�B�	�
i�j�j�j�	�
k�l�l�l�	�
D�E�E�E�	�
q�r�r�r�	�
~����	�
J�K�K�K�	�
L�M�M�M�	�
e�f�f�f�	�E�F�F�F�	�
|�}�}�}�	�
v�w�w�w�	�
R�S�S�S�	�
�A�A�A�	�
Y�Z�Z�Z�	�
K�L�L�L�	�
b�c�c�c�	�
Y�Z�Z�Z�	�
g�h�h�h�	�
[�\�\�\�	�
_�`�`�`�	�
l�m�m�m�	�
A�B�B�B�	�"�I�I�I�	�
1�2�2�2�	�#�(�1�+�<�
<�=�=�=�	�*����	�
A�B�B�B�	�
W�X�X�X�	�
\�]�]�]�	�
A�B�B�B�	�
U�V�V�V�	�
W�X�X�X�	�
I�J�J�J�	�
Q�R�R�R�	�
B�C�C�C�	�
C�D�D�D�	�
M�|�\�\�\�	�
N�P[�\�\�\�	�
\�]�]�]�	�
Q�R�R�R�	�
^�_�_�_�	�
:�;�;�;�	�
;�<�<�<�	�
\�]�]�]�	�
?�@�@�@�	�"�I�I�I�	�
)�*�*�*�	�
c�d�d�d�	�
|�}�}�}�	�
}�~�~�~�	�
u�v�v�v�	�A�B�B�B�	�O�P�P�P�	�
X�Y�Y�Y�	�
Y�Z�Z�Z�	�
\�]�]�]�	�
t�u�u�u�	�
t�u�u�u�	�"�I�I�I�	�
����	�
@�A�A�A�	�
A�B�B�B�	�
\�]�]�]�	�
q�r�r�r�	�
>�?�?�?�	�
R�S�S�S�	�
c�d�d�d�	�
v�w�w�w�	�
r�s�s�s�	�
`�aj�au�
u�v~�
~����	�G�H�H�H�	�
O�P�P�P����n�
�j�k�k�k�
�l�m�m�m�
�i�j�j�j�
�l�m�m�m�	�
A�B�B�B�	�X�Y�Y�Y�	�
?�@�@�@�	�"�I�I�I�I�Ir�c��t��sYtjdtd��tjdtjdzdz��t	jd��tjtd��dS)N�	directoryzdoes NOT exist or is empty.zUse "rz --init" to create CageFSr�r�)	�check_cagefs_skeletonr�r�r�r�r_r�r�r�r�r�r��check_skeletonr�rsm�� �"�"����[�(�4Q�R�R�R���W�S�X�a�[�0�1L�L�M�M�M��������H�X�u�����r�c��g}|D]M}tj|��}d}|D]}|�|��rd}n�|s|�|���N|Sr�)r�rrr�)rM�resultr�r6r�rNs      r��remove_parent_dirsr�zs���
�F�� � ���"�4�(�(�����	�	�E�����&�&�
�����
��	 ��M�M�$������Mr�c��t}ddlm}||��}|�|std|z��dStj�|��sR	t|d��n�#ttf$r,tjd|��tj
d��YnMwxYwtj�|��s*tjd|d��tj
d��t	jd	��}tj�||d
z��}t#|d��}|�d|zd
z��|�d��d}t'|��}t)|��}|D]�}	|	�d��s�|	�d��s�|	�d��sx|	�d��sc|	�d��sN|	�d��s9|dkr|�d|	z��n|�|	��|dz}��|�d��|���t	j|��dS)Nr)�get_package_fileszPackage %s not installedi�r�r�r�zshould be directoryr�rgr��[z]
�paths=z/usr/share/man/z/usr/share/locale/z/usr/share/doc/z/usr/share/info/z/usr/lib/.build-id/z/usr/share/licenses/�, r)rl�
simple_rpmr�rr�r�r�rr�r�r�r�r�r�r�r�r�r�r�rZr�rr�)
�pkg_name�silent�WORK_DIRr��
package_filesr��	WORK_FILE�aFiler#�bs
          r��addrpmr��s~���H�,�,�,�,�,�,�%�%�h�/�/�M����	9��,�x�7�8�8�8���
�7�?�?�8�$�$��	���5�)�)�)�)����!�	�	�	�� �!3�X�>�>�>��H�Q�K�K�K�K�K�	�����W�]�]�8�
$�
$����V�X�/D�E�E�E��������(�4�.�.�K�����X�x��'7�8�8�I��9�c�#�#�E�	�K�K��H��U�"�#�#�#�	�K�K�����	�A�%�m�4�4�M�&�}�5�5�M�
�����|�|�-�.�.�	�q�|�|�DX�7Y�7Y�	����.�/�/�	�89���EW�8X�8X�	����2�3�3�	�<=�L�L�I_�<`�<`�	��Q������D��F�#�#�#�#����A�����A��A��	�K�K�����	�K�K�M�M�M��H�[�����s�A"�":B�Bc�R�t}tj�||dz��}tj�|��s|std|z��dSdStj�|��stj�|��stj	|d��dS	tj
|��n,#ttf$rtj	d|��YnwxYw|tvr�	g}tj�t��rt!t��}|dz|vr5|�|dz��t%jt|d��dSdS#ttf$rtj	d��YdSwxYwdS)Nrgz!Rpm %s is not installed in CageFSzshould be regular filezfailed to removerFzfailed to write package list)rlr�r�r�r�rr�r�r�r�r�r�r��STD_PACKAGESr��STD_PACKAGES_FILErr�r�r�)r�r�r�r��packagesToExcludes     r��delrpmr��s����H�����X�x��'7�8�8�I�
�7�?�?�9�%�%�E��	B��5��@�A�A�A�A�A�	B�	B�	����	�	"�	"�E�2�7�>�>�)�+D�+D�E���Y�(@�A�A�A�A�A�	@��I�i� � � � ����!�	@�	@�	@�� �!3�Y�?�?�?�?�?�	@�����|�#�#�
E�%'�!��7�>�>�$5�7�7�H�(1�4E�(G�(G�%��T�M�*;�;�;�%�,�,�x��}�>�>�>��(�+<�>O�QV�X�X�X�X�X�<�;���W�%�
E�
E�
E��$�%C�D�D�D�D�D�D�
E����$�#s%�8C
�
&C6�5C6�A4E;�;%F$�#F$c�<�t}g}tj�|��rItj|��D]4}|d|�d���}|�|���5|���|s|D]}t|���|S)Nr�)	rlr�r�r�r�r�r�r�r)r�r��rpms�work�	file_name�packages      r��list_rpmr��s����H�
�D�	�w�}�}�X���#��J�x�(�(�	#�	#�D��-�d�j�j��o�o�-�.�I��K�K�	�"�"�"�"��I�I�K�K�K����	�	�G��'�N�N�N�N��Kr�c���|D]h}t��|sEtj�tj�t
|dz����st
|d����idS)NrgT�r�)r�r�r�r�r�rlr�)�args�	overwrite�rpms   r��add_rpm_packages_to_cagefsr��sj���'�'�������	'�R�W�^�^�B�G�L�L��#�PW�-�,X�,X�Y�Y�	'��3��&�&�&�&��'�'r�c�2�|D]}t|d����dS)NTr�)r�)r�r�s  r��remove_rpm_packages_from_cagefsr��s1���#�#���s�T�"�"�"�"�"�#�#r�c���g}tj�t��rt	t��}g}t
D]}|dz|vr|�|���t|��dS)Nr)r�r�r�r�rr�r�r�)r��
packagesToAdd�packNames   r�r~r~�s}����	�w�~�~�)�+�+�<�%�(9�;�;���M� �.�.���T�M�"3�3�3�� � �8�-�-�-����0�0�0�0�0r�c�d�t��td���}t|d���dS)NTr�)r�)r�r�r�)r�s r�r}r}�s4���O�O�O��T�"�"�"�D��t��6�6�6�6�6�6r�c��t|��}|dkr(tjd��tjd��|a	t
td��}tj	dt
��}|�
|��|���dS#tjdt��tjd��YdSxYw)Nr_zMIN UID should be >= 100r�r�r#zwritting MIN UID to file)r�r�r�r�r�r�r��MIN_UID_FILENAME�struct�packr�r�)r��buf_val�binfiler�s    r��set_min_uidr�s����%�j�j�G���}�}���7�8�8�8��������G���'��.�.���{�3��(�(���
�
�d�����
�
����������7�9I�J�J�J������������s
�AB�0Cc���	t��}nR#t$rE}tjt	|��t
��t
jd��Yd}~nd}~wwxYw|�|adSdS�Nr�)	�read_min_uidr�r�r�r�r�r�r�r�)r%rs  r��get_min_uidr�sy����n�n����������S��V�V�%5�6�6�6���������������������������s��
A �;A�A c���tj�t��sdS	t	td��}tjd��}|�|��}|���n#td���xYwt|��|krtd���tjd|��}t|��dkr|ddkr|dSdS)zg
    Gets minuid from file and returns
    unpacked value if no errors happened
    otherwise None
    Nr�r#z failed to read MIN UID from filezreading MIN UID from filerr_)r�r�r�r�r�r��calcsizerkr�r�rM�unpack)r��intsizer�rcs    r�r�r�s����7�>�>�*�+�+���t�=��'��.�.���/�#�&�&���|�|�G�$�$���
�
������=��;�<�<�<����
�4�y�y�G����4�5�5�5�
�-��T�
"�
"�C�
�3�x�x�!�|�|��A��#�
�
��1�v�
��4s�AA;�;Bc�b�t��t��}t|��|dkr5td��}t	d��|D]}t|d���dS|dkr@t
td����}t	d��|D]}t|d���dSdS)NrUTFrV)rzr[rbr�r�r�r�)r`�
enabled_usersr��disabled_userss    r��toggle_moder�;s��������?�?�D��T�����|���)�$�/�/�
�	�e����!�	$�	$�D���d�#�#�#�#�	$�	$�
��	�	�%�&7��&>�&>�?�?��	�d����"�	%�	%�D���e�$�$�$�$�
�	�	%�	%r�c�
�tj|��}	tj|��}n6#t	jdt
|��zdztd��YdSxYwtj|j	|dz���s|dz}t	jd|dzdz|zt|d��	|dd	zt
|d
��zdz}t|��tkrt|��dkr||z}|dz}t|d
��}|�
|��|���n;#t$r.t	jd|dzdz|ztd��YdSwxYwdS)Nz(Warning: getgrgid() failed for group id z skipping...r�r�
/etc/groupz
adding group r'rY�:x:r�r�r�azERROR: failed to write group )r�r'�grp�getgrgidr�r�r�r��test_group_exist�gr_name�typerMr�r�r�r�)r��group_idr�rb�grr�r��fds        r��addgrouptojailr�Ws������%�%�D��
�\�(�
#�
#�������C�C��M�M�Q�R`�`�bh�jk�l�l�l��q�q�����&�r�z�4��3D�E�E�
��\�!������A��.�v�5�e�;�V�V�I�EV�W�W�W�
	��Q�%��+�c�"�Q�%�j�j�(��,�C��T�
�
�C���C��I�I�a�K�K��D�j����*�C��e�S�!�!�B��H�H�S�M�M�M��H�H�J�J�J�J���	�	�	���<�R��U�B�6�I�%�O�QW�YZ�[�[�[��1�1�	����
�1s�+�0A�5BE�4F�?Fc���t||||��}|dkrdS	|dz}t|d��}|���}t|��dk�r�|�d��}t|��dk�rnt|d��|k�rT|ddd��d	��}	||	vr|���d
Stjd|zdz|dzt|d
��|�
��}
|���}|�|
t|��z
��t|	��d
kr|	ddkr|g}	n|	�
|��|ddz|dzdz}d	�|	��}
||
dz|zz
}|�|��|���d
S|���}t|��dk���nH#t $r;tjd|zdzt#|��zdz|ztd
��YdSwxYwdS)Nrr�r�r��r�rArLr�r�zAdding user z
 to group rYr�r�rzERROR: failed to add user z in )r�r�r�rMrr�r�r�r�r��tellrk�seekr�r�r�r�r�)r�r�r�rbr�r�r�r.�splittedr��pos�bufr��tmp2s              r��addusertogroupinjailr�osK��
��x��v�
6�
6�C��q����q���\�!��
�%��
�
���{�{�}�}���4�y�y��{�{��z�z�#���H��H�
�
�q� � �S��!��%5�%5��%A�%A� ���C�R�C�(�.�.�s�3�3���E�M�M��H�H�J�J�J��1��$�^�D�%8��%E�h�q�k�%Q�SY�[a�bk�[l�m�m�m��'�'�)�)�C��'�'�)�)�C��G�G�C��D�	�	�M�*�*�*��E�
�
�A�
�
�%��(�b�.�.�!%�������T�*�*�*�"�1�+�e�+�H�Q�K�7��;�C��8�8�E�?�?�D��4��9�S�=�(�C��H�H�S�M�M�M��H�H�J�J�J��1��;�;�=�=�D�-�4�y�y��{�{���.������5�d�:�<�G��H�
�
�U�V\�\�]b�b�dj�lm�n�n�n��q�q�����
�1s �B;H�DH�0(H�AI�Ic��|dz}	t|d��}|�d��|�d��|���tj|d��dS#t
tf$rYdSwxYw)N�
/.htaccessr�z#CageFS autogenerated file
zdeny from all
r�)r�r�r�r�r�r�r�)r�r�r�s   r��create_htaccessr�s����|�#�I�
��Y��$�$��
���2�3�3�3�
���%�&�&�&�
���
�
�
�
���E�"�"�"�"�"���W��
�
�
����
���s�A#A,�,B�Bc�j�|dz}	tj|��dS#ttf$rYdSwxYw)Nr�)r�r�r�r�)r�r�s  r�r�r��sN���|�#�I�
�
�	�)��������W��
�
�
����
���s��2�2c�
�tj�|��}t|��}tjdz}tdz|zdz|zdz}	|	dz}
|rhdD]c}t	j||z|
|zd���dkr@tjd|z|zd	z|
z|ztd��|stjd
���d�n�|dkrt	j||
��}|ddks|ddks|r�	tj|
d
��t	j||
d
|���dkrt!d���t#|g���rt!d|z���n�#t $rW}tjd|zd	z|
zdzt%|��ztd��|stjd
��Yd}~npd}~wwxYwt	j||
d
d
|���dkst#|g���r:tjd|zd	z|
ztd��|stjd
��t&�Xt(j�d��ot(j�d��at.�d��t&r�	|
dz}
|
dz}t(j�|��s?t(j�|
��st5|
d��t7d|��n^#t8$rQ}tjd|zdzt%|��ztd��|stjd
��Yd}~nd}~wwxYwtj�|j��}t?j ��}|D�]x}	tC|
dzd��}|�"|j#dzt%|d
��zd zt%|d!��zd z|d"zd z|d#zd z|d$zd%z��|�$��nC#tjd&|j#zd'ztd��|stjd
��YnxYwtK|	|d!d|��s|stjd
��|D]D}|j#|j&vr4tO|	|j(|j#|��}|s|stjd
���Et	j)|
|j#|d(����zdS))Nrrr)rxz/shadowF��create_parent_dirr��Error copying r'r�r�r�T)�skip_dst_fileszcopytree() failedrz%Failed to setup cl-selector for user zError while copying z: )r[rr�z/etc/apache2/logs/domlogsz	/apache2/z
/apache2/logsz/apache2/logs/domlogsr�zError while creating r(rxr�r�r�rAr�r�r�rzError while adding user z to passwd filerY)*r�r?r�rr�r�r�	copy_filer�r�r�r��!get_additional_etc_files_for_userr�r�copytreer��create_etc_alternativesr��
domlogs_foundr�r�r��
SPECIAL_PATHSr�r�rr+r��
get_pw_by_uidrCr��getgrallr�r��pw_namer�r��gr_memr��gr_gid�add_user_to_shadow)r�rbr��recreate�passwd_only�custom_etc_files�pw_liner��etcskelr��etcuser�cfr�
logs_dir_path�domlogs_pathr�rur�r�r�r�s                     r��copyetcr�sg���n�+�+�D�1�1�G�
�T�
"�
"�F��(�6�1�G��S�=�6�!�C�'�$�.��4�D��U�l�G��( �(�	 �	 �B��"�7�2�:�w�r�z�u�U�U�U�YZ�Z�Z�� �!1�'�!9�"�!<�V�!C�G�!K�B�!N�PV�XY�Z�Z�Z�$� ��H�Q�K�K�K��		 ��t�#�#�(�J�4�QX�Y�Y���6�N�a���V�H�%5��%:�%:�x�%:�	
 ��
�g�t�,�,�,��%�g�w��O_�`�`�`�de�e�e�#�$7�8�8�8�*�D�6�:�:�:�R�#�$K�D�$P�Q�Q�Q�R���
 �
 �
 �� �!7��!?��!F�w�!N�t�!S�TW�XY�TZ�TZ�!Z�\b�de�f�f�f�$� ��H�Q�K�K�K����������
 ����
�"�7�G�T�D�[k�l�l�l�pq�q�q�3�T�F�C�C�C�r�� �!1�'�!9�&�!@��!H�&�RS�T�T�T�$� ��H�Q�K�K�K�� ��G�M�M�*E�F�F�u�2�7�=�=�Yt�Ku�Ku�M�� � ��-�-�-��	 �

 � '�/� 9�
�&�)@�@���w���|�4�4�P��7�?�?�=�9�9�;�$�]�E�:�:�:�$�%@�,�O�O�O����
 �
 �
 �� �!8��!E�e�!K�C�PQ�F�F�!R�TZ�\]�^�^�^�$� ��H�Q�K�K�K����������
 ����
�N�(�(���8�8�E��\�^�^�F��M�M��	��g�	�)�3�/�/�B��H�H�R�Z��%�c�"�Q�%�j�j�0��4�S��A��Z�Z�?��C�B�q�E�I�#�M�b�QR�e�S�TW�W�XZ�[\�X]�]�^b�b�c�c�c��H�H�J�J�J�J��	���7��
�B�CT�T�V\�^_�`�`�`� �
�������������d�B�q�E�4��8�8�	� �
��������	$�	$�B��
�b�i�'�'�*�4���B�J��O�O���$�(�$���������$�W�b�j�&��:K�L�L�L�L�1M�MsA�9A#E�
F>�'A
F9�9F>�A(K9�9
M�AM�M�BP/�/>Q/c�T�	tj|��}n#ttf$rYdSwxYwt	j|j��rw	tj|d��tj
d|ztd��dS#tttjf$r"tj
d|ztd��YdSwxYw	tj
|��tj
d|ztd��dS#ttf$r"tj
d|ztd��YdSwxYw)NFr�r�r�r�r�)r��lstatr�r��stat�S_ISDIR�st_moder�rr�r�r�r�r!)r��sbufs  r��remove_file_or_directoryr#�sR����x��~�~�����W�������������|�D�L�!�!�J�	O��M�$��&�&�&���1�4�7��q�A�A�A�A�A����&�,�/�	O�	O�	O���>��D�V�A�N�N�N�N�N�N�	O����	J��I�d�O�O�O���_�d�2�6�!�<�<�<�<�<����!�	J�	J�	J���9�4�?��q�I�I�I�I�I�I�	J���s0��,�,�	3A>�>:B<�;B<�2C4�4/D'�&D'z/mail/rc�J�tD]}|�|��rdS�dSr�)rr)r��	spec_paths  r��check_special_pathsr&s6��"���	��?�?�9�%�%�	��5�5�	��4r�c�.�tj��s	|tvr]i}tj|dz||dz���t	|��}|���t
||��}|t|<n
t|}|�tj||dz��}|D]q}	tj|	��}
|dz|	z}||vrOt|
��r@|ddkr%tjd|zt|d���bt|���rdS)Nr��cut_pathr�r�r�rY)r��custom_etc_present�files_to_delete_cache�add_tree_to_listr�r�r�rrr&r�r�r�r#)r��userdir�etc_skelrb�etc_user_versionr�etc_user�
etc_user_listr�r�r�r�s            r��	clean_etcr2s?���#�%�%�	B�*:�BW�*W�*W����"�7�6�>�8��PV��W�W�W�W��X���
�������'�
�x�@�@��2A��.�/�/�/�0@�A����$�F�t�W�U[�^�\�\�� �+�+���"�5�)�)�����%�'���'�'�'�,?��,F�,F�'��l�#�q�(�(�� ��d�!2�F�F�9�<M�N�N�N��$�T�*�*�*��+�+r�c�X�ttj�����Sr�)r�r�r?r@r�r�r��get_all_users_from_passwdr4:s�����,�,�.�.�/�/�/r�c	���tjdtd��t||��}t	��}ttjdz��}t
jtdd���t��rt
jtdd���d}|D�]�}t|��}tdz|z}	d|zdz|z}
t|
z}|dz}t
j|	d��r�Ot
j|d��r�et
j
||��}
t
j|
|��}t|��}|ds||kr�tjd	|zd
ztd��tj�|dz��r|ddks|d
dkrt%||||
����nzt%||||
���|dkr3i}t
jtjdz|tjdz���t)||||||
����nd}||vr6tjd	|zd
ztd��d}t%|||d���t
j||��}|r�|s!tjd	|zd
ztd��|dkr3i}t
jtjdz|tjdz���d}|D]N}||vrF||z}|ddkr%tjd|zt|d���<t-|���Ld}�O|rt%||||
���t
j||��t
j||��t
j|d������dS)NzUpdating users ...r�rr~Tr%rrzUpdating user z ...rlr�r�)rr(F)rr�r�rYrt)r�r�r��get_cagefs_usersr�r�r�r�r-rr,�BASEDIR_UIDrrr)r�r�r�rr,r2�get_custom_etc_files_to_deleter#� update_custom_etc_files_for_user�save_custom_etc_log�create_utmp_for_user)rbr�r�r�modified_users�etc_skel_versionr.r�r��	prefixdirr r-�
user_etc_pathr�custom_etc_files2r/�message_printed�custom_files_to_delete�copyetc_neededr��fullpaths                     r�rr?s/����)�F�A�6�6�6��U�I�.�.�E�(�)�)�N�'�y�'A�&�'H�I�I��
��w��t�<�<�<�<����C���;��T�B�B�B�B��H��>B�>B�� ��&�&���c�M�F�*�	���,��$�t�+���G�#���&�(�
���i��/�/�	����g�u�-�-�	��$�F�t�]�[�[��%�.�/?��O�O��+�=�9�9���$�%�&	^�*:�=M�*M�*M���-��4�v�=�v�q�I�I�I��G�N�N�7�=�#8�9�9�
r�v�f�~�QR�?R�?R�X^�_g�Xh�lm�Xm�Xm���f�m�HX�Y�Y�Y�Y�Y���f�m�HX�Y�Y�Y�Y��t�#�#�!�H��.�y�/I�&�/P�RZ�gp�hB�CI�hI�J�J�J�J��$���6�;K�`p�q�q�q�q�q�#�O��~�%�%�� �!1�D�!8�6�!A�6�1�M�M�M�"&����f�m�4�H�H�H�H�%.�%M�d�Te�%f�%f�"�%�
^�&�R��$�%5��%<�v�%E�v�q�Q�Q�Q��t�#�#�!�H��.�y�/I�&�/P�RZ�gp�hB�CI�hI�J�J�J�J�!&��2�.�.�D��8�+�+�#0�4�#7��!�,�/�1�4�4�$�,�[�(�-B�F�F�S\�L]�^�^�^�$�0��:�:�:�:�)-���!�^��D�&�-�L\�]�]�]�]��2�4��G�G�G��%�d�,=�>�>�>��&�t�5�A�A�A�A�A�}>B�>Br�c�l�|�ttd����}|D]}t|d���dSr�)r�r�r�)r�r�s  r��+enable_cagefs_for_users_with_duplicate_uidsrF�sJ����$�%6�t�%<�%<�=�=�
�� � ���D�$����� � r�c��|r$t��}tj|d��n�|�)|�'|rt|��}tj||��njtt	d����}tj|d|���|rt|��t	d��}tj|d|���|�t
|��dSdS)NFT)�	fix_owner)r4r��
update_statusr�r�rF�(reload_php_for_users_with_changed_status)r�r�r|rH�old_enabled_usersr�r�s       r�r�r��s����L�)�+�+�����u�-�-�-�-�	�	�v�1��	(� ��'�'�E����v�.�.�.�.�$�%6�t�%<�%<�=�=�
���
�t�y�I�I�I�I��	G�7�
�F�F�F�*�5�1�1�������K�K�K�K��$�0�1B�C�C�C�C�C�%�$r�c��t��}tt|���|����}t	|��dS)z�
    Filter users and reload php process only if status was REALLY changed
    :param old_enabled_users: enabled users before any status change
    :return:
    N)r�r�r��symmetric_difference�reload_php_for_users)rK�new_enabled_users�users_to_kill_processs   r�rJrJ�sM��*�+�+��
!��%6�!7�!7�!L�!L�M^�!_�!_�`�`���.�/�/�/�/�/r�c�j�|�!|rt��}ntd|��}t|��}|Sr�)r4r�r�)r�rras   r�r6r6�s?���}��	=�-�/�/�E�E�&�d�O�<�<�E�����E��Lr�c�X�td���D]}tj|d����dS)zz
    Create user's personal /home/user/.cagefs/var/run/cagefs/utmp
    file for all users
    For details see CAG-706
    TrFrtN)r6r�r;rRs r��create_utmp_for_all_usersrS�sE��!�4�0�0�0�B�B���&�t�5�A�A�A�A�A�B�Br�c�P�t||��}|D]}td|���dS)N�php)r6r")r�rr�s   r�rNrN�s=���U�I�.�.�E��&�&�����%�%�%�%�&�&r�z/etc/cpanel/ea4/php.confc��t��rdSt��sdS	tjd��j}n#t
$rYdSwxYwt
��}|sdSd}tjd��}|D]�}|�	d��r�tj��D]�}	|d|z}t|d��}|�
d��|���tj|d|���^#t $r0}t#jd	|d
t'|����d}Yd}~��d}~wwxYw��tj|��|S)
z�
    Configure symlink protection for symlinks created for integration with cPanel MultiPHP
    Return True if error has occured
    F�linksafer�ea-phpr�r�z'CageFS integration for cPanel MultiPHP
rzfailed to create filer�TN)r,rr��getgrnamrr�rr�r�rrrr�r�r��chownr�r�r�r�)	�linksafe_gid�confr;�	umask_oldrr��	file_pathr�rs	         r�rr�s���
�����u������u���|�J�/�/�6���������u�u�����$�%�%�D����u��E������I��!�!�����H�%�%�
	!� ��)�)�	
!�	
!��!� $�Q��%��I��Y��,�,�A��G�G�F�G�G�G��G�G�I�I�I��H�Y��<�8�8�8�8���!�!�!��(�)@�)�S�RU�VW�RX�RX�Y�Y�Y� �E�E�E�E�E�E�����!������H�Y�����Ls(�<�
A
�	A
�$AC?�?
D9�	&D4�4D9c�<�|dkrdS|tj��vS)N�nativeF)r��get_alt_versions)�php_verss r��php_version_is_removedrc�s&���8����u��9�5�7�7�7�7r�c�(�|dko||vo||Sr�r�)rb�cl_alt_def_php_states  r��php_version_is_disabledrfs'�� �D�(�y�x�;O�/O�y�Zn�ow�Zx�Vx�yr�c�6
�t||��}d}tjd��}|D�]�}tj�|��}t
|��}	d|	zdz|z}
t|
z}tj�	|���rttj}||z}
tj|
d��r��tj
|
|j|j��|tjz}tj|d��r��tj
||j|j��tj��\}}}}tj|j|j|j��\}}}}|}|dks%|dkrOt)|��st+||��r0|dks%|dkr"t)|��st+||��rd}n|}d}tjD�]�}|}|dkrtj|��}n2tj||��}|dkr|}ntj|��}tjdz|z}||z}tj�|��s�tj|��	tj||��|dkrd}��#t8$rg}d|�d	t;|���d
d����} t?j | |���tj!| tDd
��d}Yd}~��'d}~wwxYw|�r�	tj#|��}!nt#t8$rg}d|�d	t;|���d
d����} t?j | |���tj!| tDd
��d}Yd}~���d}~wwxYw|!�$d���rtj�%|!��\}"}#tj�%|��\}$}%d}&|"|$kr|#|%kr|}&|&dkr�	tj&|��tj|&|����X#t8tNf$rg}d|�d	t;|���d
d����} t?j | |���tj!| tDd
��d}Yd}~���d}~wwxYw���tj(||j|j|j||||||||��tSj*||||j|j��rd}tW|||���rd}���tj|��|S)NFrrr�r`�php.iniTr+r(�ErrnozErr code)�exc_infor��Error: failed to read symlink z/opt/alt/php�r*),r6r�r�r�r?r�rrr�r�r��ETC_CL_ALT_PATHr-r�rCrD�ETC_CL_PHP_PATH�read_cl_alt_defaults�read_cl_alt_backup_as_userrArcrfr�get_usr_selector_path�get_alt_confr�r�r0r�r�r�r-r;r�r�r!rrr!r��select_default_php_modulesr��create_php_ini_for_DAr)'r�r�repair_symlinks�reset_modules_to_default�rebuild_alt_php_inir;r�r�r�r�r r-�LINK_DIR�link_dir�user_php_dir�cl_alt_def_vers�cl_alt_def_modulesre�cl_alt_def_other�def_vers�php_modules�php_state_ignored�
other_ignored�def_vers_old�changedrr3�LINK_TO�alt_path�	LINK_NAMErUr�msgr��link_to_dirname�link_to_filename�_dirname�	_filename�repaireds'                                       r�r
r
	s����U�I�.�.�E��E��(�1�+�+�K��r�r��
�^�
*�
*�4�
0�
0�� ��&�&���f�*�S�.��%���G�#��
�7�=�=��!�!�l	� �0�H���)�H��!�(�E�2�2�
�����"�)�R�Y�?�?�?�#�Y�%>�>�L��!�,��6�6�
�����b�i���C�C�C�Zc�Zx�Zz�Zz�W�O�/�1E�GW�FO�Fj�km�kt�vx�v�BD�BK�GL�GL�C�H�k�#4�m�#�L��D� � �x�4�'7�'7�3�H�=�=�(8�AX�Ya�cw�Ax�Ax�(8�$�t�+�+�/�T�2I�2I�/��@�@�3J�D[�\k�nB�EC�EC�3J�'�H�H�.�H��G�"�0�8
-�8
-�� ���x�'�'�'�=�e�D�D�G�G�(�5�h��F�F�H��4�'�'�"*���"+�"A�%�"H�"H��%�5�c�9�(�B�	�#�i�/�	��w�~�~�i�0�0�'-��0��;�;�;�%��
�7�I�6�6�6� �I�-�-�&*�G���"�%�%�%�t��t�t�s�ST�v�v�~�~�^e�gq�Or�Or�t�t����S�1�5�5�5�5� �(��f�a�8�8�8� $�����������	%����%�-�!�"$�+�i�"8�"8����"�!�!�!�r�y�r�r�S�QR�V�V�^�^�\c�eo�Mp�Mp�r�r����S�1�5�5�5�5� �(��f�a�8�8�8� $�� ���������!�����)�)�.�9�9�-�<>�G�M�M�'�<R�<R�9��)9�.0�g�m�m�G�.D�.D�+��)�#'��*�h�6�6�;K�y�;X�;X�'.�H�#�t�+�+�-� "�	�)� 4� 4� 4� "�
�8�Y� ?� ?� ?� ?��$+�W�#5�-�-�-�&|��&|�&|�WZ�[\�W]�W]�We�We�fm�oy�Wz�Wz�&|�&|�� &��S�1� =� =� =� =� (� 0��f�a� @� @� @�(,�����������	-�����
�0��13��13��13��19�1C�1<�18�1=�1I�1D�15�
7�
7�
7��2�7�D�(�B�I�WY�W`�a�a�
���!��X�W�=�=�=�
�����H�[�����LsK�%J�
K4�
AK/�/K4�;L�
N�AM<�<N�5)P � R�1AR�Rc�R�|sd}t|dd���t|���dS)NT)r�rrvr�r
rNrs r�rvrv�s<�������E�t�X\�]�]�]�]���'�'�'�'�'�'r�c�R�|sd}t|dd���t|���dS�NT)r�rrwrr�rs r�rwrw�s<�������E�t�SW�X�X�X�X���'�'�'�'�'�'r�c�j�|sd}dt_t|dd���t|���dSr�)r��validate_alt_php_inir
rNrs r��check_php_ini_optionsr��sC������%)�I�"��%�4�T�R�R�R�R��u�%�%�%�%�%�%r�c�j�|r0|ddkr$|dddkr|dxxdz
cc<dSdS)Nrr�rLrTFr�)�liness r�r�r��sH�����q��R���E�"�I�b�M�T�$9�$9�
�b�	�	�	�T��	�	�	��t��5r�c��|r|tt��}t|��|�|��t	jt|��t
jtd��t��dSdS)Nr�)	rrr�rr�r�r�r�r�)�	new_linesr�s  r��write_cagefs_mpr��sx�����*�%�%���U����
���Y������Z��/�/�/�
���U�#�#�#�������
�r�c��tj�d��r�tj�t��r�tddd���}|j}g}tjd��}|D]?}||vr9tj�|��rd|z}|�|���@t|��dSdSdS)zf
    Add mount points like "@/var/cpanel/php/sessions/ea-php56,700" to /etc/cagefs/cagefs.mp file
    z/var/cpanel/php/sessionsT�r8r9r�z/var/cpanel/php/sessions/ea*z@%s,700
N)
r�r�r�r�rr:r<�globr�r�)rGr<r��php_dirs�php_dir�	mount_strs      r�r)r)�s���
�w�}�}�/�0�0�#�R�W�^�^�J�5O�5O�#�$��"��
�
�
�	�
$�3���	��9�;�<�<���	,�	,�G��o�-�-�"�'�-�-��2H�2H�-�'�'�1�	�� � ��+�+�+���	�"�"�"�"�"�#�#�#�#r�c��tddd���}|jt_|j}g}dtjvrBdtjvr4tj�d��|�d��tj��}|D]k}d|z}d|z}||vr|�|��d|z}d|z}||vr|�|��d	|z}d
|z}||vr|�|���lt|��dS)zU
    Add mount points for php selector and alt-php to /etc/cagefs/cagefs.mp file
    Tr�z	/opt/alt
z/opt
�/opt/alt/%s/linkz@/opt/alt/%s/link,700
�/opt/alt/%s/var/lib/php/sessionz%@/opt/alt/%s/var/lib/php/session,700
�/var/log/alt-%s-newrelicz@/var/log/alt-%s-newrelic,700
N)r:r;r�r2r<r��get_alt_dirsr�)rGr<r��alt_php_dirsr��
mount_pathr�s       r�r(r(�sL��!�������I�
!�.�I���/�O��I��I�,�,�,�8�9�CS�3S�3S������-�-�-�����&�&�&��)�+�+�L��(�(��'�'�1�
�-��7�	��_�,�,����Y�'�'�'�6��@�
�<�w�F�	��_�,�,����Y�'�'�'�/�'�9�
�5��?�	��_�,�,����Y�'�'�'���I�����r�c��tj��}td�|D����}|�d�|D����|�d�|D����t	t
��}g}t
jd��}d}|D]^}|�|��}|r0|�	d��|vr|�
|���Fd}�I|�
|���_|rDtjt
|��tj
t
d��t��d	Sd	S)
z^
    Remove mount points for uninstalled alt-php versions from /etc/cagefs/cagefs.mp file
    c��g|]}d|z��S)r�r��r�r�s  r�rBz2remove_mounts_for_php_selector.<locals>.<listcomp>�s��R�R�R�'�+�g�5�R�R�Rr�c��g|]}d|z��S)r�r�r�s  r�rBz2remove_mounts_for_php_selector.<locals>.<listcomp>�s��b�b�b�'�;�g�E�b�b�br�c��g|]}d|z��S)r�r�r�s  r�rBz2remove_mounts_for_php_selector.<locals>.<listcomp>�s��[�[�[�7�4�w�>�[�[�[r�z\@(/opt/alt/php\d\d/link|/opt/alt/php\d\d/var/lib/php/session|/var/log/alt-php\d\d-newrelic),Fr�Tr�N)r�r�r�r[rrr�rrr�r�r�r�r�r�)�php_alt_dirs�
needed_mountsr�r�r!r�r.r�s        r��remove_mounts_for_php_selectorr��sW���)�+�+�L��R�R�\�R�R�R�S�S�M����b�b�Ua�b�b�b�c�c�c����[�[�l�[�[�[�\�\�\��j�!�!�E��I��j�x�y�y�G��G��#�#���M�M�$�����	#��w�w�q�z�z�]�*�*�� � ��&�&�&�&�������T�"�"�"�"�����Z��3�3�3�
���U�#�#�#��������r�c��tj�t��sdSd}g}t	dd���}|j}|j}||vr�||vr�tt��}t|��|�	d|z��tjt|��tjtd��t��dSdSdS)zJ
    Adds mount point for default location of PHP APM DB
    :return:
    Nz/var/php/apm/dbT)r8r9z@%s,777
r�)r�r�r�rr:r;r<rr�r�r�r�r�r�)�path_to_addr<rGr2r�s     r��add_mount_for_php_apmr�s���
�7�>�>�*�%�%����#�K��O� ������I��
$�F��/�O��/�)�)�k��.G�.G��*�%�%���U����
���[�;�.�/�/�/���Z��/�/�/�
���U�#�#�#�������*�)�.G�.Gr�c	�:�t��rdS	tjd��j}n#t$rYdSwxYwtj��}d}|D]�}d|z}d|z}	tj�	|��st|d��tj|d|��t|d���
��tj|d|����#t$r/}tjdd	t#|����d
}Yd}~��d}~wwxYw|S)z�
    Cretate /etc/cl.php.d/alt-phpNN directories for all alt-php versions (in real filesystem) with group owner 'linksafe'
    for details see CAG-532, CAG-454
    Return True if error has occured
    FrWz/etc/cl.php.d/alt-%sz /etc/cl.php.d/alt-%s/alt_php.inir�rr�zfailed to configure linksafer�TN)r,r�rYrr�r�r�r�r�r�rrZr�r�r�r�r�r�)r[r�r;r��etc_php_dir�alt_php_inirs       r�rr"sM�������u���|�J�/�/�6���������u�u������)�+�+�L��E�����,�w�6��8�7�B��	��7�>�>�+�.�.�
1��[�%�0�0�0��H�[�!�\�2�2�2���c�"�"�(�(�*�*�*��H�[�!�\�2�2�2�2���	�	�	�� �!?��c�!�f�f�M�M�M��E�E�E�E�E�E�����	�����Ls%�,�
:�:�!A=C�
D�)%D�Dc��tj�tjd��}tjd|��dS)Nzetc/cl.selector.conf.dz/etc/cl.selector)r�r�r�r�r}r	)�cl_selector_targets r�rr@s7������i�&D�F^�_�_��
��)�+=�>�>�>�>�>r�c���tj|��D]�}|�d��r�tj�||��}tj�||��}tj�|��st
|����tj�|��r/tj�|��st||����dS)z�
    Delete from cagefs_dir files/dirs that do not exist in orig_dir
    :param cagefs_dir: path to dir in CageFS (dir to delete files from)
    :type cagefs_dir: string
    :param orig_dir: path to original dir
    :type orig_dir: string
    r$N)
r�r�r�r�r�r�r#r�r��clean_dir_recursive)�
cagefs_dir�orig_dirr�r��cagefs_paths     r�r�r�Fs����Z�
�+�+�8�8�	����i�(�(�	���G�L�L��9�5�5�	��g�l�l�:�y�9�9���w���y�)�)�	8�$�[�1�1�1�1�
�W�]�]�;�
'�
'�	8�����{�0K�0K�	8���Y�7�7�7��8�8r�c��t��sdSddddd�}d}d}t��}|sdS	|d	}n#t$rYdSwxYw|D�]7}|�d
���r|D�]}||z}	t�|	��}
|�|	��}t
j�|	���r�t
j�|��sEt��tj
|d��r"t��tj
d��|rvtjt d
ddd||
g��}|dkrtjt d
dd||
g��}|dkr)t#jd|��tj
d����tj|	��D�]�}
|
�d��r�t
j�|	|
��}t
j�||
��}t
j�|��rPtj||d���r8t#jd|zdz|zt0d��tj
d����||krk|
|vrgt3||
|t0���rEtj|
��t3||
|t0���rtj
d��|dz
}tj||dd���rctj|
��tj||d���r8t#jd|zdz|zt0d��tj
d��|�d��r&t9��x}�tj|d|��������9|st=|dzd��|�b|sbtjt@z}t
j�!|��rtj"t@|d���rtG|��dSdSdSdS) z�
    Setup CageFS for integration with cPanel MultiPHP
    For details please see CAG-445
    :param do_mount: when True, do mounting; when False, do copying files to CageFS
    :type do_mount: bool
    Nz/etc/cl.selector/ea-phpz/etc/cl.selector/ea-php-cliz/etc/cl.selector/ea-php.iniz/etc/cl.selector/ea-lsphp)zphp-cgirUrh�lsphpz"/usr/share/cagefs/.cpanel.multiphp)z/opt/cpanel/%s/root/usr/binz/opt/cpanel/%s/root/etcr^rXr�r�r�r�r�r�rr�r�r$T)r[rr'r�F)rr[rrLz/opt/cpanel)�	use_cache)$rrr�rr�r�r�r�r�r�r-rDr�r�r�r�r�r�r�r�r�r�r	r�r�r�kill_phprrrZr�r��EA4_PHP_CONFr��is_update_neededr)r1rb�
SYMLINK_NAMES�CAGEFS_PHP_BASEDIR�
DIRS_TO_MOUNTr\�default_phprr��optdir�
cagefs_optdirr�r�r�r��	dest_filer[�php_confs                  r�rBrBYs_��������8�+H�/L�-H�J�J�M�>��N�M�#�%�%�D�������9�o����������������-F�-F�����H�%�%�,	F�%�+
F�+
F������*2�(�F�F� ;�
�'9�'9�6�6�B�
��7�=�=��(�(�'F��7�=�=��4�4�(�+�-�-�-�$�-�j�%�@�@�(�/�1�1�1��H�Q�K�K�K�� F�(�o�u�d�D�(�I�Wa�cp�.q�r�r���!�8�8�",�/�5�$��F^�`j�ly�2z�"{�"{�C��!�8�8�$�0�1B�J�O�O�O��H�Q�K�K�K��*,��F�);�);�F�F�I�(�1�1�)�<�<�)� (�(*����V�Y�(G�(G�I�(*����Z��(K�(K�I�!�w�}�}�Y�7�7�)�#,�#5�i��SW�#X�#X�#X�!0�$,�$4�5E�i�5O�PV�5V�W`�5`�bh�jk�$l�$l�$l�$'�H�Q�K�K�K� (�$��3�3�	�]�8R�8R�#1�-�	�2J�I�^d�#e�#e�#e�!4�$-�$6�y�$A�$A�$A�'5�m�I�6N�PY�bh�'i�'i�'i�%4�(+������ )�Y� 6�	�(�2�9�i�[`�im�n�n�n�0� )� 2�9� =� =� =�#,�#6�y�)�_d�#e�#e�#e�!0�$,�$4�5E�i�5O�PV�5V�W`�5`�bh�jk�$l�$l�$l�$'�H�Q�K�K�K�(�1�1�)�<�<�F�Rb�Rd�Rd�Bd�,�Aq� "���B�� E� E� E�����M��.�}�<�m�L�L�L���X���-��<���w�~�~�h�'�'�	$�9�+E�l�T\�hm�+n�+n�+n�	$��F�#�#�#�#�#�	����	$�	$s�8�
A�Ac��t��t��}t��p|}tjt
��tj��tj�	d��sStj�	d��r4tj�
d��}tj|d��tj
��}|rddlm}m}|��||��tj�d��s_	t%dd��t'��n?#t(t*f$r+t-jd��t1jd��YnwxYwt5��t7��tj��t;d	d	�
��tj��rt?|d	���p|}tj �!��D�]�\}}tj�
|��}	|�"d��sVtj�#|��r7tj$|��s#tj|t
|z��dkrd	}tK��r�|d
vr�|	�"d��sVtj�&|	��r7tj$|	��s#tj|	t
|	z��dkrd	}tj'|��rd	}��%|	�"d��sntj$|	��rt-j|	d��d	}��gtj(|	d���s+tj)|��rt-jd|��d	}���|r|sddl*}
|
�+��tYd|���|dst[��|st]d��dSdS)Nz/usr/local/bin/lsphpz/usr/local/lsws/fcgi-bin/lsphp5r)�litespeed_configure_selector�replace_alt_settingsz/opt/altr�z#failed to create directory /opt/altr�T)rru)rr)rUzphp-clir�rhz@is mounted to CageFS. CloudLinux Selector will not be available.Frz)CloudLinux Selector setup error for path:)r1rb�skip-php-reloadz%CloudLinux Selector setup: successful)/r�rrr�r�r��"configure_selector_for_directadminr�r�r�rr�rrarr�r�r�rr�r�r�r�r�r�r�r(r)r	r
�is_etc_in_native_confrrr
rr�r�rr��create_php_stubrr�cagefs_ispmanager_lib�!configure_selector_for_ispmanagerrBrNr)rbrXr;�
lsphp_path�altr�r�rr�rr�s           r��setup_cl_altr��sU������/�1�1�E�.�0�0�9�E�E��2�8�<�<�<��4�6�6�6��7�>�>�0�1�1�D�
�7�>�>�;�<�<�	D���)�)�*K�L�L�J���
�,B�C�C�C��
$�
&�
&�C�
�&�X�X�X�X�X�X�X�X�$�$�&�&�&���W�%�%�%��7�?�?�:�&�&��	���U�+�+�+��!�!�!�!����!�	�	�	�� �!F�G�G�G��H�Q�K�K�K�K�K�	���� �!�!�!�"�$�$�$��� � � ����E�E�E�E��&�(�(�O����E�E�E�N���&�3�9�9�;�;�����y��W�%�%�i�0�0�
��$�$�W�-�-�	�"�'�.�.��2K�2K�	�$-�$=�i�$H�$H�	�MV�M`�aj�lt�xA�mA�NB�NB�FG�NG�NG��E����	��)O� O� O��)�)�'�2�2�
�r�w�~�~�j�7Q�7Q�
� )� 9�*� E� E�
�JS�J]�^h�jr�u�j�KA�KA�EF�KF�KF����(��/�/�
�����$�$�W�-�-�	��(��4�4�
��$�Z�1s�t�t�t�����3�J�e�L�L�L�
�QZ�Qg�hm�Qn�Qn�
��$�%P�R[�\�\�\�����B�E�B�$�$�$�$��?�?�A�A�A��5��8�8�8�8��#�$�������7�
�5�6�6�6�6�6�7�7s�D<�<9E8�7E8c	��t||��}tj��\}}}}tj��}t	|��}|dkrd}	n8|dkrd}	n/||vs||vr%||sd}	tjd|	|dd||��n|}	d}
|dkrd|vr
|dsd}
d}|D�]�}tj�|��}
t|��}d|zdz|z}t|z}tj}||z}tj
�|���r7d}tj|	��D�]�}tj|��}|	dkr|}ntj|	|��}|dkr�<|dz|z}tj
�|��sj|dkrd}tj|��	tj||����#t*t,f$r#t
jd|zt0d��d}Y��wxYw	tj|��}n8#t*t,f$r$t
jd	|zt0d��d}Y��wxYw||kr-|	dkr'|
s|r#|dkrd}t5||t0�
��rd}��N|||fvrF|s#||vstj
�|��s!|dkrd}t5||t0�
��rd}���t9|
|	|���rd}|rt;d|��tj|
j|
j |
j!��\}}}}|dks||	kr)|r'tj|
j|	||
j |
j!�����|S)
Nr`rFTrrhr�r�rkr�rlrU)"r6r�rorar�write_cl_alt_to_backupr�r?r�rrrmr�r�r��get_alt_aliasesrqrrr�r�r0r�r�r�r�r!rr�rr"rprArCrD)r�rr*r{r|rer}�alt_versions�	alt_paths�	dest_vers�native_php_is_disabledr;r�r�r�r r-rxryr�r3�native_path�	dest_pathrUr�r~rr�r�s                             r��remove_etc_alternativesr��s\���U�I�.�.�E�R[�Rp�Rr�Rr�O�O�'�)=�?O��-�/�/�L��2�3�3�I��$����	�	�	�H�	$�	$��	�	�
��
-�
-�O�G[�4[�4[�fz�|K�gL�4[��	��(��y�:L�a�QR�Th�jz�{�{�{�{�$�	�"����$�$�8�7K�+K�+K�Vj�ks�Vt�+K�!%���E��Fj�Fj��
�^�
*�
*�4�
0�
0�� ��&�&���f�*�S�.��%���G�#���,���X�%��
�7�=�=��"�"�=	j��G�&�5�i�@�@�*
)�*
)��'�=�h�G�G����(�(� +�I�I� )� 6�y�(� K� K�I� �D�(�(� �$�S�L��1�	��w�~�~�i�0�0�)��9�,�,�"&���0��;�;�;�%��
�9�i�8�8�8�8��#�W�-�%�%�%� �(�)H�9�)T�V\�^_�`�`�`� $����%����!�"$�+�i�"8�"8����#�W�-�!�!�!� �(�)I�I�)U�W]�_`�a�a�a� $�� ��!���� �;�.�.�Y�(�5J�5J�Qg�5J�kp�5J�#�y�0�0�&*�G�)�)�Y�v�N�N�N�)�$(�E��"�+�y�)A�A�A��A�SZ�bk�Sk�Sk�uw�u|�vE�vE�FM�vN�vN�Sk�#�y�0�0�&*�G�)�)�Y�v�N�N�N�)�$(�E��!��Y�g�>�>�>�
����
.� ���-�-�-�GP�Fj�km�kt�vx�v�BD�BK�GL�GL�C�H�k�#4�m��D� � �H�	�$9�$9�w�$9��0���I�{�TV�T]�_a�_h�i�i�i���Ls$�3G	�	1G=�<G=�H�1I�
Ic���t��rdS	tdd��}|���}|���t	|��S#t
$rYdSwxYw)NTz/proc/lve/listr�F)r,r�r�r�rr�)r�r.s  r��kernel_is_supportedr�isr�������t���!�3�'�'���z�z�|�|��	���	�	�	��D�z�z��������u�u����s�AA�
A'�&A'c��t��s8t��tjd��t	jd��dSdS)Nz.Error: current running kernel is NOT supportedr�)r�r�r�r�r�r�r�r�r��check_kernelr�usI��� � ��������I�J�J�J����������r�c�.�tt��dSr�)r��config_copyr�r�r��do_profilingr�s���+�����r�c�J�tj�t��sdS	t	jtdg��}|dkr%t
jdtztd��dSn4#t$r't
jdtztd��YdSwxYwdS)NF�--toggle-pluginrr�r�TzError: failed to run )
r�r�r��PLUGIN_STATEr�r�r�r�r�r�)r�s r��run_toggle_plugin_utilityr��s���
�7�>�>�,�'�'���u���o�|�->�?�@�@���!�8�8���Y�|�3�V�Q�?�?�?��4���������0��=�v�q�I�I�I��t�t������5s�AA/�/-B �B c�"�t��dSr�)r�r�r�r��
toggle_pluginr��s�������r�c���t��r4|td��vr#td��tjd��td��tjd��dS)NT�Enabledr�Disabledr�)rdr�rr�r�rRs r��print_user_statusr��s^�������$�T�*�*�*�*��)�����H�Q�K�K�K�	�*�����H�Q�K�K�K�K�Kr�c��t��r#td��tjd��td��tjd��dS)Nr�rr�r�)rdrr�r�r�r�r��print_cagefs_statusr��sJ������
�i����������	�*�����H�Q�K�K�K�K�Kr�c��tjdd���}	|�|��n#tj$rgcYSwxYwt	j||d��S)z, Read paths separated by commas from a file NF)�
interpolationrfrM)rh�ConfigParserrkr�r�rw)r3r�s  r��read_paths_from_filer��sm��
�
#�$�u�
E�
E�
E�C�����������������	�	�	������.�s�H�g�F�F�Fs�.�A�Ac���t|��}t|��}tjd��}	t	|d��}|�d|z��|r|�d|z��|�d��t
t|����D]B}|dkr|�d||z���'|�||���C|�d��|���nA#t$r4}tjd	|zd
zt|��z��Yd}~nd}~wwxYwtj|��dS)z! Write paths from list to a file r�r�z[%s]
zcomment=%s
r�rr�rr�r(N)
rZr�r�r�r�r�r�rMr�r�r�r�r�)r3rM�commentr�r��indexrs       r��write_paths_to_filer��sp���e�$�$�E��u�%�%�E��(�4�.�.�K�M���3����	����8�#�$�$�$��	.�
�G�G�N�W�,�-�-�-�	��������3�u�:�:�&�&�	&�	&�E��q�y�y�����u�U�|�+�,�,�,�,�����e��%�%�%�%�	����
�
�
�	���	�	�	�	���M�M�M���/�(�:�U�B�S��V�V�K�L�L�L�L�L�L�L�L�����M�����H�[�����s�CD�
E�*E
�
Ec��t��tj�tjdz��s(t
jd��tj	d��t��jt_tj
���}d}|D]}|�d��rd}n�|�rt!jtjdzd��tj�tjdz��se	t'tjdzd��nF#t($r9t
jdtjdz��tj	d��YnwxYwt	jtjdztjdzd��dkr(t
jd	��tj	d��d}g}|D�]!}|���}|�d
��r�tj�|��stj�|��r�|�d��rKt	j|tj|zd���s&t5|��d}|�|����t	j|��sCt	j|t:|zd���s$t5|��|�|����#|r9t=��t?��stA��rtC|��tDdz}tG|��}|�$|��tK||d
��g}tMtN|��tQ||��|�$|��tS|��dS)zH Read paths from stdin and updates appropriate files in cagefs-skeleton rz&skeleton of etc directory is not foundr�FrTr�rz.Error while creating skeleton of etc directoryrrzcagefsctl-update-list.cfgz0Files added by "cagefsctl --update-list" commandN)*r�r�r�r�r�r�r�r�r�r�r:r;r2rNr�rr�rr}rr�r	r1r�r�rrr�r�r�r�rgr�rrjr�rr�r�r�r�r�)	rb�files�	etc_foundr3�etc_modified�copied_files�UPDATE_LIST_CFG_FILEr�r�s	         r��update_listr�s�������
�7�=�=��3�F�:�;�;����E�F�F�F�������'�)�)�7�I���I���!�!�E��I��������w�'�'�	��I��E�	����
�i�4�V�;�T�B�B�B��w�}�}�Y�;�F�B�C�C�	�
��Y�;�F�B�E�J�J�J�J���
�
�
��$�Z��1O�PV�1V�W�W�W���������
������i�8��?��A_�`f�Af�hl�m�m�qr�r�r�� �!Q�R�R�R��H�Q�K�K�K��L��L��2�2���>�>�#�#�����s�#�#�		2������)A�)A�		2�R�W�^�^�T\�E]�E]�		2��"�"�7�+�+�
2� �*�8�Y�5S�T\�5\�rv�w�w�w�2��(�O�O�O�#'�L� �'�'��1�1�1���/��9�9�
2� �*�8�X�h�5F�\`�a�a�a�2��(�O�O�O� �'�'��1�1�1�������� �!�!�	�'8�':�':�	��v����&�(C�C��
�3�
4�
4�C��J�J�|�����,�c�3e�f�f�f��M�
�j�-�(�(�(���l�+�+�+�����&�&�&�"�=�1�1�1�1�1s�D.�.AE1�0E1c������fd�}|S)Nc�X��tj���tj���dSr�)r��setgid�setuid)�gidr%s��r��funczdemote.<locals>.funcs!���
�	�#����
�	�#�����r�r�)r%rrs`` r��demoter
s)�����������Kr�c
��tj���}tj��}ttj����}|�d��tj	�
d��r|�d��t��s>t��s0tj
��}|D]}|�d|z���tdd��}|D�]}|���}||}tj	�|jd��}	tj	�
|	��r�|�|	��|D]^}
tj	�|jd��|
z}tj	�
|��r|�|���_t'j|||t+|j|j��|j�����dS)	Nrz/var/lib/php/sessionr�z	/dev/nullr�z.cagefs/tmpr$)r7r�
preexec_fnr)r�r?r@r��get_tmpwatch_paramsr��get_tmpwatch_dirsr�r�r�r�rrr�r�rr�rAr�r�r�rrCrD)r��tmpwatch_command�
tmpwatch_dirsr�r��dev_nullr�r�r.r��dir_namer4s            r�rrrrs���	��	%�	%�	'�	'�B� �4�6�6���	�3�5�5�6�6�M����3�4�4�4�	�w�}�}�+�,�,�2����0�1�1�1��;�;�K�x�z�z�K�
!�-�/�/��#�	K�	K�G����?�'�I�J�J�J�J��K��%�%�H��A�A���$�$�&�&���$�x���7�<�<���]�;�;���7�=�=��"�"�	A��J�J�x� � � �)�
)�
)���7�<�<���Y�?�?�(�J���7�=�=��*�*�)��J�J�x�(�(�(���O�C���f�UY�U`�bf�bm�Nn�Nn�tx�t�
A�
A�
A�
A��A�Ar�c��tj��}|D])}||j�d��dkrdS�*dS)Nzcagefs-skeletonrLTF)r�r�rArh)r�r�s  r�r�r�3sR��	�	�	 �	 �B�����
�d�8�?��� 1�2�2�b�8�8��4�4�9��5r�c��g}|D]Q}t|��r|�|���'tjd|d��t	jd���R|S)Nr�r�r�)rSr�r�r�r�r�)r�r�r�s   r��get_users_from_argsr>se���E������x� � �	��L�L��"�"�"�"�� ���3C�D�D�D��H�Q�K�K�K�K��Lr�c�P�	tj�|��}n#tj$rYdSwxYwt|��}t
��|tkr�tj	�
t��r?tj	�
tdzt|��zdz|z��rdStj	�
t��r?tj	�
tdzt|��zdz|z��sdSdS)z,
    Check that cagefs enabled for user
    FrT)r�r?�get_uidr!r�rr�r�r�r�r�rZr�rY)r�r%�user_prefixs   r��is_user_enabledrIs����n�$�$�X�.�.�����$�����u�u�����!�(�+�+�K��M�M�M�
�g�~�~�
�7�>�>�+�&�&�	�2�7�>�>�+��:K�c�R]�N^�N^�:^�ad�:d�go�:o�+p�+p�	��4�
�7�>�>�,�'�'�	�����|�c�?Q�TW�Xc�Td�Td�?d�gj�?j�mu�?u�0v�0v�	��4��5s�"�5�5c��tdzt|��zdz|zdz}tj||��}tj||��}t||dd|���tj||��tj||��dS)NrrF)r�rr)rrr�rr)rr9r:)r�rbr?rr@s     r��cpetc_for_userr[s����c�M�O�H�$=�$=�=��C�h�N�QW�W�M� �B�8�]�[�[��!�*�+;�]�K�K���H�f�e��Zj�k�k�k�k�
�.�x��G�G�G�
�!�(�,=�>�>�>�>�>r�c��	tj�t��sdSt	td��}|���}|���d�|D��}tD]?}d|z}||vr4tj�|��r|�	|���@d�|D��}t	td��}|�
|��|���dS#t$r4}tdt|��tj���Yd}~dSd}~wwxYw)Nr�c�6�g|]}|�����Sr�)r1�r��ls  r�rBz0add_spamassassin_dirs_cpanel.<locals>.<listcomp>ps ��>�>�>��1�7�7�9�9�>�>�>r�rc��g|]}|dz��S)rr�rs  r�rBz0add_spamassassin_dirs_cpanel.<locals>.<listcomp>ws��;�;�;�a�1�T�6�;�;�;r�r�zError:)r�)r�r�r�rr�r�r�r'r�r��
writelinesr�rr�r�r7)r��cagefs_mp_linesr.�line_to_check_and_writers     r��add_spamassassin_dirs_cpanelr!esG��1��w�~�~�j�)�)�	��F�
��S�!�!���+�+�-�-��	���	�	�	�>�>�o�>�>�>��1�	@�	@�D�&)�$�h�#�&�o�=�=�"�'�-�-�PT�BU�BU�=��&�&�'>�?�?�?��;�;�?�;�;�;��
��S�!�!��	���_�%�%�%�	���	�	�	�	�	���1�1�1�
�h��A���S�Z�0�0�0�0�0�0�0�0�0�0�����1���s�$D�CD�
E�)D=�=Er�r0c�P�|D]�}tjtt|��|gtjtjd���}|���\}}trA|jr)tj	d||�
������td|d����dS)z�
    Unmount path in all LVE namespaces.
    Enter to LVE and unmount directory without destroying LVE.
    :param: path `str` path for unmount
    :param: lve_list `list` list of id's for existing LVEs
    :return: None
    T)rr7r�LVEzUnmount for LVE�	succeededN)r�r�
LVE_UMOUNTr�rrrIr
r�r�r1r)r�r0r2r<r��strerrs      r��unmount_dir_in_lver'�s����>�>����j�#�f�+�+�t�<�$.�O�$.�O�"&�
(�
(�
(���M�M�O�O�	��6��	>��|�
>��$�U�F�F�L�L�N�N�C�C�C�C��'���=�=�=��>�>r�c
�4�gd�}tj|dd���}|jrWtjdg|�d�|j�d�t|j������R�tj	d��|j
���}|D]�}|r~tjdd	d
|td|gdd���}trT|jr<tjd|dt|j��������qtd
|d����dS)z�
    Unmount directory in all mount namespaces of all processes running in a system
    :param path: absolute path to directory to unmount
    )rz--no-headersz-xaor�T)rrzfailed to execute:zreturn code:zstderr:r�z/usr/bin/nsenter�-mz-tr5�PIDzUnmount for PIDr$N)r�r	r
r�r�r�r7r1r�r�rrr9rIr)r��ps_cmdr<�pidsr�s     r��unmount_dir_for_all_processesr-�sS��8�
7�
7�F���v�d��>�>�>�A��|����1�	]�F�	]�+�	]�-.�\�	]�;D�	]�FI�!�(�m�m�FY�FY�F[�F[�	]�	]�	]�	]��������8�>�>���D��
?�
?���		?��� 2�D�$��V�T�SW�X�.2��?�?�?�A��
?��<�?��(���Y��A�H�
�
�@S�@S�@U�@U�V�V�V�V��+�S�+�>�>�>��
?�
?r��dir_listc�Z�tjd���}d}|D]<}tj�|��|vrd}tjd|dd���=|rtjd��t��|D]-}t|t����t|���.dS)	z�
    Unmount directories from list in all mount namespaces
    :param dir_list: list of paths to directories for unmounting
    T)r�Fr�zis mounted. z9Please unmount the directory before running this command.r�N)
r�r�r�r�rr�r�r�r�r�r'r3r-)r.�mounted_dirs�foundr�s    r��unmount_dirr2�s����-��>�>�>�L��E��^�^�	�
�7���I�&�&�,�6�6��E�� ��i��!\�
^�
^�
^�����������N�N�N��1�1�	��9�l�n�n�5�5�5�%�i�0�0�0�0�1�1r�c���	tj�|��}n,#tj$rtjd|d��YdSwxYwt
��rtj|��St|��}tj�t||dz��}tj�|��}tj|d��t#|dd���}t%|g��rtjd|��dSdd	t'|j��d
dg}	t+j|d�
��n#t.$rtj|�YdSwxYwdS)z
    Unmount CageFS for user. Return True if error has occured
    :param user_name: name of user
    :type user_name: str
    �Userzdoes not existsTr�r~)r�r�z$Failed to destroy/apply LVE for userrz-mekz/usr/sbin/cagefsctl�--unmount-cur-nsF�r�)r�r?r�r!r�r�r,�cagefs_without_lve_lib�_delete_namespace_userrr�r�r�rr r�r-r�rbr�rCr�r�r�)�	user_namer�r��	lock_pathr4r�r�s       r��unmount_userr;�s}���
�^�
*�
*�9�
5�
5�����$������V�Y�0A�B�B�B��t�t��������H�%�<�Y�G�G�G��Y�
'�
'�F�����W�f�i��.?�@�@�I��w���y�)�)�H�
��x��'�'�'��Y�T��6�6�6�A��	�{������C�Y�O�O�O��t�
 ���R�Y���9N�Pb�
c�C�����5�)�)�)�)�)��������c�"�"��t�t������5s!�"�%A�
A�/E�E"�!E"c��tj�tj�td����S)z=
    Checks that cagefs skeleton exists and is not empty
    �bin)r�r�r�r�r�r�r�r�r�r��s(���7�=�=�����h��6�6�7�7�7r�c��t��s(tt��tjd��tt
��dSr�)r�r�SKELETON_NOT_INITIALIZEDr�r��SKELETON_INITIALIZEDr�r�r��print_cagefs_skeleton_statusrA�sA�� �"�"��
�&�'�'�'�������	�
�����r�c��ddl}|�td����	t��dS#t$r9}tjtt|������Yd}~dSd}~wt$r:}tj|jd���tjd��Yd}~dSd}~wwxYw)Nr�	cagefsctlT)�level�includetracebackr�)
�syslog�openlogr�	main_func�
SystemExitr�r�r�r�r�r��print_exception�LOG_ERR)rFrs  r��mainrLs����M�M�M�
�N�N�:�k�*�*�+�+�+����������������S��V�V���������������������!�&�.�T�R�R�R�R��������������������s!�8�
B=�.A6�6
B=�/B8�8B=c��t��tt_tt���t_dS)N)�min_uid)r�r�r�r!r?r�r�r��init_min_uidrOs)���M�M�M��H���W�-�-�-�H�N�N�Nr�r�c��g}|D]�}	tj�t|����}|D]}|�|j����O#ttjf$rRt|��r|�|��n*tj
d|d��tjd��Y��wxYw|S)z^
    Retrives users list from cmd line
    :param args: args list
    :return: users list
    �user or UIDr�r�)
r�r?r
r�r�rr�r!r�rSr�r�r�)r��
users_listr�r�r�s     r��_get_username_list_from_argsrSs����J��
�
��		��N�0�0��X���?�?�E��
.�
.���!�!�"�*�-�-�-�-�
.���E�5�6�	�	�	��8�$�$�
��!�!�(�+�+�+�+��$�]�H�>N�O�O�O���������	�����s�AA�A%B<�;B<c�l�t��s%td��tjd��dSdS)z4
    Print error and exit when LVE is supported
    zHERROR: This command is workable only in environments without LVE supportr�N�r,rr�r�r�r�r��exit_if_lve_supportedrV-s<��"�#�#��
�X�Y�Y�Y����������r�c�l�t��r%td��tjd��dSdS)z8
    Print error and exit when LVE is not supported
    zHERROR: This command is not supported in environments without LVE supportr�NrUr�r�r��exit_if_lve_not_supportedrX6s<������
�X�Y�Y�Y����������r�r]c��t��t��t��|rt��st	��|�t��}t
j|��}t|��o|t|��kSr�)
rVr�r�rjrJr�r7�create_namespace_user_listrrM)r�r]�
errors_numbers   r�r_r_?s�����������������0�2�2�������}�!�#�#��*�E�e�L�L�M��
���>�=�C��J�J�#>�>r�c�j�t��|�td���}tj|��S)NTr)rVr6r7�delete_namespace_user_listrs r�r^r^Os4�������}� �4�0�0�0��!�<�U�C�C�Cr�c��t��d}|t��z
}tj��t	j��|Sr�)rVr^r7�restore_httpd_php_fpm_services�cagefs_universal_hook_lib�"remove_without_lve_universal_hooks)�rcs r��clean_without_lve_environmentrcVsG������	
�B��
�
�
��B��9�;�;�;��@�B�B�B�
�Ir�c	�>�	gd�}t��r|�gd���tjtjdd�d|��\}}n[#tj$rI}t
��tdt|����tj	d��Yd}~nd}~wwxYwddl
}ddl}ddlm
}|t��}|���i}d|d<|D]�\}	}
|	d	vr#t
��tj	d���,|	d
vr)tt ��tj	d���Y|	dvr#t#��tj	d����|	dvrd|d<dadt&_��|	d
vrdadt,_��t1j��dkr(t-jd��tj	d��	t0j�t:��at:t&_nE#tj�dt:zdz��tj	d��YnxYwd|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d|d<d |d!<d |d"<d }d }d#}
d#}|D�]&\}	}
|	d$vr1ttA|
����tj	d���;|	d%vrd|d<d#}�G|	d&v�r0tC|��dkr(t-jd'��tj	d(��|D]�}	t,j"�#tI|����}|D]0}tK|j&|��t'j'|j&���1�c#tPtRj*f$ratW|��r%tK||��t'j'|��n*t-jd)|d*��tj	d��Y��wxYwtj	d����||	d+vr$tY��tj	d�����|	d,vrd#|d"<���|	d-vr2t[��t]��tj	d�����|	d.vr.ddl/}|�0��tj	d����|	d/vr)tcj2��tj	d����D|	d0vr)tcj3��tj	d����q|	d1vr*|�4��tj	d�����|	d2vr*|�5��tj	d�����|	d3vr*|�6��tj	d�����|	d4vr7to��tq|	d5k��tj	d����6|	d6vr4ts|��}tu|��tj	d����n|	d7vr4ts|��}tw|��tj	d�����|	d8vr4ts|��}ty|��tj	d�����|	d9vr`ts|��}|rt{||	d:k�;��n#t{d#|	d:k�<��t}��tj	d����B|	d=vr�t0j�?d>��s8t0j�?t���st�jB��nt�d#d |	d?k�@��tj	d�����|	dAvrnt���tC|��dkr(t-jdB��tj	d(��t�|��tj	d����;|	dCvr$t���tj	d����c|	dDvr3t�|
��to��tj	d�����|	dEvr*tt���tj	d�����|	dFvr*t'jI|
��tj	d�����|	dGvrd|d<d|d<d#}t�����|	dHvr$t���tj	d����>|	dIvr&t�d#�J��tj	d����h|	dKvr&t�d#�L��tj	d�����|	dMvr)t'jN��tj	d�����|	dNvrLt���jPt&_Qt'jRt:��tj	d����|	dOvr$t���tj	d����7|	dPvr$t���tj	d����_|	dQvr3to��t�|
��tj	d�����|	dRvr$t���tj	d�����|	dSvr$t���tj	d�����|	dTvrQt���}t���t�d#|�U��t���tj	d����;|	dVvrk|	dWkrt�d#�X��t���r1t���}to��t�|	dWk|�Y��tj	d�����|	dZvr�|r�t���}|d[kr6t���}|D]}t�|d#���t�|d#|�\��n;|d]kr5t���}|D]}t�|d ���t�|d |�\��tj	d���	�K|	d^vr$t���tj	d���	�s|	d_vr]t���t���jPt&_Qt���t���tj	d���	��|	d`vrd }
�	��|	davrt��sd }
�	��|	dbvrd }
�	��|	dcvr{t���}t���t���t�|�d��t���t���t�d#��tj	d���
�y|	devr$t���tj	d���
��|	dfvr$t���tj	d���
��|	dgvr*t'ji|
��tj	d���
��|	dhvr�tCtj��dikr(t-jdj��tj	d��|�jtjd(��tj	d����{|	dkvr*|�j��tj	d�����|	dlvr�tC|��dkr(t-jdj��tj	d��|�j|d��t���t���t���d|d<d#}��6|	dmvr�t���t���t#��t���tdn|
do��tdp�l|
|
����	t�jndqdr|
dsgd �t��n8#t�$r+t-jdu��tj	d��YnwxYwtj	d���
�|	dvvr$t���tj	d���
�8|	dwvr2t���rt���tj	d���
�n|	dxvrCt���t���}t�|ddy��tj	d���
��|	dzvrCt���t���}t�|dd{��tj	d���
��|	d|vr&t�d d#d#�}��tj	d����(t#��|
rt�|�~��}t���}to|��t:�xd��d�kr;t0j�yd���rt���rt���|D�]5\}	}
|	d�vr?t���t���t���tj	d���I|	d�vr1t���t���tj	d���~|	d�vr
d#t&_|��|	d�vrd|d<d#}��|	d�vrd#a}��|	d�vrt���d|d<d#}��|	d�vr�t���}t���t���t�|�d��t���t���t���rt�|��t�d#��tj	d����X|	d�vr3t���t���t���d|d<d#}���|	d�vrt���d|d<d#}���|	d�vr%�t��tj	d�����|	d�vrOt���t���t���t�d#��tj	d����&|	d�vr3t���t���t���d|d<d#}��]|	d�vr�t���}t���t����td#��t�|�d��t���rt�|��t�d#��tj	d�����|	d�vrRt���}�td ��t�|�d��t���tj	d����C|	d�vr%�t��tj	d����l|	d�vrd|d<d#}t������|	d�vrd|d<d#}t������|	d�vr�t0j�yt:d�z��rDt-j�d�t:�d�tjd�d����tj	d��d|d<d#}t���}|d�ks|d�kr�t	��s�td ����S|	d�vrd|d<d#}t�����n|	d�vr	d|d<d#}��{|	d�vr&�td#��tj	d�����|	d�vr+|D]}�t
|���tj	d�����|	d�vr+|D]}�t|���tj	d����|	d�vr%�t��tj	d����,|	d�vr&�t|��tj	d����V|	d�vrS|	d�k|d!<ts|��}|r�t||����n�t|��tj	d�����|	d�vr&�t|��tj	d�����|	d�vr?t'j���r|��|����tj	d����|	d�vrC�t|��}tj	tI�t|d#����������a|	d�vr2tj	tI�td#�����������|	d�vrA�t|��}tj	tI�t!|���������|	d�vr0tj	tI�t!��������|	d�vr!tj	�t#������7|r3|r1t
��td���tj	d��|�rtC|��dkr1t��td���tj	d(��|ddkr.t��s �t%j��t$j���	|ddkr<d }|D]}�t)|��p|}�tj	tI|�����n�|ddkr�t���}g}|D]Q}tW|��r&t�|d ��|��|���7t-jd�|zd�z���Rt�|d |�\��t��r�t!|���nP�t-|���n<|ddks|ddkr�t���}t���g}|D]�}tW|��r}||vrR|ddkr0t�|d#��t���rt�||gd ��|��|���g|ddkrt-jd�|zd�z����t-jd�|zd�z����|ddkrt�|d#|�\���t-|��n0t-jd���tj	d(��dSdSdSdSdS#�t.$r5t��td���tj	d��YdSwxYw|�rzt:}|dr8|ds|dr(t-jd���tj	d��|d|dz|dz|dz}|ddkr.|dkr(t-jd���tj	d��|ddk�r\t���}tC|��}|dkr0td�|d���td����t1d���t���r#d|d�<t���t�d#����t�d#d ����	t1j�|d�z��} �t5j�| �t4j���r�t;j�|d�z��nt1j�|d�z��n%#�t@�tB�t:j�f$rYnwxYw	t1j�||d�z��n#�t@�tBf$rYnwxYw	�tI|d���n#�t@�tBf$rYnwxYw|ddkr�|a�|dkr#ddl�}!|!��d��tPd�z��ddl�}"|"���tPd�z��}#t��td���td¦�|#��dæ���dĦ�t��td���tdŦ�|#��dƦ���dĦ�dS�t[|��|ds|drdx|d<|d<�t|��dSdSt
��tj	d��dS)�N)_r[r�r��help�versionrYr*rZr�z
remove-allz
set-tmpwatch=rrr�rer�zunmount-dirzunmount-allzunmount-really-allr��disablez
enable-allzdisable-allzdisplay-user-modezlist-enabledz	wait-lockz
list-disabledz	create-mpzcheck-mpz
mount-skelzunmount-skelzremount-allrbr�r�zenter=z
enable-cagefszdisable-cagefsz
do-not-ask�debug�	profilingzmigrate-prefixesz
getprefix=zlist-rpmzapply-global-php-inizset-min-uid=zget-min-uidztoggle-moder��cpetcz
update-etcrzcheck-kernel-versionzupdate-wrapperszremove-blacklistedzdetect-postgresz
toggle-pluginzprint-suidszhook-installzhook-removezreconfigure-cagefszconfigure-litespeedzclean-var-cagefszuser-status=z
cagefs-statuszupdate-listzrebuild-alt-php-inizvalidate-alt-php-inizsetup-cl-selectorr�zcheck-for-unsafe-mountszremove-cl-selectorzcl-selector-reset-versionszsetup-cl-altz
remove-cl-altzcl-selector-reset-moduleszupdate-users-statuszupdate-users-status-fix-ownerzset-default-user-statuszremove-unused-mount-pointszcreate-homeN-dirs-in-skeletonzunmount-cur-nszconfigure-openlitespeedz enable-cagefs-without-etc-updatezwithout-lockzset-update-period=rszadd-default-rpm-packageszcreate-virt-mpzcreate-virt-mp-allzremount-virtmpzlist-logged-inzclean-config-dirsz"create-dirs-for-symlink-protectionzsanity-checkzcheck-cagefs-initialized)zcreate-namespacezcreate-namespaceszdelete-namespacezdelete-namespaceszclean-without-lve-environmentr�zihvVfurdkwW?lmMe:z
Error:r)�
ClAuditLogrY)z-hz-?z--help)z-Vz	--version)z--check-kernel-version)z-vz	--verbose)z--silentz root privileges required. Abort.r�z8Error while determining real path to skeleton directory rzdry-run�interactiver�r�rgr*r[r�r�rZr�rbrirsFrr�T)z--getprefix)z-dz--dont-clean)z--cpetczno username or UID specifiedr�rQr�)z--clean-config-dirs)z--skip-php-reload)z$--create-dirs-for-symlink-protection)z--sanity-check)z--hook-install)z
--hook-remove)z--reconfigure-cagefs)z--configure-litespeed)z--configure-openlitespeed)�--list-enabledz--list-disabledrm)z--cl-selector-reset-modules)z--rebuild-alt-php-ini)z--validate-alt-php-ini)�--cl-selector-reset-versionsz--remove-cl-selectorz--remove-cl-altrn)r�r*)rr*)z-Wz
--unmount-all�--unmount-really-allr/ror�)z
--unmount-dirz!no directory to unmount specified)z--migrate-prefixes)z
--set-min-uid)z
--get-min-uid)z--set-update-period)z--force-update)z--clean-var-cagefs)z--update-wrappers)r)z--remove-blacklisted)r�)z--detect-postgres)z
--print-suids)r�)z--display-user-mode)z
--user-status)z--cagefs-status)z--check-cagefs-initialized)z--disable-cagefs)r�rK)z--update-users-status�--update-users-status-fix-ownerrpr)rHrK)z--set-default-user-statusrU)r�r|rKrV)z--remove-unused-mount-points)z--create-homeN-dirs-in-skeleton)�--mount-skel�--unmount-skel)�-w�	--unmountr)�	--remount�--enable�	--disable)z--without-lock)z"--enable-cagefs-without-etc-update)rK)z--add-default-rpm-packages)z
--tmpwatch)z--set-tmpwatch)z--create-virt-mprAzNo username provided)z--create-virt-mp-all)z--remount-virtmp)z--enterz-ez#You are entering to CageFS for userzas superuser (root).zNNOTE: You can use "su -s /bin/bash - {}" instead to enter to CageFS as user {}z/sbin/cagefs_enter_userz--rootr�r6z!executing /sbin/cagefs_enter_user)z
--check-mp)z--check-for-unsafe-mounts)r5z--listz#CageFS currently mounted for users:)z--list-logged-inz)Users currently logged in CageFS via ssh:)r5)r�r�r�)r�r�rLz/var/cpanel)rq)rr)z--debug)z--profiling)z--do-not-ask)rsrt)z--enable-cagefs)rv)rw)z--remove-all)z-Mz
--remount-all)r)ru)z--enable-all)z
--disable-all)z
--toggle-mode)z-frJ)z-uz--update)z-iz--initr^zError : directory z already exists.
Use "z- --reinit" if you want to reinitialize CageFSr�rW)r�z--reinit)z-kz
--hardlink)r�)z--addrpm)z--delrpm)z
--list-rpm)z
--update-list)z--update-etc�--force-update-etcrxr)z--setup-cl-selectorz--setup-cl-alt)z--apply-global-php-ini)rX)z--create-namespacer\)z--create-namespaces)z--delete-namespace)z--delete-namespaces)z--clean-without-lve-environmentz&
Error: incompatible options specifiedzaborted, no username specifiedzuser z does not existz is excludedz&No options specified. Nothing to do...z
aborted.. z;cannot specify --dont-clean with --init or --reinit optionszLyou should specify one of the --init, --reinit, --update or --force options
z	WARNING: zCageFS currently mounted.zBIf you proceed, CageFS will be temporarily disabled and unmounted.z"Do you want to continue (yes/no)? ryr�r�r�r�zcagefsctl.do_profiling()z/profiling.logz&--------------------------------------zCumulative time:�
cumulative�zTotal time:r`)�r,r�getoptr�r_�GetoptErrorr�rr�r�r�virtmp_mount�clcommonrk�
INFO_LOG_FILE�info_log_write�cagefs_versionr�rIr��VERBOSE_FLAGr�r��SILENT_FLAGr��geteuidr�r�rr�r7r�rrMr?r
r�rrr;r�r!r�rSr�rr�sanity_check�check�cagefshooks�HooksInstall�HooksRemove�reconfigure_cagefs�litespeed_configure�configure_open_litespeedr�r�rrvrwr�r�r�r�rCr��
umount_allr�rXr2r�r�r��set_update_periodr�r�r r
�detect_postgresr:r;r2�print_suidsr�r|r�r�rAr�rsr�rdrrdr[r�rJr�r�rurFr�rJr~rr�set_tmpwatch_params�
create_virtmprzr�r�r�r�r�rr�r�r)r�r�r�rhr�r�r�r�r�r�rr�r�r�r�rgr/r�r�r�rrr�rar�rSr_r^rc�unshare�CLONE_NEWNSr;r�rb�KeyboardInterruptr�rrr �ST_MODEr�rr!r�r�r�rlrr��profiler	r��pstats�Stats�
sort_stats�print_statsr�)$�options_list�optsr�rrr}rkr<rb�or��manage_user_flag�build_jail_flag�lock_is_required�	wait_lockr�r�r�r�r�rKr`r�r��	user_moder�r�r;�	usernamesrO�count_of_modesr��jbufr�r�r<s$                                    r�rHrH_s1!�������&"�#�#�	C����!B�!B�!B�
C�
C�
C��]�3�8�A�B�B�<�1D�l�S�S�
��d�d�������
����
�j�#�a�&�&�!�!�!����������������������������$�#�#�#�#�#�
�*�}�
&�
&�C�������
�F��F�9���%�%���1��&�&�&��G�G�G��H�Q�K�K�K�K�
�%�
%�
%��.�!�!�!��H�Q�K�K�K�K�
�-�
-�
-��N�N�N��H�Q�K�K�K�K�
�%�
%�
%� !�F�9���G�%&�I�"�"�
�-�
�
��F�#$�H� ��
�
���a�����?�@�@�@���������7�#�#�H�-�-��%�	������
���S�T\�\�]a�a�b�b�b�������������F�9���F�=���F�9���F�8���F�9���F�7�O��F�8���F�8���F�<���F�:���F�6�N��F�9���F�;���F�>��!&�F��� %�F������O����I��J�J���1�� � � ��/�!�$�$�%�%�%��H�Q�K�K�K�K�
�(�
(�
(�#$�F�<� �"�O�O�
�,�
�
��D�	�	�Q����$�%C�D�D�D������� �
$�
$��$�$�N�8�8��X���G�G�E�#�C�C��&�r�z�6�:�:�:�!�6�r�z�B�B�B�B�C��#�E�$=�>�$�$�$�"�8�,�,�$�&�x��8�8�8�!�6�x�@�@�@�@� �,�]�H�FV�W�W�W���������
$����
�H�Q�K�K�K�K�
�*�
*�
*������H�Q�K�K�K�K�
�(�
(�
(�(,�F�$�%�%�
�;�
;�
;�.�0�0�0�/�1�1�1��H�Q�K�K�K�K�
�%�
%�
%�������� � � ��H�Q�K�K�K�K�
�%�
%�
%��$�&�&�&��H�Q�K�K�K�K�
�$�
$�
$��#�%�%�%��H�Q�K�K�K�K�
�+�
+�
+��0�0�2�2�2��H�Q�K�K�K�K�
�,�
,�
,��1�1�3�3�3��H�Q�K�K�K�K�
�0�
0�
0��6�6�8�8�8��H�Q�K�K�K�K�
�7�
7�
7��O�O�O��q�,�,�-�-�-��H�Q�K�K�K�K�
�2�
2�
2�'��-�-�E�$�U�+�+�+��H�Q�K�K�K�K�
�,�
,�
,�'��-�-�E���&�&�&��H�Q�K�K�K�K�
�-�
-�
-�'��-�-�E�!�%�(�(�(��H�Q�K�K�K�K�
�]�
]�
]�'��-�-�E��
1�'���Ec�@c�e�e�e�e�e�'�D�1�Hf�Cf�h�h�h�h�.�0�0�0��H�Q�K�K�K�K�
�A�
A�
A��G�N�N�#9�:�:�
y�R�W�^�^�Tb�Ec�Ec�
y��'�)�)�)�)��D�u�[\�`v�[v�x�x�x�x��H�Q�K�K�K�K�
�$�
$�
$�%�'�'�'��D�	�	�Q����$�%H�I�I�I�������������H�Q�K�K�K�K�
�)�
)�
)�#�%�%�%��H�Q�K�K�K�K�
�$�
$�
$���N�N�N��O�O�O��H�Q�K�K�K�K�
�$�
$�
$��'�N�N�N��H�Q�K�K�K�K�
�*�
*�
*��'��*�*�*��H�Q�K�K�K�K�
�%�
%�
%�%&�F�>�"� �F�8��"�O������
�)�
)�
)������H�Q�K�K�K�K�
�(�
(�
(��D�1�1�1�1��H�Q�K�K�K�K�
�+�
+�
+��T�*�*�*�*��H�Q�K�K�K�K�
�(�
(�
(��%�'�'�'��H�Q�K�K�K�K�
�$�
$�
$�/�1�1�?�I���!�(�+�+�+��H�Q�K�K�K�K�
�&�
&�
&��O�O�O��H�Q�K�K�K�K�
�*�
*�
*������H�Q�K�K�K�K�
�$�
$�
$��O�O�O��a� � � ��H�Q�K�K�K�K�
�&�
&�
&��!�!�!��H�Q�K�K�K�K�
�1�
1�
1�(�*�*�*��H�Q�K�K�K�K�
�'�
'�
'� 1� 3� 3�������D�DU�V�V�V�V��M�M�M��H�Q�K�K�K�K�
�N�
N�
N��5�5�5�!�$�7�7�7�7� �"�"�
]�$5�$7�$7�!�����#�q�4U�/U�J[�]�]�]�]��H�Q�K�K�K�K�
�0�
0�
0��
g�$�����<�'�'�(9�(;�(;�%�$(�4�4��#�H�d�3�3�3�3�'�d�4�Sd�e�e�e�e�e��]�*�*�(9�(;�(;�%�$(�5�5��#�H�e�4�4�4�4�'�d�5�Te�f�f�f�f��H�Q�K�K�K�K�
�3�
3�
3�&�(�(�(��H�Q�K�K�K�K�
�6�
6�
6�����/�1�1�?�I��)�+�+�+�-�/�/�/��H�Q�K�K�K�K�
�4�
4�
4�$���
�P�P�P�*�,�,�
Q� %���
�%�
%�
%�$���
�9�
9�
9� 1� 3� 3���O�O�O�7�9�9�9��2C�D�D�D�D�����"�$�$�$��4� � � ��H�Q�K�K�K�K�
�1�
1�
1�.�0�0�0��H�Q�K�K�K�K�
�/�
!�
!��J�J�J��H�Q�K�K�K�K�
�%�
%�
%��)�!�,�,�,��H�Q�K�K�K�K�
�'�
'�
'��3�8�}�}��!�!��$�%;�<�<�<��������&�&�s�x��{�3�3�3��H�Q�K�K�K�K�
�+�
+�
+��&�&�(�(�(��H�Q�K�K�K�K�
�'�
'�
'��4�y�y�A�~�~��$�%;�<�<�<��������&�&�t�A�w�/�/�/���������"�$�$�$� !�F�9��#���
�"�
"�
"����������N�N�N�"�$�$�$��7��<R�S�S�S��b�i�i�jk�mn�o�o�p�p�p�
���!:�H�a�� U�]b�c�c�c�c�c���
�
�
��$�%H�I�I�I���������
����
�H�Q�K�K�K�K�
�/�
!�
!��O�O�O��H�Q�K�K�K�K�
�0�
0�
0�"�$�$�
&�#�%�%�%��H�Q�K�K�K�K�
�"�
"�
"�%�'�'�'�%�'�'�E���q�"G�H�H�H��H�Q�K�K�K�K�
�'�
'�
'�%�'�'�'�'�)�)�E���q�"M�N�N�N��H�Q�K�K�K�K�
�'�
'�
'��%�T�bf�g�g�g�g��H�Q�K�K�K���N�N�N��0��Y�/�/�/��#�%�%�G��'�����}�}�V����"�"�
�7�=�=��'�'�	,�"�$�$�
,�)�+�+�+��V6�V6���1��!�!�!�����"�$�$�$������H�Q�K�K�K�K�
�%�
%�
%����������H�Q�K�K�K�K�
�,�
�
�%)�I�"�"�
�"�
"�
"�"#�F�;��"�O�O�
�#�
#�
#� $���
�%�
%�
%����� !�F�9��#���
�&�
&�
&� 1� 3� 3���O�O�O�7�9�9�9��2C�D�D�D�D�����"�$�$�$� �"�"�
#��6�"�"�"��4� � � ��H�Q�K�K�K�K�
�-�
�
���������"�$�$�$� �F�8��#���
�.�
 �
 ����� !�F�9��#���
�#�
#�
#��L�L�L��H�Q�K�K�K�K�
�)�
)�
)���������"�$�$�$��4� � � ��H�Q�K�K�K�K�
�%�
%�
%���������"�$�$�$� !�F�9��#���
�#�
#�
#� 1� 3� 3������"�$�$�$��$�����2C�D�D�D�D� �"�"�
#��6�"�"�"��4� � � ��H�Q�K�K�K�K�
�$�
$�
$� 1� 3� 3���%� � � ��2C�D�D�D�D��M�M�M��H�Q�K�K�K�K�
�$�
$�
$��M�M�M��H�Q�K�K�K�K�
�#�
#�
#��F�7�O�"�O������
�$�
$�
$� �F�8��"�O������
�"�
"�
"��w�}�}�X�f�_�-�-�
�� � �BJ�BJ�BJ�LO�LT�UV�LW�LW�LW�"X�Y�Y�Y��������F�6�N�"�O�%���I��W�$�$�	�5F�(F�(F�Q`�Qb�Qb�(F��e�$�$�$��
�$�
$�
$� �F�8��"�O������
�&�
&�
&�!"�F�:��"�O�O�
�"�
"�
"��d�O�O�O��H�Q�K�K�K�K�
�-�
�
��
�
���s������H�Q�K�K�K�K�
�-�
�
��
�
���s������H�Q�K�K�K�K�
�/�
!�
!��J�J�J��H�Q�K�K�K�K�
�$�
$�
$�������H�Q�K�K�K�K�
�8�
8�
8�*+�/C�*C�F�%�&�'��-�-�E��
(����6�6�6�6�6���'�'�'��H�Q�K�K�K�K�
�;�
;�
;��� � � ��H�Q�K�K�K�K�
�-�
-�
-��)�+�+�
E�!�6�6�t�6�D�D�D��H�Q�K�K�K�K�
�)�
)�
)�8��>�>�M��H�S�*�=��M�M�M�N�N�O�O�O�O�
�*�
*�
*��H�S�*��>�>�>�?�?�@�@�@�@�
�)�
)�
)�8��>�>�M��H�S�*�=�9�9�:�:�;�;�;�;�
�*�
*�
*��H�S�*�,�,�-�-�.�.�.�.�
�6�
6�
6��H�2�4�4�5�5�5����O��
����
�7�8�8�8��������E���I�I�q�L�L��G�G�G��2�3�3�3��H�Q�K�K�K��)���!�!�*@�*B�*B�!��O�G�/�0�0�0�1	��y�!�Q�&�&��� $�<�<�H�(��2�2�;�e�E�E����U���$�$�$�$���#�q�(�(�$5�$7�$7�!��	� $�Q�Q�H�"�8�,�,�Q�#�H�e�4�4�4�!�(�(��2�2�2�2� �,�W�X�-=�>O�-O�P�P�P�P�#�)�E�Uf�g�g�g�g�)�+�+�'�%�i�0�0�0�0��I�&�&�&�&���#�q�(�(�f�X�.>�!�.C�.C�$5�$7�$7�!�� � � ��	� $�Q�Q�H�"�8�,�,�
Q�#�7�2�2� &�x� 0�A� 5� 5� +�H�d� ;� ;� ;�#4�#6�#6�!J�$.�v��z�5�$I�$I�$I�%�,�,�X�6�6�6�6�#�H�-��2�2�$�0���1A�.�1P�Q�Q�Q�� �,�W�X�-=�>O�-O�P�P�P�P��(�#�q�(�(�'�i��Xi�j�j�j�j��	�"�"�"�"��$�%M�N�N�N���������O%�$�'�&�1�0�.#�"��
!�	�	�	��G�G�G��,�����H�Q�K�K�K�K�K�K�	����

�H����<� �	�f�V�n�	��x�8H�	�� �!^�_�_�_��H�Q�K�K�K����&��*:�:�V�H�=M�M�PV�W^�P_�_���+��!�#�#���"�"��$�%t�u�u�u��������(��q� � �%�'�'�E��e�*�*�K��a����k�;�0K�L�L�L��Z�[�[�[��<�=�=�=� �"�"�
6�/0��+�,�� � � �#��5�5�5�5��d�u�=�=�=�=�
��x��V��,�,���<��T�\� 2�3�3�+��M�$�v�+�.�.�.�.��I�d�6�k�*�*�*����W�f�l�3�
�
�
���
����
��	�$��V��,�,�,�,���W�%�
�
�
���
����	���u�%�%�%�%����!�	�	�	��D�	�����+��!�#�#� �K���"�"��������6��?O�8O�P�P�P��M�M�M����V�$4�4�5�5�A��G�G�G��:�;�;�;��$�%�%�%�
�L�L��&�&�2�2�2�6�6�6��G�G�G��:�;�;�;��-� � � �
�L�L�� � �,�,�R�0�0�0�0�0��&�!�!�!��f�~�
%���!1�
%�45�5��v����!1��V�$�$�$�$�$�
%�
%�	�����������s��AA�B/�&?B*�*B/�5H�AI�9AN�A4P�P�}/�/2~$�#~$�eH4An�n<Ao�oAo�t&A-Av�vAv6�v5Av6�v:Aw�wAw)�w(Aw)�w-Aw?�w?Ax�xAx�__main__r�r"r)NF)T)r�r�)r�)TFFF)FF)FFF)FFFNr�)FNNFN)NFF)NFFFF)FN(��
__future__rrrr�futurer�typingrr	r
�install_aliases�builtins�future.utilsrr��errnor�r�r�r�r�rhr{�stringr�r�r�rr`r�r�r�r�r�r�r��yamlr��collectionsr
�enumr�clcagefslib.constrr�clcagefslib.fsrr�clcagefslib.ior�clcagefslib.selector.configurerrrr�clcagefslib.selector.pathsr�cldetectlibrr�clcommon.utilsrrrrr�clcommon.clprocr r~r!r"r#r$�clcommon.clfuncr%r&r�r'r(r)r*r+r,�logsr-r�r�r�r7r`rCr9r�r%r7r��
SKELETON_NAMEr�ry�	MP_PREFIXrjrr
�LOCKNAMEr��FUSE_SAFE_LISTr{r�r�r�rlr�r�r�r�r�r�r�r�rxrMr�r�r�rCr�rrCr�r�r�rYrZr@r?�uname�releaser�r4rfrar�r�r�r�r�r�r�r�r��signals_handlersr�r'r�r�r�r�r�r�r�r�r�r�r�rIr�r�r�MYSQL_SOCK_DIRrr"r$r%r&rrrr/r6rJrPrSrfr[rbrdrgrorqrsrurzr|r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r��ascii_uppercase�digitsr�r�r�r�r�r�r�r�rrrr)r�r3r=r?rFrKrSrVrXrZrbrdrfrjrmruryr~r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r:r�rrrr#r@r"r7rr>rJrO�objectrQr�r�r��mounts_are_found_comparatorr�r�r�r�rDr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rr r%r,r5rr8r�r
rVr\rdrrqr�r�r�r�r�r�r�r�r�r�r�r�r�r~r}r�r�r�r�r�r�rr�rrr#r+�CL_ALT_NAME�CL_PHP_DIR_NAMErr&r2r4rrFr�rJr6rSrNr�rrcrfr
rvrwr�r�r�r)r(r�r�rrr�rBr�r�r�r�r�r�r�r�r�r�r�r�rrrrr�rrrr!r�r'r-r2r;r�rArLrOrSrVrXr_r^rcrHr�r�r�r��<module>r�s��&�%�%�%�%�%�&�&�&�&�&�&�������'�'�'�'�'�'�#�#�#�#�#�#�'�'�'�'�'�'�'�'�'�'� �� �"�"�"�����#�#�#�#�#�#���������	�	�	�	�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�����
�
�
�
�
�
�
�
�
�
�
�
���������������������
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�����	�	�	�	���������#�#�#�#�#�#�������/�/�/�/�/�/�/�/�<�<�<�<�<�<�<�<�$�$�$�$�$�$�v�v�v�v�v�v�v�v�v�v�v�v�4�4�4�4�4�4�+�+�+�+�+�+�+�+���������������$�#�#�#�#�#�C�C�C�C�C�C�C�C�C�C�C�C�/�/�/�/�/�/�/�/��������������������������������������� � � � �
�������
�F�	����
�
���'��#�
�	���	� �	�
"�
�
��
$�
��*�*��$��3��0��!��
4�
�2�	�/��,��$��/��

��/��/��4�
���;��7��*��C��-�	�8��-��/��%�
�/��=��/��1���+�+���/�)��$��,�����
�
�"�
�i�i�i�i�i�d�i�i�i�X�x�r�x�z�z�!�'�'�)�)�)�)�"�2�8�?�;Q�;W�W�L�L�"�2�8�?�;Q�;W�W�L�+������������������*�*�*�*�*�*�+�	��)�	���	��!A�BY�Z��
?�
?�
?�
?� �������"
�
�
� 	�	�	�)�)�)����.
�
�
�
�
�
�'��	
��
������N�,>��HZ�\f�hw��"�J�0K�W�Vj���"9�?�Lf�Lm�Lm�nv�Lw�Lw��!�!�(�+�+�
-��
 ��&�
�
�	�+�+�+��Z*�*��)�+J�K��+�+�+����G�G�G�f �f �f �f �R9A�����'�'�'�T)�)�)�2�2�2���	!�	!�	!�����>E�E�E�_�_�_�	X�	X�	X�	X�	X�	X�*�*�*�)�)�)�����$�������@��)5�����.?�?�?�����@?�?�?�*:�:�:�:����#�#�#�
>�
>�
>�
>� ���
i�
i�
i� B-�B-�B-�B-�J���:;�;�;�&�&�&��v�5��
�E�>�>�>�>�"�"�"�:	�	�	�	9�	9�	9�4�
���������4�4�4�4�n���"2�2�2�2����B�d�3�i����� ���.
�
�
����>���8���<���<���������D����������A�A�A�)�)�)�VI�I�I����2
�
�
�
� 2�2�2�
�
�
�
�
�
�"�"�"�"�J!)�
�
�
�
�"!�!�!�	���	�	�	�	����"n�n�n�#��e�����D����2~�~�~������T����\8�\8�\8�\8�\8�\8�\8�\8�@.�.�.����$���(<�<�<�8	���� ��%����
�
�
�&'�&'�&'�&'�R!�D�!�T�!�!�!�!�H]�]�]�]�@	�	�	�}0�}0�}0�}0�}0�&�}0�}0�}0�B���"���&�&�&�&�**.�I�<a�����&z�z�z�z�
p�p�p�p�G�G�G�
�
�
�B�B�B�X�X�X�vS�S�S�*(�(�(�4%�%�%�,
�	�
�
�'�'�'�_�_�_�_�*���(����*R�R�R�@*�*�*����(
m�
m�
m� "�"�"�"�JW�W�W�<5�5�5�5�~9�9�9�9�*(�(�(�	�	�	�'�'�'�T*$�*$�*$�*$�Z���* r� r� r�F#�#�#�#�6���$?�?�?�
9�9�9�$-�-�-�-�`'�'�'�K&�K&�K&�\��.�.�.�"���7�7�7�tY�Y�Y�x������)�)�)�)�XE�E�E�E�:����'�'�'�'�#�#�#�
1�1�1�7�7�7����$
�
�
����8%�%�%�8
�
�
�0"
�"
�"
�L	
�	
�	
�
�
�
��
�QM�QM�QM�QM�hJ�J�J�(���3�y�4�4�S�8�#�i�>W�:W�X[�:[��I�)�)�#�-�/�
����+�+�+�+�60�0�0�
NB�NB�NB�NB�b � � � �D�D�D�D�.0�0�0�����B�B�B�&�&�&�&�*�� � � �F8�8�8�z�z�z�
JO�PU�~�~�~�~�B(�(�(�(�(�(�(�(�&�&�&�&�������#�#�#�*!�!�!�H���6���6���<?�?�?�8�8�8�&M$�M$�M$�M$�`N7�N7�N7�N7�lg�g�g�g�T	�	�	������������ � � �������G�G�G�����.B2�B2�B2�J���A�A�A�>���������$?�?�?�1�1�1�8>�S�>�D��I�>�$�>�>�>�>�,?��?��?�?�?�?�61�$�s�)�1��1�1�1�1�0%�%�%�P8�8�8� � � �	�	�	�.�.�.�
������t�C�y��T�#�Y�����*������
?�
?�h�t�C�y�1�
?�$�
?�[_�
?�
?�
?�
?� D�D�h�t�C�y�1�D�T�D�D�D�D��s�����[
�[
�[
�|�z����D�F�F�F�F�F��r�

Zerion Mini Shell 1.0