(]dZddlZddlZddlZddlZddlZddlmZeje Z dZ dZ dZ dZd dZd ZdS) z CLI helper utilities for CageFS user commands. Provides functions for: - Re-entering CageFS environment - Calling commands via proxyexec for privilege escalation N)clcagefsz/var/.cagefs/.cagefs.tokenc ttd5}|cdddS#1swxYwYdS#tt f$rYdSwxYw)zv Read the CageFS token from the token file. Returns: str: The CageFS token, or None if not found rN)openCAGEFS_TOKEN_PATHreadstripIOErrorOSError)fs Copt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/cli.pyget_cagefs_tokenrs #S ) ) $Q6688>>## $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ W tts3A&A  A AAAAA,+A,cDtjdduS)z Check if the script is running via proxyexec. When running via proxyexec, PROXYEXEC_UID environment variable is set. Returns: bool: True if running via proxyexec, False otherwise PROXYEXEC_UIDN)osenvirongetr is_running_via_proxyexecr+s :>>/ * *$ 66rct}|stddStjt jj}t j}tt j }ddd||||g|z}d|i}tj |tjtjtj|}||jS)a, Call a command via proxyexec to execute with root privileges. Args: alias: The proxyexec command alias (e.g., "CAGEFSCTL_USER_SITE_ISOLATION_LIST") args_list: Additional arguments to pass Returns: int: Exit code from the proxyexec command, or None on error zFailed to read CageFS tokenNz/usr/sbin/proxyexecz-cz cagefs.sock CAGEFS_TOKENstdoutstderrstdinenv)rloggererrorpwdgetpwuidrgetuidpw_namegetcwdstrgetpid subprocessPopensysrrr communicate returncode) alias args_listtokenusernamecwdpidcmdrps r call_via_proxyexecr47s   E  2333t|BIKK((0H )++C bikk  C  m      C 5 !CSZ #)Y\]]]AMMOOO <rc| tj}dg|z}tj|tjtjtji}||jS)z Re-execute inside CageFS when running outside. Args: argv: Command line arguments to pass (defaults to sys.argv) Returns: int: Exit code from the re-executed command Nz/bin/cagefs_enterr) r)argvr'r(rrrr*r+)r6r2r3s r reenter_cagefsr7]sT |x  $ &CSZ #)Y[\\\AMMOOO <rc(tjS)zv Check if currently running inside CageFS. Returns: bool: True if inside CageFS, False otherwise )r in_cagefsrrr r9r9ps    r)N)__doc__loggingrr r'r)clcommonr getLogger__name__rrrrr4r7r9rrr r?s    8 $ $0    7 7 7###L&     r