HOME


Mini Shell 1.0
DIR:/scripts/
Upload File :
Current File : //scripts/check_mount_procfs
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/check_mount_procfs              Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

use Cpanel::TempFile             ();
use Cpanel::FileUtils::Write     ();
use Cpanel::FileUtils::TouchFile ();
use Cpanel::Logger               ();

my $logger = Cpanel::Logger->new();

exit 0 if -e '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none';

my $tf  = Cpanel::TempFile->new();
my $dir = $tf->dir();

my $src = $dir . '/proc_test.c';
my $bin = '/root/.__proc_test_bin';

Cpanel::FileUtils::Write::overwrite_no_exceptions( $src, <<'EOF', 0600 );
#include <sys/mount.h>

#define MOUNTPOINT "/root/.__proc_test"

int main(int argc, char *argv[]){
    mount(0, MOUNTPOINT, "proc", 0, "");
    umount(MOUNTPOINT);
    return 0;
}
EOF

my $gcc_status = system qw(/usr/bin/gcc -Wall -o), $bin, $src;

if ( $gcc_status == 0 ) {
    mkdir '/root/.__proc_test';
    my ($sys) = ( `/usr/bin/time -p $bin 2>&1` || '' ) =~ /sys ([\d.]+)$/m;
    if ( defined($sys) ) {
        if ( $sys > 0.5 ) {
            $logger->warn("Mounting procfs took more than half a second of system time. This is a symptom of an outdated kernel. Disabling full procfs mounting in jailshell. Please note: If you re-enable full procfs mounting for jailshell without first updating your kernel, this could lead to extreme system load.");
            system qw(mkdir -p /var/cpanel/conf/jail/flags);
            unlink '/var/cpanel/conf/jail/flags/mount_proc_full';
            unlink '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_full';
            Cpanel::FileUtils::TouchFile::touchfile('/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none');
        }
    }    # else fail silently
    rmdir '/root/.__proc_test';
    unlink '/root/.__proc_test_bin';
}    # else fail silently