#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/check_mount_procfs Copyright 2022 cPanel, L.L.C.
# All rights reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
use strict;
use warnings;
use Cpanel::TempFile ();
use Cpanel::FileUtils::Write ();
use Cpanel::FileUtils::TouchFile ();
use Cpanel::Logger ();
my $logger = Cpanel::Logger->new();
exit 0 if -e '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none';
my $tf = Cpanel::TempFile->new();
my $dir = $tf->dir();
my $src = $dir . '/proc_test.c';
my $bin = '/root/.__proc_test_bin';
Cpanel::FileUtils::Write::overwrite_no_exceptions( $src, <<'EOF', 0600 );
#include <sys/mount.h>
#define MOUNTPOINT "/root/.__proc_test"
int main(int argc, char *argv[]){
mount(0, MOUNTPOINT, "proc", 0, "");
umount(MOUNTPOINT);
return 0;
}
EOF
my $gcc_status = system qw(/usr/bin/gcc -Wall -o), $bin, $src;
if ( $gcc_status == 0 ) {
mkdir '/root/.__proc_test';
my ($sys) = ( `/usr/bin/time -p $bin 2>&1` || '' ) =~ /sys ([\d.]+)$/m;
if ( defined($sys) ) {
if ( $sys > 0.5 ) {
$logger->warn("Mounting procfs took more than half a second of system time. This is a symptom of an outdated kernel. Disabling full procfs mounting in jailshell. Please note: If you re-enable full procfs mounting for jailshell without first updating your kernel, this could lead to extreme system load.");
system qw(mkdir -p /var/cpanel/conf/jail/flags);
unlink '/var/cpanel/conf/jail/flags/mount_proc_full';
unlink '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_full';
Cpanel::FileUtils::TouchFile::touchfile('/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none');
}
} # else fail silently
rmdir '/root/.__proc_test';
unlink '/root/.__proc_test_bin';
} # else fail silently
|