I am spawning a process from my node server, that is in /tmp/running/username (it is a node process uploaded by the user)
how do I prevent it from reading (or knowing of the existence of) anything other than /tmp/running/username?
I can spawn the process in any required way.
You could spawn the process as an argument for chroot, which will change the root directory for your process:
spawn('chroot', ['/tmp/running/username', 'yourprocess', 'arg1', ...]);
An alternative would be to use the chroot function from the node-posix module (but to prevent the Node process from which you spawn your external program from being chrooted as well, you may need to fork first and call chroot from the child process).
Related
I am using Node-Red V2.2.2. I would like to restart an specific node of the flow after an error is triggered in it.
I have managed to restart the full flow getting node-red process id. After modifying: settings.js in my .node-red folder:
functionGlobalContext: {
// os:require('os'),
'pid': process.pid
},
I am able to get general process pid from a function node:
var General_pid = context.global.pid
And kill and restart the global process from an Exec node sending General_pid in msg.payload :
Being comando.sh:
#!/bin/bash
taskkill //PID $1 //F
sleep 4
node-red
But i am unable to do this with specific nodes inside the node-red flow.
Almost all info i have searched relied on Status node to get node specific pid,
but in my case, this is the Status node structure (no PID in there):
I have also tried to get PID based on status.source.id using:
RED.nodes.getNode(id);
But RED.nodes is undefined (altough RED is defined, but it only shows functions on print)
Any idea on how to be able to get the node PID to kill it and restart it? I could do it from an Exec node, but if there is an easier way even better.
You don't.
Nodes are not separate processes that can be restarted independently of Node-RED. (While some nodes may fork a new process, e.g. a python script, Node-RED has no access to this and it is all handled inside the node in question)
You have 2 choices:
You can trigger a restart of the deployed flow by making a HTTP call to the /flows Admin API with the header set to reload. Assuming the node with the failure is well written then it should restart cleanly.
Restart all of Node-RED as you are already
I have to execute a node command within another node process as shown below:
require('child_process').exec (`${<path of current node executable>} someModule`);
How can i retrieve the node executable path on runtime to execute this command.
process.execPath should be what you require.
process.argv0 is not alway pointed to node binary.
As the in the official Node document.
The process.argv0 property stores a read-only copy of the original value of argv[0] passed when Node.js starts.
In the example of the official document, it demo the case that process.argv0 is not the node binary. customArgv0 is for exec's -a flag.
$ bash -c 'exec -a customArgv0 ./node'
> process.argv[0]
'/Volumes/code/external/node/out/Release/node'
> process.argv0
'customArgv0'
If you are trying to execute another node app, how about taking a look at child_process.fork?
You code then should be as follows.
// fork()'s first argument should be the same as require();
// except that fork() executes the module in a child process
require('child_process').fork(`someModule`);
As stated in document, fork() use the same node binary as process.execPath, or you can specify other node binary to execute the module.
By default, child_process.fork() will spawn new Node.js instances
using the process.execPath of the parent process. The execPath
property in the options object allows for an alternative execution
path to be used.
I'm launching a Nightmare JS process from another Node process. Normally, I'd launch Nightmare using child_process.fork('./nightmare_script.js'), and that allows the child process to send messages to the parent via process.send().
However, when running it on an AWS Linux machine, it runs headless, so the script is launched as an argument to framebuffer, and I have to spawn the child process using exec('xvfb-run -a --server-args="-screen 0 1024x768x24" node nightmare_script.js'). However, the process.send() calls from the child don't (can't?) make it back to the parent. Is there a way to make that happen?
I am using isolate, an isolator to isolate the execution of another program using Linux Containers. It's very handy and it works very well locally on my computer (I can run fork bombs and infinite loops and it protects everything).
Now I'm trying to get this to work on an Ubuntu 12.04 server I have, but I'm having some difficulties with it. It's a fresh server too.
When I run:
sudo isolate --run -- mycommand
(mycommand I usually try python3 or something), I get:
clone: Operation not permitted
So, I dug up on the clone function (called like this in isolate.c):
box_pid = clone(
box_inside, // Function to execute as the body of the new process
argv, // Pass our stack
SIGCHLD | CLONE_NEWIPC | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWPID,
argv); // Pass the arguments
if (box_pid < 0)
die("clone: %m");
if (!box_pid)
die("clone returned 0");
box_keeper();
Here's the Return Value of the function clone:
On success, the thread ID of the child process is returned in the caller's thread of execution. On failure, -1 is returned in the caller's context, no child process will be created, and errno will be set appropriately.
And this is the error I'm getting:
EPERM Operation not permitted (POSIX.1)
And then I also found this:
EPERM CLONE_NEWNS was specified by a non-root process (process without CAP_SYS_ADMIN).
The clone function is indeed passing CLONE_NEWNS to run the program in a new namespace. I actually tried removing but I keep getting clone: Operation not permitted.
So, it all seems to point out to not having root privileges, but I actually ran the command as root (with and without sudo just to be sure), and also with a normal user in the sudoers group. None of that worked, but it works very well locally. Root privileges work for everything else but for some reason when I run this isolate program, it doesn't work.
I tried both with isolate in /usr/bin and running ./isolate in a local folder too.
I had this issue because I was trying to use isolate within a docker container.
Rerunning the container with the --privileged flag fixed it for me.
You can also pass --cap-add=SYS_ADMIN to docker run.
Or also --security-opt seccomp=unconfined
Or also provide your own white list of allowed system calls, see https://docs.docker.com/engine/security/seccomp/#pass-a-profile-for-a-container
I have a nodeJS command line script which interacts with a website using phantomJS via casperJS/spookyJS. A redirect event is stopping my process from working correctly. How would I respond to the redirect, spawn a new process and kill the process which has been redirected?
e.g:
spooky.on('navigation.requested', function(url, navigationType, navigationLocked, isMainFrame){
if (url.toString().match(/(http:\/\/url(.|\n)to(.|\n)match\/client\/authentication\/login)/i)) {
utils.log('redirect happened');
//get my own process id, launch a new process, get that id.
//kill this id?
}
});
How would I:
Get the process Id of the currently running node process (the one
running the above code - process A)?
Spawn a new node process (process B) which would be independent of
process A
Kill Process A
Process B should continue to run even when process A has terminated. Would I need a third node process (C) to manage process A and B?
use 'detached' option in child_process.spawn() You may also want to detach tty from process (use nohup utility)