1. Advisor
  2. tern
  3. functions
  4. tern.utils.rootfs.mount_base_layer
View all tern analysis

How to use the tern.utils.rootfs.mount_base_layer function in tern

To help you get started, we’ve selected a few tern examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github vmware / tern / tern / tools / container_debug.py View on Github external
def drop_into_layer(image_obj, layer_index):
    """Given the image object and the layer index, mount all the layers
    upto the specified layer index and drop into a shell session"""
    rootfs.set_up()
    if layer_index == 0:
        # mount only one layer
        target = rootfs.mount_base_layer(
            image_obj.layers[layer_index].tar_file)
    else:
        # mount all layers uptil the provided layer index
        target = analyze.mount_overlay_fs(image_obj, layer_index)
    # check if there is a shell
    shell = check_shell()
    if shell:
        rootfs.prep_rootfs(target)
        print("Done. Run 'sudo chroot . {}' to look around.".format(shell))
    else:
        print("A shell binary doesn't exist in the filesystem. You're on "
              "your own.")
    print("Working directory is: {}".format(get_mount_path()))
    sys.exit(0)
github vmware / tern / tern / tools / verify_invoke.py View on Github external
help='The shell executable that the image uses')
    parser.add_argument('--package', default='',
                        help='A package name that the command needs to '
                        'execute with. Useful when testing commands in the '
                        'snippet library')
    args = parser.parse_args()

    # first, mount all the layers in the image
    report.setup(image_tag_string=args.image)
    image_obj = report.load_full_image(args.image)
    if image_obj.origins.is_empty():
        # image loading was successful
        # proceed mounting diff filesystems
        if len(image_obj.layers) == 1:
            # mount only one layer
            target = rootfs.mount_base_layer(image_obj.layers[0].tar_file)
        else:
            report.mount_overlay_fs(image_obj, len(image_obj.layers) - 1)
        rootfs.prep_rootfs(target)
        # invoke commands in chroot
        # if we're looking up the snippets library
        # we should see 'snippets' in the keys
        if 'snippets' in args.keys and 'packages' in args.keys:
            # get the package info that corresponds to the package name
            # or get the default
            last = args.keys.pop()
            info_list = look_up_lib(args.keys)
            info_dict = command_lib.check_for_unique_package(
                info_list, args.package)[last]
        else:
            info_dict = look_up_lib(args.keys)
        # try to invoke the commands
github vmware / tern / tern / analyze / docker / analyze.py View on Github external
def analyze_first_layer(image_obj, master_list, redo):
    # find the binary and shell by mounting the base layer
    target = rootfs.mount_base_layer(image_obj.layers[0].tar_file)
    binary = common.get_base_bin()
    shell = get_shell(image_obj, binary)
    # set up a notice origin for the first layer
    origin_first_layer = 'Layer: ' + image_obj.layers[0].fs_hash[:10]
    # only extract packages if there is a known binary and the layer is not
    # cached
    if binary:
        if not common.load_from_cache(image_obj.layers[0], redo):
            # Determine pacakge/os style from binary in the image layer
            common.get_os_style(image_obj.layers[0], binary)
            # get the packages of the first layer
            try:
                rootfs.prep_rootfs(target)
                common.add_base_packages(image_obj.layers[0], binary, shell)
            except KeyboardInterrupt:
                logger.critical(errors.keyboard_interrupt)
github vmware / tern / tern / report / report.py View on Github external
def analyze_docker_image(image_obj, redo=False, dockerfile=False):  # pylint: disable=too-many-locals
    '''Given a DockerImage object, for each layer, retrieve the packages, first
    looking up in cache and if not there then looking up in the command
    library. For looking up in command library first mount the filesystem
    and then look up the command library for commands to run in chroot'''
    # find the layers that are imported
    if dockerfile:
        dhelper.set_imported_layers(image_obj)
    # add notices for each layer if it is imported
    image_setup(image_obj)
    shell = ''
    # set up empty master list of packages
    master_list = []
    # find the binary by mounting the base layer
    target = rootfs.mount_base_layer(image_obj.layers[0].tar_file)
    binary = common.get_base_bin()
    # set up a notice origin referring to the base command library listing
    origin_command_lib = formats.invoking_base_commands
    # set up a notice origin for the first layer
    origin_first_layer = 'Layer: ' + image_obj.layers[0].fs_hash[:10]
    # find the shell to invoke commands in
    shell, _ = command_lib.get_image_shell(
        command_lib.get_base_listing(binary))
    if not shell:
        # add a warning notice for no shell in the command library
        logger.warning('No shell listing in command library. '
                       'Using default shell')
        no_shell_message = errors.no_shell_listing.format(
            binary=binary, default_shell=constants.shell)
        image_obj.layers[0].origins.add_notice_to_origins(
            origin_command_lib, Notice(no_shell_message, 'warning'))

tern

An inspection tool to find the OSS compliance metadata of the packages installed in a container image.

GitHub
BSD-2-Clause
Latest version published 10 months ago

Package Health Score

72 / 100
Full package analysis

Popular tern functions

Similar packages