Mercurial > hg > toybox

comparison toys/other/nsenter.c @ 1675:435f91d71898 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge unshare and nsenter (promoting and cleaning up nsenter). Needs more testing, don't have a test environment set up for this yet...
author Rob Landley <rob@landley.net>
date Sat, 07 Feb 2015 15:32:22 -0600
parents
children cbb1aca81eca
comparison
equal deleted inserted replaced
1674:39b5bc4e1853 1675:435f91d71898
1 /* nsenter.c - Enter existing namespaces
2 *
3 * Copyright 2014 andy Lutomirski <luto@amacapital.net>
4 *
5 * No standard
6 *
7 * unshare.c - run command in new context
8 *
9 * Copyright 2011 Rob Landley <rob@landley.net>
10 *
11 * No Standard
12 *
13
14 // Note: flags go in same order (right to left) for shared subset
15 USE_NSENTER(NEWTOY(nsenter, "<1F(no-fork)t#<1(target)i:(ipc);m:(mount);n:(net);p:(pid);u:(uts);U:(user);", TOYFLAG_USR|TOYFLAG_BIN))
16 USE_UNSHARE(NEWTOY(unshare, "<1^imnpuU", TOYFLAG_USR|TOYFLAG_BIN))
17
18 config UNSHARE
19 bool "unshare"
20 default y
21 depends on TOYBOX_CONTAINER
22 help
23 usage: unshare [-imnpuU] COMMAND...
24
25 Create new namespace(s) for this process and its children, so some
26 attribute is not shared with the parent process. This is part of
27 Linux Containers. Each process can have its own:
28
29 -i SysV IPC (message queues, semaphores, shared memory)
30 -m Mount/unmount tree
31 -n Network address, sockets, routing, iptables
32 -p Process IDs and init
33 -u Host and domain names
34 -U UIDs, GIDs, capabilities
35
36 config NSENTER
37 bool "nsenter"
38 default n
39 help
40 usage: nsenter [-t pid] [-F] [-i] [-m] [-n] [-p] [-u] [-U] COMMAND...
41
42 Run COMMAND in a different set of namespaces.
43
44 -t PID to take namespaces from (--target)
45 -F don't fork, even if -p is used (--no-fork)
46
47 The namespaces to switch are:
48
49 -i SysV IPC: message queues, semaphores, shared memory (--ipc)
50 -m Mount/unmount tree (--mnt)
51 -n Network address, sockets, routing, iptables (--net)
52 -p Process IDs and init, will fork unless -F is used (--pid)
53 -u Host and domain names (--uts)
54 -U UIDs, GIDs, capabilities (--user)
55
56 If -t isn't specified, each namespace argument must provide a path
57 to a namespace file, ala "-i=/proc/$PID/ns/ipc"
58 */
59
60 #define FOR_nsenter
61 #include "toys.h"
62 #include <linux/sched.h>
63 int unshare(int flags);
64 int setns(int fd, int nstype);
65
66 GLOBALS(
67 char *nsnames[6];
68 long targetpid;
69 )
70
71 void unshare_main(void)
72 {
73 unsigned flags[]={CLONE_NEWUSER, CLONE_NEWUTS, CLONE_NEWPID, CLONE_NEWNET,
74 CLONE_NEWNS, CLONE_NEWIPC}, f = 0;
75 int i, fd;
76
77 // Create new namespace(s)?
78 if (CFG_UNSHARE && toys.which->name[0]) {
79 for (i = 0; i<ARRAY_LEN(flags); i++)
80 if (toys.optflags & (1<<i)) f |= flags[i];
81
82 if (unshare(f)) perror_exit(0);
83
84 // Bind to existing namespace(s)?
85 } else if (CFG_NSENTER) {
86 char *nsnames = "user\0uts\0pid\0net\0mnt\0ipc";
87
88 for (i = 0; i<ARRAY_LEN(flags); i++) {
89 char *filename = TT.nsnames[i];
90
91 if (toys.optflags & (1<<i)) {
92 if (!filename || !*filename) {
93 if (!(toys.optflags & FLAG_t)) error_exit("need -t or =filename");
94 sprintf(toybuf, "/proc/%ld/ns/%s", TT.targetpid, nsnames);
95 filename = toybuf;
96 }
97
98 if (setns(fd = xopen(filename, O_RDONLY), flags[i]))
99 perror_exit("setns");
100 close(fd);
101 }
102 nsnames += strlen(nsnames)+1;
103 }
104
105 if ((toys.optflags & FLAG_p) && !(toys.optflags & FLAG_F)) {
106 pid_t pid = xfork();
107
108 if (pid) {
109 while (waitpid(pid, 0, 0) == -1 && errno == EINTR);
110 return;
111 }
112 }
113 }
114
115 xexec_optargs(0);
116 }