2013-01-11 16:46:38 -06:00
|
|
|
/*
|
|
|
|
* nsenter(1) - command-line interface for setns(2)
|
|
|
|
*
|
|
|
|
* Copyright (C) 2012-2013 Eric Biederman <ebiederm@xmission.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; version 2.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/wait.h>
|
|
|
|
#include <dirent.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <getopt.h>
|
|
|
|
#include <sched.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2013-01-21 00:38:01 -06:00
|
|
|
#include <stdbool.h>
|
2013-01-11 16:46:38 -06:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2013-01-16 18:35:53 -06:00
|
|
|
#include "strutils.h"
|
2013-01-11 16:46:38 -06:00
|
|
|
#include "nls.h"
|
|
|
|
#include "c.h"
|
|
|
|
#include "closestream.h"
|
2013-01-16 18:36:32 -06:00
|
|
|
#include "namespace.h"
|
2013-01-11 16:46:38 -06:00
|
|
|
|
|
|
|
static struct namespace_file{
|
|
|
|
int nstype;
|
2013-01-16 18:35:12 -06:00
|
|
|
const char *name;
|
2013-01-11 16:46:38 -06:00
|
|
|
int fd;
|
|
|
|
} namespace_files[] = {
|
2013-01-16 18:34:44 -06:00
|
|
|
/* Careful the order is significant in this array.
|
2013-01-11 16:46:38 -06:00
|
|
|
*
|
|
|
|
* The user namespace comes first, so that it is entered
|
|
|
|
* first. This gives an unprivileged user the potential to
|
|
|
|
* enter the other namespaces.
|
|
|
|
*/
|
|
|
|
{ .nstype = CLONE_NEWUSER, .name = "ns/user", .fd = -1 },
|
|
|
|
{ .nstype = CLONE_NEWIPC, .name = "ns/ipc", .fd = -1 },
|
|
|
|
{ .nstype = CLONE_NEWUTS, .name = "ns/uts", .fd = -1 },
|
|
|
|
{ .nstype = CLONE_NEWNET, .name = "ns/net", .fd = -1 },
|
|
|
|
{ .nstype = CLONE_NEWPID, .name = "ns/pid", .fd = -1 },
|
|
|
|
{ .nstype = CLONE_NEWNS, .name = "ns/mnt", .fd = -1 },
|
|
|
|
{}
|
|
|
|
};
|
|
|
|
|
|
|
|
static void usage(int status)
|
|
|
|
{
|
|
|
|
FILE *out = status == EXIT_SUCCESS ? stdout : stderr;
|
|
|
|
|
|
|
|
fputs(USAGE_HEADER, out);
|
|
|
|
fprintf(out, _(" %s [options] <program> [args...]\n"),
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
|
|
|
fputs(USAGE_OPTIONS, out);
|
2013-01-17 06:30:33 -06:00
|
|
|
fputs(_(" -t, --target <pid> target process to get namespaces from\n"
|
|
|
|
" -m, --mount [=<file>] enter mount namespace\n"
|
|
|
|
" -u, --uts [=<file>] enter UTS namespace (hostname etc)\n"
|
|
|
|
" -i, --ipc [=<file>] enter System V IPC namespace\n"
|
|
|
|
" -n, --net [=<file>] enter network namespace\n"
|
|
|
|
" -p, --pid [=<file>] enter pid namespace\n"
|
|
|
|
" -U, --user [=<file>] enter user namespace\n"
|
|
|
|
" -r, --root [=<dir>] set the root directory\n"
|
2013-01-21 00:38:05 -06:00
|
|
|
" -w, --wd [=<dir>] set the working directory\n"
|
|
|
|
" -F, --no-fork don't fork before exec'ing <program>\n"), out);
|
2013-01-11 16:46:38 -06:00
|
|
|
fputs(USAGE_SEPARATOR, out);
|
|
|
|
fputs(USAGE_HELP, out);
|
|
|
|
fputs(USAGE_VERSION, out);
|
|
|
|
fprintf(out, USAGE_MAN_TAIL("nsenter(1)"));
|
|
|
|
|
|
|
|
exit(status);
|
|
|
|
}
|
|
|
|
|
|
|
|
static pid_t namespace_target_pid = 0;
|
|
|
|
static int root_fd = -1;
|
|
|
|
static int wd_fd = -1;
|
|
|
|
|
2013-01-16 18:35:12 -06:00
|
|
|
static void open_target_fd(int *fd, const char *type, const char *path)
|
2013-01-11 16:46:38 -06:00
|
|
|
{
|
|
|
|
char pathbuf[PATH_MAX];
|
|
|
|
|
|
|
|
if (!path && namespace_target_pid) {
|
|
|
|
snprintf(pathbuf, sizeof(pathbuf), "/proc/%u/%s",
|
|
|
|
namespace_target_pid, type);
|
|
|
|
path = pathbuf;
|
|
|
|
}
|
|
|
|
if (!path)
|
2013-01-20 12:04:53 -06:00
|
|
|
errx(EXIT_FAILURE, _("neither filename nor target pid supplied for %s"),
|
2013-01-11 16:46:38 -06:00
|
|
|
type);
|
|
|
|
|
|
|
|
if (*fd >= 0)
|
|
|
|
close(*fd);
|
|
|
|
|
|
|
|
*fd = open(path, O_RDONLY);
|
|
|
|
if (*fd < 0)
|
2013-01-20 12:04:53 -06:00
|
|
|
err(EXIT_FAILURE, _("cannot open %s"), path);
|
2013-01-11 16:46:38 -06:00
|
|
|
}
|
|
|
|
|
2013-01-16 18:35:12 -06:00
|
|
|
static void open_namespace_fd(int nstype, const char *path)
|
2013-01-11 16:46:38 -06:00
|
|
|
{
|
|
|
|
struct namespace_file *nsfile;
|
|
|
|
|
|
|
|
for (nsfile = namespace_files; nsfile->nstype; nsfile++) {
|
|
|
|
if (nstype != nsfile->nstype)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
open_target_fd(&nsfile->fd, nsfile->name, path);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* This should never happen */
|
|
|
|
err(EXIT_FAILURE, "Unrecognized namespace type");
|
|
|
|
}
|
|
|
|
|
2013-01-16 18:34:17 -06:00
|
|
|
static void continue_as_child(void)
|
|
|
|
{
|
|
|
|
pid_t child = fork();
|
|
|
|
int status;
|
|
|
|
pid_t ret;
|
|
|
|
|
|
|
|
if (child < 0)
|
|
|
|
err(EXIT_FAILURE, _("fork failed"));
|
|
|
|
|
|
|
|
/* Only the child returns */
|
|
|
|
if (child == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
ret = waitpid(child, &status, WUNTRACED);
|
|
|
|
if ((ret == child) && (WIFSTOPPED(status))) {
|
|
|
|
/* The child suspended so suspend us as well */
|
|
|
|
kill(getpid(), SIGSTOP);
|
|
|
|
kill(child, SIGCONT);
|
|
|
|
} else {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Return the child's exit code if possible */
|
|
|
|
if (WIFEXITED(status)) {
|
|
|
|
exit(WEXITSTATUS(status));
|
|
|
|
}
|
|
|
|
else if (WIFSIGNALED(status)) {
|
|
|
|
kill(getpid(), WTERMSIG(status));
|
|
|
|
}
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2013-01-11 16:46:38 -06:00
|
|
|
int main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
static const struct option longopts[] = {
|
|
|
|
{ "help", no_argument, NULL, 'h' },
|
|
|
|
{ "version", no_argument, NULL, 'V'},
|
|
|
|
{ "target", required_argument, NULL, 't' },
|
|
|
|
{ "mount", optional_argument, NULL, 'm' },
|
|
|
|
{ "uts", optional_argument, NULL, 'u' },
|
|
|
|
{ "ipc", optional_argument, NULL, 'i' },
|
|
|
|
{ "net", optional_argument, NULL, 'n' },
|
|
|
|
{ "pid", optional_argument, NULL, 'p' },
|
|
|
|
{ "user", optional_argument, NULL, 'U' },
|
|
|
|
{ "root", optional_argument, NULL, 'r' },
|
|
|
|
{ "wd", optional_argument, NULL, 'w' },
|
2013-01-21 00:38:05 -06:00
|
|
|
{ "no-fork", no_argument, NULL, 'F' },
|
2013-01-11 16:46:38 -06:00
|
|
|
{ NULL, 0, NULL, 0 }
|
|
|
|
};
|
|
|
|
|
|
|
|
struct namespace_file *nsfile;
|
2013-01-21 00:38:01 -06:00
|
|
|
int c, namespaces = 0;
|
2013-01-21 00:38:05 -06:00
|
|
|
bool do_rd = false, do_wd = false, do_fork = false;
|
2013-01-11 16:46:38 -06:00
|
|
|
|
|
|
|
setlocale(LC_MESSAGES, "");
|
|
|
|
bindtextdomain(PACKAGE, LOCALEDIR);
|
|
|
|
textdomain(PACKAGE);
|
|
|
|
atexit(close_stdout);
|
|
|
|
|
2013-01-21 00:38:05 -06:00
|
|
|
while ((c =
|
|
|
|
getopt_long(argc, argv, "hVt:m::u::i::n::p::U::r::w::F",
|
|
|
|
longopts, NULL)) != -1) {
|
|
|
|
switch (c) {
|
2013-01-11 16:46:38 -06:00
|
|
|
case 'h':
|
|
|
|
usage(EXIT_SUCCESS);
|
|
|
|
case 'V':
|
|
|
|
printf(UTIL_LINUX_VERSION);
|
|
|
|
return EXIT_SUCCESS;
|
|
|
|
case 't':
|
2013-01-16 18:35:53 -06:00
|
|
|
namespace_target_pid = strtoul_or_err(optarg, _("failed to parse pid"));
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'm':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWNS, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWNS;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'u':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWUTS, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWUTS;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'i':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWIPC, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWIPC;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'n':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWNET, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWNET;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'p':
|
2013-01-21 00:38:05 -06:00
|
|
|
do_fork = true;
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWPID, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWPID;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'U':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_namespace_fd(CLONE_NEWUSER, optarg);
|
|
|
|
else
|
|
|
|
namespaces |= CLONE_NEWUSER;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
2013-01-21 00:38:05 -06:00
|
|
|
case 'F':
|
|
|
|
do_fork = false;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'r':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_target_fd(&root_fd, "root", optarg);
|
|
|
|
else
|
|
|
|
do_rd = true;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
case 'w':
|
2013-01-21 00:38:01 -06:00
|
|
|
if (optarg)
|
|
|
|
open_target_fd(&wd_fd, "cwd", optarg);
|
|
|
|
else
|
|
|
|
do_wd = true;
|
2013-01-11 16:46:38 -06:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
usage(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(optind >= argc)
|
|
|
|
usage(EXIT_FAILURE);
|
|
|
|
|
2013-01-21 00:38:01 -06:00
|
|
|
/*
|
|
|
|
* Open remaining namespace and directory descriptors.
|
|
|
|
*/
|
|
|
|
for (nsfile = namespace_files; nsfile->nstype; nsfile++)
|
|
|
|
if (nsfile->nstype & namespaces)
|
|
|
|
open_namespace_fd(nsfile->nstype, NULL);
|
|
|
|
if (do_rd)
|
|
|
|
open_target_fd(&root_fd, "root", NULL);
|
|
|
|
if (do_wd)
|
|
|
|
open_target_fd(&wd_fd, "cwd", NULL);
|
|
|
|
|
2013-01-11 16:46:38 -06:00
|
|
|
/*
|
|
|
|
* Now that we know which namespaces we want to enter, enter them.
|
|
|
|
*/
|
|
|
|
for (nsfile = namespace_files; nsfile->nstype; nsfile++) {
|
|
|
|
if (nsfile->fd < 0)
|
|
|
|
continue;
|
|
|
|
if (setns(nsfile->fd, nsfile->nstype))
|
2013-01-20 12:04:53 -06:00
|
|
|
err(EXIT_FAILURE, _("reassociate to namespace '%s' failed"),
|
2013-01-11 16:46:38 -06:00
|
|
|
nsfile->name);
|
|
|
|
close(nsfile->fd);
|
|
|
|
nsfile->fd = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Remember the current working directory if I'm not changing it */
|
|
|
|
if (root_fd >= 0 && wd_fd < 0) {
|
|
|
|
wd_fd = open(".", O_RDONLY);
|
|
|
|
if (wd_fd < 0)
|
2013-01-20 12:04:53 -06:00
|
|
|
err(EXIT_FAILURE, _("cannot open current working directory"));
|
2013-01-11 16:46:38 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Change the root directory */
|
|
|
|
if (root_fd >= 0) {
|
|
|
|
if (fchdir(root_fd) < 0)
|
2013-01-20 12:04:53 -06:00
|
|
|
err(EXIT_FAILURE, _("change directory by root file descriptor failed"));
|
2013-01-11 16:46:38 -06:00
|
|
|
|
|
|
|
if (chroot(".") < 0)
|
|
|
|
err(EXIT_FAILURE, _("chroot failed"));
|
|
|
|
|
|
|
|
close(root_fd);
|
|
|
|
root_fd = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Change the working directory */
|
|
|
|
if (wd_fd >= 0) {
|
|
|
|
if (fchdir(wd_fd) < 0)
|
2013-01-20 12:04:53 -06:00
|
|
|
err(EXIT_FAILURE, _("change directory by working directory file descriptor failed"));
|
2013-01-11 16:46:38 -06:00
|
|
|
|
|
|
|
close(wd_fd);
|
|
|
|
wd_fd = -1;
|
|
|
|
}
|
|
|
|
|
2013-01-16 18:34:17 -06:00
|
|
|
if (do_fork)
|
|
|
|
continue_as_child();
|
2013-01-11 16:46:38 -06:00
|
|
|
|
|
|
|
execvp(argv[optind], argv + optind);
|
|
|
|
|
|
|
|
err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);
|
|
|
|
}
|