Revert "unshare: support the switching of namespaces"
The functionality will be replaced with nsenter from Eric W.
Biederman.
This reverts commit 4bbe809939
.
This commit is contained in:
parent
31f67453a3
commit
ef6acdb81c
|
@ -287,7 +287,6 @@ if BUILD_UNSHARE
|
||||||
usrbin_exec_PROGRAMS += unshare
|
usrbin_exec_PROGRAMS += unshare
|
||||||
dist_man_MANS += sys-utils/unshare.1
|
dist_man_MANS += sys-utils/unshare.1
|
||||||
unshare_SOURCES = sys-utils/unshare.c
|
unshare_SOURCES = sys-utils/unshare.c
|
||||||
unshare_LDADD = $(LDADD) libcommon.la
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
if BUILD_ARCH
|
if BUILD_ARCH
|
||||||
|
|
|
@ -3,15 +3,15 @@
|
||||||
.\"
|
.\"
|
||||||
.TH UNSHARE 1 "October 2008" "util-linux" "User Commands"
|
.TH UNSHARE 1 "October 2008" "util-linux" "User Commands"
|
||||||
.SH NAME
|
.SH NAME
|
||||||
unshare \- run program with some namespaces unshared or changed from parent
|
unshare \- run program with some namespaces unshared from parent
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.B unshare
|
.B unshare
|
||||||
.RI [ options ]
|
.RI [ options ]
|
||||||
program
|
program
|
||||||
.RI [ arguments ]
|
.RI [ arguments ]
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
Unshares or migrates specified namespaces from parent process and then executes specified
|
Unshares specified namespaces from parent process and then executes specified
|
||||||
program. Available namespaces are:
|
program. Unshareable namespaces are:
|
||||||
.TP
|
.TP
|
||||||
.BR "mount namespace"
|
.BR "mount namespace"
|
||||||
mounting and unmounting filesystems will not affect rest of the system
|
mounting and unmounting filesystems will not affect rest of the system
|
||||||
|
@ -33,43 +33,31 @@ etc. (\fBCLONE_NEWNET\fP flag).
|
||||||
.TP
|
.TP
|
||||||
See the \fBclone\fR(2) for exact semantics of the flags.
|
See the \fBclone\fR(2) for exact semantics of the flags.
|
||||||
.SH OPTIONS
|
.SH OPTIONS
|
||||||
Note when specifying the optional \fB<pid>\fP argument, the string of option,
|
|
||||||
equal sign (=), and the pid must not contain any blanks or other white space.
|
|
||||||
The correct form is for example --ipc=123 or -i=123.
|
|
||||||
.TP
|
.TP
|
||||||
.BR \-h , " \-\-help"
|
.BR \-h , " \-\-help"
|
||||||
Print a help message,
|
Print a help message,
|
||||||
.TP
|
.TP
|
||||||
.BR \-m , " \-\-mount " \fI[=pid]\fP
|
.BR \-m , " \-\-mount"
|
||||||
Unshare the mount namespace, or, when a pid is specified, migrate the mount
|
Unshare the mount namespace,
|
||||||
namespace to the one attached to the specified pid.
|
|
||||||
.TP
|
.TP
|
||||||
.BR \-u , " \-\-uts " \fI[=pid]\fP
|
.BR \-u , " \-\-uts"
|
||||||
Unshare the UTC namespace, or, when a pid is specified, migrate the uts
|
Unshare the UTC namespace,
|
||||||
namespace to the one attached to the specified pid
|
|
||||||
.TP
|
.TP
|
||||||
.BR \-i , " \-\-ipc " \fI[=pid]\fP
|
.BR \-i , " \-\-ipc"
|
||||||
Unshare the IPC namespace, or, when a pid is specified, migrate the ipc
|
Unshare the IPC namespace,
|
||||||
namespace to the one attached to the specified pid
|
|
||||||
.TP
|
.TP
|
||||||
.BR \-n , " \-\-net " \fI[=pid]\fP
|
.BR \-n , " \-\-net"
|
||||||
Unshare the network namespace, or, when a pid is specified, migrate the net
|
Unshare the network namespace.
|
||||||
namespace to the one attached to the specified pid
|
|
||||||
.SH NOTES
|
.SH NOTES
|
||||||
The unshare command drops potential privileges before executing the
|
The unshare command drops potential privileges before executing the
|
||||||
target program. This allows to setuid unshare.
|
target program. This allows to setuid unshare.
|
||||||
.P
|
|
||||||
Support for migrating processes between mount and pid namespace is available in
|
|
||||||
kernels 3.8 and later
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
.BR unshare (2),
|
.BR unshare (2),
|
||||||
.BR setns (2),
|
|
||||||
.BR clone (2)
|
.BR clone (2)
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
None known so far.
|
None known so far.
|
||||||
.SH AUTHORS
|
.SH AUTHOR
|
||||||
Mikhail Gusarov <dottedmag@dottedmag.net>
|
Mikhail Gusarov <dottedmag@dottedmag.net>
|
||||||
Neil Horman <nhorman@tuxdriver.com>
|
|
||||||
.SH AVAILABILITY
|
.SH AVAILABILITY
|
||||||
The unshare command is part of the util-linux package and is available from
|
The unshare command is part of the util-linux package and is available from
|
||||||
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
|
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
|
||||||
|
|
|
@ -24,12 +24,10 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <getopt.h>
|
|
||||||
|
|
||||||
#include "nls.h"
|
#include "nls.h"
|
||||||
#include "c.h"
|
#include "c.h"
|
||||||
#include "closestream.h"
|
#include "closestream.h"
|
||||||
#include "strutils.h"
|
|
||||||
|
|
||||||
#ifndef CLONE_NEWSNS
|
#ifndef CLONE_NEWSNS
|
||||||
# define CLONE_NEWNS 0x00020000
|
# define CLONE_NEWNS 0x00020000
|
||||||
|
@ -62,10 +60,10 @@ static void usage(int status)
|
||||||
_(" %s [options] <program> [args...]\n"), program_invocation_short_name);
|
_(" %s [options] <program> [args...]\n"), program_invocation_short_name);
|
||||||
|
|
||||||
fputs(USAGE_OPTIONS, out);
|
fputs(USAGE_OPTIONS, out);
|
||||||
fputs(_(" -m, --mount [=<pid>] unshare or migrate mounts namespace\n"
|
fputs(_(" -m, --mount unshare mounts namespace\n"
|
||||||
" -u, --uts [=<pid>] unshare or migrate UTS namespace (hostname etc)\n"
|
" -u, --uts unshare UTS namespace (hostname etc)\n"
|
||||||
" -i, --ipc [=<pid>] unshare or migrate System V IPC namespace\n"
|
" -i, --ipc unshare System V IPC namespace\n"
|
||||||
" -n, --net [=<pid>] unshare or migrate network namespace\n"), out);
|
" -n, --net unshare network namespace\n"), out);
|
||||||
|
|
||||||
fputs(USAGE_SEPARATOR, out);
|
fputs(USAGE_SEPARATOR, out);
|
||||||
fputs(USAGE_HELP, out);
|
fputs(USAGE_HELP, out);
|
||||||
|
@ -78,18 +76,17 @@ static void usage(int status)
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
static const struct option longopts[] = {
|
static const struct option longopts[] = {
|
||||||
{ "help", no_argument, 0, 'h' },
|
{ "help", no_argument, 0, 'h' },
|
||||||
{ "version", no_argument, 0, 'V'},
|
{ "version", no_argument, 0, 'V'},
|
||||||
{ "mount", optional_argument, 0, 'm' },
|
{ "mount", no_argument, 0, 'm' },
|
||||||
{ "uts", optional_argument, 0, 'u' },
|
{ "uts", no_argument, 0, 'u' },
|
||||||
{ "ipc", optional_argument, 0, 'i' },
|
{ "ipc", no_argument, 0, 'i' },
|
||||||
{ "net", optional_argument, 0, 'n' },
|
{ "net", no_argument, 0, 'n' },
|
||||||
{ NULL, 0, 0, 0 }
|
{ NULL, 0, 0, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
int namespaces[128]; /* /proc/#/ns/<name> file descriptors */
|
|
||||||
size_t i, nscount = 0; /* number of used namespaces[] */
|
|
||||||
int unshare_flags = 0;
|
int unshare_flags = 0;
|
||||||
|
|
||||||
int c;
|
int c;
|
||||||
|
|
||||||
setlocale(LC_MESSAGES, "");
|
setlocale(LC_MESSAGES, "");
|
||||||
|
@ -97,13 +94,7 @@ int main(int argc, char *argv[])
|
||||||
textdomain(PACKAGE);
|
textdomain(PACKAGE);
|
||||||
atexit(close_stdout);
|
atexit(close_stdout);
|
||||||
|
|
||||||
memset(namespaces, 0, sizeof(namespaces));
|
while((c = getopt_long(argc, argv, "hVmuin", longopts, NULL)) != -1) {
|
||||||
|
|
||||||
while((c = getopt_long(argc, argv,
|
|
||||||
"hVm::u::i::n::", longopts, NULL)) != -1) {
|
|
||||||
|
|
||||||
const char *ns = NULL;
|
|
||||||
|
|
||||||
switch(c) {
|
switch(c) {
|
||||||
case 'h':
|
case 'h':
|
||||||
usage(EXIT_SUCCESS);
|
usage(EXIT_SUCCESS);
|
||||||
|
@ -111,58 +102,26 @@ int main(int argc, char *argv[])
|
||||||
printf(UTIL_LINUX_VERSION);
|
printf(UTIL_LINUX_VERSION);
|
||||||
return EXIT_SUCCESS;
|
return EXIT_SUCCESS;
|
||||||
case 'm':
|
case 'm':
|
||||||
ns = "mnt";
|
unshare_flags |= CLONE_NEWNS;
|
||||||
if (!optarg)
|
|
||||||
unshare_flags |= CLONE_NEWNS;
|
|
||||||
break;
|
break;
|
||||||
case 'u':
|
case 'u':
|
||||||
ns = "uts";
|
unshare_flags |= CLONE_NEWUTS;
|
||||||
if (!optarg)
|
|
||||||
unshare_flags |= CLONE_NEWUTS;
|
|
||||||
break;
|
break;
|
||||||
case 'i':
|
case 'i':
|
||||||
ns = "ipc";
|
unshare_flags |= CLONE_NEWIPC;
|
||||||
if (!optarg)
|
|
||||||
unshare_flags |= CLONE_NEWIPC;
|
|
||||||
break;
|
break;
|
||||||
case 'n':
|
case 'n':
|
||||||
ns = "net";
|
unshare_flags |= CLONE_NEWNET;
|
||||||
if (!optarg)
|
|
||||||
unshare_flags |= CLONE_NEWNET;
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
usage(EXIT_FAILURE);
|
usage(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ns && optarg) {
|
|
||||||
pid_t pid;
|
|
||||||
char path[512];
|
|
||||||
|
|
||||||
if (nscount >= ARRAY_SIZE(namespaces))
|
|
||||||
err(EXIT_FAILURE, _("too many new namespaces specified"));
|
|
||||||
|
|
||||||
if (*optarg == '=')
|
|
||||||
optarg++;
|
|
||||||
|
|
||||||
pid = strtoul_or_err(optarg, _("failed to parse pid argument"));
|
|
||||||
|
|
||||||
sprintf(path, "/proc/%lu/ns/%s", (unsigned long) pid, ns);
|
|
||||||
namespaces[nscount] = open(path, O_RDONLY | O_CLOEXEC);
|
|
||||||
if (namespaces[nscount] < 0)
|
|
||||||
err(EXIT_FAILURE, _("cannot open %s"), path);
|
|
||||||
nscount++;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (optind >= argc)
|
if(optind >= argc)
|
||||||
usage(EXIT_FAILURE);
|
usage(EXIT_FAILURE);
|
||||||
|
|
||||||
for (i = 0; i < nscount; i++) {
|
if(-1 == unshare(unshare_flags))
|
||||||
if (setns(namespaces[i], 0) != 0)
|
|
||||||
err(EXIT_FAILURE, _("setns failed"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (unshare_flags && unshare(unshare_flags) != 0)
|
|
||||||
err(EXIT_FAILURE, _("unshare failed"));
|
err(EXIT_FAILURE, _("unshare failed"));
|
||||||
|
|
||||||
/* drop potential root euid/egid if we had been setuid'd */
|
/* drop potential root euid/egid if we had been setuid'd */
|
||||||
|
|
Loading…
Reference in New Issue