This new command can set no_new_privs, uid, gid, groups, securebits,
inheritable caps, the cap bounding set, securebits, and selinux and
apparmor labels.
[kerolasa@iki.fi: a lot of small adjustment making the command to be good
fit to util-linux project]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Most visible change; the --target option has a path - explanation table
instead a long paragraph. This makes pairing of the information easier
for an average user such as me.
The rest of the changes are about aligning with howto, i.e., fix spaces
after dots, URL & mail address macros, remove inline emphasis where
possible, mark directory paths and words with underscore to be line
breakable, use optional option syntax from howto, cut line lenght to 80
chars.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Message to user is less informative, but impossible events should be
rare so core files are much appriciated for these cases.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
nsenter.c:53:2: warning: ISO C forbids empty initializer braces [-pedantic]
[kzak@redhat.com: - use initialize .fd to -1]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
The 'neither filename nor target' is changed to use errx() rather than
err(), because the errno is indicating success at the time of fatal error
which is wrong message for an user.
The "cannot open %s" is same string as in other files, making translators
to work less.
Remaining changes aim to ease understanding what went wrong for a
non-programmer audience.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The naming of this option was really confusing.
Just rename it for clarity.
[kzak@redhat.com: rebase to original code without --all]
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Karel Zak <kzak@redhat.com>
When user runs with --color it should not need to be combined with
filtering per level or facility, or decoding.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The dmesg should not crash while --decode'ing message facilities and
levels to readable string even if the values are out of bounds.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Move the defitions of CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC,
CLONE_NEWNET, CLONE_NEWUSER, CLONE_NEWPID into namespace.h in case
sched.h does not provide those definitions. Are there systems
around that are old enough that still need this?
Move the definitions of unshare() and setns() into namespace.h
for supporting old versions of libc that does not provice these.
I have tested this support with setns as I still have systems
old enough that glibc does not wrap setns.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This is shorter code and makes things a bit clearer and less
error prone if anyone happens to copy the code.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
In the case of a pid namespace we need to fork a child process instead
of calling exec. Move all of that logic out of line into a function
continue_as_child, making the logic of the primary case easier to
understand.
Update the logic for waiting for a child process to suspend ourselves
when the child processes suspends and to continue the child process
when we are unsuspsended. This supports the bash suspend command and
various editors that suspend themselves.
If the child process exits with a signal update the logic to run
kill(getpid(), WTERMSIG(status)) so the caller sees the same exit code
that nsenter observed.
There will always be permission to send signals to our children and
the tty is not changing so there is no need for the intermediate
process to forward signals to it's child.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
- Update the unshare application to support the pid and user namespaces.
- Update the man page for the new options
- Fix typo in the man page where UTS was spelled UTC.
- Remove the vestigal support for running a suid unshare.
After unsharing a user namespace setuid(getuid()) won't work because
no uid or gid mappings have been specified yet. So it is just easier not
to have any support for running suid.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Inspired by unshare, nsenter is a simple wrapper around setns that
allows running a new process in the context of an existing process.
Full paths may be specified to the namespace arguments so that
namespace file descriptors may be used wherever they reside in the
filesystem.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
If the target directory (mountpoint) does not exist then mount(8) will create
it before mount.<type> is executed or mount(2) syscall is called.
Co-Author: Karel Zak <kzak@redhat.com>
Signed-off-by: Ondrej Oprala <ooprala@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Presently, libmount-mount completely prohibits the use of -t by non-root
users. This breaks using -t in listing mode as a user, which represents
a regression against mount-deprecated, macosx and presumably *BSD.
This commit fixes the issue by deferring the mnt_context_is_restricted
check for -t until we know we're not in listing mode.
Signed-off-by: Rich Tollerton <rich.tollerton@ni.com>
Bernhard Voelker
Benno Schulenberg
Karel Zak
Andy Lutomirski
Sami Kerola
Zbigniew Jędrzejewski-Szmek
Eric W. Biederman
Ondrej Oprala
Richard Tollerton