]> git.ipfire.org Git - thirdparty/util-linux.git/blob - sys-utils/nsenter.c
projects / thirdparty / util-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
nsenter: respect --exec no matter where it appears
[thirdparty/util-linux.git] / sys-utils / nsenter.c
1 /*
2 * nsenter(1) - command-line interface for setns(2)
3 *
4 * Copyright (C) 2012-2013 Eric Biederman <ebiederm@xmission.com>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; version 2.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 #include <sys/types.h>
21 #include <sys/wait.h>
22 #include <dirent.h>
23 #include <errno.h>
24 #include <getopt.h>
25 #include <sched.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <stdbool.h>
29 #include <unistd.h>
30 #include <assert.h>
31
32 #include "strutils.h"
33 #include "nls.h"
34 #include "c.h"
35 #include "closestream.h"
36 #include "namespace.h"
37
38 static struct namespace_file {
39 int nstype;
40 const char *name;
41 int fd;
42 } namespace_files[] = {
43 /* Careful the order is significant in this array.
44 *
45 * The user namespace comes first, so that it is entered
46 * first. This gives an unprivileged user the potential to
47 * enter the other namespaces.
48 */
49 { .nstype = CLONE_NEWUSER, .name = "ns/user", .fd = -1 },
50 { .nstype = CLONE_NEWIPC, .name = "ns/ipc", .fd = -1 },
51 { .nstype = CLONE_NEWUTS, .name = "ns/uts", .fd = -1 },
52 { .nstype = CLONE_NEWNET, .name = "ns/net", .fd = -1 },
53 { .nstype = CLONE_NEWPID, .name = "ns/pid", .fd = -1 },
54 { .nstype = CLONE_NEWNS, .name = "ns/mnt", .fd = -1 },
55 { .nstype = 0, .name = NULL, .fd = -1 }
56 };
57
58 static void usage(int status)
59 {
60 FILE *out = status == EXIT_SUCCESS ? stdout : stderr;
61
62 fputs(USAGE_HEADER, out);
63 fprintf(out, _(" %s [options] <program> [args...]\n"),
64 program_invocation_short_name);
65
66 fputs(USAGE_OPTIONS, out);
67 fputs(_(" -t, --target <pid> target process to get namespaces from\n"
68 " -m, --mount [=<file>] enter mount namespace\n"
69 " -u, --uts [=<file>] enter UTS namespace (hostname etc)\n"
70 " -i, --ipc [=<file>] enter System V IPC namespace\n"
71 " -n, --net [=<file>] enter network namespace\n"
72 " -p, --pid [=<file>] enter pid namespace\n"
73 " -U, --user [=<file>] enter user namespace\n"
74 " -r, --root [=<dir>] set the root directory\n"
75 " -w, --wd [=<dir>] set the working directory\n"
76 " -F, --no-fork don't fork before exec'ing <program>\n"), out);
77 fputs(USAGE_SEPARATOR, out);
78 fputs(USAGE_HELP, out);
79 fputs(USAGE_VERSION, out);
80 fprintf(out, USAGE_MAN_TAIL("nsenter(1)"));
81
82 exit(status);
83 }
84
85 static pid_t namespace_target_pid = 0;
86 static int root_fd = -1;
87 static int wd_fd = -1;
88
89 static void open_target_fd(int *fd, const char *type, const char *path)
90 {
91 char pathbuf[PATH_MAX];
92
93 if (!path && namespace_target_pid) {
94 snprintf(pathbuf, sizeof(pathbuf), "/proc/%u/%s",
95 namespace_target_pid, type);
96 path = pathbuf;
97 }
98 if (!path)
99 errx(EXIT_FAILURE,
100 _("neither filename nor target pid supplied for %s"),
101 type);
102
103 if (*fd >= 0)
104 close(*fd);
105
106 *fd = open(path, O_RDONLY);
107 if (*fd < 0)
108 err(EXIT_FAILURE, _("cannot open %s"), path);
109 }
110
111 static void open_namespace_fd(int nstype, const char *path)
112 {
113 struct namespace_file *nsfile;
114
115 for (nsfile = namespace_files; nsfile->nstype; nsfile++) {
116 if (nstype != nsfile->nstype)
117 continue;
118
119 open_target_fd(&nsfile->fd, nsfile->name, path);
120 return;
121 }
122 /* This should never happen */
123 assert(nsfile->nstype);
124 }
125
126 static void continue_as_child(void)
127 {
128 pid_t child = fork();
129 int status;
130 pid_t ret;
131
132 if (child < 0)
133 err(EXIT_FAILURE, _("fork failed"));
134
135 /* Only the child returns */
136 if (child == 0)
137 return;
138
139 for (;;) {
140 ret = waitpid(child, &status, WUNTRACED);
141 if ((ret == child) && (WIFSTOPPED(status))) {
142 /* The child suspended so suspend us as well */
143 kill(getpid(), SIGSTOP);
144 kill(child, SIGCONT);
145 } else {
146 break;
147 }
148 }
149 /* Return the child's exit code if possible */
150 if (WIFEXITED(status)) {
151 exit(WEXITSTATUS(status));
152 } else if (WIFSIGNALED(status)) {
153 kill(getpid(), WTERMSIG(status));
154 }
155 exit(EXIT_FAILURE);
156 }
157
158 int main(int argc, char *argv[])
159 {
160 static const struct option longopts[] = {
161 { "help", no_argument, NULL, 'h' },
162 { "version", no_argument, NULL, 'V'},
163 { "target", required_argument, NULL, 't' },
164 { "mount", optional_argument, NULL, 'm' },
165 { "uts", optional_argument, NULL, 'u' },
166 { "ipc", optional_argument, NULL, 'i' },
167 { "net", optional_argument, NULL, 'n' },
168 { "pid", optional_argument, NULL, 'p' },
169 { "user", optional_argument, NULL, 'U' },
170 { "root", optional_argument, NULL, 'r' },
171 { "wd", optional_argument, NULL, 'w' },
172 { "no-fork", no_argument, NULL, 'F' },
173 { NULL, 0, NULL, 0 }
174 };
175
176 struct namespace_file *nsfile;
177 int c, namespaces = 0;
178 bool do_rd = false, do_wd = false;
179 int do_fork = -1; /* unknown yet */
180
181 setlocale(LC_MESSAGES, "");
182 bindtextdomain(PACKAGE, LOCALEDIR);
183 textdomain(PACKAGE);
184 atexit(close_stdout);
185
186 while ((c =
187 getopt_long(argc, argv, "hVt:m::u::i::n::p::U::r::w::F",
188 longopts, NULL)) != -1) {
189 switch (c) {
190 case 'h':
191 usage(EXIT_SUCCESS);
192 case 'V':
193 printf(UTIL_LINUX_VERSION);
194 return EXIT_SUCCESS;
195 case 't':
196 namespace_target_pid =
197 strtoul_or_err(optarg, _("failed to parse pid"));
198 break;
199 case 'm':
200 if (optarg)
201 open_namespace_fd(CLONE_NEWNS, optarg);
202 else
203 namespaces |= CLONE_NEWNS;
204 break;
205 case 'u':
206 if (optarg)
207 open_namespace_fd(CLONE_NEWUTS, optarg);
208 else
209 namespaces |= CLONE_NEWUTS;
210 break;
211 case 'i':
212 if (optarg)
213 open_namespace_fd(CLONE_NEWIPC, optarg);
214 else
215 namespaces |= CLONE_NEWIPC;
216 break;
217 case 'n':
218 if (optarg)
219 open_namespace_fd(CLONE_NEWNET, optarg);
220 else
221 namespaces |= CLONE_NEWNET;
222 break;
223 case 'p':
224 if (optarg)
225 open_namespace_fd(CLONE_NEWPID, optarg);
226 else
227 namespaces |= CLONE_NEWPID;
228 break;
229 case 'U':
230 if (optarg)
231 open_namespace_fd(CLONE_NEWUSER, optarg);
232 else
233 namespaces |= CLONE_NEWUSER;
234 break;
235 case 'F':
236 do_fork = 0;
237 break;
238 case 'r':
239 if (optarg)
240 open_target_fd(&root_fd, "root", optarg);
241 else
242 do_rd = true;
243 break;
244 case 'w':
245 if (optarg)
246 open_target_fd(&wd_fd, "cwd", optarg);
247 else
248 do_wd = true;
249 break;
250 default:
251 usage(EXIT_FAILURE);
252 }
253 }
254
255 if (optind >= argc)
256 usage(EXIT_FAILURE);
257
258 /*
259 * Open remaining namespace and directory descriptors.
260 */
261 for (nsfile = namespace_files; nsfile->nstype; nsfile++)
262 if (nsfile->nstype & namespaces)
263 open_namespace_fd(nsfile->nstype, NULL);
264 if (do_rd)
265 open_target_fd(&root_fd, "root", NULL);
266 if (do_wd)
267 open_target_fd(&wd_fd, "cwd", NULL);
268
269 /*
270 * Now that we know which namespaces we want to enter, enter them.
271 */
272 for (nsfile = namespace_files; nsfile->nstype; nsfile++) {
273 if (nsfile->fd < 0)
274 continue;
275 if (nsfile->nstype == CLONE_NEWPID && do_fork == -1)
276 do_fork = 1;
277 if (setns(nsfile->fd, nsfile->nstype))
278 err(EXIT_FAILURE,
279 _("reassociate to namespace '%s' failed"),
280 nsfile->name);
281 close(nsfile->fd);
282 nsfile->fd = -1;
283 }
284
285 /* Remember the current working directory if I'm not changing it */
286 if (root_fd >= 0 && wd_fd < 0) {
287 wd_fd = open(".", O_RDONLY);
288 if (wd_fd < 0)
289 err(EXIT_FAILURE,
290 _("cannot open current working directory"));
291 }
292
293 /* Change the root directory */
294 if (root_fd >= 0) {
295 if (fchdir(root_fd) < 0)
296 err(EXIT_FAILURE,
297 _("change directory by root file descriptor failed"));
298
299 if (chroot(".") < 0)
300 err(EXIT_FAILURE, _("chroot failed"));
301
302 close(root_fd);
303 root_fd = -1;
304 }
305
306 /* Change the working directory */
307 if (wd_fd >= 0) {
308 if (fchdir(wd_fd) < 0)
309 err(EXIT_FAILURE,
310 _("change directory by working directory file descriptor failed"));
311
312 close(wd_fd);
313 wd_fd = -1;
314 }
315
316 if (do_fork == 1)
317 continue_as_child();
318
319 execvp(argv[optind], argv + optind);
320
321 err(EXIT_FAILURE, _("exec %s failed"), argv[optind]);
322 }
Unnamed repository; edit this file 'description' to name the repository.