From: Karel Zak Date: Fri, 3 Mar 2023 11:45:57 +0000 (+0100) Subject: Merge branch 'nsenter/target-uid-gid' of https://github.com/t-8ch/util-linux X-Git-Tag: v2.39-rc1~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab8b10b25737276edde7d577bf5badffa137579b;p=thirdparty%2Futil-linux.git Merge branch 'nsenter/target-uid-gid' of https://github.com/t-8ch/util-linux [kzak@redhat.com: - resolve conflict with 4e9ec856a1b91fb3ff10de10f2dac94f711705e1 - fix --help output] * 'nsenter/target-uid-gid' of https://github.com/t-8ch/util-linux: nsenter: read default UID and GID from target process --- ab8b10b25737276edde7d577bf5badffa137579b diff --cc sys-utils/nsenter.c index c145669179,c55cf173c3..c2c20128f0 --- a/sys-utils/nsenter.c +++ b/sys-utils/nsenter.c @@@ -92,8 -89,8 +92,8 @@@ static void __attribute__((__noreturn__ fputs(_(" -C, --cgroup[=] enter cgroup namespace\n"), out); fputs(_(" -U, --user[=] enter user namespace\n"), out); fputs(_(" -T, --time[=] enter time namespace\n"), out); - fputs(_(" -S, --setuid set uid in entered namespace\n"), out); - fputs(_(" -G, --setgid set gid in entered namespace\n"), out); - fputs(_(" -S, --setuid=[] set uid in entered namespace\n"), out); - fputs(_(" -G, --setgid=[] set gid in entered namespace\n"), out); ++ fputs(_(" -S, --setuid[=] set uid in entered namespace\n"), out); ++ fputs(_(" -G, --setgid[=] set gid in entered namespace\n"), out); fputs(_(" --preserve-credentials do not touch uids or gids\n"), out); fputs(_(" -r, --root[=] set the root directory\n"), out); fputs(_(" -w, --wd[=] set the working directory\n"), out); @@@ -114,7 -110,7 +114,8 @@@ static pid_t namespace_target_pid = 0; static int root_fd = -1; static int wd_fd = -1; +static int env_fd = -1; + static int uid_gid_fd = -1; static void open_target_fd(int *fd, const char *type, const char *path) { @@@ -267,8 -262,8 +268,8 @@@ int main(int argc, char *argv[] struct namespace_file *nsfile; int c, pass, namespaces = 0, setgroups_nerrs = 0, preserve_cred = 0; - bool do_rd = false, do_wd = false, force_uid = false, force_gid = false, do_env = false; - bool do_rd = false, do_wd = false, do_uid = false, force_uid = false, do_gid = false, force_gid = false; -- bool do_all = false; ++ bool do_rd = false, do_wd = false, do_uid = false, force_uid = false, ++ do_gid = false, force_gid = false, do_env = false, do_all = false; int do_fork = -1; /* unknown yet */ char *wdns = NULL; uid_t uid = 0; @@@ -284,7 -278,7 +285,7 @@@ close_stdout_atexit(); while ((c = - getopt_long(argc, argv, "+ahVt:m::u::i::n::p::C::U::T::S:G:r::w::W::eFZ", - getopt_long(argc, argv, "+ahVt:m::u::i::n::p::C::U::T::S::G::r::w::W:FZ", ++ getopt_long(argc, argv, "+ahVt:m::u::i::n::p::C::U::T::S::G::r::w::W::eFZ", longopts, NULL)) != -1) { err_exclusive_options(c, longopts, excl, excl_st); @@@ -430,8 -427,8 +437,10 @@@ open_target_fd(&root_fd, "root", NULL); if (do_wd) open_target_fd(&wd_fd, "cwd", NULL); + if (do_env) + open_target_fd(&env_fd, "environ", NULL); + if (do_uid || do_gid) + open_target_fd(&uid_gid_fd, "", NULL); /* * Update namespaces variable to contain all requested namespaces @@@ -522,17 -519,21 +531,32 @@@ wd_fd = -1; } + /* Pass environment variables of the target process to the spawned process */ + if (env_fd >= 0) { + if ((envls = env_from_fd(env_fd)) == NULL) + err(EXIT_FAILURE, _("failed to get environment variables")); + clearenv(); + if (env_list_setenv(envls) < 0) + err(EXIT_FAILURE, _("failed to set environment variables")); + env_list_free(envls); + close(env_fd); + } + + if (uid_gid_fd >= 0) { + struct stat st; + + if (fstat(uid_gid_fd, &st) > 0) + err(EXIT_FAILURE, _("can not get process stat")); + + close(uid_gid_fd); + uid_gid_fd = -1; + + if (do_uid) + uid = st.st_uid; + if (do_gid) + gid = st.st_gid; + } + if (do_fork == 1) continue_as_child();