From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 6 Dec 2023 10:35:04 +0000 (+0100)
Subject: namespace-util: add new helper is_our_namespace()
X-Git-Tag: v256-rc1~283^2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4f62e7a120366703b4d99631ba0390bcd5b0b58;p=thirdparty%2Fsystemd.git

namespace-util: add new helper is_our_namespace()
---

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 0e54a1e2358..5b4e43f9210 100644
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -34,6 +34,14 @@ const struct namespace_info namespace_info[] = {
 
 #define pid_namespace_path(pid, type) procfs_file_alloca(pid, namespace_info[type].proc_path)
 
+static NamespaceType clone_flag_to_namespace_type(unsigned long clone_flag) {
+        for (NamespaceType t = 0; t < _NAMESPACE_TYPE_MAX; t++)
+                if (((namespace_info[t].clone_flag ^ clone_flag) & (CLONE_NEWCGROUP|CLONE_NEWIPC|CLONE_NEWNET|CLONE_NEWNS|CLONE_NEWPID|CLONE_NEWUSER|CLONE_NEWUTS|CLONE_NEWTIME)) == 0)
+                        return t;
+
+        return _NAMESPACE_TYPE_INVALID;
+}
+
 int namespace_open(
                 pid_t pid,
                 int *ret_pidns_fd,
@@ -442,3 +450,34 @@ int namespace_open_by_type(NamespaceType type) {
 
         return fd;
 }
+
+int is_our_namespace(int fd, NamespaceType request_type) {
+        int clone_flag;
+
+        assert(fd >= 0);
+
+        clone_flag = ioctl(fd, NS_GET_NSTYPE);
+        if (clone_flag < 0)
+                return -errno;
+
+        NamespaceType found_type = clone_flag_to_namespace_type(clone_flag);
+        if (found_type < 0)
+                return -EBADF; /* Uh? Unknown namespace type? */
+
+        if (request_type >= 0 && request_type != found_type) /* It's a namespace, but not of the right type? */
+                return -EUCLEAN;
+
+        struct stat st_fd, st_ours;
+        if (fstat(fd, &st_fd) < 0)
+                return -errno;
+
+        const char *p = pid_namespace_path(0, found_type);
+        if (stat(p, &st_ours) < 0) {
+                if (errno == ENOENT)
+                        return proc_mounted() == 0 ? -ENOSYS : -ENOENT;
+
+                return -errno;
+        }
+
+        return stat_inode_same(&st_ours, &st_fd);
+}
diff --git a/src/basic/namespace-util.h b/src/basic/namespace-util.h
index 972ef05d539..545952a5d10 100644
--- a/src/basic/namespace-util.h
+++ b/src/basic/namespace-util.h
@@ -62,3 +62,5 @@ int in_same_namespace(pid_t pid1, pid_t pid2, NamespaceType type);
 int parse_userns_uid_range(const char *s, uid_t *ret_uid_shift, uid_t *ret_uid_range);
 
 int namespace_open_by_type(NamespaceType type);
+
+int is_our_namespace(int fd, NamespaceType type);