--- busybox-1.21.0.orig/include/libbb.h 2023-01-20 11:04:54.658742574 +0100 +++ busybox-1.21.0/include/libbb.h 2023-01-20 11:05:21.743100999 +0100 @@ -461,6 +461,7 @@ void xsetgid(gid_t gid) FAST_FUNC; void xsetuid(uid_t uid) FAST_FUNC; void xchdir(const char *path) FAST_FUNC; +void xfchdir(int fd) FAST_FUNC; void xchroot(const char *path) FAST_FUNC; void xsetenv(const char *key, const char *value) FAST_FUNC; void bb_unsetenv(const char *key) FAST_FUNC; @@ -914,9 +915,10 @@ #define BB_EXECVP(prog,cmd) execvp(prog,cmd) #define BB_EXECLP(prog,cmd,...) execlp(prog,cmd,__VA_ARGS__) #endif -int BB_EXECVP_or_die(char **argv) NORETURN FAST_FUNC; +void BB_EXECVP_or_die(char **argv) NORETURN FAST_FUNC; +void exec_prog_or_SHELL(char **argv) NORETURN FAST_FUNC; -/* xvfork() can't be a _function_, return after vfork mangles stack +/* xvfork() can't be a _function_, return after vfork in child mangles stack * in the parent. It must be a macro. */ #define xvfork() \ ({ \ @@ -928,6 +930,7 @@ #if BB_MMU pid_t xfork(void) FAST_FUNC; #endif +void xvfork_parent_waits_and_exits(void) FAST_FUNC; /* NOMMU friendy fork+exec: */ pid_t spawn(char **argv) FAST_FUNC; @@ -944,6 +947,7 @@ * if (rc > 0) bb_error_msg("exit code: %d", rc & 0xff); */ int wait4pid(pid_t pid) FAST_FUNC; +int wait_for_exitstatus(pid_t pid) FAST_FUNC; /* Same as wait4pid(spawn(argv)), but with NOFORK/NOEXEC if configured: */ int spawn_and_wait(char **argv) FAST_FUNC; /* Does NOT check that applet is NOFORK, just blindly runs it */ --- busybox-1.21.0.orig/libbb/execable.c 2023-01-20 11:04:54.574741459 +0100 +++ busybox-1.21.0/libbb/execable.c 2023-01-20 11:06:11.483753437 +0100 @@ -77,10 +77,19 @@ } #endif -int FAST_FUNC BB_EXECVP_or_die(char **argv) +void FAST_FUNC BB_EXECVP_or_die(char **argv) { BB_EXECVP(argv[0], argv); /* SUSv3-mandated exit codes */ xfunc_error_retval = (errno == ENOENT) ? 127 : 126; bb_perror_msg_and_die("can't execute '%s'", argv[0]); } + +/* Typical idiom for applets which exec *optional* PROG [ARGS] */ +void FAST_FUNC exec_prog_or_SHELL(char **argv) +{ + if (argv[0]) { + BB_EXECVP_or_die(argv); + } + run_shell(getenv("SHELL"), /*login:*/ 1, NULL, NULL); +} --- busybox-1.21.0.orig/libbb/xfuncs.c 2023-01-20 11:04:54.582741565 +0100 +++ busybox-1.21.0/libbb/xfuncs.c 2023-01-20 11:06:12.091761369 +0100 @@ -308,3 +308,15 @@ return WTERMSIG(status) + 0x180; return 0; } + +// Useful when we do know that pid is valid, and we just want to wait +// for it to exit. Not existing pid is fatal. waitpid() status is not returned. +int FAST_FUNC wait_for_exitstatus(pid_t pid) +{ + int exit_status, n; + + n = safe_waitpid(pid, &exit_status, 0); + if (n < 0) + bb_perror_msg_and_die("waitpid"); + return exit_status; +} --- busybox-1.21.0.orig/libbb/xfuncs_printf.c 2023-01-20 11:04:54.582741565 +0100 +++ busybox-1.21.0/libbb/xfuncs_printf.c 2023-01-20 11:06:11.835758029 +0100 @@ -358,6 +358,13 @@ bb_perror_msg_and_die("can't change directory to '%s'", path); } +// Die if we can't chdir to a new path. +void FAST_FUNC xfchdir(int fd) +{ + if (fchdir(fd)) + bb_perror_msg_and_die("can't change directory"); +} + void FAST_FUNC xchroot(const char *path) { if (chroot(path)) @@ -623,3 +630,19 @@ return pid; } #endif + +void FAST_FUNC xvfork_parent_waits_and_exits(void) +{ + pid_t pid; + + fflush_all(); + pid = xvfork(); + if (pid > 0) { + /* Parent */ + int exit_status = wait_for_exitstatus(pid); + if (WIFSIGNALED(exit_status)) + kill_myself_with_sig(WTERMSIG(exit_status)); + _exit(WEXITSTATUS(exit_status)); + } + /* Child continues */ +} --- busybox-1.21.0.orig/util-linux/nsenter.c 1970-01-01 01:00:00.000000000 +0100 +++ busybox-1.21.0/util-linux/nsenter.c 2023-01-20 11:05:10.450951844 +0100 @@ -0,0 +1,276 @@ +/* vi: set sw=4 ts=4: */ +/* + * Mini nsenter implementation for busybox. + * + * Copyright (C) 2016 by Bartosz Golaszewski + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ + +//config:config NSENTER +//config: bool "nsenter" +//config: default y +//config: select PLATFORM_LINUX +//config: help +//config: Run program with namespaces of other processes. +//config: +//config:config FEATURE_NSENTER_LONG_OPTS +//config: bool "Enable long options" +//config: default y +//config: depends on NSENTER && LONG_OPTS +//config: help +//config: Support long options for the nsenter applet. This makes +//config: the busybox implementation more compatible with upstream. + +//applet:IF_NSENTER(APPLET(nsenter, BB_DIR_USR_BIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_NSENTER) += nsenter.o + +//usage:#define nsenter_trivial_usage +//usage: "[OPTIONS] [PROG [ARGS]]" +//usage:#if ENABLE_FEATURE_NSENTER_LONG_OPTS +//usage:#define nsenter_full_usage "\n" +//usage: "\n -t, --target=PID Target process to get namespaces from" +//usage: "\n -m, --mount[=FILE] Enter mount namespace" +//usage: "\n -u, --uts[=FILE] Enter UTS namespace (hostname etc)" +//usage: "\n -i, --ipc[=FILE] Enter System V IPC namespace" +//usage: "\n -n, --net[=FILE] Enter network namespace" +//usage: "\n -p, --pid[=FILE] Enter pid namespace" +//usage: "\n -U, --user[=FILE] Enter user namespace" +//usage: "\n -S, --setuid=UID Set uid in entered namespace" +//usage: "\n -G, --setgid=GID Set gid in entered namespace" +//usage: "\n --preserve-credentials Don't touch uids or gids" +//usage: "\n -r, --root[=DIR] Set root directory" +//usage: "\n -w, --wd[=DIR] Set working directory" +//usage: "\n -F, --no-fork Don't fork before exec'ing PROG" +//usage:#else +//usage:#define nsenter_full_usage "\n" +//usage: "\n -t PID Target process to get namespaces from" +//usage: "\n -m[FILE] Enter mount namespace" +//usage: "\n -u[FILE] Enter UTS namespace (hostname etc)" +//usage: "\n -i[FILE] Enter System V IPC namespace" +//usage: "\n -n[FILE] Enter network namespace" +//usage: "\n -p[FILE] Enter pid namespace" +//usage: "\n -U[FILE] Enter user namespace" +//usage: "\n -S UID Set uid in entered namespace" +//usage: "\n -G GID Set gid in entered namespace" +//usage: "\n -r[DIR] Set root directory" +//usage: "\n -w[DIR] Set working directory" +//usage: "\n -F Don't fork before exec'ing PROG" +//usage:#endif + +#include +#include "libbb.h" + +struct namespace_descr { + int flag; /* value passed to setns() */ + char ns_nsfile8[8]; /* "ns/" + namespace file in process' procfs entry */ +}; + +struct namespace_ctx { + char *path; /* optional path to a custom ns file */ + int fd; /* opened namespace file descriptor */ +}; + +enum { + OPT_user = 1 << 0, + OPT_ipc = 1 << 1, + OPT_uts = 1 << 2, + OPT_network = 1 << 3, + OPT_pid = 1 << 4, + OPT_mount = 1 << 5, + OPT_target = 1 << 6, + OPT_setuid = 1 << 7, + OPT_setgid = 1 << 8, + OPT_root = 1 << 9, + OPT_wd = 1 << 10, + OPT_nofork = 1 << 11, + OPT_prescred = (1 << 12) * ENABLE_FEATURE_NSENTER_LONG_OPTS, +}; +enum { + NS_USR_POS = 0, + NS_IPC_POS, + NS_UTS_POS, + NS_NET_POS, + NS_PID_POS, + NS_MNT_POS, + NS_COUNT, +}; +/* + * The order is significant in nsenter. + * The user namespace comes first, so that it is entered first. + * This gives an unprivileged user the potential to enter other namespaces. + */ +static const struct namespace_descr ns_list[] = { + { CLONE_NEWUSER, "ns/user", }, + { CLONE_NEWIPC, "ns/ipc", }, + { CLONE_NEWUTS, "ns/uts", }, + { CLONE_NEWNET, "ns/net", }, + { CLONE_NEWPID, "ns/pid", }, + { CLONE_NEWNS, "ns/mnt", }, +}; +/* + * Upstream nsenter doesn't support the short option for --preserve-credentials + */ +static const char opt_str[] = "+""U::i::u::n::p::m::""t:S:G:r::w::F"; + +#if ENABLE_FEATURE_NSENTER_LONG_OPTS +static const char nsenter_longopts[] ALIGN1 = + "user\0" Optional_argument "U" + "ipc\0" Optional_argument "i" + "uts\0" Optional_argument "u" + "net\0" Optional_argument "n" + "pid\0" Optional_argument "p" + "mount\0" Optional_argument "m" + "target\0" Required_argument "t" + "setuid\0" Required_argument "S" + "setgid\0" Required_argument "G" + "root\0" Optional_argument "r" + "wd\0" Optional_argument "w" + "no-fork\0" No_argument "F" + "preserve-credentials\0" No_argument "\xff" + ; +#endif + +/* + * Open a file and return the new descriptor. If a full path is provided in + * fs_path, then the file to which it points is opened. Otherwise (fd_path is + * NULL) the routine builds a path to a procfs file using the following + * template: '/proc//'. + */ +static int open_by_path_or_target(const char *path, + pid_t target_pid, const char *target_file) +{ + char proc_path_buf[sizeof("/proc/%u/1234567890") + sizeof(int)*3]; + + if (!path) { + if (target_pid == 0) { + /* Example: + * "nsenter -p PROG" - neither -pFILE nor -tPID given. + */ + bb_show_usage(); + } + snprintf(proc_path_buf, sizeof(proc_path_buf), + "/proc/%u/%s", (unsigned)target_pid, target_file); + path = proc_path_buf; + } + + return xopen(path, O_RDONLY); +} + +int nsenter_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int nsenter_main(int argc UNUSED_PARAM, char **argv) +{ + int i; + unsigned int opts; + const char *root_dir_str = NULL; + const char *wd_str = NULL; + struct namespace_ctx ns_ctx_list[NS_COUNT]; + int setgroups_failed; + int root_fd, wd_fd; + int target_pid = 0; + int uid = 0; + int gid = 0; + + memset(ns_ctx_list, 0, sizeof(ns_ctx_list)); + + IF_FEATURE_NSENTER_LONG_OPTS(applet_long_options = nsenter_longopts); + opt_complementary = ":t+:S+:G+"; + opts = getopt32(argv, opt_str, + &ns_ctx_list[NS_USR_POS].path, + &ns_ctx_list[NS_IPC_POS].path, + &ns_ctx_list[NS_UTS_POS].path, + &ns_ctx_list[NS_NET_POS].path, + &ns_ctx_list[NS_PID_POS].path, + &ns_ctx_list[NS_MNT_POS].path, + &target_pid, &uid, &gid, + &root_dir_str, &wd_str + ); + argv += optind; + + root_fd = wd_fd = -1; + if (opts & OPT_root) + root_fd = open_by_path_or_target(root_dir_str, + target_pid, "root"); + if (opts & OPT_wd) + wd_fd = open_by_path_or_target(wd_str, target_pid, "cwd"); + + for (i = 0; i < NS_COUNT; i++) { + const struct namespace_descr *ns = &ns_list[i]; + struct namespace_ctx *ns_ctx = &ns_ctx_list[i]; + + ns_ctx->fd = -1; + if (opts & (1 << i)) + ns_ctx->fd = open_by_path_or_target(ns_ctx->path, + target_pid, ns->ns_nsfile8); + } + + /* + * Entering the user namespace without --preserve-credentials implies + * --setuid & --setgid and clearing root's groups. + */ + setgroups_failed = 0; + if ((opts & OPT_user) && !(opts & OPT_prescred)) { + opts |= (OPT_setuid | OPT_setgid); + /* + * We call setgroups() before and after setns() and only + * bail-out if it fails twice. + */ + setgroups_failed = (setgroups(0, NULL) < 0); + } + + for (i = 0; i < NS_COUNT; i++) { + const struct namespace_descr *ns = &ns_list[i]; + struct namespace_ctx *ns_ctx = &ns_ctx_list[i]; + + if (ns_ctx->fd < 0) + continue; + if (setns(ns_ctx->fd, ns->flag)) { + bb_perror_msg_and_die( + "setns(): can't reassociate to namespace '%s'", + ns->ns_nsfile8 + 3 /* skip over "ns/" */ + ); + } + close(ns_ctx->fd); + /*ns_ctx->fd = -1;*/ + } + + if (root_fd >= 0) { + if (wd_fd < 0) { + /* + * Save the current working directory if we're not + * changing it. + */ + wd_fd = xopen(".", O_RDONLY); + } + xfchdir(root_fd); + xchroot("."); + close(root_fd); + /*root_fd = -1;*/ + } + + if (wd_fd >= 0) { + xfchdir(wd_fd); + close(wd_fd); + /*wd_fd = -1;*/ + } + + /* + * Entering the pid namespace implies forking unless it's been + * explicitly requested by the user not to. + */ + if (!(opts & OPT_nofork) && (opts & OPT_pid)) { + xvfork_parent_waits_and_exits(); + /* Child continues */ + } + + if (opts & OPT_setgid) { + if (setgroups(0, NULL) < 0 && setgroups_failed) + bb_perror_msg_and_die("setgroups"); + xsetgid(gid); + } + if (opts & OPT_setuid) + xsetuid(uid); + + exec_prog_or_SHELL(argv); +} --- busybox-1.21.0.orig/util-linux/unshare.c 1970-01-01 01:00:00.000000000 +0100 +++ busybox-1.21.0/util-linux/unshare.c 2023-01-20 11:05:10.450951844 +0100 @@ -0,0 +1,380 @@ +/* vi: set sw=4 ts=4: */ +/* + * Mini unshare implementation for busybox. + * + * Copyright (C) 2016 by Bartosz Golaszewski + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ +//config:config UNSHARE +//config: bool "unshare (9.2 kb)" +//config: default y +//config: depends on !NOMMU +//config: select PLATFORM_LINUX +//config: select LONG_OPTS +//config: help +//config: Run program with some namespaces unshared from parent. + +// needs LONG_OPTS: it is awkward to exclude code which handles --propagation +// and --setgroups based on LONG_OPTS, so instead applet requires LONG_OPTS. +// depends on !NOMMU: we need fork() + +//applet:IF_UNSHARE(APPLET(unshare, BB_DIR_USR_BIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_UNSHARE) += unshare.o + +//usage:#define unshare_trivial_usage +//usage: "[OPTIONS] [PROG [ARGS]]" +//usage:#define unshare_full_usage "\n" +//usage: "\n -m,--mount[=FILE] Unshare mount namespace" +//usage: "\n -u,--uts[=FILE] Unshare UTS namespace (hostname etc.)" +//usage: "\n -i,--ipc[=FILE] Unshare System V IPC namespace" +//usage: "\n -n,--net[=FILE] Unshare network namespace" +//usage: "\n -p,--pid[=FILE] Unshare PID namespace" +//usage: "\n -U,--user[=FILE] Unshare user namespace" +//usage: "\n -f,--fork Fork before execing PROG" +//usage: "\n -r,--map-root-user Map current user to root (implies -U)" +//usage: "\n --mount-proc[=DIR] Mount /proc filesystem first (implies -m)" +//usage: "\n --propagation slave|shared|private|unchanged" +//usage: "\n Modify mount propagation in mount namespace" +//usage: "\n --setgroups allow|deny Control the setgroups syscall in user namespaces" + +#include +#ifndef CLONE_NEWUTS +# define CLONE_NEWUTS 0x04000000 +#endif +#ifndef CLONE_NEWIPC +# define CLONE_NEWIPC 0x08000000 +#endif +#ifndef CLONE_NEWUSER +# define CLONE_NEWUSER 0x10000000 +#endif +#ifndef CLONE_NEWPID +# define CLONE_NEWPID 0x20000000 +#endif +#ifndef CLONE_NEWNET +# define CLONE_NEWNET 0x40000000 +#endif + +#include +#ifndef MS_REC +# define MS_REC (1 << 14) +#endif +#ifndef MS_PRIVATE +# define MS_PRIVATE (1 << 18) +#endif +#ifndef MS_SLAVE +# define MS_SLAVE (1 << 19) +#endif +#ifndef MS_SHARED +# define MS_SHARED (1 << 20) +#endif + +#include "libbb.h" + +static void mount_or_die(const char *source, const char *target, + const char *fstype, unsigned long mountflags) +{ + if (mount(source, target, fstype, mountflags, NULL)) { + bb_perror_msg_and_die("can't mount %s on %s (flags:0x%lx)", + source, target, mountflags); + /* fstype is always either NULL or "proc". + * "proc" is only used to mount /proc. + * No need to clutter up error message with fstype, + * it is easily deductible. + */ + } +} + +#define PATH_PROC_SETGROUPS "/proc/self/setgroups" +#define PATH_PROC_UIDMAP "/proc/self/uid_map" +#define PATH_PROC_GIDMAP "/proc/self/gid_map" + +struct namespace_descr { + int flag; + const char nsfile4[4]; +}; + +struct namespace_ctx { + char *path; +}; + +enum { + OPT_mount = 1 << 0, + OPT_uts = 1 << 1, + OPT_ipc = 1 << 2, + OPT_net = 1 << 3, + OPT_pid = 1 << 4, + OPT_user = 1 << 5, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */ + OPT_fork = 1 << 6, + OPT_map_root = 1 << 7, + OPT_mount_proc = 1 << 8, + OPT_propagation = 1 << 9, + OPT_setgroups = 1 << 10, +}; +enum { + NS_MNT_POS = 0, + NS_UTS_POS, + NS_IPC_POS, + NS_NET_POS, + NS_PID_POS, + NS_USR_POS, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */ + NS_COUNT, +}; +static const struct namespace_descr ns_list[] = { + { CLONE_NEWNS, "mnt" }, + { CLONE_NEWUTS, "uts" }, + { CLONE_NEWIPC, "ipc" }, + { CLONE_NEWNET, "net" }, + { CLONE_NEWPID, "pid" }, + { CLONE_NEWUSER, "user" }, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */ +}; + +/* + * Upstream unshare doesn't support short options for --mount-proc, + * --propagation, --setgroups. + * Optional arguments (namespace mountpoints) exist only for long opts, + * we are forced to use "fake" letters for them. + * '+': stop at first non-option. + */ +static const char opt_str[] ALIGN1 = "+muinpU""fr""\xfd::""\xfe:""\xff:"; +static const char unshare_longopts[] ALIGN1 = + "mount\0" Optional_argument "\xf0" + "uts\0" Optional_argument "\xf1" + "ipc\0" Optional_argument "\xf2" + "net\0" Optional_argument "\xf3" + "pid\0" Optional_argument "\xf4" + "user\0" Optional_argument "\xf5" + "fork\0" No_argument "f" + "map-root-user\0" No_argument "r" + "mount-proc\0" Optional_argument "\xfd" + "propagation\0" Required_argument "\xfe" + "setgroups\0" Required_argument "\xff" +; + +/* Ugly-looking string reuse trick */ +#define PRIVATE_STR "private\0""unchanged\0""shared\0""slave\0" +#define PRIVATE_UNCHANGED_SHARED_SLAVE PRIVATE_STR + +static unsigned long parse_propagation(const char *prop_str) +{ + int i = index_in_strings(PRIVATE_UNCHANGED_SHARED_SLAVE, prop_str); + if (i < 0) + bb_error_msg_and_die("unrecognized: --%s=%s", "propagation", prop_str); + if (i == 0) + return MS_REC | MS_PRIVATE; + if (i == 1) + return 0; + if (i == 2) + return MS_REC | MS_SHARED; + return MS_REC | MS_SLAVE; +} + +static void mount_namespaces(pid_t pid, struct namespace_ctx *ns_ctx_list) +{ + const struct namespace_descr *ns; + struct namespace_ctx *ns_ctx; + int i; + + for (i = 0; i < NS_COUNT; i++) { + char nsf[sizeof("/proc/%u/ns/AAAA") + sizeof(int)*3]; + + ns = &ns_list[i]; + ns_ctx = &ns_ctx_list[i]; + if (!ns_ctx->path) + continue; + sprintf(nsf, "/proc/%u/ns/%.4s", (unsigned)pid, ns->nsfile4); + mount_or_die(nsf, ns_ctx->path, NULL, MS_BIND); + } +} + +int unshare_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int unshare_main(int argc UNUSED_PARAM, char **argv) +{ + int i; + unsigned int opts; + int unsflags; + uintptr_t need_mount; + const char *proc_mnt_target; + const char *prop_str; + const char *setgrp_str; + unsigned long prop_flags; + uid_t reuid = geteuid(); + gid_t regid = getegid(); + struct fd_pair fdp; + pid_t child = child; /* for compiler */ + struct namespace_ctx ns_ctx_list[NS_COUNT]; + + memset(ns_ctx_list, 0, sizeof(ns_ctx_list)); + proc_mnt_target = "/proc"; + prop_str = PRIVATE_STR; + setgrp_str = NULL; + + opt_complementary = + "\xf0""m" /* long opts (via their "fake chars") imply short opts */ + ":\xf1""u" + ":\xf2""i" + ":\xf3""n" + ":\xf4""p" + ":\xf5""U" + ":rU" /* --map-root-user or -r implies -U */ + ":\xfd""m" /* --mount-proc implies -m */ + ; + applet_long_options = unshare_longopts; + opts = getopt32(argv, opt_str, + &proc_mnt_target, &prop_str, &setgrp_str, + &ns_ctx_list[NS_MNT_POS].path, + &ns_ctx_list[NS_UTS_POS].path, + &ns_ctx_list[NS_IPC_POS].path, + &ns_ctx_list[NS_NET_POS].path, + &ns_ctx_list[NS_PID_POS].path, + &ns_ctx_list[NS_USR_POS].path + ); + argv += optind; + //bb_error_msg("opts:0x%x", opts); + //bb_error_msg("mount:%s", ns_ctx_list[NS_MNT_POS].path); + //bb_error_msg("proc_mnt_target:%s", proc_mnt_target); + //bb_error_msg("prop_str:%s", prop_str); + //bb_error_msg("setgrp_str:%s", setgrp_str); + //exit(1); + + if (setgrp_str) { + if (strcmp(setgrp_str, "allow") == 0) { + if (opts & OPT_map_root) { + bb_error_msg_and_die( + "--setgroups=allow and --map-root-user " + "are mutually exclusive" + ); + } + } else { + /* It's not "allow", must be "deny" */ + if (strcmp(setgrp_str, "deny") != 0) + bb_error_msg_and_die("unrecognized: --%s=%s", + "setgroups", setgrp_str); + } + } + + unsflags = 0; + need_mount = 0; + for (i = 0; i < NS_COUNT; i++) { + const struct namespace_descr *ns = &ns_list[i]; + struct namespace_ctx *ns_ctx = &ns_ctx_list[i]; + + if (opts & (1 << i)) + unsflags |= ns->flag; + + need_mount |= (uintptr_t)(ns_ctx->path); + } + /* need_mount != 0 if at least one FILE was given */ + + prop_flags = MS_REC | MS_PRIVATE; + /* Silently ignore --propagation if --mount is not requested. */ + if (opts & OPT_mount) + prop_flags = parse_propagation(prop_str); + + /* + * Special case: if we were requested to unshare the mount namespace + * AND to make any namespace persistent (by bind mounting it) we need + * to spawn a child process which will wait for the parent to call + * unshare(), then mount parent's namespaces while still in the + * previous namespace. + */ + fdp.wr = -1; + if (need_mount && (opts & OPT_mount)) { + /* + * Can't use getppid() in child, as we can be unsharing the + * pid namespace. + */ + pid_t ppid = getpid(); + + xpiped_pair(fdp); + + child = xfork(); + if (child == 0) { + /* Child */ + close(fdp.wr); + + /* Wait until parent calls unshare() */ + read(fdp.rd, ns_ctx_list, 1); /* ...using bogus buffer */ + /*close(fdp.rd);*/ + + /* Mount parent's unshared namespaces. */ + mount_namespaces(ppid, ns_ctx_list); + return EXIT_SUCCESS; + } + /* Parent continues */ + } + + if (unshare(unsflags) != 0) + bb_perror_msg_and_die("unshare(0x%x)", unsflags); + + if (fdp.wr >= 0) { + close(fdp.wr); /* Release child */ + close(fdp.rd); /* should close fd, to not confuse exec'ed PROG */ + } + + if (need_mount) { + /* Wait for the child to finish mounting the namespaces. */ + if (opts & OPT_mount) { + int exit_status = wait_for_exitstatus(child); + if (WIFEXITED(exit_status) && + WEXITSTATUS(exit_status) != EXIT_SUCCESS) + return WEXITSTATUS(exit_status); + } else { + /* + * Regular way - we were requested to mount some other + * namespaces: mount them after the call to unshare(). + */ + mount_namespaces(getpid(), ns_ctx_list); + } + } + + /* + * When we're unsharing the pid namespace, it's not the process that + * calls unshare() that is put into the new namespace, but its first + * child. The user may want to use this option to spawn a new process + * that'll become PID 1 in this new namespace. + */ + if (opts & OPT_fork) { + xvfork_parent_waits_and_exits(); + /* Child continues */ + } + + if (opts & OPT_map_root) { + char uidmap_buf[sizeof("0 %u 1") + sizeof(int)*3]; + + /* + * Since Linux 3.19 unprivileged writing of /proc/self/gid_map + * has been disabled unless /proc/self/setgroups is written + * first to permanently disable the ability to call setgroups + * in that user namespace. + */ + xopen_xwrite_close(PATH_PROC_SETGROUPS, "deny"); + sprintf(uidmap_buf, "0 %u 1", (unsigned)reuid); + xopen_xwrite_close(PATH_PROC_UIDMAP, uidmap_buf); + sprintf(uidmap_buf, "0 %u 1", (unsigned)regid); + xopen_xwrite_close(PATH_PROC_GIDMAP, uidmap_buf); + } else + if (setgrp_str) { + /* Write "allow" or "deny" */ + xopen_xwrite_close(PATH_PROC_SETGROUPS, setgrp_str); + } + + if (opts & OPT_mount) { + mount_or_die("none", "/", NULL, prop_flags); + } + + if (opts & OPT_mount_proc) { + /* + * When creating a new pid namespace, we might want the pid + * subdirectories in /proc to remain consistent with the new + * process IDs. Without --mount-proc the pids in /proc would + * still reflect the old pid namespace. This is why we make + * /proc private here and then do a fresh mount. + */ + mount_or_die("none", proc_mnt_target, NULL, MS_PRIVATE | MS_REC); + mount_or_die("proc", proc_mnt_target, "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV); + } + + exec_prog_or_SHELL(argv); +}