[lxc-devel] [lxd/master] forksyscall: switch chdirchroot() and setns() order
brauner on Github
lxc-bot at linuxcontainers.org
Mon Jul 15 20:41:39 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190715/abb8c595/attachment.bin>
-------------- next part --------------
From f701329f058add83d326c4cdc7184052f14d662f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 15 Jul 2019 22:41:02 +0200
Subject: [PATCH] forksyscall: switch chdirchroot() and setns() order
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/main_forksyscall.go | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/lxd/main_forksyscall.go b/lxd/main_forksyscall.go
index 35d134d706..79a99347f9 100644
--- a/lxd/main_forksyscall.go
+++ b/lxd/main_forksyscall.go
@@ -12,6 +12,7 @@ import (
#endif
#include <fcntl.h>
#include <libgen.h>
+#include <sched.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
@@ -117,7 +118,7 @@ static bool chdirchroot(pid_t pid)
// <PID> <root-uid> <root-gid> <path> <mode> <dev>
static void forkmknod()
{
- __do_close_prot_errno int cwd_fd = -EBADF, host_target_fd = -EBADF;
+ __do_close_prot_errno int cwd_fd = -EBADF, host_target_fd = -EBADF, mnt_fd = -EBADF;
int ret;
char *cur = NULL, *target = NULL, *target_dir = NULL, *target_host = NULL;
char path[PATH_MAX];
@@ -161,7 +162,9 @@ static void forkmknod()
_exit(EXIT_FAILURE);
}
- if (dosetns(pid, "mnt")) {
+ snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
+ mnt_fd = open(path, O_RDONLY | O_CLOEXEC);
+ if (mnt_fd < 0) {
fprintf(stderr, "%d", ENOANO);
_exit(EXIT_FAILURE);
}
@@ -170,6 +173,10 @@ static void forkmknod()
fprintf(stderr, "%d", ENOANO);
_exit(EXIT_FAILURE);
}
+ if (setns(mnt_fd, CLONE_NEWNS)) {
+ fprintf(stderr, "%d", ENOANO);
+ _exit(EXIT_FAILURE);
+ }
caps = cap_get_pid(pid);
if (!caps) {
More information about the lxc-devel
mailing list