[lxc-devel] [lxd/master] forkmknod: attach to mntns when task is chrooted

brauner on Github lxc-bot at linuxcontainers.org
Thu Jun 13 11:47:38 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 767 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190613/9f941e2f/attachment.bin>
-------------- next part --------------
From 709454871baf5321ae830f0def43ac0e16485189 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 13 Jun 2019 13:21:41 +0200
Subject: [PATCH] forkmknod: attach to mntns when task is chrooted

Have forkmknod attach to the mntns when the target is chrooted.

When the target is chrooted we can either go on to diff /proc/<pid>/cwd
and /proc/<pid>/root, strip what is identical from /proc/<pid>/cwd, then
chroot("/proc/<pid>/root") and take the remainder of /proc/<pid>/cwd to
be relative to the new root or we simply attach to the mnts and chdir to
/proc/<pid>/cwd. Guess what's simpler.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/main_forkmknod.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/lxd/main_forkmknod.go b/lxd/main_forkmknod.go
index 76551ef626..7b49fd8034 100644
--- a/lxd/main_forkmknod.go
+++ b/lxd/main_forkmknod.go
@@ -81,10 +81,25 @@ found:
 	return nsid;
 }
 
+static int files_identical(const char *file1, const char *file2)
+{
+        struct stat stat1, stat2;
+
+        if (fstatat(AT_FDCWD, file1, &stat1, 0) < 0)
+                return -1;
+
+        if (fstatat(AT_FDCWD, file2, &stat2, 0) < 0)
+                return -1;
+
+        return stat1.st_dev == stat2.st_dev &&
+               stat1.st_ino == stat2.st_ino;
+}
+
 // Expects command line to be in the form:
 // <PID> <root-uid> <root-gid> <path> <mode> <dev>
 void forkmknod()
 {
+	int ret;
 	ssize_t bytes = 0;
 	char *cur = NULL;
 	char *path = NULL;
@@ -137,7 +152,11 @@ void forkmknod()
 		fprintf(stderr, "No root gid found (%d)\n", gid);
 
 	snprintf(cwd, sizeof(cwd), "/proc/%d/root", pid);
-	if (chroot(cwd)) {
+	if (files_identical(cwd, "/") == 1)
+		ret = chroot(cwd);
+	else
+		ret = dosetns(pid, "mnt");
+	if (ret) {
 		fprintf(stderr, "%d", errno);
 		_exit(EXIT_FAILURE);
 	}
@@ -160,6 +179,7 @@ void forkmknod()
 	_exit(EXIT_SUCCESS);
 }
 */
+// #cgo CFLAGS: -std=gnu11 -Wvla
 import "C"
 
 type cmdForkmknod struct {

More information about the lxc-devel mailing list