From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 67B195A026E
	for <passt-dev@passt.top>; Thu,  6 Apr 2023 04:50:11 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4PsQvz5wKdz4xFf; Thu,  6 Apr 2023 12:50:07 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1680749407;
	bh=UxGYFuLsGH0GpLbKejJuA5f8ayXAYHSZU7irxQVxdGk=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=BDHujvIscNPoEOVyLBCwpZnQExkaBi4uXpDbVqez1gh886CLQwggYV20ZzOsSv29x
	 69t2Wvrc+uKfiRi/FzQSEG22va7BiSot/TmEclusqEL4+K0XgyJC/awyo197GU1hQZ
	 DP17RBUz6XfPP4KKmKBqTSSg9dnzxX+KvzX4S/JY=
Date: Thu, 6 Apr 2023 10:15:41 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 06/14] nstool: Detect what namespaces target is in
Message-ID: <ZC4PLXjm7/SxmKr9@yekko>
References: <20230404014638.3225556-1-david@gibson.dropbear.id.au>
 <20230404014638.3225556-7-david@gibson.dropbear.id.au>
 <20230405135825.13e18482@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="mzfT+4rOueYS3zrs"
Content-Disposition: inline
In-Reply-To: <20230405135825.13e18482@elisabeth>
Message-ID-Hash: 5UHCOH4IZ7DCZWRZYI3GJZDHY55XGK63
X-Message-ID-Hash: 5UHCOH4IZ7DCZWRZYI3GJZDHY55XGK63
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZC4PLXjm7/SxmKr9@yekko/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/5UHCOH4IZ7DCZWRZYI3GJZDHY55XGK63/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--mzfT+4rOueYS3zrs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 05, 2023 at 01:58:25PM +0200, Stefano Brivio wrote:
> On Tue,  4 Apr 2023 11:46:30 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > Give nstool the ability to detect what namespaces the target process is=
 in,
> > relative to where it's called.  That is, those namespace types for which
> > the target is not in the same namespace as the caller.  For now, just
> > print this information with "info", which can be useful for debugging.
> >=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  test/nstool.c | 154 +++++++++++++++++++++++++++++++++++++++++++++-----
> >  1 file changed, 140 insertions(+), 14 deletions(-)
> >=20
> > diff --git a/test/nstool.c b/test/nstool.c
> > index 2cb4fb3..428c9c4 100644
> > --- a/test/nstool.c
> > +++ b/test/nstool.c
> > @@ -15,8 +15,13 @@
> >  #include <errno.h>
> >  #include <unistd.h>
> >  #include <getopt.h>
> > +#include <stdarg.h>
> >  #include <sys/socket.h>
> >  #include <linux/un.h>
> > +#include <linux/limits.h>
> > +#include <sched.h>
> > +
> > +#define	ARRAY_SIZE(a)	((int)(sizeof(a) / sizeof((a)[0])))
> > =20
> >  #define die(...)				\
> >  	do {					\
> > @@ -24,6 +29,28 @@
> >  		exit(1);			\
> >  	} while (0)
> > =20
> > +struct ns_type {
> > +	int flag;
> > +	const char *name;
> > +};
> > +
> > +const struct ns_type nstypes[] =3D {
> > +	{ CLONE_NEWCGROUP, "cgroup" },
> > +	{ CLONE_NEWIPC, "ipc" },
> > +	{ CLONE_NEWNET, "net" },
> > +	{ CLONE_NEWNS, "mnt" },
> > +	{ CLONE_NEWPID, "pid" },
> > +	{ CLONE_NEWTIME, "time" },
> > +	{ CLONE_NEWUSER, "user" },
> > +	{ CLONE_NEWUTS, "uts" },
> > +};
> > +
> > +struct holder_info {
> > +	pid_t pid;
> > +	uid_t uid;
> > +	gid_t gid;
> > +};
> > +
> >  static void usage(void)
> >  {
> >  	die("Usage:\n"
> > @@ -41,12 +68,16 @@ static void usage(void)
> >  	    "    terminate.\n");
> >  }
> > =20
> > -static int connect_ctl(const char * sockpath, bool wait)
> > +static int connect_ctl(const char *sockpath, bool wait,
> > +		       struct holder_info *info,
> > +		       struct ucred *peercred)
> >  {
> >  	int fd =3D socket(AF_UNIX, SOCK_STREAM, PF_UNIX);
> >  	struct sockaddr_un addr =3D {
> >  		.sun_family =3D AF_UNIX,
> >  	};
> > +	struct holder_info discard;
> > +	ssize_t len;
> >  	int rc;
> > =20
> >  	if (fd < 0)
> > @@ -61,6 +92,25 @@ static int connect_ctl(const char * sockpath, bool w=
ait)
> >  			die("connect() to %s: %s\n", sockpath, strerror(errno));
> >  	} while (rc < 0);
> > =20
> > +	if (!info)
> > +		info =3D &discard;
>=20
> As you close the socket anyway moments later, I wonder if it wouldn't
> be doable (and more natural) to just do:
>=20
> 	if (info) {
> 		len =3D read(fd, info, sizeof(*info));
> 		...
> 	}

I had something like that initially, but that causes the holder to
spit a broken pipe error, which is distracting.

> 	if (peercred) {
> 		...
> 	}
>=20
> ...but maybe it adds unnecessary complication to 7/14 (or perhaps the
> magic is not really part of 'info'?).
>=20

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--mzfT+4rOueYS3zrs
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmQuDyYACgkQzQJF27ox
2Gf2mA//Y6Ekp6iwGSewVEca2sPuZni84vsq7GD2g5qPUAROOJ6xmHOoeb5OyVc+
zbZvojAxml6xEdAxcRhlEg+BTo5/5n1yYYZKxkvs5EmAujBS7j/JT9HpE/ZydPlG
xc+9sJDC4y1WLVyF5FfkUfzxTGN35xLnH0OMtXyIgokLErpgKQltChoHFLjt40rX
wLev60ixvYmJMAIGXxc8Xa61SGqXtOQg+tM+eOxCzLCh/7s3m3S3NQ2slSkmvf14
VL6V8xV3JDNAvrOIi7tugwuhjkz7om9kEnM550Syp22KEfgyAkbNdUYR7zeAEgnb
ykz2sE+MiUnKby27SvG9/ueiUCV8PxNG9CkYnxk5ZyXlmNSgxMwSaGuFV4iMcrnZ
mt8dRznLgCBaTJ8BhXTzOIIUidDL6drlUDNuUQBKuIRhcsNykXbvNF5HOFbnpRdn
i+HiCdU57KNWjO+QOQgrCRhttUxmdjvn1HXyYYd1MHLHntlP6MLnDeLbibW8g83B
dy4mnQ/Oi/P9thY4B2YqoqEJkf9ImMuZPQSpB1bp8qwElQsGv0gCu6dn7cbIikCH
XJRElgEU5xMoHRlorZ8WWqBenaa0XVgCQEoyYD+40q5NFZdtFc8hfOd4VHSouvda
US/ecBgmCFjC4W+0eoyN6pnLIk1j/3c42zvYiMRBFHKOOhhcDjg=
=hVtI
-----END PGP SIGNATURE-----

--mzfT+4rOueYS3zrs--