1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
| | // SPDX-License-Identifier: AGPL-3.0-or-later
/* nstool - maintain a namespace to be entered by other processes
*
* Copyright Red Hat
* Author: David Gibson <david@gibson.dropbear.id.au>
*
* Can run in 3 modes:
*
* nstool hold <path>
* Designed to be run inside a namespace, opens a Unix domain
* control socket at <path> and waits until instructed to stop
* with "nstool stop <path>"
* nstool pid <path>
* Prints the PID of the nstool hold process with control socket
* <path>. This is given in the PID namespace where nstool pid
* is executed, not the one where nstool hold is running
* nstool stop <path>
* Instruct the nstool hold with control socket at <path> to
* exit.
*/
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/un.h>
#define die(...) \
do { \
fprintf(stderr, __VA_ARGS__); \
exit(1); \
} while (0)
static void usage(void)
{
die("Usage: nstool hold|pid|stop <socket path>\n");
}
static void hold(int fd, const struct sockaddr_un *addr)
{
int rc;
rc = bind(fd, (struct sockaddr *)addr, sizeof(*addr));
if (rc < 0)
die("bind(): %s\n", strerror(errno));
rc = listen(fd, 0);
if (rc < 0)
die("listen(): %s\n", strerror(errno));
printf("nstool: local PID=%d local UID=%u local GID=%u\n",
getpid(), getuid(), getgid());
do {
int afd = accept(fd, NULL, NULL);
char buf;
if (afd < 0)
die("accept(): %s\n", strerror(errno));
rc = read(afd, &buf, sizeof(buf));
if (rc < 0)
die("read(): %s\n", strerror(errno));
} while (rc == 0);
unlink(addr->sun_path);
}
static void pid(int fd, const struct sockaddr_un *addr)
{
int rc;
struct ucred peercred;
socklen_t optlen = sizeof(peercred);
do {
rc = connect(fd, (struct sockaddr *)addr, sizeof(*addr));
if (rc < 0 && errno != ENOENT && errno != ECONNREFUSED)
die("connect(): %s\n", strerror(errno));
} while (rc < 0);
rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED,
&peercred, &optlen);
if (rc < 0)
die("getsockopet(SO_PEERCRED): %s\n", strerror(errno));
close(fd);
printf("%d\n", peercred.pid);
}
static void stop(int fd, const struct sockaddr_un *addr)
{
int rc;
char buf = 'Q';
rc = connect(fd, (struct sockaddr *)addr, sizeof(*addr));
if (rc < 0)
die("connect(): %s\n", strerror(errno));
rc = write(fd, &buf, sizeof(buf));
if (rc < 0)
die("write(): %s\n", strerror(errno));
close(fd);
}
int main(int argc, char *argv[])
{
int fd;
const char *sockname;
struct sockaddr_un sockaddr = {
.sun_family = AF_UNIX,
};
if (argc != 3)
usage();
sockname = argv[2];
strncpy(sockaddr.sun_path, sockname, UNIX_PATH_MAX);
fd = socket(AF_UNIX, SOCK_STREAM, PF_UNIX);
if (fd < 0)
die("socket(): %s\n", strerror(errno));
if (strcmp(argv[1], "hold") == 0)
hold(fd, &sockaddr);
else if (strcmp(argv[1], "pid") == 0)
pid(fd, &sockaddr);
else if (strcmp(argv[1], "stop") == 0)
stop(fd, &sockaddr);
else
usage();
exit(0);
}
|