diff options
| author | Eric W. Biederman | 2013-01-11 23:53:34 +0100 |
|---|---|---|
| committer | Karel Zak | 2013-01-17 13:17:32 +0100 |
| commit | bc7f9b95c04a8a6bb60cf2e58df47567f30cb989 (patch) | |
| tree | 2906c12b6bd6cac8a7b3e604e55b3f6c18159c38 /sys-utils/unshare.c | |
| parent | nsenter: new command (light wrapper around setns) (diff) | |
| download | kernel-qcow2-util-linux-bc7f9b95c04a8a6bb60cf2e58df47567f30cb989.tar.gz kernel-qcow2-util-linux-bc7f9b95c04a8a6bb60cf2e58df47567f30cb989.tar.xz kernel-qcow2-util-linux-bc7f9b95c04a8a6bb60cf2e58df47567f30cb989.zip | |
unshare: Add support for the pid and user namespaces
- Update the unshare application to support the pid and user namespaces.
- Update the man page for the new options
- Fix typo in the man page where UTS was spelled UTC.
- Remove the vestigal support for running a suid unshare.
After unsharing a user namespace setuid(getuid()) won't work because
no uid or gid mappings have been specified yet. So it is just easier not
to have any support for running suid.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'sys-utils/unshare.c')
| -rw-r--r-- | sys-utils/unshare.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c index 9de997bdc..00cc2cf79 100644 --- a/sys-utils/unshare.c +++ b/sys-utils/unshare.c @@ -41,6 +41,12 @@ #ifndef CLONE_NEWNET # define CLONE_NEWNET 0x40000000 #endif +#ifndef CLONE_NEWUSER +# define CLONE_NEWUSER 0x10000000 +#endif +#ifndef CLONE_NEWPID +# define CLONE_NEWPID 0x20000000 +#endif #ifndef HAVE_UNSHARE # include <sys/syscall.h> @@ -63,7 +69,9 @@ static void usage(int status) fputs(_(" -m, --mount unshare mounts namespace\n" " -u, --uts unshare UTS namespace (hostname etc)\n" " -i, --ipc unshare System V IPC namespace\n" - " -n, --net unshare network namespace\n"), out); + " -n, --net unshare network namespace\n" + " -p, --pid unshare pid namespace\n" + " -U, --user unshare user namespace\n"), out); fputs(USAGE_SEPARATOR, out); fputs(USAGE_HELP, out); @@ -82,6 +90,8 @@ int main(int argc, char *argv[]) { "uts", no_argument, 0, 'u' }, { "ipc", no_argument, 0, 'i' }, { "net", no_argument, 0, 'n' }, + { "pid", no_argument, 0, 'p' }, + { "user", no_argument, 0, 'U' }, { NULL, 0, 0, 0 } }; @@ -94,7 +104,7 @@ int main(int argc, char *argv[]) textdomain(PACKAGE); atexit(close_stdout); - while((c = getopt_long(argc, argv, "hVmuin", longopts, NULL)) != -1) { + while((c = getopt_long(argc, argv, "hVmuinpU", longopts, NULL)) != -1) { switch(c) { case 'h': usage(EXIT_SUCCESS); @@ -113,6 +123,12 @@ int main(int argc, char *argv[]) case 'n': unshare_flags |= CLONE_NEWNET; break; + case 'p': + unshare_flags |= CLONE_NEWPID; + break; + case 'U': + unshare_flags |= CLONE_NEWUSER; + break; default: usage(EXIT_FAILURE); } @@ -124,13 +140,6 @@ int main(int argc, char *argv[]) if(-1 == unshare(unshare_flags)) err(EXIT_FAILURE, _("unshare failed")); - /* drop potential root euid/egid if we had been setuid'd */ - if (setgid(getgid()) < 0) - err(EXIT_FAILURE, _("cannot set group id")); - - if (setuid(getuid()) < 0) - err(EXIT_FAILURE, _("cannot set user id")); - execvp(argv[optind], argv + optind); err(EXIT_FAILURE, _("exec %s failed"), argv[optind]); |