Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: tailhook/unshare
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: virt-do/unshare
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
Able to merge. These branches can be automatically merged.
  • 2 commits
  • 22 files changed
  • 1 contributor

Commits on Jan 28, 2022

  1. unshare: Formatting fixes 

    A simple cargo fmt run.

Signed-off-by: Samuel Ortiz <[email protected]>
    Samuel Ortiz committed Jan 28, 2022
    Copy the full SHA
    34b1afb View commit details

  2. child: Use excvpe instead of execve 

    So that we can use relative binary paths and have libc using the PATH
environment variable for us.

Signed-off-by: Samuel Ortiz <[email protected]>
    Samuel Ortiz committed Jan 28, 2022
    Copy the full SHA
    7b0a2e8 View commit details
Showing with 532 additions and 455 deletions.
  1. +1 −2 examples/echo.rs
  2. +97 −51 examples/runcmd.rs
  3. +1 −2 src/callbacks.rs
  4. +37 −37 src/caps.rs
  5. +40 −45 src/child.rs
  6. +0 −1 src/chroot.rs
  7. +4 −5 src/config.rs
  8. +22 −13 src/debug.rs
  9. +24 −19 src/error.rs
  10. +13 −20 src/fds.rs
  11. +2 −5 src/ffi_util.rs
  12. +1 −2 src/idmap.rs
  13. +23 −22 src/lib.rs
  14. +30 −33 src/linux.rs
  15. +0 −1 src/namespace.rs
  16. +11 −17 src/pipe.rs
  17. +142 −104 src/run.rs
  18. +8 −7 src/status.rs
  19. +25 −23 src/std_api.rs
  20. +30 −13 src/stdio.rs
  21. +13 −18 src/wait.rs
  22. +8 −15 src/zombies.rs
3 changes: 1 addition & 2 deletions examples/echo.rs
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@ extern crate unshare;

use std::process::exit;


fn main() {
let mut cmd = unshare::Command::new("/bin/echo");
cmd.arg("hello");
@@ -11,6 +10,6 @@ fn main() {
match cmd.status().unwrap() {
// propagate signal
unshare::ExitStatus::Exited(x) => exit(x as i32),
unshare::ExitStatus::Signaled(x, _) => exit((128+x as i32) as i32),
unshare::ExitStatus::Signaled(x, _) => exit((128 + x as i32) as i32),
}
}
148 changes: 97 additions & 51 deletions examples/runcmd.rs
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
extern crate unshare;
extern crate argparse;
extern crate libc;
extern crate unshare;

use std::io::{stderr, Write, Read};
use std::process::exit;
use std::io::{stderr, Read, Write};
use std::path::PathBuf;
use std::process::exit;

use unshare::Namespace;
use libc::{uid_t, gid_t};
use argparse::{ArgumentParser, Store, StoreOption, Collect, StoreTrue};
use argparse::{ArgumentParser, Collect, Store, StoreOption, StoreTrue};
use argparse::{ParseOption, PushConst};

use libc::{gid_t, uid_t};
use unshare::Namespace;

fn main() {
let mut command = "".to_string();
@@ -25,7 +24,8 @@ fn main() {
let mut namespaces = Vec::<Namespace>::new();
let mut groups = Vec::<gid_t>::new();
let mut pid_env_var = None::<String>;
{ // this block limits scope of borrows by ap.refer() method
{
// this block limits scope of borrows by ap.refer() method
let mut ap = ArgumentParser::new();
ap.set_description("Run command with changed process state");
ap.refer(&mut command)
@@ -34,49 +34,95 @@ fn main() {
ap.refer(&mut args)
.add_argument("arg", Collect, "Arguments for the command")
.required();
ap.refer(&mut workdir)
.add_option(&["--work-dir"], StoreOption, "
Set working directory of the command");
ap.refer(&mut verbose)
.add_option(&["-v", "--verbose"], StoreTrue, "
Enable verbose mode (prints command, pid, exit status)");
ap.refer(&mut escape_stdout)
.add_option(&["--escape-stdout"], StoreTrue, "
ap.refer(&mut workdir).add_option(
&["--work-dir"],
StoreOption,
"
Set working directory of the command",
);
ap.refer(&mut verbose).add_option(
&["-v", "--verbose"],
StoreTrue,
"
Enable verbose mode (prints command, pid, exit status)",
);
ap.refer(&mut escape_stdout).add_option(
&["--escape-stdout"],
StoreTrue,
"
Read data written by the utility to stdout and print it back
as a quoted string with binary data escaped");
ap.refer(&mut uid)
.add_option(&["-U", "--uid"], StoreOption, "
Set user id for the target process");
ap.refer(&mut gid)
.add_option(&["-G", "--gid"], StoreOption, "
Set group id for the target process");
ap.refer(&mut groups)
.add_option(&["--add-group"], Collect, "
Add supplementary group id");
ap.refer(&mut chroot)
.add_option(&["--chroot"], ParseOption, "
Chroot to directory before running command");
ap.refer(&mut alias)
.add_option(&["--alias", "--arg0"], ParseOption, "
as a quoted string with binary data escaped",
);
ap.refer(&mut uid).add_option(
&["-U", "--uid"],
StoreOption,
"
Set user id for the target process",
);
ap.refer(&mut gid).add_option(
&["-G", "--gid"],
StoreOption,
"
Set group id for the target process",
);
ap.refer(&mut groups).add_option(
&["--add-group"],
Collect,
"
Add supplementary group id",
);
ap.refer(&mut chroot).add_option(
&["--chroot"],
ParseOption,
"
Chroot to directory before running command",
);
ap.refer(&mut alias).add_option(
&["--alias", "--arg0"],
ParseOption,
"
Set alias of the command
(passed as `argv[0]` to the program)");
(passed as `argv[0]` to the program)",
);
ap.refer(&mut pid_env_var)
.add_option(&["--env-var-with-pid"], ParseOption, "
Add environment variable with pid")
.add_option(
&["--env-var-with-pid"],
ParseOption,
"
Add environment variable with pid",
)
.metavar("ENV_VAR_NAME");
ap.refer(&mut namespaces)
.add_option(&["--unshare-pid"], PushConst(Namespace::Pid),
"Unshare pid namespace")
.add_option(&["--unshare-net"], PushConst(Namespace::Net),
"Unshare net namespace")
.add_option(&["--unshare-mount"], PushConst(Namespace::Mount),
"Unshare mount namespace")
.add_option(&["--unshare-uts"], PushConst(Namespace::Uts),
"Unshare UTS namespace")
.add_option(&["--unshare-ipc"], PushConst(Namespace::Ipc),
"Unshare IPC namespace")
.add_option(&["--unshare-user"], PushConst(Namespace::User),
"Unshare user namespace");
.add_option(
&["--unshare-pid"],
PushConst(Namespace::Pid),
"Unshare pid namespace",
)
.add_option(
&["--unshare-net"],
PushConst(Namespace::Net),
"Unshare net namespace",
)
.add_option(
&["--unshare-mount"],
PushConst(Namespace::Mount),
"Unshare mount namespace",
)
.add_option(
&["--unshare-uts"],
PushConst(Namespace::Uts),
"Unshare UTS namespace",
)
.add_option(
&["--unshare-ipc"],
PushConst(Namespace::Ipc),
"Unshare IPC namespace",
)
.add_option(
&["--unshare-user"],
PushConst(Namespace::User),
"Unshare user namespace",
);
ap.stop_on_first_argument(true);
ap.parse_args_or_exit();
}
@@ -90,7 +136,9 @@ fn main() {
chroot.map(|dir| cmd.chroot_dir(dir));
cmd.unshare(&namespaces);
cmd.close_fds(..);
if groups.len() > 0 { cmd.groups(groups); }
if groups.len() > 0 {
cmd.groups(groups);
}
if escape_stdout {
cmd.stdout(unshare::Stdio::piped());
}
@@ -102,7 +150,7 @@ fn main() {
writeln!(&mut stderr(), "Command {:?}", cmd).ok();
}
let mut child = match cmd.spawn() {
Ok(child) => { child }
Ok(child) => child,
Err(e) => {
writeln!(&mut stderr(), "Error: {}", e).ok();
exit(127);
@@ -114,12 +162,10 @@ fn main() {
if escape_stdout {
let mut buf = Vec::new();
child.stdout.take().unwrap().read_to_end(&mut buf).unwrap();
writeln!(&mut stderr(), "{:?}",
String::from_utf8_lossy(&buf[..])).unwrap();
writeln!(&mut stderr(), "{:?}", String::from_utf8_lossy(&buf[..])).unwrap();
}
let res = child.wait().unwrap();
if verbose {
writeln!(&mut stderr(), "[pid {}] {}", child.id(), res).ok();
}

}
3 changes: 1 addition & 2 deletions src/callbacks.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
use std::io;

use crate::{Command, BoxError};

use crate::{BoxError, Command};

impl Command {
/// Set a callback to run when child is already forked but not yet run
74 changes: 37 additions & 37 deletions src/caps.rs
View file
Original file line number Diff line number Diff line change
@@ -1,44 +1,44 @@
#[derive(Debug, PartialEq, Eq, Hash, Clone, Copy)]
#[allow(missing_docs, non_camel_case_types)]
pub enum Capability {
CAP_CHOWN = 0,
CAP_DAC_OVERRIDE = 1,
CAP_DAC_READ_SEARCH = 2,
CAP_FOWNER = 3,
CAP_FSETID = 4,
CAP_KILL = 5,
CAP_SETGID = 6,
CAP_SETUID = 7,
CAP_SETPCAP = 8,
CAP_LINUX_IMMUTABLE = 9,
CAP_CHOWN = 0,
CAP_DAC_OVERRIDE = 1,
CAP_DAC_READ_SEARCH = 2,
CAP_FOWNER = 3,
CAP_FSETID = 4,
CAP_KILL = 5,
CAP_SETGID = 6,
CAP_SETUID = 7,
CAP_SETPCAP = 8,
CAP_LINUX_IMMUTABLE = 9,
CAP_NET_BIND_SERVICE = 10,
CAP_NET_BROADCAST = 11,
CAP_NET_ADMIN = 12,
CAP_NET_RAW = 13,
CAP_IPC_LOCK = 14,
CAP_IPC_OWNER = 15,
CAP_SYS_MODULE = 16,
CAP_SYS_RAWIO = 17,
CAP_SYS_CHROOT = 18,
CAP_SYS_PTRACE = 19,
CAP_SYS_PACCT = 20,
CAP_SYS_ADMIN = 21,
CAP_SYS_BOOT = 22,
CAP_SYS_NICE = 23,
CAP_SYS_RESOURCE = 24,
CAP_SYS_TIME = 25,
CAP_SYS_TTY_CONFIG = 26,
CAP_MKNOD = 27,
CAP_LEASE = 28,
CAP_AUDIT_WRITE = 29,
CAP_AUDIT_CONTROL = 30,
CAP_SETFCAP = 31,
CAP_MAC_OVERRIDE = 32,
CAP_MAC_ADMIN = 33,
CAP_SYSLOG = 34,
CAP_WAKE_ALARM = 35,
CAP_BLOCK_SUSPEND = 36,
CAP_AUDIT_READ = 37,
CAP_NET_BROADCAST = 11,
CAP_NET_ADMIN = 12,
CAP_NET_RAW = 13,
CAP_IPC_LOCK = 14,
CAP_IPC_OWNER = 15,
CAP_SYS_MODULE = 16,
CAP_SYS_RAWIO = 17,
CAP_SYS_CHROOT = 18,
CAP_SYS_PTRACE = 19,
CAP_SYS_PACCT = 20,
CAP_SYS_ADMIN = 21,
CAP_SYS_BOOT = 22,
CAP_SYS_NICE = 23,
CAP_SYS_RESOURCE = 24,
CAP_SYS_TIME = 25,
CAP_SYS_TTY_CONFIG = 26,
CAP_MKNOD = 27,
CAP_LEASE = 28,
CAP_AUDIT_WRITE = 29,
CAP_AUDIT_CONTROL = 30,
CAP_SETFCAP = 31,
CAP_MAC_OVERRIDE = 32,
CAP_MAC_ADMIN = 33,
CAP_SYSLOG = 34,
CAP_WAKE_ALARM = 35,
CAP_BLOCK_SUSPEND = 36,
CAP_AUDIT_READ = 37,
#[doc(hidden)]
__NonExhaustive,
}
Loading