From: Etienne CHAMPETIER Date: Mon, 30 Nov 2015 23:09:21 +0000 (+0000) Subject: instance, ujail: remove "-P " option X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fda5f9c30bdb440c41fcfa3fa6445b7b0fa998ce;p=oweals%2Fprocd.git instance, ujail: remove "-P " option we can now launch multiple time the same ujail command without conflict Signed-off-by: Etienne CHAMPETIER --- diff --git a/jail/jail.c b/jail/jail.c index 5c995e5..25ad4d7 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -35,10 +35,9 @@ #include #define STACK_SIZE (1024 * 1024) -#define OPT_ARGS "P:S:C:n:r:w:d:psulo" +#define OPT_ARGS "S:C:n:r:w:d:psulo" static struct { - char *path; char *name; char **jail_argv; char *seccomp; @@ -122,12 +121,18 @@ int mount_bind(const char *root, const char *path, int readonly, int error) static int build_jail_fs(void) { - if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) { + char jail_root[] = "/tmp/ujail-XXXXXX"; + if (mkdtemp(jail_root) == NULL) { + ERROR("mkdtemp(jail_root) failed: %s\n", strerror(errno)); + return -1; + } + + if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) { ERROR("tmpfs mount failed %s\n", strerror(errno)); return -1; } - if (chdir(opts.path)) { + if (chdir(jail_root)) { ERROR("failed to chdir() in the jail root\n"); return -1; } @@ -142,25 +147,25 @@ static int build_jail_fs(void) return -1; } - if (mount_all(opts.path)) { + if (mount_all(jail_root)) { ERROR("mount_all() failed\n"); return -1; } - char *mpoint; - if (asprintf(&mpoint, "%s/old", opts.path) < 0) { - ERROR("failed to alloc pivot path: %s\n", strerror(errno)); - return -1; - } - mkdir_p(mpoint, 0755); - if (pivot_root(opts.path, mpoint) == -1) { - ERROR("pivot_root failed:%s\n", strerror(errno)); - free(mpoint); + char dirbuf[sizeof(jail_root) + 4]; + snprintf(dirbuf, sizeof(dirbuf), "%s/old", jail_root); + mkdir(dirbuf, 0755); + + if (pivot_root(jail_root, dirbuf) == -1) { + ERROR("pivot_root failed: %s\n", strerror(errno)); return -1; } - free(mpoint); + + snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root); + rmdir(dirbuf); umount2("/old", MNT_DETACH); rmdir("/old"); + if (opts.procfs) { mkdir("/proc", 0755); mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0); @@ -209,7 +214,6 @@ static void usage(void) fprintf(stderr, " -C \tcapabilities drop config\n"); fprintf(stderr, " -n \tthe name of the jail\n"); fprintf(stderr, "namespace jail options:\n"); - fprintf(stderr, " -P \tpath where the jail will be staged\n"); fprintf(stderr, " -r \treadonly files that should be staged\n"); fprintf(stderr, " -w \twriteable files that should be staged\n"); fprintf(stderr, " -p\t\tjail has /proc\n"); @@ -281,7 +285,6 @@ int main(int argc, char **argv) uid_t uid = getuid(); char log[] = "/dev/log"; char ubus[] = "/var/run/ubus.sock"; - int ret = EXIT_SUCCESS; int ch; if (uid) { @@ -318,10 +321,6 @@ int main(int argc, char **argv) opts.capabilities = optarg; add_mount(optarg, 1, -1); break; - case 'P': - opts.namespace = 1; - opts.path = optarg; - break; case 'n': opts.name = optarg; break; @@ -364,16 +363,6 @@ int main(int argc, char **argv) if (opts.name) prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL); - if (opts.namespace && !opts.path && asprintf(&opts.path, "/tmp/%s", basename(*opts.jail_argv)) == -1) { - ERROR("failed to asprintf root path: %s\n", strerror(errno)); - return EXIT_FAILURE; - } - - if (opts.namespace && mkdir(opts.path, 0755)) { - ERROR("unable to create root path: %s (%s)\n", opts.path, strerror(errno)); - return EXIT_FAILURE; - } - uloop_init(); if (opts.namespace) { jail_process.pid = clone(spawn_jail, @@ -393,21 +382,12 @@ int main(int argc, char **argv) kill(jail_process.pid, SIGTERM); waitpid(jail_process.pid, NULL, 0); } + return jail_return_code; } else if (jail_process.pid == 0) { /* fork child process */ return exec_jail(); } else { ERROR("failed to clone/fork: %s\n", strerror(errno)); - ret = EXIT_FAILURE; - } - - if (opts.namespace && rmdir(opts.path)) { - ERROR("Unable to remove root path: %s (%s)\n", opts.path, strerror(errno)); - ret = EXIT_FAILURE; + return EXIT_FAILURE; } - - if (ret) - return ret; - - return jail_return_code; } diff --git a/service/instance.c b/service/instance.c index 40ff021..c478d4b 100644 --- a/service/instance.c +++ b/service/instance.c @@ -77,7 +77,6 @@ static const struct blobmsg_policy instance_attr[__INSTANCE_ATTR_MAX] = { enum { JAIL_ATTR_NAME, - JAIL_ATTR_ROOT, JAIL_ATTR_PROCFS, JAIL_ATTR_SYSFS, JAIL_ATTR_UBUS, @@ -88,7 +87,6 @@ enum { static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = { [JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING }, - [JAIL_ATTR_ROOT] = { "root", BLOBMSG_TYPE_STRING }, [JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL }, [JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL }, [JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL }, @@ -183,11 +181,6 @@ jail_run(struct service_instance *in, char **argv) argv[argc++] = jail->name; } - if (jail->root) { - argv[argc++] = "-P"; - argv[argc++] = jail->root; - } - if (in->seccomp) { argv[argc++] = "-S"; argv[argc++] = in->seccomp; @@ -646,10 +639,6 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr) jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]); jail->argc += 2; } - if (tb[JAIL_ATTR_ROOT]) { - jail->root = blobmsg_get_string(tb[JAIL_ATTR_ROOT]); - jail->argc += 2; - } if (tb[JAIL_ATTR_PROCFS]) { jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]); jail->argc++; @@ -950,8 +939,6 @@ void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose) void *r = blobmsg_open_table(b, "jail"); if (in->jail.name) blobmsg_add_string(b, "name", in->jail.name); - if (in->jail.root) - blobmsg_add_string(b, "root", in->jail.root); blobmsg_add_u8(b, "procfs", in->jail.procfs); blobmsg_add_u8(b, "sysfs", in->jail.sysfs); blobmsg_add_u8(b, "ubus", in->jail.ubus); diff --git a/service/instance.h b/service/instance.h index 3fb33e9..5a76841 100644 --- a/service/instance.h +++ b/service/instance.h @@ -28,7 +28,6 @@ struct jail { bool ubus; bool log; char *name; - char *root; struct blobmsg_list mount; int argc; };