Nsenter checks for argv 0 before running

Signed-off-by: Michael Crosby <michael@docker.com>
This commit is contained in:
Michael Crosby 2014-08-08 11:11:23 -07:00
parent c8aa9323f1
commit cdff060b63
2 changed files with 18 additions and 25 deletions

View File

@ -6,6 +6,7 @@ import (
"io"
"os"
"os/exec"
"path/filepath"
"strconv"
"syscall"
@ -15,19 +16,27 @@ import (
"github.com/docker/libcontainer/system"
)
// ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
// setns code in a single threaded environment joining the existing containers' namespaces.
func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath string,
stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
args := []string{"--nspid", strconv.Itoa(state.InitPid)}
args := []string{"nsenter", "--nspid", strconv.Itoa(state.InitPid)}
if console != "" {
args = append(args, "--console", console)
}
args = append(args, "nsenter", "--")
args = append(args, userArgs...)
cmd := &exec.Cmd{
Path: initPath,
Args: append(args, append([]string{"--"}, userArgs...)...),
}
cmd := exec.Command(initPath, args...)
if filepath.Base(initPath) == initPath {
if lp, err := exec.LookPath(initPath); err == nil {
cmd.Path = lp
}
}
pipe, err := syncpipe.NewSyncPipe()
if err != nil {

View File

@ -71,7 +71,7 @@ int setns(int fd, int nstype)
void print_usage()
{
fprintf(stderr,
"<binary> nsenter --nspid <pid> -- cmd1 arg1 arg2...\n");
"nsenter --nspid <pid> --console <console> -- cmd1 arg1 arg2...\n");
}
void nsenter()
@ -80,20 +80,8 @@ void nsenter()
char **argv;
get_args(&argc, &argv);
// Ignore if this is not for us.
if (argc < 4) {
return;
}
int found_nsenter = 0;
for (c = 0; c < argc; ++c) {
if (strcmp(argv[c], kNsEnter) == 0) {
found_nsenter = 1;
break;
}
}
if (!found_nsenter) {
// check argv 0 to ensure that we are supposed to setns
if (strcmp(argv[0], kNsEnter) != 0) {
return;
}
@ -117,10 +105,6 @@ void nsenter()
}
}
if (strcmp(argv[optind], kNsEnter) != 0) {
return;
}
if (init_pid_str == NULL) {
print_usage();
exit(1);