Nsenter checks for argv 0 before running
Signed-off-by: Michael Crosby <michael@docker.com>
This commit is contained in:
Michael Crosby
parent
c8aa9323f1
commit
cdff060b63
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
|
|
@ -15,19 +16,27 @@ import (
|
|||
"github.com/docker/libcontainer/system"
|
||||
)
|
||||
|
||||
// ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the
|
||||
// setns code in a single threaded environment joining the existing containers' namespaces.
|
||||
func ExecIn(container *libcontainer.Config, state *libcontainer.State, userArgs []string, initPath string,
|
||||
stdin io.Reader, stdout, stderr io.Writer, console string, startCallback func(*exec.Cmd)) (int, error) {
|
||||
|
||||
args := []string{"--nspid", strconv.Itoa(state.InitPid)}
|
||||
args := []string{"nsenter", "--nspid", strconv.Itoa(state.InitPid)}
|
||||
|
||||
if console != "" {
|
||||
args = append(args, "--console", console)
|
||||
}
|
||||
|
||||
args = append(args, "nsenter", "--")
|
||||
args = append(args, userArgs...)
|
||||
cmd := &exec.Cmd{
|
||||
Path: initPath,
|
||||
Args: append(args, append([]string{"--"}, userArgs...)...),
|
||||
}
|
||||
|
||||
cmd := exec.Command(initPath, args...)
|
||||
if filepath.Base(initPath) == initPath {
|
||||
if lp, err := exec.LookPath(initPath); err == nil {
|
||||
cmd.Path = lp
|
||||
}
|
||||
}
|
||||
|
||||
pipe, err := syncpipe.NewSyncPipe()
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ int setns(int fd, int nstype)
|
|||
void print_usage()
|
||||
{
|
||||
fprintf(stderr,
|
||||
"<binary> nsenter --nspid <pid> -- cmd1 arg1 arg2...\n");
|
||||
"nsenter --nspid <pid> --console <console> -- cmd1 arg1 arg2...\n");
|
||||
}
|
||||
|
||||
void nsenter()
|
||||
|
|
@ -80,22 +80,10 @@ void nsenter()
|
|||
char **argv;
|
||||
get_args(&argc, &argv);
|
||||
|
||||
// Ignore if this is not for us.
|
||||
if (argc < 4) {
|
||||
return;
|
||||
}
|
||||
|
||||
int found_nsenter = 0;
|
||||
for (c = 0; c < argc; ++c) {
|
||||
if (strcmp(argv[c], kNsEnter) == 0) {
|
||||
found_nsenter = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!found_nsenter) {
|
||||
return;
|
||||
}
|
||||
// check argv 0 to ensure that we are supposed to setns
|
||||
if (strcmp(argv[0], kNsEnter) != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
static const struct option longopts[] = {
|
||||
{"nspid", required_argument, NULL, 'n'},
|
||||
|
|
@ -117,10 +105,6 @@ void nsenter()
|
|||
}
|
||||
}
|
||||
|
||||
if (strcmp(argv[optind], kNsEnter) != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (init_pid_str == NULL) {
|
||||
print_usage();
|
||||
exit(1);
|
||||
|
|
|
|||
Loading…
Reference in New Issue