void sysbind(Ar0* ar0, ...) { int flag; char *name, *old; va_list list; va_start(list, ar0); /* * int bind(char* name, char* old, int flag); * should be * long bind(char* name, char* old, int flag); */ name = va_arg(list, char*); old = va_arg(list, char*); flag = va_arg(list, int); va_end(list); ar0->i = bindmount(0, -1, -1, name, old, flag, nil); }
void sysmount(Ar0* ar0, ...) { int afd, fd, flag; char *aname, *old; int dc; va_list list; va_start(list, ar0); /* * int mount(int fd, int afd, char* old, int flag, char* aname); * should be * long mount(int fd, int afd, char* old, int flag, char* aname); */ fd = va_arg(list, int); afd = va_arg(list, int); old = va_arg(list, char*); flag = va_arg(list, int); aname = va_arg(list, char*); dc = va_arg(list, int); va_end(list); ar0->i = bindmount(dc, fd, afd, nil, old, flag, aname); }
long sys_mount(ulong *arg) { return bindmount(1, arg[0], -1, nil, (char*)arg[1], arg[2], (char*)arg[3]); }
long sysbind(ulong *arg) { return bindmount(0, -1, -1, (char*)arg[0], (char*)arg[1], arg[2], nil); }
long sys_mount(uint32 *arg) { return bindmount(1, arg[0], -1, nil, uvalidaddr(arg[1], 1, 0), arg[2], uvalidaddr(arg[3], 1, 0)); }
long sysbind(uint32 *arg) { return bindmount(0, -1, -1, uvalidaddr(arg[0], 1, 0), uvalidaddr(arg[1], 1, 0), arg[2], nil); }
int main(int argc, char **argv) { struct bindmnt *bmnt; uid_t uid = getuid(); gid_t gid = getgid(); const char *chrootdir, *cmd, *argv0; char **cmdargs, buf[32]; int c, fd; const struct option longopts[] = { { NULL, 0, NULL, 0 } }; chrootdir = cmd = NULL; argv0 = argv[0]; while ((c = getopt_long(argc, argv, "b:V", longopts, NULL)) != -1) { switch (c) { case 'b': if (optarg == NULL || *optarg == '\0') break; add_bindmount(optarg); break; case 'V': printf("%s\n", XBPS_RELVER); exit(EXIT_SUCCESS); case '?': default: usage(argv0); } } argc -= optind; argv += optind; if (argc < 2) usage(argv0); chrootdir = argv[0]; cmd = argv[1]; cmdargs = argv + 1; /* Never allow chrootdir == / */ if (strcmp(chrootdir, "/") == 0) die("/ is not allowed to be used as chrootdir"); /* Make chrootdir absolute */ if (chrootdir[0] != '/') { char cwd[PATH_MAX-1]; if (getcwd(cwd, sizeof(cwd)) == NULL) die("getcwd"); chrootdir = xbps_xasprintf("%s/%s", cwd, chrootdir); } /* * Unshare from the current process namespaces and set ours. */ if (unshare(CLONE_NEWUSER|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS) == -1) { errval = 99; die("unshare"); } /* * Setup uid/gid user mappings and restrict setgroups(). */ if ((fd = open("/proc/self/uid_map", O_RDWR)) == -1) die("failed to open /proc/self/uidmap rw"); if (write(fd, buf, snprintf(buf, sizeof buf, "%u %u 1\n", uid, uid)) == -1) die("failed to write to /proc/self/uid_map"); close(fd); if ((fd = open("/proc/self/setgroups", O_RDWR)) != -1) { if (write(fd, "deny", 4) == -1) die("failed to write to /proc/self/setgroups"); close(fd); } if ((fd = open("/proc/self/gid_map", O_RDWR)) == -1) die("failed to open /proc/self/gid_map rw"); if (write(fd, buf, snprintf(buf, sizeof buf, "%u %u 1\n", gid, gid)) == -1) die("failed to write to /proc/self/gid_map"); close(fd); /* bind mount /proc */ bindmount(chrootdir, "/proc", NULL); /* bind mount /sys */ bindmount(chrootdir, "/sys", NULL); /* bind mount /dev */ bindmount(chrootdir, "/dev", NULL); /* bind mount all user specified mnts */ SIMPLEQ_FOREACH(bmnt, &bindmnt_queue, entries) bindmount(chrootdir, bmnt->src, bmnt->dest); /* move chrootdir to / and chroot to it */ if (chdir(chrootdir) == -1) die("chdir to %s", chrootdir); if (mount(".", ".", NULL, MS_BIND|MS_PRIVATE, NULL) == -1) die("Failed to bind mount %s", chrootdir); if (mount(chrootdir, "/", NULL, MS_MOVE, NULL) == -1) die("Failed to move %s as rootfs", chrootdir); if (chroot(".") == -1) die("Failed to chroot to %s", chrootdir); if (execvp(cmd, cmdargs) == -1) die("Failed to execute command %s", cmd); /* NOTREACHED */ exit(EXIT_FAILURE); }