Beispiel #1
0
void
sysbind(Ar0* ar0, ...)
{
	int flag;
	char *name, *old;

	va_list list;
	va_start(list, ar0);
	/*
	 * int bind(char* name, char* old, int flag);
	 * should be
	 * long bind(char* name, char* old, int flag);
	 */
	name = va_arg(list, char*);
	old = va_arg(list, char*);
	flag = va_arg(list, int);
	va_end(list);

	ar0->i = bindmount(0, -1, -1, name, old, flag, nil);
}
Beispiel #2
0
void
sysmount(Ar0* ar0, ...)
{
	int afd, fd, flag;
	char *aname, *old;
	int dc;
	va_list list;
	va_start(list, ar0);

	/*
	 * int mount(int fd, int afd, char* old, int flag, char* aname);
	 * should be
	 * long mount(int fd, int afd, char* old, int flag, char* aname);
	 */
	fd = va_arg(list, int);
	afd = va_arg(list, int);
	old = va_arg(list, char*);
	flag = va_arg(list, int);
	aname = va_arg(list, char*);
	dc = va_arg(list, int);
	va_end(list);

	ar0->i = bindmount(dc, fd, afd, nil, old, flag, aname);
}
Beispiel #3
0
long
sys_mount(ulong *arg)
{
	return bindmount(1, arg[0], -1, nil, (char*)arg[1], arg[2], (char*)arg[3]);
}
Beispiel #4
0
long
sysbind(ulong *arg)
{
	return bindmount(0, -1, -1, (char*)arg[0], (char*)arg[1], arg[2], nil);
}
Beispiel #5
0
long
sys_mount(uint32 *arg)
{
	return bindmount(1, arg[0], -1, nil, uvalidaddr(arg[1], 1, 0), arg[2], uvalidaddr(arg[3], 1, 0));
}
Beispiel #6
0
long
sysbind(uint32 *arg)
{
	return bindmount(0, -1, -1, uvalidaddr(arg[0], 1, 0), uvalidaddr(arg[1], 1, 0), arg[2], nil);
}
Beispiel #7
0
int
main(int argc, char **argv)
{
	struct bindmnt *bmnt;
	uid_t uid = getuid();
	gid_t gid = getgid();
	const char *chrootdir, *cmd, *argv0;
	char **cmdargs, buf[32];
	int c, fd;
	const struct option longopts[] = {
		{ NULL, 0, NULL, 0 }
	};

	chrootdir = cmd = NULL;
	argv0 = argv[0];

	while ((c = getopt_long(argc, argv, "b:V", longopts, NULL)) != -1) {
		switch (c) {
		case 'b':
			if (optarg == NULL || *optarg == '\0')
				break;
			add_bindmount(optarg);
			break;
		case 'V':
			printf("%s\n", XBPS_RELVER);
			exit(EXIT_SUCCESS);
		case '?':
		default:
			usage(argv0);
		}
	}
	argc -= optind;
	argv += optind;

	if (argc < 2)
		usage(argv0);

	chrootdir = argv[0];
	cmd = argv[1];
	cmdargs = argv + 1;

	/* Never allow chrootdir == / */
	if (strcmp(chrootdir, "/") == 0)
		die("/ is not allowed to be used as chrootdir");

	/* Make chrootdir absolute */
	if (chrootdir[0] != '/') {
		char cwd[PATH_MAX-1];
		if (getcwd(cwd, sizeof(cwd)) == NULL)
			die("getcwd");
		chrootdir = xbps_xasprintf("%s/%s", cwd, chrootdir);
	}

	/*
	 * Unshare from the current process namespaces and set ours.
	 */
	if (unshare(CLONE_NEWUSER|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS) == -1) {
		errval = 99;
		die("unshare");
	}
	/*
	 * Setup uid/gid user mappings and restrict setgroups().
	 */
	if ((fd = open("/proc/self/uid_map", O_RDWR)) == -1)
		die("failed to open /proc/self/uidmap rw");
	if (write(fd, buf, snprintf(buf, sizeof buf, "%u %u 1\n", uid, uid)) == -1)
		die("failed to write to /proc/self/uid_map");

	close(fd);

	if ((fd = open("/proc/self/setgroups", O_RDWR)) != -1) {
		if (write(fd, "deny", 4) == -1)
			die("failed to write to /proc/self/setgroups");
		close(fd);
	}

	if ((fd = open("/proc/self/gid_map", O_RDWR)) == -1)
		die("failed to open /proc/self/gid_map rw");
	if (write(fd, buf, snprintf(buf, sizeof buf, "%u %u 1\n", gid, gid)) == -1)
		die("failed to write to /proc/self/gid_map");

	close(fd);

	/* bind mount /proc */
	bindmount(chrootdir, "/proc", NULL);

	/* bind mount /sys */
	bindmount(chrootdir, "/sys", NULL);

	/* bind mount /dev */
	bindmount(chrootdir, "/dev", NULL);

	/* bind mount all user specified mnts */
	SIMPLEQ_FOREACH(bmnt, &bindmnt_queue, entries)
		bindmount(chrootdir, bmnt->src, bmnt->dest);

	/* move chrootdir to / and chroot to it */
	if (chdir(chrootdir) == -1)
		die("chdir to %s", chrootdir);

	if (mount(".", ".", NULL, MS_BIND|MS_PRIVATE, NULL) == -1)
		die("Failed to bind mount %s", chrootdir);

	if (mount(chrootdir, "/", NULL, MS_MOVE, NULL) == -1)
		die("Failed to move %s as rootfs", chrootdir);

	if (chroot(".") == -1)
		die("Failed to chroot to %s", chrootdir);

	if (execvp(cmd, cmdargs) == -1)
		die("Failed to execute command %s", cmd);

	/* NOTREACHED */
	exit(EXIT_FAILURE);
}