ssize_t lxc_read_nointr_expect(int fd, void* buf, size_t count, const void* expected_buf)
{
ssize_t ret;
ret = lxc_read_nointr(fd, buf, count);
if (ret <= 0)
return ret;
if ((size_t)ret != count)
return -1;
if (expected_buf && memcmp(buf, expected_buf, count) != 0) {
errno = EINVAL;
return -1;
}
return ret;
}
static int lxc_monitord_sock_handler(int fd, uint32_t events, void *data,
struct lxc_epoll_descr *descr)
{
struct lxc_monitor *mon = data;
if (events & EPOLLIN) {
int rc;
char buf[4];
rc = lxc_read_nointr(fd, buf, sizeof(buf));
if (rc > 0 && !strncmp(buf, "quit", 4))
quit = LXC_MAINLOOP_CLOSE;
}
if (events & EPOLLHUP)
lxc_monitord_sockfd_remove(mon, fd);
return quit;
}
static int lxc_monitord_fifo_handler(int fd, uint32_t events, void *data,
struct lxc_epoll_descr *descr)
{
int ret, i;
struct lxc_msg msglxc;
struct lxc_monitor *mon = data;
ret = lxc_read_nointr(fd, &msglxc, sizeof(msglxc));
if (ret != sizeof(msglxc)) {
SYSERROR("Reading from fifo failed");
return LXC_MAINLOOP_CLOSE;
}
for (i = 0; i < mon->clientfds_cnt; i++) {
ret = lxc_write_nointr(mon->clientfds[i], &msglxc, sizeof(msglxc));
if (ret < 0)
SYSERROR("Failed to send message to client file descriptor %d",
mon->clientfds[i]);
}
return LXC_MAINLOOP_CONTINUE;
}
int main(int argc, char *argv[])
{
int c, pid, ret, status;
char buf[1];
int pipe_fds1[2], /* child tells parent it has unshared */
pipe_fds2[2]; /* parent tells child it is mapped and may proceed */
unsigned long flags = CLONE_NEWUSER | CLONE_NEWNS;
char ttyname0[256] = {0}, ttyname1[256] = {0}, ttyname2[256] = {0};
char *default_args[] = {"/bin/sh", NULL};
lxc_log_fd = STDERR_FILENO;
if (isatty(STDIN_FILENO)) {
ret = readlink("/proc/self/fd/0", ttyname0, sizeof(ttyname0));
if (ret < 0) {
CMD_SYSERROR("Failed to open stdin");
_exit(EXIT_FAILURE);
}
ret = readlink("/proc/self/fd/1", ttyname1, sizeof(ttyname1));
if (ret < 0) {
CMD_SYSINFO("Failed to open stdout. Continuing");
ttyname1[0] = '\0';
}
ret = readlink("/proc/self/fd/2", ttyname2, sizeof(ttyname2));
if (ret < 0) {
CMD_SYSINFO("Failed to open stderr. Continuing");
ttyname2[0] = '\0';
}
}
lxc_list_init(&active_map);
while ((c = getopt(argc, argv, "m:h")) != EOF) {
switch (c) {
case 'm':
ret = parse_map(optarg);
if (ret < 0) {
usage(argv[0]);
_exit(EXIT_FAILURE);
}
break;
case 'h':
usage(argv[0]);
_exit(EXIT_SUCCESS);
default:
usage(argv[0]);
_exit(EXIT_FAILURE);
}
};
if (lxc_list_empty(&active_map)) {
ret = find_default_map();
if (ret < 0) {
fprintf(stderr, "Failed to find subuid or subgid allocation\n");
_exit(EXIT_FAILURE);
}
}
argv = &argv[optind];
argc = argc - optind;
if (argc < 1)
argv = default_args;
ret = pipe2(pipe_fds1, O_CLOEXEC);
if (ret < 0) {
CMD_SYSERROR("Failed to open new pipe");
_exit(EXIT_FAILURE);
}
ret = pipe2(pipe_fds2, O_CLOEXEC);
if (ret < 0) {
CMD_SYSERROR("Failed to open new pipe");
close(pipe_fds1[0]);
close(pipe_fds1[1]);
_exit(EXIT_FAILURE);
}
pid = fork();
if (pid < 0) {
close(pipe_fds1[0]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
close(pipe_fds2[1]);
_exit(EXIT_FAILURE);
}
if (pid == 0) {
close(pipe_fds1[0]);
close(pipe_fds2[1]);
opentty(ttyname0, STDIN_FILENO);
opentty(ttyname1, STDOUT_FILENO);
opentty(ttyname2, STDERR_FILENO);
ret = unshare(flags);
if (ret < 0) {
CMD_SYSERROR("Failed to unshare mount and user namespace");
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
buf[0] = '1';
ret = lxc_write_nointr(pipe_fds1[1], buf, 1);
if (ret != 1) {
CMD_SYSERROR("Failed to write to pipe file descriptor %d",
pipe_fds1[1]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
ret = lxc_read_nointr(pipe_fds2[0], buf, 1);
if (ret != 1) {
CMD_SYSERROR("Failed to read from pipe file descriptor %d",
pipe_fds2[0]);
close(pipe_fds1[1]);
close(pipe_fds2[0]);
_exit(EXIT_FAILURE);
}
close(pipe_fds1[1]);
close(pipe_fds2[0]);
if (buf[0] != '1') {
fprintf(stderr, "Received unexpected value from parent process\n");
_exit(EXIT_FAILURE);
}
ret = do_child((void *)argv);
if (ret < 0)
_exit(EXIT_FAILURE);
_exit(EXIT_SUCCESS);
}
close(pipe_fds1[1]);
close(pipe_fds2[0]);
ret = lxc_read_nointr(pipe_fds1[0], buf, 1);
if (ret <= 0)
CMD_SYSERROR("Failed to read from pipe file descriptor %d", pipe_fds1[0]);
buf[0] = '1';
ret = lxc_map_ids(&active_map, pid);
if (ret < 0)
fprintf(stderr, "Failed to write id mapping for child process\n");
ret = lxc_write_nointr(pipe_fds2[1], buf, 1);
if (ret < 0) {
CMD_SYSERROR("Failed to write to pipe file descriptor %d", pipe_fds2[1]);
_exit(EXIT_FAILURE);
}
ret = waitpid(pid, &status, __WALL);
if (ret < 0) {
CMD_SYSERROR("Failed to wait on child process");
_exit(EXIT_FAILURE);
}
_exit(WEXITSTATUS(status));
}
