xbps-uunshare: replace clone/exec with unshare/exec cmd.

There's no reason to clone and run cmd in the child, replace the
execution environment with cmd directly to avoid the child process.
This commit is contained in:
Juan RP 2015-03-13 21:14:28 +01:00
parent 519ea4001c
commit 52dae50075
2 changed files with 68 additions and 77 deletions

3
NEWS
View File

@ -1,5 +1,8 @@
xbps-0.44.1 (???): xbps-0.44.1 (???):
* xbps-uunshare(8): does not fork and run cmd in the child process anymore,
replaces the execution environment with cmd instead.
* xbps-uunshare(8): do not fail if we cannot disable setgroups; some kernels * xbps-uunshare(8): do not fail if we cannot disable setgroups; some kernels
might not support it. Found by @cheneukirchen on 3.16. might not support it. Found by @cheneukirchen on 3.16.

View File

@ -88,9 +88,8 @@ main(int argc, char **argv)
uid_t uid = getuid(); uid_t uid = getuid();
gid_t gid = getgid(); gid_t gid = getgid();
const char *chrootdir, *distdir, *hostdir, *shmdir, *cmd, *argv0; const char *chrootdir, *distdir, *hostdir, *shmdir, *cmd, *argv0;
char **cmdargs, mountdir[PATH_MAX-1], buf[32]; char **cmdargs, buf[32];
int fd, aidx = 0, clone_flags, child_status = 0; int fd, aidx = 0;
pid_t child;
chrootdir = distdir = hostdir = shmdir = cmd = NULL; chrootdir = distdir = hostdir = shmdir = cmd = NULL;
argv0 = argv[0]; argv0 = argv[0];
@ -128,15 +127,13 @@ main(int argc, char **argv)
if (strcmp(chrootdir, "/") == 0) if (strcmp(chrootdir, "/") == 0)
die("/ is not allowed to be used as chrootdir"); die("/ is not allowed to be used as chrootdir");
clone_flags = (SIGCHLD|CLONE_NEWUSER|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID); /*
* Unshare from the current process namespaces and set ours.
/* Issue the clone(2) syscall with our settings */ */
if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1) { if (unshare(CLONE_NEWUSER|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS) == -1) {
errval = 99; errval = 99;
die("clone"); die("unshare");
} }
if (child == 0) {
/* /*
* Setup uid/gid user mappings and restrict setgroups(). * Setup uid/gid user mappings and restrict setgroups().
*/ */
@ -160,10 +157,8 @@ main(int argc, char **argv)
close(fd); close(fd);
/* mount /proc */ /* bind mount /proc */
snprintf(mountdir, sizeof(mountdir), "%s/proc", chrootdir); bindmount(chrootdir, "/proc", NULL);
if (mount("proc", mountdir, "proc", MS_MGC_VAL|MS_PRIVATE, NULL) == -1)
die("Failed to mount %s", mountdir);
/* bind mount /sys */ /* bind mount /sys */
bindmount(chrootdir, "/sys", NULL); bindmount(chrootdir, "/sys", NULL);
@ -198,14 +193,7 @@ main(int argc, char **argv)
if (execvp(cmd, cmdargs) == -1) if (execvp(cmd, cmdargs) == -1)
die("Failed to execute command %s", cmd); die("Failed to execute command %s", cmd);
}
/* Wait until the child terminates */
while (waitpid(child, &child_status, 0) < 0) {
if (errno != EINTR)
die("waitpid");
}
if (!WIFEXITED(child_status))
return -1;
return WEXITSTATUS(child_status); /* NOTREACHED */
exit(EXIT_FAILURE);
} }