2016-04-02 01:47:25 +05:30
|
|
|
/* vi: set sw=4 ts=4: */
|
|
|
|
/*
|
|
|
|
* Mini nsenter implementation for busybox.
|
|
|
|
*
|
|
|
|
* Copyright (C) 2016 by Bartosz Golaszewski <bartekgola@gmail.com>
|
|
|
|
*
|
|
|
|
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
|
|
|
*/
|
|
|
|
//config:config NSENTER
|
2018-12-28 07:50:17 +05:30
|
|
|
//config: bool "nsenter (6.5 kb)"
|
2016-04-02 01:47:25 +05:30
|
|
|
//config: default y
|
|
|
|
//config: select PLATFORM_LINUX
|
|
|
|
//config: help
|
2017-07-21 13:20:55 +05:30
|
|
|
//config: Run program with namespaces of other processes.
|
2016-04-02 01:47:25 +05:30
|
|
|
|
|
|
|
//applet:IF_NSENTER(APPLET(nsenter, BB_DIR_USR_BIN, BB_SUID_DROP))
|
|
|
|
|
|
|
|
//kbuild:lib-$(CONFIG_NSENTER) += nsenter.o
|
|
|
|
|
|
|
|
//usage:#define nsenter_trivial_usage
|
|
|
|
//usage: "[OPTIONS] [PROG [ARGS]]"
|
|
|
|
//usage:#define nsenter_full_usage "\n"
|
|
|
|
//usage: "\n -t PID Target process to get namespaces from"
|
|
|
|
//usage: "\n -m[FILE] Enter mount namespace"
|
|
|
|
//usage: "\n -u[FILE] Enter UTS namespace (hostname etc)"
|
|
|
|
//usage: "\n -i[FILE] Enter System V IPC namespace"
|
|
|
|
//usage: "\n -n[FILE] Enter network namespace"
|
|
|
|
//usage: "\n -p[FILE] Enter pid namespace"
|
|
|
|
//usage: "\n -U[FILE] Enter user namespace"
|
|
|
|
//usage: "\n -S UID Set uid in entered namespace"
|
|
|
|
//usage: "\n -G GID Set gid in entered namespace"
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
//usage: IF_LONG_OPTS(
|
|
|
|
//usage: "\n --preserve-credentials Don't touch uids or gids"
|
|
|
|
//usage: )
|
2016-04-02 01:47:25 +05:30
|
|
|
//usage: "\n -r[DIR] Set root directory"
|
|
|
|
//usage: "\n -w[DIR] Set working directory"
|
|
|
|
//usage: "\n -F Don't fork before exec'ing PROG"
|
|
|
|
|
|
|
|
#include <sched.h>
|
2016-04-02 22:30:44 +05:30
|
|
|
#ifndef CLONE_NEWUTS
|
|
|
|
# define CLONE_NEWUTS 0x04000000
|
|
|
|
#endif
|
|
|
|
#ifndef CLONE_NEWIPC
|
|
|
|
# define CLONE_NEWIPC 0x08000000
|
|
|
|
#endif
|
|
|
|
#ifndef CLONE_NEWUSER
|
|
|
|
# define CLONE_NEWUSER 0x10000000
|
|
|
|
#endif
|
|
|
|
#ifndef CLONE_NEWPID
|
|
|
|
# define CLONE_NEWPID 0x20000000
|
|
|
|
#endif
|
|
|
|
#ifndef CLONE_NEWNET
|
|
|
|
# define CLONE_NEWNET 0x40000000
|
|
|
|
#endif
|
|
|
|
|
2016-04-02 01:47:25 +05:30
|
|
|
#include "libbb.h"
|
|
|
|
|
|
|
|
struct namespace_descr {
|
|
|
|
int flag; /* value passed to setns() */
|
|
|
|
char ns_nsfile8[8]; /* "ns/" + namespace file in process' procfs entry */
|
|
|
|
};
|
|
|
|
|
|
|
|
struct namespace_ctx {
|
|
|
|
char *path; /* optional path to a custom ns file */
|
|
|
|
int fd; /* opened namespace file descriptor */
|
|
|
|
};
|
|
|
|
|
|
|
|
enum {
|
|
|
|
OPT_user = 1 << 0,
|
|
|
|
OPT_ipc = 1 << 1,
|
|
|
|
OPT_uts = 1 << 2,
|
|
|
|
OPT_network = 1 << 3,
|
|
|
|
OPT_pid = 1 << 4,
|
|
|
|
OPT_mount = 1 << 5,
|
|
|
|
OPT_target = 1 << 6,
|
|
|
|
OPT_setuid = 1 << 7,
|
|
|
|
OPT_setgid = 1 << 8,
|
|
|
|
OPT_root = 1 << 9,
|
|
|
|
OPT_wd = 1 << 10,
|
|
|
|
OPT_nofork = 1 << 11,
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
OPT_prescred = (1 << 12) * ENABLE_LONG_OPTS,
|
2016-04-02 01:47:25 +05:30
|
|
|
};
|
|
|
|
enum {
|
|
|
|
NS_USR_POS = 0,
|
|
|
|
NS_IPC_POS,
|
|
|
|
NS_UTS_POS,
|
|
|
|
NS_NET_POS,
|
|
|
|
NS_PID_POS,
|
|
|
|
NS_MNT_POS,
|
|
|
|
NS_COUNT,
|
|
|
|
};
|
|
|
|
/*
|
|
|
|
* The order is significant in nsenter.
|
|
|
|
* The user namespace comes first, so that it is entered first.
|
|
|
|
* This gives an unprivileged user the potential to enter other namespaces.
|
|
|
|
*/
|
|
|
|
static const struct namespace_descr ns_list[] = {
|
|
|
|
{ CLONE_NEWUSER, "ns/user", },
|
|
|
|
{ CLONE_NEWIPC, "ns/ipc", },
|
|
|
|
{ CLONE_NEWUTS, "ns/uts", },
|
|
|
|
{ CLONE_NEWNET, "ns/net", },
|
|
|
|
{ CLONE_NEWPID, "ns/pid", },
|
|
|
|
{ CLONE_NEWNS, "ns/mnt", },
|
|
|
|
};
|
|
|
|
/*
|
|
|
|
* Upstream nsenter doesn't support the short option for --preserve-credentials
|
|
|
|
*/
|
2018-05-04 20:48:47 +05:30
|
|
|
static const char opt_str[] ALIGN1 = "U::i::u::n::p::m::""t:+S:+G:+r::w::F";
|
2016-04-02 01:47:25 +05:30
|
|
|
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
#if ENABLE_LONG_OPTS
|
2016-04-02 01:47:25 +05:30
|
|
|
static const char nsenter_longopts[] ALIGN1 =
|
|
|
|
"user\0" Optional_argument "U"
|
|
|
|
"ipc\0" Optional_argument "i"
|
|
|
|
"uts\0" Optional_argument "u"
|
2018-05-03 18:04:46 +05:30
|
|
|
"net\0" Optional_argument "n"
|
2016-04-02 01:47:25 +05:30
|
|
|
"pid\0" Optional_argument "p"
|
|
|
|
"mount\0" Optional_argument "m"
|
|
|
|
"target\0" Required_argument "t"
|
|
|
|
"setuid\0" Required_argument "S"
|
|
|
|
"setgid\0" Required_argument "G"
|
|
|
|
"root\0" Optional_argument "r"
|
|
|
|
"wd\0" Optional_argument "w"
|
|
|
|
"no-fork\0" No_argument "F"
|
|
|
|
"preserve-credentials\0" No_argument "\xff"
|
|
|
|
;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Open a file and return the new descriptor. If a full path is provided in
|
|
|
|
* fs_path, then the file to which it points is opened. Otherwise (fd_path is
|
|
|
|
* NULL) the routine builds a path to a procfs file using the following
|
|
|
|
* template: '/proc/<target_pid>/<target_file>'.
|
|
|
|
*/
|
|
|
|
static int open_by_path_or_target(const char *path,
|
|
|
|
pid_t target_pid, const char *target_file)
|
|
|
|
{
|
|
|
|
char proc_path_buf[sizeof("/proc/%u/1234567890") + sizeof(int)*3];
|
|
|
|
|
|
|
|
if (!path) {
|
|
|
|
if (target_pid == 0) {
|
|
|
|
/* Example:
|
|
|
|
* "nsenter -p PROG" - neither -pFILE nor -tPID given.
|
|
|
|
*/
|
|
|
|
bb_show_usage();
|
|
|
|
}
|
|
|
|
snprintf(proc_path_buf, sizeof(proc_path_buf),
|
|
|
|
"/proc/%u/%s", (unsigned)target_pid, target_file);
|
|
|
|
path = proc_path_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
return xopen(path, O_RDONLY);
|
|
|
|
}
|
|
|
|
|
|
|
|
int nsenter_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
|
|
int nsenter_main(int argc UNUSED_PARAM, char **argv)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
unsigned int opts;
|
|
|
|
const char *root_dir_str = NULL;
|
|
|
|
const char *wd_str = NULL;
|
|
|
|
struct namespace_ctx ns_ctx_list[NS_COUNT];
|
|
|
|
int setgroups_failed;
|
|
|
|
int root_fd, wd_fd;
|
|
|
|
int target_pid = 0;
|
|
|
|
int uid = 0;
|
|
|
|
int gid = 0;
|
|
|
|
|
|
|
|
memset(ns_ctx_list, 0, sizeof(ns_ctx_list));
|
|
|
|
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
opts = getopt32long(argv, opt_str, nsenter_longopts,
|
2016-04-02 01:47:25 +05:30
|
|
|
&ns_ctx_list[NS_USR_POS].path,
|
|
|
|
&ns_ctx_list[NS_IPC_POS].path,
|
|
|
|
&ns_ctx_list[NS_UTS_POS].path,
|
|
|
|
&ns_ctx_list[NS_NET_POS].path,
|
|
|
|
&ns_ctx_list[NS_PID_POS].path,
|
|
|
|
&ns_ctx_list[NS_MNT_POS].path,
|
|
|
|
&target_pid, &uid, &gid,
|
|
|
|
&root_dir_str, &wd_str
|
|
|
|
);
|
|
|
|
argv += optind;
|
|
|
|
|
|
|
|
root_fd = wd_fd = -1;
|
|
|
|
if (opts & OPT_root)
|
|
|
|
root_fd = open_by_path_or_target(root_dir_str,
|
|
|
|
target_pid, "root");
|
|
|
|
if (opts & OPT_wd)
|
|
|
|
wd_fd = open_by_path_or_target(wd_str, target_pid, "cwd");
|
|
|
|
|
|
|
|
for (i = 0; i < NS_COUNT; i++) {
|
|
|
|
const struct namespace_descr *ns = &ns_list[i];
|
|
|
|
struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
|
|
|
|
|
|
|
|
ns_ctx->fd = -1;
|
|
|
|
if (opts & (1 << i))
|
|
|
|
ns_ctx->fd = open_by_path_or_target(ns_ctx->path,
|
|
|
|
target_pid, ns->ns_nsfile8);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Entering the user namespace without --preserve-credentials implies
|
|
|
|
* --setuid & --setgid and clearing root's groups.
|
|
|
|
*/
|
|
|
|
setgroups_failed = 0;
|
|
|
|
if ((opts & OPT_user) && !(opts & OPT_prescred)) {
|
|
|
|
opts |= (OPT_setuid | OPT_setgid);
|
|
|
|
/*
|
|
|
|
* We call setgroups() before and after setns() and only
|
|
|
|
* bail-out if it fails twice.
|
|
|
|
*/
|
|
|
|
setgroups_failed = (setgroups(0, NULL) < 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < NS_COUNT; i++) {
|
|
|
|
const struct namespace_descr *ns = &ns_list[i];
|
|
|
|
struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
|
|
|
|
|
|
|
|
if (ns_ctx->fd < 0)
|
|
|
|
continue;
|
|
|
|
if (setns(ns_ctx->fd, ns->flag)) {
|
|
|
|
bb_perror_msg_and_die(
|
|
|
|
"setns(): can't reassociate to namespace '%s'",
|
|
|
|
ns->ns_nsfile8 + 3 /* skip over "ns/" */
|
|
|
|
);
|
|
|
|
}
|
2016-04-02 21:36:24 +05:30
|
|
|
close(ns_ctx->fd); /* should close fds, to not confuse exec'ed PROG */
|
2016-04-02 01:47:25 +05:30
|
|
|
/*ns_ctx->fd = -1;*/
|
|
|
|
}
|
|
|
|
|
|
|
|
if (root_fd >= 0) {
|
|
|
|
if (wd_fd < 0) {
|
|
|
|
/*
|
|
|
|
* Save the current working directory if we're not
|
|
|
|
* changing it.
|
|
|
|
*/
|
|
|
|
wd_fd = xopen(".", O_RDONLY);
|
|
|
|
}
|
|
|
|
xfchdir(root_fd);
|
|
|
|
xchroot(".");
|
2016-04-02 21:36:24 +05:30
|
|
|
close(root_fd);
|
2016-04-02 01:47:25 +05:30
|
|
|
/*root_fd = -1;*/
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wd_fd >= 0) {
|
|
|
|
xfchdir(wd_fd);
|
2016-04-02 21:36:24 +05:30
|
|
|
close(wd_fd);
|
2016-04-02 01:47:25 +05:30
|
|
|
/*wd_fd = -1;*/
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Entering the pid namespace implies forking unless it's been
|
|
|
|
* explicitly requested by the user not to.
|
|
|
|
*/
|
|
|
|
if (!(opts & OPT_nofork) && (opts & OPT_pid)) {
|
2016-04-02 21:36:24 +05:30
|
|
|
xvfork_parent_waits_and_exits();
|
2016-04-02 01:47:25 +05:30
|
|
|
/* Child continues */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (opts & OPT_setgid) {
|
|
|
|
if (setgroups(0, NULL) < 0 && setgroups_failed)
|
libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d43707 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 15:05:03 +05:30
|
|
|
bb_simple_perror_msg_and_die("setgroups");
|
2016-04-02 01:47:25 +05:30
|
|
|
xsetgid(gid);
|
|
|
|
}
|
|
|
|
if (opts & OPT_setuid)
|
|
|
|
xsetuid(uid);
|
|
|
|
|
2016-04-02 21:36:24 +05:30
|
|
|
exec_prog_or_SHELL(argv);
|
2016-04-02 01:47:25 +05:30
|
|
|
}
|