2016-04-02 01:47:25 +05:30
|
|
|
/* vi: set sw=4 ts=4: */
|
|
|
|
|
/*
|
|
|
|
|
* Mini nsenter implementation for busybox.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2016 by Bartosz Golaszewski <bartekgola@gmail.com>
|
|
|
|
|
*
|
|
|
|
|
* Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
|
|
|
|
*/
|
|
|
|
|
//config:config NSENTER
|
2018-12-28 07:50:17 +05:30
|
|
|
//config: bool "nsenter (6.5 kb)"
|
2016-04-02 01:47:25 +05:30
|
|
|
//config: default y
|
|
|
|
|
//config: select PLATFORM_LINUX
|
|
|
|
|
//config: help
|
2017-07-21 13:20:55 +05:30
|
|
|
//config: Run program with namespaces of other processes.
|
2016-04-02 01:47:25 +05:30
|
|
|
|
|
|
|
|
//applet:IF_NSENTER(APPLET(nsenter, BB_DIR_USR_BIN, BB_SUID_DROP))
|
|
|
|
|
|
|
|
|
|
//kbuild:lib-$(CONFIG_NSENTER) += nsenter.o
|
|
|
|
|
|
|
|
|
|
//usage:#define nsenter_trivial_usage
|
|
|
|
|
//usage: "[OPTIONS] [PROG [ARGS]]"
|
|
|
|
|
//usage:#define nsenter_full_usage "\n"
|
|
|
|
|
//usage: "\n -t PID Target process to get namespaces from"
|
|
|
|
|
//usage: "\n -m[FILE] Enter mount namespace"
|
|
|
|
|
//usage: "\n -u[FILE] Enter UTS namespace (hostname etc)"
|
|
|
|
|
//usage: "\n -i[FILE] Enter System V IPC namespace"
|
|
|
|
|
//usage: "\n -n[FILE] Enter network namespace"
|
|
|
|
|
//usage: "\n -p[FILE] Enter pid namespace"
|
|
|
|
|
//usage: "\n -U[FILE] Enter user namespace"
|
|
|
|
|
//usage: "\n -S UID Set uid in entered namespace"
|
|
|
|
|
//usage: "\n -G GID Set gid in entered namespace"
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
//usage: IF_LONG_OPTS(
|
|
|
|
|
//usage: "\n --preserve-credentials Don't touch uids or gids"
|
|
|
|
|
//usage: )
|
2016-04-02 01:47:25 +05:30
|
|
|
//usage: "\n -r[DIR] Set root directory"
|
|
|
|
|
//usage: "\n -w[DIR] Set working directory"
|
|
|
|
|
//usage: "\n -F Don't fork before exec'ing PROG"
|
|
|
|
|
|
|
|
|
|
#include <sched.h>
|
2016-04-02 22:30:44 +05:30
|
|
|
#ifndef CLONE_NEWUTS
|
|
|
|
|
# define CLONE_NEWUTS 0x04000000
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef CLONE_NEWIPC
|
|
|
|
|
# define CLONE_NEWIPC 0x08000000
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef CLONE_NEWUSER
|
|
|
|
|
# define CLONE_NEWUSER 0x10000000
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef CLONE_NEWPID
|
|
|
|
|
# define CLONE_NEWPID 0x20000000
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef CLONE_NEWNET
|
|
|
|
|
# define CLONE_NEWNET 0x40000000
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-04-02 01:47:25 +05:30
|
|
|
#include "libbb.h"
|
|
|
|
|
|
|
|
|
|
struct namespace_descr {
|
|
|
|
|
int flag; /* value passed to setns() */
|
|
|
|
|
char ns_nsfile8[8]; /* "ns/" + namespace file in process' procfs entry */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct namespace_ctx {
|
|
|
|
|
char *path; /* optional path to a custom ns file */
|
|
|
|
|
int fd; /* opened namespace file descriptor */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
OPT_user = 1 << 0,
|
|
|
|
|
OPT_ipc = 1 << 1,
|
|
|
|
|
OPT_uts = 1 << 2,
|
|
|
|
|
OPT_network = 1 << 3,
|
|
|
|
|
OPT_pid = 1 << 4,
|
|
|
|
|
OPT_mount = 1 << 5,
|
|
|
|
|
OPT_target = 1 << 6,
|
|
|
|
|
OPT_setuid = 1 << 7,
|
|
|
|
|
OPT_setgid = 1 << 8,
|
|
|
|
|
OPT_root = 1 << 9,
|
|
|
|
|
OPT_wd = 1 << 10,
|
|
|
|
|
OPT_nofork = 1 << 11,
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
OPT_prescred = (1 << 12) * ENABLE_LONG_OPTS,
|
2016-04-02 01:47:25 +05:30
|
|
|
};
|
|
|
|
|
enum {
|
|
|
|
|
NS_USR_POS = 0,
|
|
|
|
|
NS_IPC_POS,
|
|
|
|
|
NS_UTS_POS,
|
|
|
|
|
NS_NET_POS,
|
|
|
|
|
NS_PID_POS,
|
|
|
|
|
NS_MNT_POS,
|
|
|
|
|
NS_COUNT,
|
|
|
|
|
};
|
|
|
|
|
/*
|
|
|
|
|
* The order is significant in nsenter.
|
|
|
|
|
* The user namespace comes first, so that it is entered first.
|
|
|
|
|
* This gives an unprivileged user the potential to enter other namespaces.
|
|
|
|
|
*/
|
|
|
|
|
static const struct namespace_descr ns_list[] = {
|
|
|
|
|
{ CLONE_NEWUSER, "ns/user", },
|
|
|
|
|
{ CLONE_NEWIPC, "ns/ipc", },
|
|
|
|
|
{ CLONE_NEWUTS, "ns/uts", },
|
|
|
|
|
{ CLONE_NEWNET, "ns/net", },
|
|
|
|
|
{ CLONE_NEWPID, "ns/pid", },
|
|
|
|
|
{ CLONE_NEWNS, "ns/mnt", },
|
|
|
|
|
};
|
|
|
|
|
/*
|
|
|
|
|
* Upstream nsenter doesn't support the short option for --preserve-credentials
|
|
|
|
|
*/
|
2018-05-04 20:48:47 +05:30
|
|
|
static const char opt_str[] ALIGN1 = "U::i::u::n::p::m::""t:+S:+G:+r::w::F";
|
2016-04-02 01:47:25 +05:30
|
|
|
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
#if ENABLE_LONG_OPTS
|
2016-04-02 01:47:25 +05:30
|
|
|
static const char nsenter_longopts[] ALIGN1 =
|
|
|
|
|
"user\0" Optional_argument "U"
|
|
|
|
|
"ipc\0" Optional_argument "i"
|
|
|
|
|
"uts\0" Optional_argument "u"
|
2018-05-03 18:04:46 +05:30
|
|
|
"net\0" Optional_argument "n"
|
2016-04-02 01:47:25 +05:30
|
|
|
"pid\0" Optional_argument "p"
|
|
|
|
|
"mount\0" Optional_argument "m"
|
|
|
|
|
"target\0" Required_argument "t"
|
|
|
|
|
"setuid\0" Required_argument "S"
|
|
|
|
|
"setgid\0" Required_argument "G"
|
|
|
|
|
"root\0" Optional_argument "r"
|
|
|
|
|
"wd\0" Optional_argument "w"
|
|
|
|
|
"no-fork\0" No_argument "F"
|
|
|
|
|
"preserve-credentials\0" No_argument "\xff"
|
|
|
|
|
;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Open a file and return the new descriptor. If a full path is provided in
|
|
|
|
|
* fs_path, then the file to which it points is opened. Otherwise (fd_path is
|
|
|
|
|
* NULL) the routine builds a path to a procfs file using the following
|
|
|
|
|
* template: '/proc/<target_pid>/<target_file>'.
|
|
|
|
|
*/
|
|
|
|
|
static int open_by_path_or_target(const char *path,
|
|
|
|
|
pid_t target_pid, const char *target_file)
|
|
|
|
|
{
|
|
|
|
|
char proc_path_buf[sizeof("/proc/%u/1234567890") + sizeof(int)*3];
|
|
|
|
|
|
|
|
|
|
if (!path) {
|
|
|
|
|
if (target_pid == 0) {
|
|
|
|
|
/* Example:
|
|
|
|
|
* "nsenter -p PROG" - neither -pFILE nor -tPID given.
|
|
|
|
|
*/
|
|
|
|
|
bb_show_usage();
|
|
|
|
|
}
|
|
|
|
|
snprintf(proc_path_buf, sizeof(proc_path_buf),
|
|
|
|
|
"/proc/%u/%s", (unsigned)target_pid, target_file);
|
|
|
|
|
path = proc_path_buf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return xopen(path, O_RDONLY);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int nsenter_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
|
|
|
|
int nsenter_main(int argc UNUSED_PARAM, char **argv)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
unsigned int opts;
|
|
|
|
|
const char *root_dir_str = NULL;
|
|
|
|
|
const char *wd_str = NULL;
|
|
|
|
|
struct namespace_ctx ns_ctx_list[NS_COUNT];
|
|
|
|
|
int setgroups_failed;
|
|
|
|
|
int root_fd, wd_fd;
|
|
|
|
|
int target_pid = 0;
|
|
|
|
|
int uid = 0;
|
|
|
|
|
int gid = 0;
|
|
|
|
|
|
|
|
|
|
memset(ns_ctx_list, 0, sizeof(ns_ctx_list));
|
|
|
|
|
|
getopt32: remove applet_long_options
FEATURE_GETOPT_LONG made dependent on LONG_OPTS.
The folloving options are removed, now LONG_OPTS enables long options
for affected applets:
FEATURE_ENV_LONG_OPTIONS FEATURE_EXPAND_LONG_OPTIONS
FEATURE_UNEXPAND_LONG_OPTIONS FEATURE_MKDIR_LONG_OPTIONS
FEATURE_MV_LONG_OPTIONS FEATURE_RMDIR_LONG_OPTIONS
FEATURE_ADDGROUP_LONG_OPTIONS FEATURE_ADDUSER_LONG_OPTIONS
FEATURE_HWCLOCK_LONG_OPTIONS FEATURE_NSENTER_LONG_OPTS
FEATURE_CHCON_LONG_OPTIONS FEATURE_RUNCON_LONG_OPTIONS
They either had a small number of long options, or their long options are
essential.
Example: upstream addgroup and adduser have ONLY longopts,
we should probably go further and get rid
of non-standard short options.
To this end, make addgroup and adduser "select LONG_OPTS".
We had this breakage caused by us even in our own package!
#if ENABLE_LONG_OPTS || !ENABLE_ADDGROUP
/* We try to use --gid, not -g, because "standard" addgroup
* has no short option -g, it has only long --gid.
*/
argv[1] = (char*)"--gid";
#else
/* Breaks if system in fact does NOT use busybox addgroup */
argv[1] = (char*)"-g";
#endif
xargs: its lone longopt no longer depends on DESKTOP, only on LONG_OPTS.
hwclock TODO: get rid of incompatible -t, -l aliases to --systz, --localtime
Shorten help texts by omitting long option when short opt alternative exists.
Reduction of size comes from the fact that store of an immediate
(an address of longopts) to a fixed address (global variable)
is a longer insn than pushing that immediate or passing it in a register.
This effect is CPU-agnostic.
function old new delta
getopt32 1350 22 -1328
vgetopt32 - 1318 +1318
getopt32long - 24 +24
tftpd_main 562 567 +5
scan_recursive 376 380 +4
collect_cpu 545 546 +1
date_main 1096 1095 -1
hostname_main 262 259 -3
uname_main 259 255 -4
setpriv_main 362 358 -4
rmdir_main 191 187 -4
mv_main 562 558 -4
ipcalc_main 548 544 -4
ifenslave_main 641 637 -4
gzip_main 192 188 -4
gunzip_main 77 73 -4
fsfreeze_main 81 77 -4
flock_main 318 314 -4
deluser_main 337 333 -4
cp_main 374 370 -4
chown_main 175 171 -4
applet_long_options 4 - -4
xargs_main 894 889 -5
wget_main 2540 2535 -5
udhcpc_main 2767 2762 -5
touch_main 436 431 -5
tar_main 1014 1009 -5
start_stop_daemon_main 1033 1028 -5
sed_main 682 677 -5
script_main 1082 1077 -5
run_parts_main 330 325 -5
rtcwake_main 459 454 -5
od_main 2169 2164 -5
nl_main 201 196 -5
modprobe_main 773 768 -5
mkdir_main 160 155 -5
ls_main 568 563 -5
install_main 773 768 -5
hwclock_main 411 406 -5
getopt_main 622 617 -5
fstrim_main 256 251 -5
env_main 198 193 -5
dumpleases_main 635 630 -5
dpkg_main 3991 3986 -5
diff_main 1355 1350 -5
cryptpw_main 233 228 -5
cpio_main 593 588 -5
conspy_main 1135 1130 -5
chpasswd_main 313 308 -5
adduser_main 887 882 -5
addgroup_main 416 411 -5
ftpgetput_main 351 345 -6
get_terminal_width_height 242 234 -8
expand_main 690 680 -10
static.expand_longopts 18 - -18
static.unexpand_longopts 27 - -27
mkdir_longopts 28 - -28
env_longopts 30 - -30
static.ifenslave_longopts 34 - -34
mv_longopts 46 - -46
static.rmdir_longopts 48 - -48
packed_usage 31739 31687 -52
------------------------------------------------------------------------------
(add/remove: 2/8 grow/shrink: 3/49 up/down: 1352/-1840) Total: -488 bytes
text data bss dec hex filename
915681 485 6880 923046 e15a6 busybox_old
915428 485 6876 922789 e14a5 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-08-08 20:08:18 +05:30
|
|
|
opts = getopt32long(argv, opt_str, nsenter_longopts,
|
2016-04-02 01:47:25 +05:30
|
|
|
&ns_ctx_list[NS_USR_POS].path,
|
|
|
|
|
&ns_ctx_list[NS_IPC_POS].path,
|
|
|
|
|
&ns_ctx_list[NS_UTS_POS].path,
|
|
|
|
|
&ns_ctx_list[NS_NET_POS].path,
|
|
|
|
|
&ns_ctx_list[NS_PID_POS].path,
|
|
|
|
|
&ns_ctx_list[NS_MNT_POS].path,
|
|
|
|
|
&target_pid, &uid, &gid,
|
|
|
|
|
&root_dir_str, &wd_str
|
|
|
|
|
);
|
|
|
|
|
argv += optind;
|
|
|
|
|
|
|
|
|
|
root_fd = wd_fd = -1;
|
|
|
|
|
if (opts & OPT_root)
|
|
|
|
|
root_fd = open_by_path_or_target(root_dir_str,
|
|
|
|
|
target_pid, "root");
|
|
|
|
|
if (opts & OPT_wd)
|
|
|
|
|
wd_fd = open_by_path_or_target(wd_str, target_pid, "cwd");
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < NS_COUNT; i++) {
|
|
|
|
|
const struct namespace_descr *ns = &ns_list[i];
|
|
|
|
|
struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
|
|
|
|
|
|
|
|
|
|
ns_ctx->fd = -1;
|
|
|
|
|
if (opts & (1 << i))
|
|
|
|
|
ns_ctx->fd = open_by_path_or_target(ns_ctx->path,
|
|
|
|
|
target_pid, ns->ns_nsfile8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Entering the user namespace without --preserve-credentials implies
|
|
|
|
|
* --setuid & --setgid and clearing root's groups.
|
|
|
|
|
*/
|
|
|
|
|
setgroups_failed = 0;
|
|
|
|
|
if ((opts & OPT_user) && !(opts & OPT_prescred)) {
|
|
|
|
|
opts |= (OPT_setuid | OPT_setgid);
|
|
|
|
|
/*
|
|
|
|
|
* We call setgroups() before and after setns() and only
|
|
|
|
|
* bail-out if it fails twice.
|
|
|
|
|
*/
|
|
|
|
|
setgroups_failed = (setgroups(0, NULL) < 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < NS_COUNT; i++) {
|
|
|
|
|
const struct namespace_descr *ns = &ns_list[i];
|
|
|
|
|
struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
|
|
|
|
|
|
|
|
|
|
if (ns_ctx->fd < 0)
|
|
|
|
|
continue;
|
|
|
|
|
if (setns(ns_ctx->fd, ns->flag)) {
|
|
|
|
|
bb_perror_msg_and_die(
|
|
|
|
|
"setns(): can't reassociate to namespace '%s'",
|
|
|
|
|
ns->ns_nsfile8 + 3 /* skip over "ns/" */
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-04-02 21:36:24 +05:30
|
|
|
close(ns_ctx->fd); /* should close fds, to not confuse exec'ed PROG */
|
2016-04-02 01:47:25 +05:30
|
|
|
/*ns_ctx->fd = -1;*/
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (root_fd >= 0) {
|
|
|
|
|
if (wd_fd < 0) {
|
|
|
|
|
/*
|
|
|
|
|
* Save the current working directory if we're not
|
|
|
|
|
* changing it.
|
|
|
|
|
*/
|
|
|
|
|
wd_fd = xopen(".", O_RDONLY);
|
|
|
|
|
}
|
|
|
|
|
xfchdir(root_fd);
|
|
|
|
|
xchroot(".");
|
2016-04-02 21:36:24 +05:30
|
|
|
close(root_fd);
|
2016-04-02 01:47:25 +05:30
|
|
|
/*root_fd = -1;*/
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (wd_fd >= 0) {
|
|
|
|
|
xfchdir(wd_fd);
|
2016-04-02 21:36:24 +05:30
|
|
|
close(wd_fd);
|
2016-04-02 01:47:25 +05:30
|
|
|
/*wd_fd = -1;*/
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Entering the pid namespace implies forking unless it's been
|
|
|
|
|
* explicitly requested by the user not to.
|
|
|
|
|
*/
|
|
|
|
|
if (!(opts & OPT_nofork) && (opts & OPT_pid)) {
|
2016-04-02 21:36:24 +05:30
|
|
|
xvfork_parent_waits_and_exits();
|
2016-04-02 01:47:25 +05:30
|
|
|
/* Child continues */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (opts & OPT_setgid) {
|
|
|
|
|
if (setgroups(0, NULL) < 0 && setgroups_failed)
|
|
|
|
|
bb_perror_msg_and_die("setgroups");
|
|
|
|
|
xsetgid(gid);
|
|
|
|
|
}
|
|
|
|
|
if (opts & OPT_setuid)
|
|
|
|
|
xsetuid(uid);
|
|
|
|
|
|
2016-04-02 21:36:24 +05:30
|
|
|
exec_prog_or_SHELL(argv);
|
2016-04-02 01:47:25 +05:30
|
|
|
}
|
