New utility: xbps-uunshare(8) - like xbps-uchroot(8) with user_namespaces(7).

This commit is contained in:
Juan RP 2015-03-05 18:44:20 +01:00
parent 927254c43e
commit 58e6d71d24
5 changed files with 289 additions and 0 deletions

4
NEWS
View File

@ -1,5 +1,9 @@
xbps-0.44 (???): xbps-0.44 (???):
* xbps-uunshare(8): new utility analogue to xbps-uchroot(8), but uses
user namespaces (see user_namespaces(7)) to avoid the need of elevated
privileges.
* xbps-rindex(8): fix -s short option; was omitted in the short options list. * xbps-rindex(8): fix -s short option; was omitted in the short options list.
* xbps-pkgdb(8): added a new mode to set in installed packages: "repolock". * xbps-pkgdb(8): added a new mode to set in installed packages: "repolock".

View File

@ -10,6 +10,7 @@ SUBDIRS += xbps-remove
SUBDIRS += xbps-rindex SUBDIRS += xbps-rindex
SUBDIRS += xbps-uhelper SUBDIRS += xbps-uhelper
SUBDIRS += xbps-checkvers SUBDIRS += xbps-checkvers
SUBDIRS += xbps-uunshare
ifeq (${XBPS_OS},linux) ifeq (${XBPS_OS},linux)
SUBDIRS += xbps-uchroot SUBDIRS += xbps-uchroot

View File

@ -0,0 +1,6 @@
TOPDIR = ../..
-include $(TOPDIR)/config.mk
BIN = xbps-uunshare
include $(TOPDIR)/mk/prog.mk

206
bin/xbps-uunshare/main.c Normal file
View File

@ -0,0 +1,206 @@
/*-
* Copyright (c) 2014-2015 Juan Romero Pardines.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/fsuid.h>
#include <sys/wait.h>
#include <sched.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdarg.h>
#include <signal.h>
#include <fcntl.h>
#include <grp.h>
#include <errno.h>
#include <limits.h>
#include <syscall.h>
static int errval = 0;
static void __attribute__((noreturn))
die(const char *fmt, ...)
{
va_list ap;
int save_errno = errno;
va_start(ap, fmt);
fprintf(stderr, "ERROR ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, " (%s)\n", strerror(save_errno));
va_end(ap);
exit(errval != 0 ? errval : EXIT_FAILURE);
}
static void __attribute__((noreturn))
usage(const char *p)
{
printf("Usage: %s [-D dir] [-H dir] [-S dir] <chrootdir> <command>\n\n"
"-D <distdir> Directory to be bind mounted at <chrootdir>/void-packages\n"
"-H <hostdir> Directory to be bind mounted at <chrootdir>/host\n"
"-S <shmdir> Directory to be bind mounted at <chrootdir>/<shmdir>\n", p);
exit(EXIT_FAILURE);
}
static void
bindmount(const char *chrootdir, const char *dir, const char *dest)
{
char mountdir[PATH_MAX-1];
snprintf(mountdir, sizeof(mountdir), "%s/%s", chrootdir, dest ? dest : dir);
if (mount(".", mountdir, NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) == -1)
die("Failed to bind mount %s at %s", dir, mountdir);
}
int
main(int argc, char **argv)
{
uid_t uid = getuid();
gid_t gid = getgid();
const char *chrootdir, *distdir, *hostdir, *shmdir, *cmd, *argv0;
char **cmdargs, mountdir[PATH_MAX-1], buf[32];
int fd, aidx = 0, clone_flags, child_status = 0;
pid_t child;
chrootdir = distdir = hostdir = shmdir = cmd = NULL;
argv0 = argv[0];
argc--;
argv++;
if (argc < 2)
usage(argv0);
while (aidx < argc) {
if (strcmp(argv[aidx], "-D") == 0) {
/* distdir */
distdir = argv[aidx+1];
aidx += 2;
} else if (strcmp(argv[aidx], "-H") == 0) {
/* hostdir */
hostdir = argv[aidx+1];
aidx += 2;
} else if (strcmp(argv[aidx], "-S") == 0) {
/* shmdir */
shmdir = argv[aidx+1];
aidx += 2;
} else {
break;
}
}
if ((argc - aidx) < 2)
usage(argv0);
chrootdir = argv[aidx];
cmd = argv[aidx+1];
cmdargs = argv + aidx + 1;
/* Never allow chrootdir == / */
if (strcmp(chrootdir, "/") == 0)
die("/ is not allowed to be used as chrootdir");
clone_flags = (SIGCHLD|CLONE_NEWUSER|CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUTS|CLONE_NEWPID);
/* Issue the clone(2) syscall with our settings */
if ((child = syscall(__NR_clone, clone_flags, NULL)) == -1) {
errval = 99;
die("clone");
}
if (child == 0) {
/*
* Setup uid/gid user mappings and restrict setgroups().
*/
if ((fd = open("/proc/self/uid_map", O_RDWR)) == -1)
die("failed to open /proc/self/uidmap rw");
if (write(fd, buf, snprintf(buf, sizeof buf, "0 %u 1\n", uid)) == -1)
die("failed to write to /proc/self/uid_map");
close(fd);
if ((fd = open("/proc/self/setgroups", O_RDWR)) == -1)
die("failed to open /proc/self/setgroups rw");
if (write(fd, "deny", 4) == -1)
die("failed to write to /proc/self/setgroups");
close(fd);
if ((fd = open("/proc/self/gid_map", O_RDWR)) == -1)
die("failed to open /proc/self/gid_map rw");
if (write(fd, buf, snprintf(buf, sizeof buf, "0 %u 1\n", gid)) == -1)
die("failed to write to /proc/self/setgroups");
close(fd);
/* mount /proc */
snprintf(mountdir, sizeof(mountdir), "%s/proc", chrootdir);
if (mount("proc", mountdir, "proc", MS_MGC_VAL|MS_PRIVATE, NULL) == -1)
die("Failed to mount %s", mountdir);
/* bind mount /sys */
bindmount(chrootdir, "/sys", NULL);
/* bind mount /dev */
bindmount(chrootdir, "/dev", NULL);
/* bind mount hostdir if set */
if (hostdir)
bindmount(chrootdir, hostdir, "/host");
/* bind mount distdir (if set) */
if (distdir)
bindmount(chrootdir, distdir, "/void-packages");
/* bind mount shmdir (if set) */
if (shmdir)
bindmount(chrootdir, shmdir, NULL);
/* move chrootdir to / and chroot to it */
if (chdir(chrootdir) == -1)
die("chdir to %s", chrootdir);
if (mount(".", ".", NULL, MS_BIND|MS_PRIVATE, NULL) == -1)
die("Failed to bind mount %s", chrootdir);
if (mount(chrootdir, "/", NULL, MS_MOVE, NULL) == -1)
die("Failed to move %s as rootfs", chrootdir);
if (chroot(".") == -1)
die("Failed to chroot to %s", chrootdir);
if (execvp(cmd, cmdargs) == -1)
die("Failed to execute command %s", cmd);
}
/* Wait until the child terminates */
while (waitpid(child, &child_status, 0) < 0) {
if (errno != EINTR)
die("waitpid");
}
if (!WIFEXITED(child_status))
return -1;
return WEXITSTATUS(child_status);
}

View File

@ -0,0 +1,72 @@
.Dd March 5, 2015
.Dt XBPS-UUNSHARE 8
.Sh NAME
.Nm xbps-uunshare
.Nd XBPS utility to chroot and bind mount with linux user namespaces
.Sh SYNOPSYS
.Nm xbps-uunshare
.Op OPTIONS
.Ar CHROOTDIR
.Ar COMMAND
.Op ARGS
.Sh DESCRIPTION
The
.Nm
utility allows users to chroot and bind mount required pseudo-filesystems
(/dev, /proc and /sys) in the target
.Ar CHROOTDIR
to execute
.Ar COMMAND .
The
.Nm
utility uses by default Linux namespaces to isolate IPC, PIDs and mounts to
the calling process. Thanks to
.Xr user_namespaces 7
the user does not need any privilege to create an isolated lightweight container.
.Sh OPTIONS
.Bl -tag -width -x
.It Fl D Ar dir
Specifies a full path to a directory that will be bind mounted at
.Ar CHROOTDIR/void-packages .
.It Fl H Ar dir
Specifies a full path to a directory that will be bind mounted at
.Ar CHROOTDIR/host .
.It Fl S Ar dir
Specifies a full path to a directory to allow shm functionality to be used
in the target
.Ar CHROOTDIR/dir .
If your system uses
.Sy /dev/shm
use it, otherwise use
.Sy /run/shm .
.El
.Sh NOTES
The
.Nm
utility uses Linux specific features (namespaces) and it's not meant to be portable to
other Operating Systems. The following kernel options must be enabled:
.Pp
.Bl -tag -width CONFIG_NAMESPACES -compact -offset indent
.It Sy CONFIG_NAMESPACES
.It Sy CONFIG_IPC_NS
.It Sy CONFIG_PID_NS
.It Sy CONFIG_USER_NS
.El
.Sh SEE ALSO
.Xr xbps.d 5 ,
.Xr xbps-checkvers 8 ,
.Xr xbps-create 8 ,
.Xr xbps-dgraph 8 ,
.Xr xbps-install 8 ,
.Xr xbps-pkgdb 8 ,
.Xr xbps-query 8 ,
.Xr xbps-reconfigure 8 ,
.Xr xbps-rindex 8 ,
.Xr xbps-uchroot 8
.Sh AUTHORS
.An Juan Romero Pardines <xtraeme@gmail.com>
.Sh BUGS
Probably, but I try to make this not happen. Use it under your own
responsability and enjoy your life.
.Pp
Report bugs in https://github.com/voidlinux/xbps/issues