diff options
| author | Christian Brauner <brauner@kernel.org> | 2022-09-30 14:21:01 +0200 |
|---|---|---|
| committer | Christian Brauner (Microsoft) <brauner@kernel.org> | 2022-10-04 18:46:27 +0200 |
| commit | c3b9c418c0e688892284aa83fefaea313fdabccc (patch) | |
| tree | 9f649a3e5935b5ec236864a18fdde01ddec61691 /src | |
| parent | missing_sched: add CLONE_NEWTIME (diff) | |
| download | systemd-c3b9c418c0e688892284aa83fefaea313fdabccc.tar.xz systemd-c3b9c418c0e688892284aa83fefaea313fdabccc.zip | |
namespace-util: add namespace_info
Diffstat (limited to '')
| -rw-r--r-- | src/basic/namespace-util.c | 26 | ||||
| -rw-r--r-- | src/basic/namespace-util.h | 19 | ||||
| -rw-r--r-- | src/core/namespace.c | 1 | ||||
| -rw-r--r-- | src/core/namespace.h | 13 |
4 files changed, 43 insertions, 16 deletions
diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index 4da9cb4cae..b330e2a11d 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -9,12 +9,30 @@ #include "fileio.h" #include "missing_fs.h" #include "missing_magic.h" +#include "missing_sched.h" #include "namespace-util.h" #include "process-util.h" #include "stat-util.h" #include "stdio-util.h" #include "user-util.h" +const struct namespace_info namespace_info[] = { + [NAMESPACE_CGROUP] = { "cgroup", "ns/cgroup", CLONE_NEWCGROUP, }, + [NAMESPACE_IPC] = { "ipc", "ns/ipc", CLONE_NEWIPC, }, + [NAMESPACE_NET] = { "net", "ns/net", CLONE_NEWNET, }, + /* So, the mount namespace flag is called CLONE_NEWNS for historical + * reasons. Let's expose it here under a more explanatory name: "mnt". + * This is in-line with how the kernel exposes namespaces in /proc/$PID/ns. */ + [NAMESPACE_MOUNT] = { "mnt", "ns/mnt", CLONE_NEWNS, }, + [NAMESPACE_PID] = { "pid", "ns/pid", CLONE_NEWPID, }, + [NAMESPACE_USER] = { "user", "ns/user", CLONE_NEWUSER, }, + [NAMESPACE_UTS] = { "uts", "ns/uts", CLONE_NEWUTS, }, + [NAMESPACE_TIME] = { "time", "ns/time", CLONE_NEWTIME, }, + { /* Allow callers to iterate over the array without using _NAMESPACE_TYPE_MAX. */ }, +}; + +#define pid_namespace_path(pid, type) procfs_file_alloca(pid, namespace_info[type].proc_path) + int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *userns_fd, int *root_fd) { _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1, usernsfd = -1; int rfd = -1; @@ -24,7 +42,7 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int * if (mntns_fd) { const char *mntns; - mntns = procfs_file_alloca(pid, "ns/mnt"); + mntns = pid_namespace_path(pid, NAMESPACE_MOUNT); mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC); if (mntnsfd < 0) return -errno; @@ -33,7 +51,7 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int * if (pidns_fd) { const char *pidns; - pidns = procfs_file_alloca(pid, "ns/pid"); + pidns = pid_namespace_path(pid, NAMESPACE_PID); pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC); if (pidnsfd < 0) return -errno; @@ -42,7 +60,7 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int * if (netns_fd) { const char *netns; - netns = procfs_file_alloca(pid, "ns/net"); + netns = pid_namespace_path(pid, NAMESPACE_NET); netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC); if (netnsfd < 0) return -errno; @@ -51,7 +69,7 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int * if (userns_fd) { const char *userns; - userns = procfs_file_alloca(pid, "ns/user"); + userns = pid_namespace_path(pid, NAMESPACE_USER); usernsfd = open(userns, O_RDONLY|O_NOCTTY|O_CLOEXEC); if (usernsfd < 0 && errno != ENOENT) return -errno; diff --git a/src/basic/namespace-util.h b/src/basic/namespace-util.h index 24dce0939e..5c1912985d 100644 --- a/src/basic/namespace-util.h +++ b/src/basic/namespace-util.h @@ -3,6 +3,25 @@ #include <sys/types.h> +typedef enum NamespaceType { + NAMESPACE_CGROUP, + NAMESPACE_IPC, + NAMESPACE_NET, + NAMESPACE_MOUNT, + NAMESPACE_PID, + NAMESPACE_USER, + NAMESPACE_UTS, + NAMESPACE_TIME, + _NAMESPACE_TYPE_MAX, + _NAMESPACE_TYPE_INVALID = -EINVAL, +} NamespaceType; + +extern const struct namespace_info { + const char *proc_name; + const char *proc_path; + unsigned int clone_flag; +} namespace_info[_NAMESPACE_TYPE_MAX + 1]; + int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *userns_fd, int *root_fd); int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd); diff --git a/src/core/namespace.c b/src/core/namespace.c index 1911c41391..b66340437a 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2952,6 +2952,7 @@ static const char* const namespace_type_table[] = { [NAMESPACE_USER] = "user", [NAMESPACE_PID] = "pid", [NAMESPACE_NET] = "net", + [NAMESPACE_TIME] = "time", }; DEFINE_STRING_TABLE_LOOKUP(namespace_type, NamespaceType); diff --git a/src/core/namespace.h b/src/core/namespace.h index 3ef41d2c62..2ba5970159 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -15,6 +15,7 @@ typedef struct MountImage MountImage; #include "dissect-image.h" #include "fs-util.h" #include "macro.h" +#include "namespace-util.h" #include "string-util.h" typedef enum ProtectHome { @@ -26,18 +27,6 @@ typedef enum ProtectHome { _PROTECT_HOME_INVALID = -EINVAL, } ProtectHome; -typedef enum NamespaceType { - NAMESPACE_MOUNT, - NAMESPACE_CGROUP, - NAMESPACE_UTS, - NAMESPACE_IPC, - NAMESPACE_USER, - NAMESPACE_PID, - NAMESPACE_NET, - _NAMESPACE_TYPE_MAX, - _NAMESPACE_TYPE_INVALID = -EINVAL, -} NamespaceType; - typedef enum ProtectSystem { PROTECT_SYSTEM_NO, PROTECT_SYSTEM_YES, |