"Fossies" - the Fresh Open Source Software Archive

Member "honggfuzz-2.2/libhfcommon/ns.c" (23 Apr 2020, 3697 Bytes) of package /linux/privat/honggfuzz-2.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ns.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.1_vs_2.2.

    1 /*
    2  *
    3  * honggfuzz - namespace-related utilities
    4  * -----------------------------------------
    5  *
    6  * Author: Robert Swiecki <swiecki@google.com>
    7  *
    8  * Copyright 2017 by Google Inc. All Rights Reserved.
    9  *
   10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
   11  * not use this file except in compliance with the License. You may obtain
   12  * a copy of the License at
   13  *
   14  * http://www.apache.org/licenses/LICENSE-2.0
   15  *
   16  * Unless required by applicable law or agreed to in writing, software
   17  * distributed under the License is distributed on an "AS IS" BASIS,
   18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
   19  * implied. See the License for the specific language governing
   20  * permissions and limitations under the License.
   21  *
   22  */
   23 
   24 #include "libhfcommon/ns.h"
   25 
   26 #include "libhfcommon/common.h"
   27 #include "libhfcommon/files.h"
   28 #include "libhfcommon/log.h"
   29 
   30 #if defined(_HF_ARCH_LINUX)
   31 
   32 #include <arpa/inet.h>
   33 #include <fcntl.h>
   34 #include <net/if.h>
   35 #include <sched.h>
   36 #include <stdbool.h>
   37 #include <stdint.h>
   38 #include <stdio.h>
   39 #include <string.h>
   40 #include <sys/ioctl.h>
   41 #include <sys/mount.h>
   42 #include <sys/socket.h>
   43 #include <sys/stat.h>
   44 #include <sys/types.h>
   45 
   46 bool nsEnter(uintptr_t cloneFlags) {
   47     pid_t current_uid = getuid();
   48     gid_t current_gid = getgid();
   49 
   50     if (unshare(cloneFlags) == -1) {
   51         PLOG_E("unshare(0x%tx)", cloneFlags);
   52         if (cloneFlags | CLONE_NEWUSER) {
   53             LOG_W("Executing 'sysctl -w kernel.unprivileged_userns_clone=1' might help with this");
   54         }
   55         return false;
   56     }
   57 
   58     if (!files_writeStrToFile("/proc/self/setgroups", "deny", O_WRONLY)) {
   59         PLOG_E("Couldn't write to /proc/self/setgroups");
   60         return false;
   61     }
   62 
   63     char gid_map[4096];
   64     snprintf(gid_map, sizeof(gid_map), "%d %d 1", (int)current_gid, (int)current_gid);
   65     if (!files_writeStrToFile("/proc/self/gid_map", gid_map, O_WRONLY)) {
   66         PLOG_E("Couldn't write to /proc/self/gid_map");
   67         return false;
   68     }
   69 
   70     char uid_map[4096];
   71     snprintf(uid_map, sizeof(uid_map), "%d %d 1", (int)current_uid, (int)current_uid);
   72     if (!files_writeStrToFile("/proc/self/uid_map", uid_map, O_WRONLY)) {
   73         PLOG_E("Couldn't write to /proc/self/uid_map");
   74         return false;
   75     }
   76 
   77     if (setresgid(current_gid, current_gid, current_gid) == -1) {
   78         PLOG_E("setresgid(%d)", (int)current_gid);
   79         return false;
   80     }
   81     if (setresuid(current_uid, current_uid, current_uid) == -1) {
   82         PLOG_E("setresuid(%d)", (int)current_uid);
   83         return false;
   84     }
   85 
   86     return true;
   87 }
   88 
   89 bool nsIfaceUp(const char* ifacename) {
   90     int sock = socket(PF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP);
   91     if (sock == -1) {
   92         if ((sock = socket(PF_INET6, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP)) == -1) {
   93             PLOG_E("socket(PF_INET6, SOCK_STREAM|SOCK_CLOEXEC, IPPROTO_TCP)");
   94             return false;
   95         }
   96     }
   97 
   98     struct ifreq ifr;
   99     memset(&ifr, '\0', sizeof(ifr));
  100     snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", ifacename);
  101 
  102     if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
  103         PLOG_E("ioctl(iface='%s', SIOCGIFFLAGS, IFF_UP)", ifacename);
  104         close(sock);
  105         return false;
  106     }
  107 
  108     ifr.ifr_flags |= (IFF_UP | IFF_RUNNING);
  109 
  110     if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
  111         PLOG_E("ioctl(iface='%s', SIOCGIFFLAGS, IFF_UP)", ifacename);
  112         close(sock);
  113         return false;
  114     }
  115 
  116     close(sock);
  117     return true;
  118 }
  119 
  120 bool nsMountTmpfs(const char* dst, const char* opts) {
  121     if (mount(NULL, dst, "tmpfs", 0, opts) == -1) {
  122         PLOG_E("mount(dst='%s', tmpfs)", dst);
  123         return false;
  124     }
  125     return true;
  126 }
  127 
  128 #endif /* defined(_HF_ARCH_LINUX) */