platform/external/busybox.git - Unnamed repository; edit this file 'description' to name the repository.

1 /* vi: set sw=4 ts=4: */
2 /*
3  * Mini unshare implementation for busybox.
4  *
5  * Copyright (C) 2016 by Bartosz Golaszewski <bartekgola@gmail.com>
6  *
7  * Licensed under GPLv2 or later, see file LICENSE in this source tree.
8  */
9 //config:config UNSHARE
10 //config:	bool "unshare"
11 //config:	default y
12 //config:	depends on LONG_OPTS && !NOMMU
13 //config:	select PLATFORM_LINUX
14 //config:	help
15 //config:	  Run program with some namespaces unshared from parent.
16
17 // depends on LONG_OPTS: it is awkward to exclude code which handles --propagation
18 // and --setgroups based on LONG_OPTS, so instead applet requires LONG_OPTS.
19 // depends on !NOMMU: we need fork()
20
21 //applet:IF_UNSHARE(APPLET(unshare, BB_DIR_USR_BIN, BB_SUID_DROP))
22
23 //kbuild:lib-$(CONFIG_UNSHARE) += unshare.o
24
25 //usage:#define unshare_trivial_usage
26 //usage:       "[OPTIONS] [PROG [ARGS]]"
27 //usage:#define unshare_full_usage "\n"
28 //usage:     "\n	-m, --mount[=FILE]	Unshare mount namespace"
29 //usage:     "\n	-u, --uts[=FILE]	Unshare UTS namespace (hostname etc.)"
30 //usage:     "\n	-i, --ipc[=FILE]	Unshare System V IPC namespace"
31 //usage:     "\n	-n, --net[=FILE]	Unshare network namespace"
32 //usage:     "\n	-p, --pid[=FILE]	Unshare PID namespace"
33 //usage:     "\n	-U, --user[=FILE}	Unshare user namespace"
34 //usage:     "\n	-f, --fork		Fork before execing PROG"
35 //usage:     "\n	-r, --map-root-user	Map current user to root (implies -u)"
36 //usage:     "\n	--mount-proc[=DIR]	Mount /proc filesystem first (implies -m)"
37 //usage:     "\n	--propagation slave|shared|private|unchanged"
38 //usage:     "\n				Modify mount propagation in mount namespace"
39 //usage:     "\n	--setgroups allow|deny	Control the setgroups syscall in user namespaces"
40
41 #include <sched.h>
42 #ifndef CLONE_NEWUTS
43 # define CLONE_NEWUTS  0x04000000
44 #endif
45 #ifndef CLONE_NEWIPC
46 # define CLONE_NEWIPC  0x08000000
47 #endif
48 #ifndef CLONE_NEWUSER
49 # define CLONE_NEWUSER 0x10000000
50 #endif
51 #ifndef CLONE_NEWPID
52 # define CLONE_NEWPID  0x20000000
53 #endif
54 #ifndef CLONE_NEWNET
55 # define CLONE_NEWNET  0x40000000
56 #endif
57
58 #include <sys/mount.h>
59 #ifndef MS_REC
60 # define MS_REC     (1 << 14)
61 #endif
62 #ifndef MS_PRIVATE
63 # define MS_PRIVATE (1 << 18)
64 #endif
65 #ifndef MS_SLAVE
66 # define MS_SLAVE   (1 << 19)
67 #endif
68 #ifndef MS_SHARED
69 # define MS_SHARED  (1 << 20)
70 #endif
71
72 #include "libbb.h"
73
74 static void mount_or_die(const char *source, const char *target,
75                  const char *fstype, unsigned long mountflags)
76 {
77 	if (mount(source, target, fstype, mountflags, NULL)) {
78 		bb_perror_msg_and_die("can't mount %s on %s (flags:0x%lx)",
79 			source, target, mountflags);
80 		/* fstype is always either NULL or "proc".
81 		 * "proc" is only used to mount /proc.
82 		 * No need to clutter up error message with fstype,
83 		 * it is easily deductible.
84 		 */
85 	}
86 }
87
88 #define PATH_PROC_SETGROUPS	"/proc/self/setgroups"
89 #define PATH_PROC_UIDMAP	"/proc/self/uid_map"
90 #define PATH_PROC_GIDMAP	"/proc/self/gid_map"
91
92 struct namespace_descr {
93 	int flag;
94 	const char nsfile4[4];
95 };
96
97 struct namespace_ctx {
98 	char *path;
99 };
100
101 enum {
102 	OPT_mount	= 1 << 0,
103 	OPT_uts		= 1 << 1,
104 	OPT_ipc		= 1 << 2,
105 	OPT_net		= 1 << 3,
106 	OPT_pid		= 1 << 4,
107 	OPT_user	= 1 << 5, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
108 	OPT_fork	= 1 << 6,
109 	OPT_map_root	= 1 << 7,
110 	OPT_mount_proc	= 1 << 8,
111 	OPT_propagation	= 1 << 9,
112 	OPT_setgroups	= 1 << 10,
113 };
114 enum {
115 	NS_MNT_POS = 0,
116 	NS_UTS_POS,
117 	NS_IPC_POS,
118 	NS_NET_POS,
119 	NS_PID_POS,
120 	NS_USR_POS, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
121 	NS_COUNT,
122 };
123 static const struct namespace_descr ns_list[] = {
124 	{ CLONE_NEWNS,   "mnt"  },
125 	{ CLONE_NEWUTS,  "uts"  },
126 	{ CLONE_NEWIPC,  "ipc"  },
127 	{ CLONE_NEWNET,  "net"  },
128 	{ CLONE_NEWPID,  "pid"  },
129 	{ CLONE_NEWUSER, "user" }, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
130 };
131
132 /*
133  * Upstream unshare doesn't support short options for --mount-proc,
134  * --propagation, --setgroups.
135  * Optional arguments (namespace mountpoints) exist only for long opts,
136  * we are forced to use "fake" letters for them.
137  * '+': stop at first non-option.
138  */
139 static const char opt_str[] ALIGN1 = "+muinpU""fr""\xfd::""\xfe:""\xff:";
140 static const char unshare_longopts[] ALIGN1 =
141 	"mount\0"		Optional_argument	"\xf0"
142 	"uts\0"			Optional_argument	"\xf1"
143 	"ipc\0"			Optional_argument	"\xf2"
144 	"net\0"			Optional_argument	"\xf3"
145 	"pid\0"			Optional_argument	"\xf4"
146 	"user\0"		Optional_argument	"\xf5"
147 	"fork\0"		No_argument		"f"
148 	"map-root-user\0"	No_argument		"r"
149 	"mount-proc\0"		Optional_argument	"\xfd"
150 	"propagation\0"		Required_argument	"\xfe"
151 	"setgroups\0"		Required_argument	"\xff"
152 ;
153
154 /* Ugly-looking string reuse trick */
155 #define PRIVATE_STR   "private\0""unchanged\0""shared\0""slave\0"
156 #define PRIVATE_UNCHANGED_SHARED_SLAVE   PRIVATE_STR
157
158 static unsigned long parse_propagation(const char *prop_str)
159 {
160 	int i = index_in_strings(PRIVATE_UNCHANGED_SHARED_SLAVE, prop_str);
161 	if (i < 0)
162 		bb_error_msg_and_die("unrecognized: --%s=%s", "propagation", prop_str);
163 	if (i == 0)
164 		return MS_REC | MS_PRIVATE;
165 	if (i == 1)
166 		return 0;
167 	if (i == 2)
168 		return MS_REC | MS_SHARED;
169 	return MS_REC | MS_SLAVE;
170 }
171
172 static void mount_namespaces(pid_t pid, struct namespace_ctx *ns_ctx_list)
173 {
174 	const struct namespace_descr *ns;
175 	struct namespace_ctx *ns_ctx;
176 	int i;
177
178 	for (i = 0; i < NS_COUNT; i++) {
179 		char nsf[sizeof("/proc/%u/ns/AAAA") + sizeof(int)*3];
180
181 		ns = &ns_list[i];
182 		ns_ctx = &ns_ctx_list[i];
183 		if (!ns_ctx->path)
184 			continue;
185 		sprintf(nsf, "/proc/%u/ns/%.4s", (unsigned)pid, ns->nsfile4);
186 		mount_or_die(nsf, ns_ctx->path, NULL, MS_BIND);
187 	}
188 }
189
190 int unshare_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
191 int unshare_main(int argc UNUSED_PARAM, char **argv)
192 {
193 	int i;
194 	unsigned int opts;
195 	int unsflags;
196 	uintptr_t need_mount;
197 	const char *proc_mnt_target;
198 	const char *prop_str;
199 	const char *setgrp_str;
200 	unsigned long prop_flags;
201 	uid_t reuid = geteuid();
202 	gid_t regid = getegid();
203 	struct fd_pair fdp;
204 	pid_t child = child; /* for compiler */
205 	struct namespace_ctx ns_ctx_list[NS_COUNT];
206
207 	memset(ns_ctx_list, 0, sizeof(ns_ctx_list));
208 	proc_mnt_target = "/proc";
209 	prop_str = PRIVATE_STR;
210 	setgrp_str = NULL;
211
212 	opt_complementary =
213 		"\xf0""m" /* long opts (via their "fake chars") imply short opts */
214 		":\xf1""u"
215 		":\xf2""i"
216 		":\xf3""n"
217 		":\xf4""p"
218 		":\xf5""U"
219 		":ru"	   /* --map-root-user or -r implies -u */
220 		":\xfd""m" /* --mount-proc implies -m */
221 	;
222 	applet_long_options = unshare_longopts;
223 	opts = getopt32(argv, opt_str,
224 			&proc_mnt_target, &prop_str, &setgrp_str,
225 			&ns_ctx_list[NS_MNT_POS].path,
226 			&ns_ctx_list[NS_UTS_POS].path,
227 			&ns_ctx_list[NS_IPC_POS].path,
228 			&ns_ctx_list[NS_NET_POS].path,
229 			&ns_ctx_list[NS_PID_POS].path,
230 			&ns_ctx_list[NS_USR_POS].path
231 	);
232 	argv += optind;
233 	//bb_error_msg("opts:0x%x", opts);
234 	//bb_error_msg("mount:%s", ns_ctx_list[NS_MNT_POS].path);
235 	//bb_error_msg("proc_mnt_target:%s", proc_mnt_target);
236 	//bb_error_msg("prop_str:%s", prop_str);
237 	//bb_error_msg("setgrp_str:%s", setgrp_str);
238 	//exit(1);
239
240 	if (setgrp_str) {
241 		if (strcmp(setgrp_str, "allow") == 0) {
242 			if (opts & OPT_map_root) {
243 				bb_error_msg_and_die(
244 					"--setgroups=allow and --map-root-user "
245 					"are mutually exclusive"
246 				);
247 			}
248 		} else {
249 			/* It's not "allow", must be "deny" */
250 			if (strcmp(setgrp_str, "deny") != 0)
251 				bb_error_msg_and_die("unrecognized: --%s=%s",
252 					"setgroups", setgrp_str);
253 		}
254 	}
255
256 	unsflags = 0;
257 	need_mount = 0;
258 	for (i = 0; i < NS_COUNT; i++) {
259 		const struct namespace_descr *ns = &ns_list[i];
260 		struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
261
262 		if (opts & (1 << i))
263 			unsflags |= ns->flag;
264
265 		need_mount |= (uintptr_t)(ns_ctx->path);
266 	}
267 	/* need_mount != 0 if at least one FILE was given */
268
269 	prop_flags = MS_REC | MS_PRIVATE;
270 	/* Silently ignore --propagation if --mount is not requested. */
271 	if (opts & OPT_mount)
272 		prop_flags = parse_propagation(prop_str);
273
274 	/*
275 	 * Special case: if we were requested to unshare the mount namespace
276 	 * AND to make any namespace persistent (by bind mounting it) we need
277 	 * to spawn a child process which will wait for the parent to call
278 	 * unshare(), then mount parent's namespaces while still in the
279 	 * previous namespace.
280 	 */
281 	fdp.wr = -1;
282 	if (need_mount && (opts & OPT_mount)) {
283 		/*
284 		 * Can't use getppid() in child, as we can be unsharing the
285 		 * pid namespace.
286 		 */
287 		pid_t ppid = getpid();
288
289 		xpiped_pair(fdp);
290
291 		child = xfork();
292 		if (child == 0) {
293 			/* Child */
294 			close(fdp.wr);
295
296 			/* Wait until parent calls unshare() */
297 			read(fdp.rd, ns_ctx_list, 1); /* ...using bogus buffer */
298 			/*close(fdp.rd);*/
299
300 			/* Mount parent's unshared namespaces. */
301 			mount_namespaces(ppid, ns_ctx_list);
302 			return EXIT_SUCCESS;
303 		}
304 		/* Parent continues */
305 	}
306
307 	//if (unshare(unsflags) != 0)
308 	//	bb_perror_msg_and_die("unshare(0x%x)", unsflags);
309
310 	if (fdp.wr >= 0) {
311 		close(fdp.wr); /* Release child */
312 		close(fdp.rd); /* should close fd, to not confuse exec'ed PROG */
313 	}
314
315 	if (need_mount) {
316 		/* Wait for the child to finish mounting the namespaces. */
317 		if (opts & OPT_mount) {
318 			int exit_status = wait_for_exitstatus(child);
319 			if (WIFEXITED(exit_status) &&
320 			    WEXITSTATUS(exit_status) != EXIT_SUCCESS)
321 				return WEXITSTATUS(exit_status);
322 		} else {
323 			/*
324 			 * Regular way - we were requested to mount some other
325 			 * namespaces: mount them after the call to unshare().
326 			 */
327 			mount_namespaces(getpid(), ns_ctx_list);
328 		}
329 	}
330
331 	/*
332 	 * When we're unsharing the pid namespace, it's not the process that
333 	 * calls unshare() that is put into the new namespace, but its first
334 	 * child. The user may want to use this option to spawn a new process
335 	 * that'll become PID 1 in this new namespace.
336 	 */
337 	if (opts & OPT_fork) {
338 		xvfork_parent_waits_and_exits();
339 		/* Child continues */
340 	}
341
342 	if (opts & OPT_map_root) {
343 		char uidmap_buf[sizeof("%u 0 1") + sizeof(int)*3];
344
345 		/*
346 		 * Since Linux 3.19 unprivileged writing of /proc/self/gid_map
347 		 * has been disabled unless /proc/self/setgroups is written
348 		 * first to permanently disable the ability to call setgroups
349 		 * in that user namespace.
350 		 */
351 		xopen_xwrite_close(PATH_PROC_SETGROUPS, "deny");
352 		sprintf(uidmap_buf, "%u 0 1", (unsigned)reuid);
353 		xopen_xwrite_close(PATH_PROC_UIDMAP, uidmap_buf);
354 		sprintf(uidmap_buf, "%u 0 1", (unsigned)regid);
355 		xopen_xwrite_close(PATH_PROC_GIDMAP, uidmap_buf);
356 	} else
357 	if (setgrp_str) {
358 		/* Write "allow" or "deny" */
359 		xopen_xwrite_close(PATH_PROC_SETGROUPS, setgrp_str);
360 	}
361
362 	if (opts & OPT_mount) {
363 		mount_or_die("none", "/", NULL, prop_flags);
364 	}
365
366 	if (opts & OPT_mount_proc) {
367 		/*
368 		 * When creating a new pid namespace, we might want the pid
369 		 * subdirectories in /proc to remain consistent with the new
370 		 * process IDs. Without --mount-proc the pids in /proc would
371 		 * still reflect the old pid namespace. This is why we make
372 		 * /proc private here and then do a fresh mount.
373 		 */
374 		mount_or_die("none", proc_mnt_target, NULL, MS_PRIVATE | MS_REC);
375 		mount_or_die("proc", proc_mnt_target, "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV);
376 	}
377
378 	exec_prog_or_SHELL(argv);
379 }
380
1	/* vi: set sw=4 ts=4: */
2	/*
3	* Mini unshare implementation for busybox.
4	*
5	* Copyright (C) 2016 by Bartosz Golaszewski <bartekgola@gmail.com>
6	*
7	* Licensed under GPLv2 or later, see file LICENSE in this source tree.
8	*/
9	//config:config UNSHARE
10	//config: bool "unshare"
11	//config: default y
12	//config: depends on LONG_OPTS && !NOMMU
13	//config: select PLATFORM_LINUX
14	//config: help
15	//config: Run program with some namespaces unshared from parent.
16
17	// depends on LONG_OPTS: it is awkward to exclude code which handles --propagation
18	// and --setgroups based on LONG_OPTS, so instead applet requires LONG_OPTS.
19	// depends on !NOMMU: we need fork()
20
21	//applet:IF_UNSHARE(APPLET(unshare, BB_DIR_USR_BIN, BB_SUID_DROP))
22
23	//kbuild:lib-$(CONFIG_UNSHARE) += unshare.o
24
25	//usage:#define unshare_trivial_usage
26	//usage: "[OPTIONS] [PROG [ARGS]]"
27	//usage:#define unshare_full_usage "\n"
28	//usage: "\n -m, --mount[=FILE] Unshare mount namespace"
29	//usage: "\n -u, --uts[=FILE] Unshare UTS namespace (hostname etc.)"
30	//usage: "\n -i, --ipc[=FILE] Unshare System V IPC namespace"
31	//usage: "\n -n, --net[=FILE] Unshare network namespace"
32	//usage: "\n -p, --pid[=FILE] Unshare PID namespace"
33	//usage: "\n -U, --user[=FILE} Unshare user namespace"
34	//usage: "\n -f, --fork Fork before execing PROG"
35	//usage: "\n -r, --map-root-user Map current user to root (implies -u)"
36	//usage: "\n --mount-proc[=DIR] Mount /proc filesystem first (implies -m)"
37	//usage: "\n --propagation slave\|shared\|private\|unchanged"
38	//usage: "\n Modify mount propagation in mount namespace"
39	//usage: "\n --setgroups allow\|deny Control the setgroups syscall in user namespaces"
40
41	#include <sched.h>
42	#ifndef CLONE_NEWUTS
43	# define CLONE_NEWUTS 0x04000000
44	#endif
45	#ifndef CLONE_NEWIPC
46	# define CLONE_NEWIPC 0x08000000
47	#endif
48	#ifndef CLONE_NEWUSER
49	# define CLONE_NEWUSER 0x10000000
50	#endif
51	#ifndef CLONE_NEWPID
52	# define CLONE_NEWPID 0x20000000
53	#endif
54	#ifndef CLONE_NEWNET
55	# define CLONE_NEWNET 0x40000000
56	#endif
57
58	#include <sys/mount.h>
59	#ifndef MS_REC
60	# define MS_REC (1 << 14)
61	#endif
62	#ifndef MS_PRIVATE
63	# define MS_PRIVATE (1 << 18)
64	#endif
65	#ifndef MS_SLAVE
66	# define MS_SLAVE (1 << 19)
67	#endif
68	#ifndef MS_SHARED
69	# define MS_SHARED (1 << 20)
70	#endif
71
72	#include "libbb.h"
73
74	static void mount_or_die(const char source, const char target,
75	const char *fstype, unsigned long mountflags)
76	{
77	if (mount(source, target, fstype, mountflags, NULL)) {
78	bb_perror_msg_and_die("can't mount %s on %s (flags:0x%lx)",
79	source, target, mountflags);
80	/* fstype is always either NULL or "proc".
81	* "proc" is only used to mount /proc.
82	* No need to clutter up error message with fstype,
83	* it is easily deductible.
84	*/
85	}
86	}
87
88	#define PATH_PROC_SETGROUPS "/proc/self/setgroups"
89	#define PATH_PROC_UIDMAP "/proc/self/uid_map"
90	#define PATH_PROC_GIDMAP "/proc/self/gid_map"
91
92	struct namespace_descr {
93	int flag;
94	const char nsfile4[4];
95	};
96
97	struct namespace_ctx {
98	char *path;
99	};
100
101	enum {
102	OPT_mount = 1 << 0,
103	OPT_uts = 1 << 1,
104	OPT_ipc = 1 << 2,
105	OPT_net = 1 << 3,
106	OPT_pid = 1 << 4,
107	OPT_user = 1 << 5, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
108	OPT_fork = 1 << 6,
109	OPT_map_root = 1 << 7,
110	OPT_mount_proc = 1 << 8,
111	OPT_propagation = 1 << 9,
112	OPT_setgroups = 1 << 10,
113	};
114	enum {
115	NS_MNT_POS = 0,
116	NS_UTS_POS,
117	NS_IPC_POS,
118	NS_NET_POS,
119	NS_PID_POS,
120	NS_USR_POS, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
121	NS_COUNT,
122	};
123	static const struct namespace_descr ns_list[] = {
124	{ CLONE_NEWNS, "mnt" },
125	{ CLONE_NEWUTS, "uts" },
126	{ CLONE_NEWIPC, "ipc" },
127	{ CLONE_NEWNET, "net" },
128	{ CLONE_NEWPID, "pid" },
129	{ CLONE_NEWUSER, "user" }, /* OPT_user, NS_USR_POS, and ns_list[] index must match! */
130	};
131
132	/*
133	* Upstream unshare doesn't support short options for --mount-proc,
134	* --propagation, --setgroups.
135	* Optional arguments (namespace mountpoints) exist only for long opts,
136	* we are forced to use "fake" letters for them.
137	* '+': stop at first non-option.
138	*/
139	static const char opt_str[] ALIGN1 = "+muinpU""fr""\xfd::""\xfe:""\xff:";
140	static const char unshare_longopts[] ALIGN1 =
141	"mount\0" Optional_argument "\xf0"
142	"uts\0" Optional_argument "\xf1"
143	"ipc\0" Optional_argument "\xf2"
144	"net\0" Optional_argument "\xf3"
145	"pid\0" Optional_argument "\xf4"
146	"user\0" Optional_argument "\xf5"
147	"fork\0" No_argument "f"
148	"map-root-user\0" No_argument "r"
149	"mount-proc\0" Optional_argument "\xfd"
150	"propagation\0" Required_argument "\xfe"
151	"setgroups\0" Required_argument "\xff"
152	;
153
154	/* Ugly-looking string reuse trick */
155	#define PRIVATE_STR "private\0""unchanged\0""shared\0""slave\0"
156	#define PRIVATE_UNCHANGED_SHARED_SLAVE PRIVATE_STR
157
158	static unsigned long parse_propagation(const char *prop_str)
159	{
160	int i = index_in_strings(PRIVATE_UNCHANGED_SHARED_SLAVE, prop_str);
161	if (i < 0)
162	bb_error_msg_and_die("unrecognized: --%s=%s", "propagation", prop_str);
163	if (i == 0)
164	return MS_REC \| MS_PRIVATE;
165	if (i == 1)
166	return 0;
167	if (i == 2)
168	return MS_REC \| MS_SHARED;
169	return MS_REC \| MS_SLAVE;
170	}
171
172	static void mount_namespaces(pid_t pid, struct namespace_ctx *ns_ctx_list)
173	{
174	const struct namespace_descr *ns;
175	struct namespace_ctx *ns_ctx;
176	int i;
177
178	for (i = 0; i < NS_COUNT; i++) {
179	char nsf[sizeof("/proc/%u/ns/AAAA") + sizeof(int)*3];
180
181	ns = &ns_list[i];
182	ns_ctx = &ns_ctx_list[i];
183	if (!ns_ctx->path)
184	continue;
185	sprintf(nsf, "/proc/%u/ns/%.4s", (unsigned)pid, ns->nsfile4);
186	mount_or_die(nsf, ns_ctx->path, NULL, MS_BIND);
187	}
188	}
189
190	int unshare_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
191	int unshare_main(int argc UNUSED_PARAM, char **argv)
192	{
193	int i;
194	unsigned int opts;
195	int unsflags;
196	uintptr_t need_mount;
197	const char *proc_mnt_target;
198	const char *prop_str;
199	const char *setgrp_str;
200	unsigned long prop_flags;
201	uid_t reuid = geteuid();
202	gid_t regid = getegid();
203	struct fd_pair fdp;
204	pid_t child = child; /* for compiler */
205	struct namespace_ctx ns_ctx_list[NS_COUNT];
206
207	memset(ns_ctx_list, 0, sizeof(ns_ctx_list));
208	proc_mnt_target = "/proc";
209	prop_str = PRIVATE_STR;
210	setgrp_str = NULL;
211
212	opt_complementary =
213	"\xf0""m" /* long opts (via their "fake chars") imply short opts */
214	":\xf1""u"
215	":\xf2""i"
216	":\xf3""n"
217	":\xf4""p"
218	":\xf5""U"
219	":ru" /* --map-root-user or -r implies -u */
220	":\xfd""m" /* --mount-proc implies -m */
221	;
222	applet_long_options = unshare_longopts;
223	opts = getopt32(argv, opt_str,
224	&proc_mnt_target, &prop_str, &setgrp_str,
225	&ns_ctx_list[NS_MNT_POS].path,
226	&ns_ctx_list[NS_UTS_POS].path,
227	&ns_ctx_list[NS_IPC_POS].path,
228	&ns_ctx_list[NS_NET_POS].path,
229	&ns_ctx_list[NS_PID_POS].path,
230	&ns_ctx_list[NS_USR_POS].path
231	);
232	argv += optind;
233	//bb_error_msg("opts:0x%x", opts);
234	//bb_error_msg("mount:%s", ns_ctx_list[NS_MNT_POS].path);
235	//bb_error_msg("proc_mnt_target:%s", proc_mnt_target);
236	//bb_error_msg("prop_str:%s", prop_str);
237	//bb_error_msg("setgrp_str:%s", setgrp_str);
238	//exit(1);
239
240	if (setgrp_str) {
241	if (strcmp(setgrp_str, "allow") == 0) {
242	if (opts & OPT_map_root) {
243	bb_error_msg_and_die(
244	"--setgroups=allow and --map-root-user "
245	"are mutually exclusive"
246	);
247	}
248	} else {
249	/* It's not "allow", must be "deny" */
250	if (strcmp(setgrp_str, "deny") != 0)
251	bb_error_msg_and_die("unrecognized: --%s=%s",
252	"setgroups", setgrp_str);
253	}
254	}
255
256	unsflags = 0;
257	need_mount = 0;
258	for (i = 0; i < NS_COUNT; i++) {
259	const struct namespace_descr *ns = &ns_list[i];
260	struct namespace_ctx *ns_ctx = &ns_ctx_list[i];
261
262	if (opts & (1 << i))
263	unsflags \|= ns->flag;
264
265	need_mount \|= (uintptr_t)(ns_ctx->path);
266	}
267	/* need_mount != 0 if at least one FILE was given */
268
269	prop_flags = MS_REC \| MS_PRIVATE;
270	/* Silently ignore --propagation if --mount is not requested. */
271	if (opts & OPT_mount)
272	prop_flags = parse_propagation(prop_str);
273
274	/*
275	* Special case: if we were requested to unshare the mount namespace
276	* AND to make any namespace persistent (by bind mounting it) we need
277	* to spawn a child process which will wait for the parent to call
278	* unshare(), then mount parent's namespaces while still in the
279	* previous namespace.
280	*/
281	fdp.wr = -1;
282	if (need_mount && (opts & OPT_mount)) {
283	/*
284	* Can't use getppid() in child, as we can be unsharing the
285	* pid namespace.
286	*/
287	pid_t ppid = getpid();
288
289	xpiped_pair(fdp);
290
291	child = xfork();
292	if (child == 0) {
293	/* Child */
294	close(fdp.wr);
295
296	/* Wait until parent calls unshare() */
297	read(fdp.rd, ns_ctx_list, 1); /* ...using bogus buffer */
298	/close(fdp.rd);/
299
300	/* Mount parent's unshared namespaces. */
301	mount_namespaces(ppid, ns_ctx_list);
302	return EXIT_SUCCESS;
303	}
304	/* Parent continues */
305	}
306
307	//if (unshare(unsflags) != 0)
308	// bb_perror_msg_and_die("unshare(0x%x)", unsflags);
309
310	if (fdp.wr >= 0) {
311	close(fdp.wr); /* Release child */
312	close(fdp.rd); /* should close fd, to not confuse exec'ed PROG */
313	}
314
315	if (need_mount) {
316	/* Wait for the child to finish mounting the namespaces. */
317	if (opts & OPT_mount) {
318	int exit_status = wait_for_exitstatus(child);
319	if (WIFEXITED(exit_status) &&
320	WEXITSTATUS(exit_status) != EXIT_SUCCESS)
321	return WEXITSTATUS(exit_status);
322	} else {
323	/*
324	* Regular way - we were requested to mount some other
325	* namespaces: mount them after the call to unshare().
326	*/
327	mount_namespaces(getpid(), ns_ctx_list);
328	}
329	}
330
331	/*
332	* When we're unsharing the pid namespace, it's not the process that
333	* calls unshare() that is put into the new namespace, but its first
334	* child. The user may want to use this option to spawn a new process
335	* that'll become PID 1 in this new namespace.
336	*/
337	if (opts & OPT_fork) {
338	xvfork_parent_waits_and_exits();
339	/* Child continues */
340	}
341
342	if (opts & OPT_map_root) {
343	char uidmap_buf[sizeof("%u 0 1") + sizeof(int)*3];
344
345	/*
346	* Since Linux 3.19 unprivileged writing of /proc/self/gid_map
347	* has been disabled unless /proc/self/setgroups is written
348	* first to permanently disable the ability to call setgroups
349	* in that user namespace.
350	*/
351	xopen_xwrite_close(PATH_PROC_SETGROUPS, "deny");
352	sprintf(uidmap_buf, "%u 0 1", (unsigned)reuid);
353	xopen_xwrite_close(PATH_PROC_UIDMAP, uidmap_buf);
354	sprintf(uidmap_buf, "%u 0 1", (unsigned)regid);
355	xopen_xwrite_close(PATH_PROC_GIDMAP, uidmap_buf);
356	} else
357	if (setgrp_str) {
358	/* Write "allow" or "deny" */
359	xopen_xwrite_close(PATH_PROC_SETGROUPS, setgrp_str);
360	}
361
362	if (opts & OPT_mount) {
363	mount_or_die("none", "/", NULL, prop_flags);
364	}
365
366	if (opts & OPT_mount_proc) {
367	/*
368	* When creating a new pid namespace, we might want the pid
369	* subdirectories in /proc to remain consistent with the new
370	* process IDs. Without --mount-proc the pids in /proc would
371	* still reflect the old pid namespace. This is why we make
372	* /proc private here and then do a fresh mount.
373	*/
374	mount_or_die("none", proc_mnt_target, NULL, MS_PRIVATE \| MS_REC);
375	mount_or_die("proc", proc_mnt_target, "proc", MS_NOSUID \| MS_NOEXEC \| MS_NODEV);
376	}
377
378	exec_prog_or_SHELL(argv);
379	}
380