2016-11-17 04:54:38 +01:00
|
|
|
extern crate syscall;
|
|
|
|
|
|
2016-11-26 04:42:46 +01:00
|
|
|
use syscall::scheme::Scheme;
|
|
|
|
|
|
2016-11-26 19:05:11 +01:00
|
|
|
use std::{env, fs,thread};
|
|
|
|
|
use std::io::{stderr, Write};
|
2016-11-17 20:12:02 +01:00
|
|
|
use std::os::unix::process::CommandExt;
|
2016-11-26 19:05:11 +01:00
|
|
|
use std::path::Path;
|
|
|
|
|
use std::process::{self, Command};
|
2016-11-17 04:54:38 +01:00
|
|
|
|
2016-11-26 04:42:46 +01:00
|
|
|
use self::chroot::ChrootScheme;
|
|
|
|
|
|
|
|
|
|
mod chroot;
|
|
|
|
|
|
2016-11-26 19:05:11 +01:00
|
|
|
fn usage() -> ! {
|
2017-01-10 18:00:07 +01:00
|
|
|
write!(stderr(), "contain root cmd args..\n").unwrap();
|
2016-11-26 19:05:11 +01:00
|
|
|
process::exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn enter(root: &Path, cmd: &str, args: &[String]) {
|
|
|
|
|
let names = [
|
2016-11-17 20:12:02 +01:00
|
|
|
"rand",
|
|
|
|
|
"tcp",
|
|
|
|
|
"udp"
|
|
|
|
|
];
|
2016-11-26 02:24:38 +01:00
|
|
|
|
2016-11-25 20:09:54 +01:00
|
|
|
let mut name_ptrs = Vec::new();
|
|
|
|
|
for name in names.iter() {
|
|
|
|
|
name_ptrs.push([name.as_ptr() as usize, name.len()]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let new_ns = syscall::mkns(&name_ptrs).unwrap();
|
|
|
|
|
|
2016-11-26 19:05:11 +01:00
|
|
|
let root_canon = fs::canonicalize(root).unwrap();
|
|
|
|
|
let root_thread = thread::spawn(move || {
|
|
|
|
|
syscall::setrens(-1isize as usize, new_ns).unwrap();
|
|
|
|
|
let scheme_fd = syscall::open(":file", syscall::O_CREAT | syscall::O_RDWR | syscall::O_CLOEXEC).unwrap();
|
|
|
|
|
syscall::setrens(-1isize as usize, syscall::getns().unwrap()).unwrap();
|
|
|
|
|
|
|
|
|
|
let chroot_scheme = ChrootScheme::new(root_canon);
|
|
|
|
|
loop {
|
|
|
|
|
let mut packet = syscall::Packet::default();
|
|
|
|
|
if syscall::read(scheme_fd, &mut packet).unwrap() == 0 {
|
|
|
|
|
break;
|
2016-11-26 02:24:38 +01:00
|
|
|
}
|
2016-11-26 19:05:11 +01:00
|
|
|
chroot_scheme.handle(&mut packet);
|
|
|
|
|
syscall::write(scheme_fd, &packet).unwrap();
|
|
|
|
|
}
|
2016-11-26 02:24:38 +01:00
|
|
|
|
2016-11-26 19:05:11 +01:00
|
|
|
let _ = syscall::close(scheme_fd);
|
|
|
|
|
});
|
2016-11-26 02:24:38 +01:00
|
|
|
|
2016-11-17 06:14:02 +01:00
|
|
|
let pid = unsafe { syscall::clone(0).unwrap() };
|
2016-11-17 04:54:38 +01:00
|
|
|
if pid == 0 {
|
2016-11-25 20:09:54 +01:00
|
|
|
syscall::setrens(new_ns, new_ns).unwrap();
|
2016-11-17 06:14:02 +01:00
|
|
|
|
2016-11-25 23:42:26 +01:00
|
|
|
println!("Container {}: enter: {}", new_ns, cmd);
|
|
|
|
|
|
|
|
|
|
let mut command = Command::new(&cmd);
|
|
|
|
|
for arg in args {
|
|
|
|
|
command.arg(&arg);
|
|
|
|
|
}
|
2016-11-26 04:42:46 +01:00
|
|
|
command.current_dir("/");
|
2016-11-17 06:14:02 +01:00
|
|
|
|
2016-11-25 23:42:26 +01:00
|
|
|
let err = command.exec();
|
2016-11-17 20:12:02 +01:00
|
|
|
|
2016-11-25 23:42:26 +01:00
|
|
|
panic!("contain: failed to launch {}: {}", cmd, err);
|
2016-11-17 04:54:38 +01:00
|
|
|
} else {
|
|
|
|
|
let mut status = 0;
|
|
|
|
|
syscall::waitpid(pid, &mut status, 0).unwrap();
|
|
|
|
|
|
2016-11-17 20:24:46 +01:00
|
|
|
loop {
|
|
|
|
|
let mut c_status = 0;
|
|
|
|
|
let c_pid = syscall::waitpid(0, &mut c_status, syscall::WNOHANG).unwrap();
|
|
|
|
|
if c_pid == 0 {
|
|
|
|
|
break;
|
|
|
|
|
} else {
|
|
|
|
|
println!("Container zombie {}: {:X}", c_pid, c_status);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-25 20:09:54 +01:00
|
|
|
println!("Container {}: exit: {:X}", new_ns, status);
|
2016-11-17 04:54:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
2016-11-26 19:05:11 +01:00
|
|
|
|
|
|
|
|
pub fn main() {
|
|
|
|
|
let mut args = env::args().skip(1);
|
|
|
|
|
|
2017-01-10 18:00:07 +01:00
|
|
|
if let Some(root) = args.next() {
|
|
|
|
|
let cmd = args.next().unwrap_or(env::var("SHELL").unwrap_or("sh".to_string()));
|
|
|
|
|
let args: Vec<String> = args.collect();
|
|
|
|
|
enter(Path::new(&root), &cmd, &args);
|
2016-11-26 19:05:11 +01:00
|
|
|
} else {
|
|
|
|
|
usage();
|
|
|
|
|
}
|
|
|
|
|
}
|
