redox/programs/contain/src/main.rs

extern crate syscall;

use std::os::unix::process::CommandExt;
use std::process::Command;

pub fn main() {
    let names = [
        "file",
        "rand",
        "tcp",
        "udp"
    ];

    let command = "sh";

    let pid = unsafe { syscall::clone(0).unwrap() };
    if pid == 0 {
        let mut name_ptrs = Vec::new();
        for name in names.iter() {
            name_ptrs.push([name.as_ptr() as usize, name.len()]);
        }

        syscall::setns(&name_ptrs).unwrap();

        println!("Container enter: {}", command);

        let err = Command::new(command).exec();

        panic!("contain: failed to launch {}: {}", command, err);
    } else {
        let mut status = 0;
        syscall::waitpid(pid, &mut status, 0).unwrap();

        loop {
            let mut c_status = 0;
            let c_pid = syscall::waitpid(0, &mut c_status, syscall::WNOHANG).unwrap();
            if c_pid == 0 {
                break;
            } else {
                println!("Container zombie {}: {:X}", c_pid, c_status);
            }
        }

        println!("Container exited: {:X}", status);
    }
}
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00			`extern crate syscall;`

Add signal support - exit on signal 2016-11-17 20:12:02 +01:00			`use std::os::unix::process::CommandExt;`
			`use std::process::Command;`
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00
			`pub fn main() {`
Add signal support - exit on signal 2016-11-17 20:12:02 +01:00			`let names = [`
			`"file",`
			`"rand",`
			`"tcp",`
			`"udp"`
			`];`

			`let command = "sh";`

More advanced setns syscall 2016-11-17 06:14:02 +01:00			`let pid = unsafe { syscall::clone(0).unwrap() };`
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00			`if pid == 0 {`
Add signal support - exit on signal 2016-11-17 20:12:02 +01:00			`let mut name_ptrs = Vec::new();`
			`for name in names.iter() {`
			`name_ptrs.push([name.as_ptr() as usize, name.len()]);`
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00			`}`
More advanced setns syscall 2016-11-17 06:14:02 +01:00
Add signal support - exit on signal 2016-11-17 20:12:02 +01:00			`syscall::setns(&name_ptrs).unwrap();`
More advanced setns syscall 2016-11-17 06:14:02 +01:00
Cleanup zombies in container - show scheme namespace in context list 2016-11-17 20:24:46 +01:00			`println!("Container enter: {}", command);`
More advanced setns syscall 2016-11-17 06:14:02 +01:00
Add signal support - exit on signal 2016-11-17 20:12:02 +01:00			`let err = Command::new(command).exec();`

			`panic!("contain: failed to launch {}: {}", command, err);`
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00			`} else {`
			`let mut status = 0;`
			`syscall::waitpid(pid, &mut status, 0).unwrap();`

Cleanup zombies in container - show scheme namespace in context list 2016-11-17 20:24:46 +01:00			`loop {`
			`let mut c_status = 0;`
			`let c_pid = syscall::waitpid(0, &mut c_status, syscall::WNOHANG).unwrap();`
			`if c_pid == 0 {`
			`break;`
			`} else {`
			`println!("Container zombie {}: {:X}", c_pid, c_status);`
			`}`
			`}`

			`println!("Container exited: {:X}", status);`
Add ability to contain a process in a scheme sandbox 2016-11-17 04:54:38 +01:00			`}`
			`}`