Mercurial > hg > toybox
comparison toys/other/unshare.c @ 1031:0d0c01ac5c63 draft
PID and UID namespaces for unshare, pointed out by heehooman@gmail.com.
| author | Rob Landley <rob@landley.net> |
|---|---|
| date | Thu, 29 Aug 2013 17:55:46 -0500 |
| parents | 144d5ba7d410 |
| children | 33b3b5f9e6c6 |
comparison
equal
deleted
inserted
replaced
| 1030:9686469a857a | 1031:0d0c01ac5c63 |
|---|---|
| 1 /* unshare.c - run command in new context | 1 /* unshare.c - run command in new context |
| 2 * | 2 * |
| 3 * Copyright 2011 Rob Landley <rob@landley.net> | 3 * Copyright 2011 Rob Landley <rob@landley.net> |
| 4 | 4 |
| 5 USE_UNSHARE(NEWTOY(unshare, "<1^nium", TOYFLAG_USR|TOYFLAG_BIN)) | 5 USE_UNSHARE(NEWTOY(unshare, "<1^niumpU", TOYFLAG_USR|TOYFLAG_BIN)) |
| 6 | 6 |
| 7 config UNSHARE | 7 config UNSHARE |
| 8 bool "unshare" | 8 bool "unshare" |
| 9 default y | 9 default y |
| 10 depends on TOYBOX_CONTAINER | 10 depends on TOYBOX_CONTAINER |
| 13 | 13 |
| 14 Create new namespace(s) for this process and its children, so some | 14 Create new namespace(s) for this process and its children, so some |
| 15 attribute is not shared with the parent process. This is part of | 15 attribute is not shared with the parent process. This is part of |
| 16 Linux Containers. Each process can have its own: | 16 Linux Containers. Each process can have its own: |
| 17 | 17 |
| 18 -i SysV IPC (message queues, semaphores, shared memory) | |
| 18 -m Mount/unmount tree | 19 -m Mount/unmount tree |
| 20 -n Network address, sockets, routing, iptables | |
| 21 -p Process IDs and init | |
| 19 -u Host and domain names | 22 -u Host and domain names |
| 20 -i SysV IPC (message queues, semaphores, shared memory) | 23 -U UIDs, GIDs, capabilities |
| 21 -n Network address, sockets, routing, iptables | |
| 22 */ | 24 */ |
| 23 | 25 |
| 24 #include "toys.h" | 26 #include "toys.h" |
| 25 #include <linux/sched.h> | 27 #include <linux/sched.h> |
| 26 extern int unshare (int __flags); | 28 extern int unshare (int __flags); |
| 27 | 29 |
| 28 void unshare_main(void) | 30 void unshare_main(void) |
| 29 { | 31 { |
| 30 unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, 0}; | 32 unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, |
| 33 CLONE_NEWPID, CLONE_NEWUSER, 0}; | |
| 31 unsigned f=0; | 34 unsigned f=0; |
| 32 int i; | 35 int i; |
| 33 | 36 |
| 34 for (i=0; flags[i]; i++) if (toys.optflags & (1<<i)) f |= flags[i]; | 37 for (i=0; flags[i]; i++) if (toys.optflags & (1<<i)) f |= flags[i]; |
| 35 | 38 |