Mercurial > hg > toybox
changeset 1031:0d0c01ac5c63 draft
PID and UID namespaces for unshare, pointed out by heehooman@gmail.com.
| author | Rob Landley <rob@landley.net> |
|---|---|
| date | Thu, 29 Aug 2013 17:55:46 -0500 |
| parents | 9686469a857a |
| children | 40d0c96a8e89 |
| files | toys/other/unshare.c |
| diffstat | 1 files changed, 7 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/toys/other/unshare.c Tue Aug 27 23:48:54 2013 -0500 +++ b/toys/other/unshare.c Thu Aug 29 17:55:46 2013 -0500 @@ -2,7 +2,7 @@ * * Copyright 2011 Rob Landley <rob@landley.net> -USE_UNSHARE(NEWTOY(unshare, "<1^nium", TOYFLAG_USR|TOYFLAG_BIN)) +USE_UNSHARE(NEWTOY(unshare, "<1^niumpU", TOYFLAG_USR|TOYFLAG_BIN)) config UNSHARE bool "unshare" @@ -15,10 +15,12 @@ attribute is not shared with the parent process. This is part of Linux Containers. Each process can have its own: + -i SysV IPC (message queues, semaphores, shared memory) -m Mount/unmount tree + -n Network address, sockets, routing, iptables + -p Process IDs and init -u Host and domain names - -i SysV IPC (message queues, semaphores, shared memory) - -n Network address, sockets, routing, iptables + -U UIDs, GIDs, capabilities */ #include "toys.h" @@ -27,7 +29,8 @@ void unshare_main(void) { - unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, 0}; + unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, + CLONE_NEWPID, CLONE_NEWUSER, 0}; unsigned f=0; int i;