instance, ujail: remove "-P <path>" option
authorEtienne CHAMPETIER <champetier.etienne@gmail.com>
Mon, 30 Nov 2015 23:09:21 +0000 (23:09 +0000)
committerJohn Crispin <blogic@openwrt.org>
Fri, 11 Dec 2015 10:59:36 +0000 (11:59 +0100)
we can now launch multiple time the same
ujail command without conflict

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
jail/jail.c
service/instance.c
service/instance.h

index 5c995e5b21d0000d08d3c580afce1eabd5f6109e..25ad4d7fef9902d2da9d19c7912bbbd286951850 100644 (file)
 #include <libubox/uloop.h>
 
 #define STACK_SIZE     (1024 * 1024)
-#define OPT_ARGS       "P:S:C:n:r:w:d:psulo"
+#define OPT_ARGS       "S:C:n:r:w:d:psulo"
 
 static struct {
-       char *path;
        char *name;
        char **jail_argv;
        char *seccomp;
@@ -122,12 +121,18 @@ int mount_bind(const char *root, const char *path, int readonly, int error)
 
 static int build_jail_fs(void)
 {
-       if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
+       char jail_root[] = "/tmp/ujail-XXXXXX";
+       if (mkdtemp(jail_root) == NULL) {
+               ERROR("mkdtemp(jail_root) failed: %s\n", strerror(errno));
+               return -1;
+       }
+
+       if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) {
                ERROR("tmpfs mount failed %s\n", strerror(errno));
                return -1;
        }
 
-       if (chdir(opts.path)) {
+       if (chdir(jail_root)) {
                ERROR("failed to chdir() in the jail root\n");
                return -1;
        }
@@ -142,25 +147,25 @@ static int build_jail_fs(void)
                return -1;
        }
 
-       if (mount_all(opts.path)) {
+       if (mount_all(jail_root)) {
                ERROR("mount_all() failed\n");
                return -1;
        }
 
-       char *mpoint;
-       if (asprintf(&mpoint, "%s/old", opts.path) < 0) {
-               ERROR("failed to alloc pivot path: %s\n", strerror(errno));
-               return -1;
-       }
-       mkdir_p(mpoint, 0755);
-       if (pivot_root(opts.path, mpoint) == -1) {
-               ERROR("pivot_root failed:%s\n", strerror(errno));
-               free(mpoint);
+       char dirbuf[sizeof(jail_root) + 4];
+       snprintf(dirbuf, sizeof(dirbuf), "%s/old", jail_root);
+       mkdir(dirbuf, 0755);
+
+       if (pivot_root(jail_root, dirbuf) == -1) {
+               ERROR("pivot_root failed: %s\n", strerror(errno));
                return -1;
        }
-       free(mpoint);
+
+       snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root);
+       rmdir(dirbuf);
        umount2("/old", MNT_DETACH);
        rmdir("/old");
+
        if (opts.procfs) {
                mkdir("/proc", 0755);
                mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
@@ -209,7 +214,6 @@ static void usage(void)
        fprintf(stderr, "  -C <file>\tcapabilities drop config\n");
        fprintf(stderr, "  -n <name>\tthe name of the jail\n");
        fprintf(stderr, "namespace jail options:\n");
-       fprintf(stderr, "  -P <path>\tpath where the jail will be staged\n");
        fprintf(stderr, "  -r <file>\treadonly files that should be staged\n");
        fprintf(stderr, "  -w <file>\twriteable files that should be staged\n");
        fprintf(stderr, "  -p\t\tjail has /proc\n");
@@ -281,7 +285,6 @@ int main(int argc, char **argv)
        uid_t uid = getuid();
        char log[] = "/dev/log";
        char ubus[] = "/var/run/ubus.sock";
-       int ret = EXIT_SUCCESS;
        int ch;
 
        if (uid) {
@@ -318,10 +321,6 @@ int main(int argc, char **argv)
                        opts.capabilities = optarg;
                        add_mount(optarg, 1, -1);
                        break;
-               case 'P':
-                       opts.namespace = 1;
-                       opts.path = optarg;
-                       break;
                case 'n':
                        opts.name = optarg;
                        break;
@@ -364,16 +363,6 @@ int main(int argc, char **argv)
        if (opts.name)
                prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL);
 
-       if (opts.namespace && !opts.path && asprintf(&opts.path, "/tmp/%s", basename(*opts.jail_argv)) == -1) {
-               ERROR("failed to asprintf root path: %s\n", strerror(errno));
-               return EXIT_FAILURE;
-       }
-
-       if (opts.namespace && mkdir(opts.path, 0755)) {
-               ERROR("unable to create root path: %s (%s)\n", opts.path, strerror(errno));
-               return EXIT_FAILURE;
-       }
-
        uloop_init();
        if (opts.namespace) {
                jail_process.pid = clone(spawn_jail,
@@ -393,21 +382,12 @@ int main(int argc, char **argv)
                        kill(jail_process.pid, SIGTERM);
                        waitpid(jail_process.pid, NULL, 0);
                }
+               return jail_return_code;
        } else if (jail_process.pid == 0) {
                /* fork child process */
                return exec_jail();
        } else {
                ERROR("failed to clone/fork: %s\n", strerror(errno));
-               ret = EXIT_FAILURE;
-       }
-
-       if (opts.namespace && rmdir(opts.path)) {
-               ERROR("Unable to remove root path: %s (%s)\n", opts.path, strerror(errno));
-               ret = EXIT_FAILURE;
+               return EXIT_FAILURE;
        }
-
-       if (ret)
-               return ret;
-
-       return jail_return_code;
 }
index 40ff021fcc1ce48fbed24fdab718cf88436fbed3..c478d4b982bfdf997e8a63526178b1be2bc62d30 100644 (file)
@@ -77,7 +77,6 @@ static const struct blobmsg_policy instance_attr[__INSTANCE_ATTR_MAX] = {
 
 enum {
        JAIL_ATTR_NAME,
-       JAIL_ATTR_ROOT,
        JAIL_ATTR_PROCFS,
        JAIL_ATTR_SYSFS,
        JAIL_ATTR_UBUS,
@@ -88,7 +87,6 @@ enum {
 
 static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = {
        [JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
-       [JAIL_ATTR_ROOT] = { "root", BLOBMSG_TYPE_STRING },
        [JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL },
        [JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL },
        [JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL },
@@ -183,11 +181,6 @@ jail_run(struct service_instance *in, char **argv)
                argv[argc++] = jail->name;
        }
 
-       if (jail->root) {
-               argv[argc++] = "-P";
-               argv[argc++] = jail->root;
-       }
-
        if (in->seccomp) {
                argv[argc++] = "-S";
                argv[argc++] = in->seccomp;
@@ -646,10 +639,6 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
                jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
                jail->argc += 2;
        }
-       if (tb[JAIL_ATTR_ROOT]) {
-               jail->root = blobmsg_get_string(tb[JAIL_ATTR_ROOT]);
-               jail->argc += 2;
-       }
        if (tb[JAIL_ATTR_PROCFS]) {
                jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]);
                jail->argc++;
@@ -950,8 +939,6 @@ void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose)
                void *r = blobmsg_open_table(b, "jail");
                if (in->jail.name)
                        blobmsg_add_string(b, "name", in->jail.name);
-               if (in->jail.root)
-                       blobmsg_add_string(b, "root", in->jail.root);
                blobmsg_add_u8(b, "procfs", in->jail.procfs);
                blobmsg_add_u8(b, "sysfs", in->jail.sysfs);
                blobmsg_add_u8(b, "ubus", in->jail.ubus);
index 3fb33e9b1cd7891018ae9e1f3f8b13bde6018ae7..5a768418fc5cd38abcabedb808648f1682f6dd87 100644 (file)
@@ -28,7 +28,6 @@ struct jail {
        bool ubus;
        bool log;
        char *name;
-       char *root;
        struct blobmsg_list mount;
        int argc;
 };