On Tue, 4 Apr 2023 11:46:30 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:Give nstool the ability to detect what namespaces the target process is in, relative to where it's called. That is, those namespace types for which the target is not in the same namespace as the caller. For now, just print this information with "info", which can be useful for debugging. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- test/nstool.c | 154 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 140 insertions(+), 14 deletions(-) diff --git a/test/nstool.c b/test/nstool.c index 2cb4fb3..428c9c4 100644 --- a/test/nstool.c +++ b/test/nstool.c @@ -15,8 +15,13 @@ #include <errno.h> #include <unistd.h> #include <getopt.h> +#include <stdarg.h> #include <sys/socket.h> #include <linux/un.h> +#include <linux/limits.h> +#include <sched.h> + +#define ARRAY_SIZE(a) ((int)(sizeof(a) / sizeof((a)[0]))) #define die(...) \ do { \ @@ -24,6 +29,28 @@ exit(1); \ } while (0) +struct ns_type { + int flag; + const char *name; +}; + +const struct ns_type nstypes[] = { + { CLONE_NEWCGROUP, "cgroup" }, + { CLONE_NEWIPC, "ipc" }, + { CLONE_NEWNET, "net" }, + { CLONE_NEWNS, "mnt" }, + { CLONE_NEWPID, "pid" }, + { CLONE_NEWTIME, "time" }, + { CLONE_NEWUSER, "user" }, + { CLONE_NEWUTS, "uts" }, +}; + +struct holder_info { + pid_t pid; + uid_t uid; + gid_t gid; +}; + static void usage(void) { die("Usage:\n" @@ -41,12 +68,16 @@ static void usage(void) " terminate.\n"); } -static int connect_ctl(const char * sockpath, bool wait) +static int connect_ctl(const char *sockpath, bool wait, + struct holder_info *info, + struct ucred *peercred) { int fd = socket(AF_UNIX, SOCK_STREAM, PF_UNIX); struct sockaddr_un addr = { .sun_family = AF_UNIX, }; + struct holder_info discard; + ssize_t len; int rc; if (fd < 0) @@ -61,6 +92,25 @@ static int connect_ctl(const char * sockpath, bool wait) die("connect() to %s: %s\n", sockpath, strerror(errno)); } while (rc < 0); + if (!info) + info = &discard;As you close the socket anyway moments later, I wonder if it wouldn't be doable (and more natural) to just do: if (info) { len = read(fd, info, sizeof(*info)); ... } if (peercred) { ... } ...but maybe it adds unnecessary complication to 7/14 (or perhaps the magic is not really part of 'info'?). -- Stefano