diff mbox

[OpenWrt-Devel,procd,3/9] instance, ujail: remove "-P <path>" option

Message ID 1448924967-63976-4-git-send-email-champetier.etienne@gmail.com
State Accepted
Headers show

Commit Message

Etienne Champetier Nov. 30, 2015, 11:09 p.m. UTC
we can now launch multiple time the same
ujail command without conflict

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
---
 jail/jail.c        | 64 +++++++++++++++++++-----------------------------------
 service/instance.c | 13 -----------
 service/instance.h |  1 -
 3 files changed, 22 insertions(+), 56 deletions(-)
diff mbox

Patch

diff --git a/jail/jail.c b/jail/jail.c
index 5c995e5..25ad4d7 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -35,10 +35,9 @@ 
 #include <libubox/uloop.h>
 
 #define STACK_SIZE	(1024 * 1024)
-#define OPT_ARGS	"P:S:C:n:r:w:d:psulo"
+#define OPT_ARGS	"S:C:n:r:w:d:psulo"
 
 static struct {
-	char *path;
 	char *name;
 	char **jail_argv;
 	char *seccomp;
@@ -122,12 +121,18 @@  int mount_bind(const char *root, const char *path, int readonly, int error)
 
 static int build_jail_fs(void)
 {
-	if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
+	char jail_root[] = "/tmp/ujail-XXXXXX";
+	if (mkdtemp(jail_root) == NULL) {
+		ERROR("mkdtemp(jail_root) failed: %s\n", strerror(errno));
+		return -1;
+	}
+
+	if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) {
 		ERROR("tmpfs mount failed %s\n", strerror(errno));
 		return -1;
 	}
 
-	if (chdir(opts.path)) {
+	if (chdir(jail_root)) {
 		ERROR("failed to chdir() in the jail root\n");
 		return -1;
 	}
@@ -142,25 +147,25 @@  static int build_jail_fs(void)
 		return -1;
 	}
 
-	if (mount_all(opts.path)) {
+	if (mount_all(jail_root)) {
 		ERROR("mount_all() failed\n");
 		return -1;
 	}
 
-	char *mpoint;
-	if (asprintf(&mpoint, "%s/old", opts.path) < 0) {
-		ERROR("failed to alloc pivot path: %s\n", strerror(errno));
-		return -1;
-	}
-	mkdir_p(mpoint, 0755);
-	if (pivot_root(opts.path, mpoint) == -1) {
-		ERROR("pivot_root failed:%s\n", strerror(errno));
-		free(mpoint);
+	char dirbuf[sizeof(jail_root) + 4];
+	snprintf(dirbuf, sizeof(dirbuf), "%s/old", jail_root);
+	mkdir(dirbuf, 0755);
+
+	if (pivot_root(jail_root, dirbuf) == -1) {
+		ERROR("pivot_root failed: %s\n", strerror(errno));
 		return -1;
 	}
-	free(mpoint);
+
+	snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root);
+	rmdir(dirbuf);
 	umount2("/old", MNT_DETACH);
 	rmdir("/old");
+
 	if (opts.procfs) {
 		mkdir("/proc", 0755);
 		mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0);
@@ -209,7 +214,6 @@  static void usage(void)
 	fprintf(stderr, "  -C <file>\tcapabilities drop config\n");
 	fprintf(stderr, "  -n <name>\tthe name of the jail\n");
 	fprintf(stderr, "namespace jail options:\n");
-	fprintf(stderr, "  -P <path>\tpath where the jail will be staged\n");
 	fprintf(stderr, "  -r <file>\treadonly files that should be staged\n");
 	fprintf(stderr, "  -w <file>\twriteable files that should be staged\n");
 	fprintf(stderr, "  -p\t\tjail has /proc\n");
@@ -281,7 +285,6 @@  int main(int argc, char **argv)
 	uid_t uid = getuid();
 	char log[] = "/dev/log";
 	char ubus[] = "/var/run/ubus.sock";
-	int ret = EXIT_SUCCESS;
 	int ch;
 
 	if (uid) {
@@ -318,10 +321,6 @@  int main(int argc, char **argv)
 			opts.capabilities = optarg;
 			add_mount(optarg, 1, -1);
 			break;
-		case 'P':
-			opts.namespace = 1;
-			opts.path = optarg;
-			break;
 		case 'n':
 			opts.name = optarg;
 			break;
@@ -364,16 +363,6 @@  int main(int argc, char **argv)
 	if (opts.name)
 		prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL);
 
-	if (opts.namespace && !opts.path && asprintf(&opts.path, "/tmp/%s", basename(*opts.jail_argv)) == -1) {
-		ERROR("failed to asprintf root path: %s\n", strerror(errno));
-		return EXIT_FAILURE;
-	}
-
-	if (opts.namespace && mkdir(opts.path, 0755)) {
-		ERROR("unable to create root path: %s (%s)\n", opts.path, strerror(errno));
-		return EXIT_FAILURE;
-	}
-
 	uloop_init();
 	if (opts.namespace) {
 		jail_process.pid = clone(spawn_jail,
@@ -393,21 +382,12 @@  int main(int argc, char **argv)
 			kill(jail_process.pid, SIGTERM);
 			waitpid(jail_process.pid, NULL, 0);
 		}
+		return jail_return_code;
 	} else if (jail_process.pid == 0) {
 		/* fork child process */
 		return exec_jail();
 	} else {
 		ERROR("failed to clone/fork: %s\n", strerror(errno));
-		ret = EXIT_FAILURE;
-	}
-
-	if (opts.namespace && rmdir(opts.path)) {
-		ERROR("Unable to remove root path: %s (%s)\n", opts.path, strerror(errno));
-		ret = EXIT_FAILURE;
+		return EXIT_FAILURE;
 	}
-
-	if (ret)
-		return ret;
-
-	return jail_return_code;
 }
diff --git a/service/instance.c b/service/instance.c
index 40ff021..c478d4b 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -77,7 +77,6 @@  static const struct blobmsg_policy instance_attr[__INSTANCE_ATTR_MAX] = {
 
 enum {
 	JAIL_ATTR_NAME,
-	JAIL_ATTR_ROOT,
 	JAIL_ATTR_PROCFS,
 	JAIL_ATTR_SYSFS,
 	JAIL_ATTR_UBUS,
@@ -88,7 +87,6 @@  enum {
 
 static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = {
 	[JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
-	[JAIL_ATTR_ROOT] = { "root", BLOBMSG_TYPE_STRING },
 	[JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL },
 	[JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL },
 	[JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL },
@@ -183,11 +181,6 @@  jail_run(struct service_instance *in, char **argv)
 		argv[argc++] = jail->name;
 	}
 
-	if (jail->root) {
-		argv[argc++] = "-P";
-		argv[argc++] = jail->root;
-	}
-
 	if (in->seccomp) {
 		argv[argc++] = "-S";
 		argv[argc++] = in->seccomp;
@@ -646,10 +639,6 @@  instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
 		jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
 		jail->argc += 2;
 	}
-	if (tb[JAIL_ATTR_ROOT]) {
-		jail->root = blobmsg_get_string(tb[JAIL_ATTR_ROOT]);
-		jail->argc += 2;
-	}
 	if (tb[JAIL_ATTR_PROCFS]) {
 		jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]);
 		jail->argc++;
@@ -950,8 +939,6 @@  void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose)
 		void *r = blobmsg_open_table(b, "jail");
 		if (in->jail.name)
 			blobmsg_add_string(b, "name", in->jail.name);
-		if (in->jail.root)
-			blobmsg_add_string(b, "root", in->jail.root);
 		blobmsg_add_u8(b, "procfs", in->jail.procfs);
 		blobmsg_add_u8(b, "sysfs", in->jail.sysfs);
 		blobmsg_add_u8(b, "ubus", in->jail.ubus);
diff --git a/service/instance.h b/service/instance.h
index 3fb33e9..5a76841 100644
--- a/service/instance.h
+++ b/service/instance.h
@@ -28,7 +28,6 @@  struct jail {
 	bool ubus;
 	bool log;
 	char *name;
-	char *root;
 	struct blobmsg_list mount;
 	int argc;
 };