bunpen: implement (but disable) setns and pidfd_open syscalls
i thought i could use this to drop into a new PID NS, and then return back, but it is not so simple; i think one cannot setns into a PID NS unless you're owner of that namespace (i.e. CAP_SYS_ADMIN for the user ns which created that pid ns ...? so it works *sometimes*, but not in the times where i'd actually want it
This commit is contained in:
@@ -1,6 +1,9 @@
|
||||
// vim: set shiftwidth=2 :
|
||||
use rt;
|
||||
|
||||
// hare defines this for riscv and aarch64, but not x86
|
||||
// const __NR_pidfd_open: u64 = 434;
|
||||
|
||||
// for use with `setns`, `unshare`, `clone` syscalls
|
||||
export type clone_flag = enum u64 {
|
||||
// new time namespace. calling process is NOT moved into the namespace.
|
||||
@@ -34,10 +37,19 @@ export type clone_flag = enum u64 {
|
||||
// union of `clone_flag`
|
||||
export type clone_flags = u64;
|
||||
|
||||
// export fn setns(ns_fd: i32, nstype: i32) (rt::errno | u64) = {
|
||||
// return syscall(rt::SYS_setns, ns_fd: u64, nstype: u64);
|
||||
// };
|
||||
|
||||
export fn unshare(flags: clone_flags) (void | rt::errno) = {
|
||||
return syscall_0_on_success(rt::SYS_unshare, flags);
|
||||
};
|
||||
|
||||
// // ns_fd can come from `open("/proc/$PID/ns/<ns>")` OR
|
||||
// // `pidfd_open(PID, flags)`
|
||||
// export fn setns(ns_fd: u64, nstype: clone_flags) (rt::errno | void) = {
|
||||
// return syscall_0_on_success(rt::SYS_setns, ns_fd: u64, nstype: u64);
|
||||
// };
|
||||
//
|
||||
// // return a file descriptor that represents the PID namespace of the given process.
|
||||
// // this can be used with `setns`.
|
||||
// // the CLOSE_ON_EXEC flag is implicitly set.
|
||||
// export fn pidfd_open(pid: rt::pid_t, flags: u64 = 0) (rt::errno | u64) = {
|
||||
// return syscall(__NR_pidfd_open, pid: u64, flags);
|
||||
// };
|
||||
|
Reference in New Issue
Block a user