[Libct] [PATCH 3/7] ct: all function to execute smth in CT take a process descriptor
Andrey Vagin
avagin at openvz.org
Thu Oct 30 01:55:10 PDT 2014
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
src/ct.c | 13 ++++----
src/include/ct.h | 9 ++---
src/include/process.h | 15 +++++++++
src/include/uapi/libct.h | 33 ++++++++++--------
src/libct.c | 68 ++++++++++++++++++++++++++-----------
src/process.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 182 insertions(+), 43 deletions(-)
diff --git a/src/ct.c b/src/ct.c
index 1976ceb..11abd6a 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -89,6 +89,7 @@ struct ct_clone_arg {
int (*cb)(void *);
void *arg;
struct container *ct;
+ struct process_desc *p;
int child_wait_pipe[2];
int parent_wait_pipe[2];
};
@@ -317,7 +318,7 @@ err:
return exit_code;
}
-static int local_spawn_cb(ct_handler_t h, int (*cb)(void *), void *arg)
+static int local_spawn_cb(ct_handler_t h, ct_process_desc_t ph, int (*cb)(void *), void *arg)
{
struct container *ct = cth2ct(h);
int ret = -1, pid, aux;
@@ -434,7 +435,7 @@ err:
return -1;
}
-static int local_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+static int local_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds)
{
struct execv_args ea;
@@ -443,10 +444,10 @@ static int local_spawn_execve(ct_handler_t ct, char *path, char **argv, char **e
ea.env = env;
ea.fds = fds;
- return local_spawn_cb(ct, ct_execv, &ea);
+ return local_spawn_cb(ct, pr, ct_execv, &ea);
}
-static int local_enter_cb(ct_handler_t h, int (*cb)(void *), void *arg)
+static int local_enter_cb(ct_handler_t h, ct_process_desc_t ph, int (*cb)(void *), void *arg)
{
struct container *ct = cth2ct(h);
int aux = -1, pid;
@@ -503,7 +504,7 @@ static int local_enter_cb(ct_handler_t h, int (*cb)(void *), void *arg)
return pid;
}
-static int local_enter_execve(ct_handler_t h, char *path, char **argv, char **env, int *fds)
+static int local_enter_execve(ct_handler_t h, ct_process_desc_t p, char *path, char **argv, char **env, int *fds)
{
struct execv_args ea = {};
@@ -512,7 +513,7 @@ static int local_enter_execve(ct_handler_t h, char *path, char **argv, char **en
ea.env = env;
ea.fds = fds;
- return local_enter_cb(h, ct_execv, &ea);
+ return local_enter_cb(h, p, ct_execv, &ea);
}
static int local_ct_kill(ct_handler_t h)
diff --git a/src/include/ct.h b/src/include/ct.h
index ebb653c..b08c0aa 100644
--- a/src/include/ct.h
+++ b/src/include/ct.h
@@ -9,12 +9,13 @@
#include "fs.h"
#include "net.h"
+#include "process.h"
struct container_ops {
- int (*spawn_cb)(ct_handler_t h, int (*cb)(void *), void *arg);
- int (*spawn_execve)(ct_handler_t, char *path, char **argv, char **env, int *fds);
- int (*enter_cb)(ct_handler_t h, int (*cb)(void *), void *arg);
- int (*enter_execve)(ct_handler_t h, char *path, char **argv, char **env, int *fds);
+ int (*spawn_cb)(ct_handler_t h, ct_process_desc_t p, int (*cb)(void *), void *arg);
+ int (*spawn_execve)(ct_handler_t, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
+ int (*enter_cb)(ct_handler_t h, ct_process_desc_t p, int (*cb)(void *), void *arg);
+ int (*enter_execve)(ct_handler_t h, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
int (*kill)(ct_handler_t h);
int (*wait)(ct_handler_t h);
enum ct_state (*get_state)(ct_handler_t h);
diff --git a/src/include/process.h b/src/include/process.h
index 40e3afa..06322b2 100644
--- a/src/include/process.h
+++ b/src/include/process.h
@@ -6,6 +6,11 @@
#include "compiler.h"
struct process_desc_ops {
+ int (*setuid)(ct_process_desc_t p, unsigned int uid);
+ int (*setgid)(ct_process_desc_t p, unsigned int gid);
+ int (*setgroups)(ct_process_desc_t p, unsigned int size, unsigned int *groups);
+ int (*set_caps)(ct_process_desc_t h, unsigned long mask, unsigned int apply_to);
+ int (*set_pdeathsig)(ct_process_desc_t h, int sig);
ct_process_desc_t (*copy)(ct_process_desc_t h);
void (*destroy)(ct_process_desc_t p);
};
@@ -16,6 +21,16 @@ struct ct_process_desc {
struct process_desc {
struct ct_process_desc h;
+ unsigned int uid;
+ unsigned int gid;
+ unsigned int ngroups;
+ unsigned int *groups;
+
+ unsigned int cap_mask;
+ unsigned long cap_bset;
+ unsigned long cap_caps;
+
+ int pdeathsig;
};
static inline struct process_desc *prh2pr(ct_process_desc_t h)
diff --git a/src/include/uapi/libct.h b/src/include/uapi/libct.h
index 5999712..edd94eb 100644
--- a/src/include/uapi/libct.h
+++ b/src/include/uapi/libct.h
@@ -40,16 +40,16 @@ extern ct_handler_t libct_container_open(libct_session_t ses, char *name);
extern void libct_container_close(ct_handler_t ct);
enum ct_state libct_container_state(ct_handler_t ct);
-extern int libct_container_spawn_cb(ct_handler_t ct, int (*ct_fn)(void *), void *arg);
-extern int libct_container_spawn_execvfds(ct_handler_t ct, char *path, char **argv, int *fds);
-extern int libct_container_spawn_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds);
-extern int libct_container_spawn_execv(ct_handler_t ct, char *path, char **argv);
-extern int libct_container_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env);
-extern int libct_container_enter_cb(ct_handler_t ct, int (*ct_fn)(void *), void *arg);
-extern int libct_container_enter_execvfds(ct_handler_t ct, char *path, char **argv, int *fds);
-extern int libct_container_enter_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds);
-extern int libct_container_enter_execv(ct_handler_t ct, char *path, char **argv);
-extern int libct_container_enter_execve(ct_handler_t ct, char *path, char **argv, char **env);
+extern int libct_container_spawn_cb(ct_handler_t ct, ct_process_desc_t pr, int (*ct_fn)(void *), void *arg);
+extern int libct_container_spawn_execvfds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, int *fds);
+extern int libct_container_spawn_execvefds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds);
+extern int libct_container_spawn_execv(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv);
+extern int libct_container_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env);
+extern int libct_container_enter_cb(ct_handler_t ct, ct_process_desc_t p, int (*ct_fn)(void *), void *arg);
+extern int libct_container_enter_execvfds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, int *fds);
+extern int libct_container_enter_execvefds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
+extern int libct_container_enter_execv(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv);
+extern int libct_container_enter_execve(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env);
extern int libct_container_kill(ct_handler_t ct);
extern int libct_container_wait(ct_handler_t ct);
extern void libct_container_destroy(ct_handler_t ct);
@@ -78,9 +78,6 @@ extern int libct_controller_configure(ct_handler_t ct, enum ct_controller ctype,
extern int libct_container_uname(ct_handler_t ct, char *host, char *domain);
-#define CAPS_BSET 0x1
-#define CAPS_ALLCAPS 0x2
-#define CAPS_ALL (CAPS_BSET | CAPS_ALLCAPS)
extern int libct_container_set_caps(ct_handler_t ct, unsigned long mask, unsigned int apply_to);
extern int libct_container_set_pdeathsig(ct_handler_t ct, int sig);
@@ -189,5 +186,15 @@ extern int libct_fs_add_devnode(ct_handler_t ct, char *path, int mode, int major
extern ct_process_desc_t libct_process_desc_create_desc(libct_session_t ses);
extern ct_process_desc_t libct_process_desc_copy(ct_process_desc_t p);
extern void libct_process_desc_destroy(ct_process_desc_t p);
+extern int libct_process_desc_setuid(ct_process_desc_t p, unsigned int uid);
+extern int libct_process_desc_setgid(ct_process_desc_t p, unsigned int uid);
+extern int libct_process_desc_setgroupts(ct_process_desc_t p, unsigned int size, unsigned int groups[]);
+
+#define CAPS_BSET 0x1
+#define CAPS_ALLCAPS 0x2
+#define CAPS_ALL (CAPS_BSET | CAPS_ALLCAPS)
+extern int libct_process_desc_set_caps(ct_process_desc_t ct, unsigned long mask, unsigned int apply_to);
+
+extern int libct_process_desc_set_pdeathsig(ct_process_desc_t ct, int sig);
#endif /* __UAPI_LIBCT_H__ */
diff --git a/src/libct.c b/src/libct.c
index 202ef55..2c1c56e 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -55,61 +55,61 @@ enum ct_state libct_container_state(ct_handler_t h)
return h->ops->get_state(h);
}
-int libct_container_spawn_cb(ct_handler_t ct, int (*cb)(void *), void *arg)
+int libct_container_spawn_cb(ct_handler_t ct, ct_process_desc_t pr, int (*cb)(void *), void *arg)
{
/* This one is optional -- only local ops support */
if (!ct->ops->spawn_cb)
return -LCTERR_OPNOTSUPP;
- return ct->ops->spawn_cb(ct, cb, arg);
+ return ct->ops->spawn_cb(ct, pr, cb, arg);
}
-int libct_container_spawn_execv(ct_handler_t ct, char *path, char **argv)
+int libct_container_spawn_execv(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv)
{
- return libct_container_spawn_execve(ct, path, argv, NULL);
+ return libct_container_spawn_execve(ct, pr, path, argv, NULL);
}
-int libct_container_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env)
+int libct_container_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env)
{
- return ct->ops->spawn_execve(ct, path, argv, env, NULL);
+ return ct->ops->spawn_execve(ct, pr, path, argv, env, NULL);
}
-int libct_container_spawn_execvfds(ct_handler_t ct, char *path, char **argv, int *fds)
+int libct_container_spawn_execvfds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, int *fds)
{
- return libct_container_spawn_execvefds(ct, path, argv, NULL, fds);
+ return libct_container_spawn_execvefds(ct, pr, path, argv, NULL, fds);
}
-int libct_container_spawn_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+int libct_container_spawn_execvefds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds)
{
- return ct->ops->spawn_execve(ct, path, argv, env, fds);
+ return ct->ops->spawn_execve(ct, pr, path, argv, env, fds);
}
-int libct_container_enter_cb(ct_handler_t ct, int (*cb)(void *), void *arg)
+int libct_container_enter_cb(ct_handler_t ct, ct_process_desc_t p, int (*cb)(void *), void *arg)
{
if (!ct->ops->enter_cb)
return -LCTERR_OPNOTSUPP;
- return ct->ops->enter_cb(ct, cb, arg);
+ return ct->ops->enter_cb(ct, p, cb, arg);
}
-int libct_container_enter_execvfds(ct_handler_t ct, char *path, char **argv, int *fds)
+int libct_container_enter_execvfds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, int *fds)
{
- return libct_container_enter_execvefds(ct, path, argv, NULL, fds);
+ return libct_container_enter_execvefds(ct, p, path, argv, NULL, fds);
}
-int libct_container_enter_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+int libct_container_enter_execvefds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env, int *fds)
{
- return ct->ops->enter_execve(ct, path, argv, env, fds);
+ return ct->ops->enter_execve(ct, p, path, argv, env, fds);
}
-int libct_container_enter_execv(ct_handler_t ct, char *path, char **argv)
+int libct_container_enter_execv(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv)
{
- return libct_container_enter_execve(ct, path, argv, NULL);
+ return libct_container_enter_execve(ct, p, path, argv, NULL);
}
-int libct_container_enter_execve(ct_handler_t ct, char *path, char **argv, char **env)
+int libct_container_enter_execve(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env)
{
- return ct->ops->enter_execve(ct, path, argv, env, NULL);
+ return ct->ops->enter_execve(ct, p, path, argv, env, NULL);
}
@@ -188,6 +188,34 @@ int libct_userns_add_gid_map(ct_handler_t ct, unsigned int first,
return ct->ops->add_gid_map(ct, first, lower_first, count);
}
+int libct_process_desc_set_caps(ct_process_desc_t p, unsigned long mask, unsigned int apply_to)
+{
+ if (!apply_to || (apply_to & ~CAPS_ALL))
+ return -LCTERR_INVARG;
+
+ return p->ops->set_caps(p, mask, apply_to);
+}
+
+int libct_process_desc_set_pdeathsig(ct_process_desc_t p, int sig)
+{
+ return p->ops->set_pdeathsig(p, sig);
+}
+
+int libct_process_desc_setuid(ct_process_desc_t p, unsigned int uid)
+{
+ return p->ops->setuid(p, uid);
+}
+
+int libct_process_desc_setgid(ct_process_desc_t p, unsigned int gid)
+{
+ return p->ops->setgid(p, gid);
+}
+
+int libct_process_desc_setgroups(ct_process_desc_t p, unsigned int size, unsigned int groups[])
+{
+ return p->ops->setgroups(p, size, groups);
+}
+
ct_process_desc_t libct_process_desc_copy(ct_process_desc_t p)
{
return p->ops->copy(p);
diff --git a/src/process.c b/src/process.c
index 2107f0f..ca52b19 100644
--- a/src/process.c
+++ b/src/process.c
@@ -1,10 +1,77 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
#include "process.h"
#include "xmalloc.h"
+static int local_desc_setuid(ct_process_desc_t h, unsigned uid)
+{
+ struct process_desc *p = prh2pr(h);
+
+ p->uid = uid;
+
+ return 0;
+}
+
+static int local_desc_setgid(ct_process_desc_t h, unsigned gid)
+{
+ struct process_desc *p = prh2pr(h);
+
+ p->gid = gid;
+
+ return 0;
+}
+
+static int local_desc_setgroups(ct_process_desc_t h, unsigned int ngroups, unsigned int *groups)
+{
+ struct process_desc *p = prh2pr(h);
+ unsigned int *g = NULL;
+
+ if (ngroups) {
+ g = xmalloc(ngroups * (sizeof(*groups)));
+ if (g == NULL)
+ return -1;
+ memcpy(g, groups, ngroups * (sizeof(*groups)));
+ }
+
+ p->groups = g;
+ p->ngroups = ngroups;
+
+ return 0;
+}
+
+static int local_desc_set_caps(ct_process_desc_t h, unsigned long mask, unsigned int apply_to)
+{
+ struct process_desc *p = prh2pr(h);
+
+ if (apply_to & CAPS_BSET) {
+ p->cap_mask |= CAPS_BSET;
+ p->cap_bset = mask;
+ }
+
+ if (apply_to & CAPS_ALLCAPS) {
+ p->cap_mask |= CAPS_ALLCAPS;
+ p->cap_caps = mask;
+ }
+
+ return 0;
+}
+
+static int local_desc_set_pdeathsig(ct_process_desc_t h, int sig)
+{
+ struct process_desc *p = prh2pr(h);
+
+ p->pdeathsig = sig;
+
+ return 0;
+}
+
static void local_desc_destroy(ct_process_desc_t h)
{
struct process_desc *p = prh2pr(h);
+ xfree(p->groups);
xfree(p);
}
@@ -19,15 +86,35 @@ ct_process_desc_t local_desc_copy(ct_process_desc_t h)
memcpy(c, p, sizeof(struct process_desc));
+ if (c->ngroups) {
+ c->groups = xmalloc(sizeof(c->ngroups * sizeof(c->groups[0])));
+ if (c->groups == NULL) {
+ xfree(p);
+ return NULL;
+ }
+ }
+
return &c->h;
}
static const struct process_desc_ops local_process_ops = {
.copy = local_desc_copy,
.destroy = local_desc_destroy,
+ .setuid = local_desc_setuid,
+ .setgid = local_desc_setgid,
+ .setgroups = local_desc_setgroups,
+ .set_caps = local_desc_set_caps,
+ .set_pdeathsig = local_desc_set_pdeathsig,
};
void local_process_init(struct process_desc *p)
{
p->h.ops = &local_process_ops;
+ p->uid = 0;
+ p->gid = 0;
+ p->cap_caps = 0;
+ p->cap_bset = 0;
+ p->pdeathsig = 0;
+ p->groups = NULL;
+ p->ngroups = 0;
}
--
1.9.1
More information about the Libct
mailing list