[Libct] [PATCH 3/7] ct: all function to execute smth in CT take a process descriptor

Andrey Vagin avagin at openvz.org
Thu Oct 30 01:55:10 PDT 2014


Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 src/ct.c                 | 13 ++++----
 src/include/ct.h         |  9 ++---
 src/include/process.h    | 15 +++++++++
 src/include/uapi/libct.h | 33 ++++++++++--------
 src/libct.c              | 68 ++++++++++++++++++++++++++-----------
 src/process.c            | 87 ++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 182 insertions(+), 43 deletions(-)

diff --git a/src/ct.c b/src/ct.c
index 1976ceb..11abd6a 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -89,6 +89,7 @@ struct ct_clone_arg {
 	int (*cb)(void *);
 	void *arg;
 	struct container *ct;
+	struct process_desc *p;
 	int child_wait_pipe[2];
 	int parent_wait_pipe[2];
 };
@@ -317,7 +318,7 @@ err:
 	return exit_code;
 }
 
-static int local_spawn_cb(ct_handler_t h, int (*cb)(void *), void *arg)
+static int local_spawn_cb(ct_handler_t h, ct_process_desc_t ph, int (*cb)(void *), void *arg)
 {
 	struct container *ct = cth2ct(h);
 	int ret = -1, pid, aux;
@@ -434,7 +435,7 @@ err:
 	return -1;
 }
 
-static int local_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+static int local_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds)
 {
 	struct execv_args ea;
 
@@ -443,10 +444,10 @@ static int local_spawn_execve(ct_handler_t ct, char *path, char **argv, char **e
 	ea.env = env;
 	ea.fds = fds;
 
-	return local_spawn_cb(ct, ct_execv, &ea);
+	return local_spawn_cb(ct, pr, ct_execv, &ea);
 }
 
-static int local_enter_cb(ct_handler_t h, int (*cb)(void *), void *arg)
+static int local_enter_cb(ct_handler_t h, ct_process_desc_t ph, int (*cb)(void *), void *arg)
 {
 	struct container *ct = cth2ct(h);
 	int aux = -1, pid;
@@ -503,7 +504,7 @@ static int local_enter_cb(ct_handler_t h, int (*cb)(void *), void *arg)
 	return pid;
 }
 
-static int local_enter_execve(ct_handler_t h, char *path, char **argv, char **env, int *fds)
+static int local_enter_execve(ct_handler_t h, ct_process_desc_t p, char *path, char **argv, char **env, int *fds)
 {
 	struct execv_args ea = {};
 
@@ -512,7 +513,7 @@ static int local_enter_execve(ct_handler_t h, char *path, char **argv, char **en
 	ea.env	= env;
 	ea.fds = fds;
 
-	return local_enter_cb(h, ct_execv, &ea);
+	return local_enter_cb(h, p, ct_execv, &ea);
 }
 
 static int local_ct_kill(ct_handler_t h)
diff --git a/src/include/ct.h b/src/include/ct.h
index ebb653c..b08c0aa 100644
--- a/src/include/ct.h
+++ b/src/include/ct.h
@@ -9,12 +9,13 @@
 
 #include "fs.h"
 #include "net.h"
+#include "process.h"
 
 struct container_ops {
-	int (*spawn_cb)(ct_handler_t h, int (*cb)(void *), void *arg);
-	int (*spawn_execve)(ct_handler_t, char *path, char **argv, char **env, int *fds);
-	int (*enter_cb)(ct_handler_t h, int (*cb)(void *), void *arg);
-	int (*enter_execve)(ct_handler_t h, char *path, char **argv, char **env, int *fds);
+	int (*spawn_cb)(ct_handler_t h, ct_process_desc_t p, int (*cb)(void *), void *arg);
+	int (*spawn_execve)(ct_handler_t, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
+	int (*enter_cb)(ct_handler_t h, ct_process_desc_t p, int (*cb)(void *), void *arg);
+	int (*enter_execve)(ct_handler_t h, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
 	int (*kill)(ct_handler_t h);
 	int (*wait)(ct_handler_t h);
 	enum ct_state (*get_state)(ct_handler_t h);
diff --git a/src/include/process.h b/src/include/process.h
index 40e3afa..06322b2 100644
--- a/src/include/process.h
+++ b/src/include/process.h
@@ -6,6 +6,11 @@
 #include "compiler.h"
 
 struct process_desc_ops {
+	int (*setuid)(ct_process_desc_t p, unsigned int uid);
+	int (*setgid)(ct_process_desc_t p, unsigned int gid);
+	int (*setgroups)(ct_process_desc_t p, unsigned int size, unsigned int *groups);
+	int (*set_caps)(ct_process_desc_t h, unsigned long mask, unsigned int apply_to);
+	int (*set_pdeathsig)(ct_process_desc_t h, int sig);
 	ct_process_desc_t (*copy)(ct_process_desc_t h);
 	void (*destroy)(ct_process_desc_t p);
 };
@@ -16,6 +21,16 @@ struct ct_process_desc {
 
 struct process_desc {
 	struct ct_process_desc       h;
+	unsigned int		uid;
+	unsigned int		gid;
+	unsigned int		ngroups;
+	unsigned int		*groups;
+
+	unsigned int		cap_mask;
+	unsigned long		cap_bset;
+	unsigned long		cap_caps;
+
+	int			pdeathsig;
 };
 
 static inline struct process_desc *prh2pr(ct_process_desc_t h)
diff --git a/src/include/uapi/libct.h b/src/include/uapi/libct.h
index 5999712..edd94eb 100644
--- a/src/include/uapi/libct.h
+++ b/src/include/uapi/libct.h
@@ -40,16 +40,16 @@ extern ct_handler_t libct_container_open(libct_session_t ses, char *name);
 extern void libct_container_close(ct_handler_t ct);
 
 enum ct_state libct_container_state(ct_handler_t ct);
-extern int libct_container_spawn_cb(ct_handler_t ct, int (*ct_fn)(void *), void *arg);
-extern int libct_container_spawn_execvfds(ct_handler_t ct, char *path, char **argv, int *fds);
-extern int libct_container_spawn_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds);
-extern int libct_container_spawn_execv(ct_handler_t ct, char *path, char **argv);
-extern int libct_container_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env);
-extern int libct_container_enter_cb(ct_handler_t ct, int (*ct_fn)(void *), void *arg);
-extern int libct_container_enter_execvfds(ct_handler_t ct, char *path, char **argv, int *fds);
-extern int libct_container_enter_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds);
-extern int libct_container_enter_execv(ct_handler_t ct, char *path, char **argv);
-extern int libct_container_enter_execve(ct_handler_t ct, char *path, char **argv, char **env);
+extern int libct_container_spawn_cb(ct_handler_t ct, ct_process_desc_t pr, int (*ct_fn)(void *), void *arg);
+extern int libct_container_spawn_execvfds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, int *fds);
+extern int libct_container_spawn_execvefds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds);
+extern int libct_container_spawn_execv(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv);
+extern int libct_container_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env);
+extern int libct_container_enter_cb(ct_handler_t ct, ct_process_desc_t p, int (*ct_fn)(void *), void *arg);
+extern int libct_container_enter_execvfds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, int *fds);
+extern int libct_container_enter_execvefds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env, int *fds);
+extern int libct_container_enter_execv(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv);
+extern int libct_container_enter_execve(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env);
 extern int libct_container_kill(ct_handler_t ct);
 extern int libct_container_wait(ct_handler_t ct);
 extern void libct_container_destroy(ct_handler_t ct);
@@ -78,9 +78,6 @@ extern int libct_controller_configure(ct_handler_t ct, enum ct_controller ctype,
 
 extern int libct_container_uname(ct_handler_t ct, char *host, char *domain);
 
-#define CAPS_BSET	0x1
-#define CAPS_ALLCAPS	0x2
-#define CAPS_ALL	(CAPS_BSET | CAPS_ALLCAPS)
 extern int libct_container_set_caps(ct_handler_t ct, unsigned long mask, unsigned int apply_to);
 
 extern int libct_container_set_pdeathsig(ct_handler_t ct, int sig);
@@ -189,5 +186,15 @@ extern int libct_fs_add_devnode(ct_handler_t ct, char *path, int mode, int major
 extern ct_process_desc_t libct_process_desc_create_desc(libct_session_t ses);
 extern ct_process_desc_t libct_process_desc_copy(ct_process_desc_t p);
 extern void libct_process_desc_destroy(ct_process_desc_t p);
+extern int libct_process_desc_setuid(ct_process_desc_t p, unsigned int uid);
+extern int libct_process_desc_setgid(ct_process_desc_t p, unsigned int uid);
+extern int libct_process_desc_setgroupts(ct_process_desc_t p, unsigned int size, unsigned int groups[]);
+
+#define CAPS_BSET	0x1
+#define CAPS_ALLCAPS	0x2
+#define CAPS_ALL	(CAPS_BSET | CAPS_ALLCAPS)
+extern int libct_process_desc_set_caps(ct_process_desc_t ct, unsigned long mask, unsigned int apply_to);
+
+extern int libct_process_desc_set_pdeathsig(ct_process_desc_t ct, int sig);
 
 #endif /* __UAPI_LIBCT_H__ */
diff --git a/src/libct.c b/src/libct.c
index 202ef55..2c1c56e 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -55,61 +55,61 @@ enum ct_state libct_container_state(ct_handler_t h)
 	return h->ops->get_state(h);
 }
 
-int libct_container_spawn_cb(ct_handler_t ct, int (*cb)(void *), void *arg)
+int libct_container_spawn_cb(ct_handler_t ct, ct_process_desc_t pr, int (*cb)(void *), void *arg)
 {
 	/* This one is optional -- only local ops support */
 	if (!ct->ops->spawn_cb)
 		return -LCTERR_OPNOTSUPP;
 
-	return ct->ops->spawn_cb(ct, cb, arg);
+	return ct->ops->spawn_cb(ct, pr, cb, arg);
 }
 
-int libct_container_spawn_execv(ct_handler_t ct, char *path, char **argv)
+int libct_container_spawn_execv(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv)
 {
-	return libct_container_spawn_execve(ct, path, argv, NULL);
+	return libct_container_spawn_execve(ct, pr, path, argv, NULL);
 }
 
-int libct_container_spawn_execve(ct_handler_t ct, char *path, char **argv, char **env)
+int libct_container_spawn_execve(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env)
 {
-	return ct->ops->spawn_execve(ct, path, argv, env, NULL);
+	return ct->ops->spawn_execve(ct, pr, path, argv, env, NULL);
 }
 
-int libct_container_spawn_execvfds(ct_handler_t ct, char *path, char **argv, int *fds)
+int libct_container_spawn_execvfds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, int *fds)
 {
-	return libct_container_spawn_execvefds(ct, path, argv, NULL, fds);
+	return libct_container_spawn_execvefds(ct, pr, path, argv, NULL, fds);
 }
 
-int libct_container_spawn_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+int libct_container_spawn_execvefds(ct_handler_t ct, ct_process_desc_t pr, char *path, char **argv, char **env, int *fds)
 {
-	return ct->ops->spawn_execve(ct, path, argv, env, fds);
+	return ct->ops->spawn_execve(ct, pr, path, argv, env, fds);
 }
 
-int libct_container_enter_cb(ct_handler_t ct, int (*cb)(void *), void *arg)
+int libct_container_enter_cb(ct_handler_t ct, ct_process_desc_t p, int (*cb)(void *), void *arg)
 {
 	if (!ct->ops->enter_cb)
 		return -LCTERR_OPNOTSUPP;
 
-	return ct->ops->enter_cb(ct, cb, arg);
+	return ct->ops->enter_cb(ct, p, cb, arg);
 }
 
-int libct_container_enter_execvfds(ct_handler_t ct, char *path, char **argv, int *fds)
+int libct_container_enter_execvfds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, int *fds)
 {
-	return libct_container_enter_execvefds(ct, path, argv, NULL, fds);
+	return libct_container_enter_execvefds(ct, p, path, argv, NULL, fds);
 }
 
-int libct_container_enter_execvefds(ct_handler_t ct, char *path, char **argv, char **env, int *fds)
+int libct_container_enter_execvefds(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env, int *fds)
 {
-	return ct->ops->enter_execve(ct, path, argv, env, fds);
+	return ct->ops->enter_execve(ct, p, path, argv, env, fds);
 }
 
-int libct_container_enter_execv(ct_handler_t ct, char *path, char **argv)
+int libct_container_enter_execv(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv)
 {
-	return libct_container_enter_execve(ct, path, argv, NULL);
+	return libct_container_enter_execve(ct, p, path, argv, NULL);
 }
 
-int libct_container_enter_execve(ct_handler_t ct, char *path, char **argv, char **env)
+int libct_container_enter_execve(ct_handler_t ct, ct_process_desc_t p, char *path, char **argv, char **env)
 {
-	return ct->ops->enter_execve(ct, path, argv, env, NULL);
+	return ct->ops->enter_execve(ct, p, path, argv, env, NULL);
 }
 
 
@@ -188,6 +188,34 @@ int libct_userns_add_gid_map(ct_handler_t ct, unsigned int first,
 	return ct->ops->add_gid_map(ct, first, lower_first, count);
 }
 
+int libct_process_desc_set_caps(ct_process_desc_t p, unsigned long mask, unsigned int apply_to)
+{
+	if (!apply_to || (apply_to & ~CAPS_ALL))
+		return -LCTERR_INVARG;
+
+	return p->ops->set_caps(p, mask, apply_to);
+}
+
+int libct_process_desc_set_pdeathsig(ct_process_desc_t p, int sig)
+{
+	return p->ops->set_pdeathsig(p, sig);
+}
+
+int libct_process_desc_setuid(ct_process_desc_t p, unsigned int uid)
+{
+	return p->ops->setuid(p, uid);
+}
+
+int libct_process_desc_setgid(ct_process_desc_t p, unsigned int gid)
+{
+	return p->ops->setgid(p, gid);
+}
+
+int libct_process_desc_setgroups(ct_process_desc_t p, unsigned int size, unsigned int groups[])
+{
+	return p->ops->setgroups(p, size, groups);
+}
+
 ct_process_desc_t libct_process_desc_copy(ct_process_desc_t p)
 {
 	return p->ops->copy(p);
diff --git a/src/process.c b/src/process.c
index 2107f0f..ca52b19 100644
--- a/src/process.c
+++ b/src/process.c
@@ -1,10 +1,77 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
 #include "process.h"
 #include "xmalloc.h"
 
+static int local_desc_setuid(ct_process_desc_t h, unsigned uid)
+{
+	struct process_desc *p = prh2pr(h);
+
+	p->uid = uid;
+
+	return 0;
+}
+
+static int local_desc_setgid(ct_process_desc_t h, unsigned gid)
+{
+	struct process_desc *p = prh2pr(h);
+
+	p->gid = gid;
+
+	return 0;
+}
+
+static int local_desc_setgroups(ct_process_desc_t h, unsigned int ngroups, unsigned int *groups)
+{
+	struct process_desc *p = prh2pr(h);
+	unsigned int *g = NULL;
+
+	if (ngroups) {
+		g = xmalloc(ngroups * (sizeof(*groups)));
+		if (g == NULL)
+			return -1;
+		memcpy(g, groups, ngroups * (sizeof(*groups)));
+	}
+
+	p->groups = g;
+	p->ngroups = ngroups;
+
+	return 0;
+}
+
+static int local_desc_set_caps(ct_process_desc_t h, unsigned long mask, unsigned int apply_to)
+{
+	struct process_desc *p = prh2pr(h);
+
+	if (apply_to & CAPS_BSET) {
+		p->cap_mask |= CAPS_BSET;
+		p->cap_bset = mask;
+	}
+
+	if (apply_to & CAPS_ALLCAPS) {
+		p->cap_mask |= CAPS_ALLCAPS;
+		p->cap_caps = mask;
+	}
+
+	return 0;
+}
+
+static int local_desc_set_pdeathsig(ct_process_desc_t h, int sig)
+{
+	struct process_desc *p = prh2pr(h);
+
+	p->pdeathsig = sig;
+
+	return 0;
+}
+
 static void local_desc_destroy(ct_process_desc_t h)
 {
 	struct process_desc *p = prh2pr(h);
 
+	xfree(p->groups);
 	xfree(p);
 }
 
@@ -19,15 +86,35 @@ ct_process_desc_t local_desc_copy(ct_process_desc_t h)
 
 	memcpy(c, p, sizeof(struct process_desc));
 
+	if (c->ngroups) {
+		c->groups = xmalloc(sizeof(c->ngroups * sizeof(c->groups[0])));
+		if (c->groups == NULL) {
+			xfree(p);
+			return NULL;
+		}
+	}
+
 	return &c->h;
 }
 
 static const struct process_desc_ops local_process_ops = {
 	.copy		= local_desc_copy,
 	.destroy	= local_desc_destroy,
+	.setuid		= local_desc_setuid,
+	.setgid		= local_desc_setgid,
+	.setgroups	= local_desc_setgroups,
+	.set_caps	= local_desc_set_caps,
+	.set_pdeathsig	= local_desc_set_pdeathsig,
 };
 
 void local_process_init(struct process_desc *p)
 {
 	p->h.ops	= &local_process_ops;
+	p->uid		= 0;
+	p->gid		= 0;
+	p->cap_caps	= 0;
+	p->cap_bset	= 0;
+	p->pdeathsig	= 0;
+	p->groups	= NULL;
+	p->ngroups	= 0;
 }
-- 
1.9.1



More information about the Libct mailing list