-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.c
92 lines (78 loc) · 2.56 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <sched.h>
#include <errno.h>
#include <string.h>
#define STACK_SIZE 1024
/*
* Moves the rootfs of the calling process to `putold` and makes
* `newroot` the new root filesystem of process.
* It does so by first moving:
*
* MS_REC (since Linux 2.4.11)
Used in conjunction with MS_BIND to create a recursive bind mount, and in conjunction
with the propagation type flags to recursively change the propagation type of all of
the mounts in a subtree. See below for further details.
* */
int pivot_root(char *newroot, char *putold) {
/* bind mount newroot into itself.
* Remember that we are in a new mount namespace, then this bind mount
* makes the / mount of the container.
*/
if (mount(newroot, newroot, "bind", MS_BIND|MS_REC, "") < 0) {
fprintf(stderr, "error mount: %s\n", strerror(errno));
return 1;
}
/* `putold` is where pivot_root is gonna put our parent rootfs */
if (mkdir(putold, 0755) < 0) {
fprintf(stderr, "error mkdir: %s\n", strerror(errno));
/* ignore */
}
printf("set up pivot root\n");
return syscall(SYS_pivot_root, newroot, putold);
}
int child_exec(void *args) {
char **cmd = (char **) args;
if(pivot_root("./rootfs", "./rootfs/.old") < 0) {
fprintf(stderr, "pivot_root: %s\n", strerror(errno));
return 1;
}
if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID|MS_STRICTATIME, NULL) < 0) {
fprintf(stderr, "mount tmpfs: %s\n", strerror(errno));
return 1;
}
if (mount("proc", "/proc", "proc", 0, NULL) < 0) {
fprintf(stderr, "mount proc: %s\n", strerror(errno));
return 1;
}
chdir("/");
/* at this point, we still have access to the parent rootfs.
* Unmount it here if not used anymore.
*/
if (umount2("./.old", MNT_DETACH) < 0) {
fprintf(stderr, "umount2 ./.old: %s\n", strerror(errno));
return 1;
}
execve(cmd[0], cmd, NULL);
return 0;
}
int main(int argc, char **argv) {
char stack[STACK_SIZE];
char **args = &argv[1];
pid_t pid;
int clone_flags = SIGCHLD | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWUSER;
pid = clone(child_exec, stack, clone_flags, args);
if (pid < 0) {
fprintf(stderr, "clone failed: %s\n", strerror(errno));
return 1;
}
waitpid(pid, NULL, 0);
return 0;
}