[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Two little features
From: Taral <taralx () gmail ! com>
Date: 2008-08-26 22:57:37
Message-ID: fa0147d90808261557o1b47bb50sa547535a00578809 () mail ! gmail ! com
[Download RAW message or body]
I've been carrying these locally, figured it might be useful to push
them upstream. The first implements an ns_exec for namespaces (very
useful for security). The second adds "change" and "replace" to "ip
address". I use "ip address replace" in my udhcpc.script to make sure
that old addresses are removed on a renew or bound event.
Comments? Commits?
--
Taral <taralx@gmail.com>
"Please let me know if there's any further trouble I can give you."
-- Unknown
--
commit 36706c36b0b5ac0076a07d0ef42c1bfba0c2e6fe
Author: Taral <taral@taral.net>
Date: Sat Jul 12 11:29:34 2008 -0700
Add ns_exec applet
diff --git a/include/applets.h b/include/applets.h
index 46135dc..c83be9d 100644
--- a/include/applets.h
+++ b/include/applets.h
@@ -265,6 +265,7 @@ USE_NETSTAT(APPLET(netstat, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_NICE(APPLET(nice, _BB_DIR_BIN, _BB_SUID_NEVER))
USE_NMETER(APPLET(nmeter, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_NOHUP(APPLET(nohup, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
+USE_NS_EXEC(APPLET(ns_exec, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_NSLOOKUP(APPLET(nslookup, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_OD(APPLET(od, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
USE_OPENVT(APPLET(openvt, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
diff --git a/include/usage.h b/include/usage.h
index 41012af..f6c6a5f 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -2889,6 +2889,20 @@
"Name: debian\n" \
"Address: 127.0.0.1\n"
+#define ns_exec_trivial_usage \
+ "[-muiUpn | -a] [-c] COMMAND..."
+#define ns_exec_full_usage "\n\n" \
+ "Start COMMAND in a new container with specified parts isolated\n" \
+ "\nOptions:" \
+ "\n -m filesystem (mount)" \
+ "\n -u utsname" \
+ "\n -i ipc" \
+ "\n -U user" \
+ "\n -p pid" \
+ "\n -n network"
+#define ns_exec_example_usage \
+ "ns_exec -ac /bin/sh"
+
#define od_trivial_usage \
"[-aBbcDdeFfHhIiLlOovXx] " USE_DESKTOP("[-t TYPE] ") "[FILE]"
#define od_full_usage "\n\n" \
diff --git a/miscutils/Config.in b/miscutils/Config.in
index 0c80ae6..2c46acb 100644
--- a/miscutils/Config.in
+++ b/miscutils/Config.in
@@ -424,6 +424,12 @@ config MT
to advance or rewind a tape past a specified number of archive
files on the tape.
+config NS_EXEC
+ bool "ns_exec"
+ default n
+ help
+ Run a program inside a separate namespace. Used for containers.
+
config RAIDAUTORUN
bool "raidautorun"
default n
diff --git a/miscutils/Kbuild b/miscutils/Kbuild
index c12b12d..6aec748 100644
--- a/miscutils/Kbuild
+++ b/miscutils/Kbuild
@@ -25,6 +25,7 @@ lib-$(CONFIG_MAN) += man.o
lib-$(CONFIG_MICROCOM) += microcom.o
lib-$(CONFIG_MOUNTPOINT) += mountpoint.o
lib-$(CONFIG_MT) += mt.o
+lib-$(CONFIG_NS_EXEC) += ns_exec.o
lib-$(CONFIG_RAIDAUTORUN) += raidautorun.o
lib-$(CONFIG_READAHEAD) += readahead.o
lib-$(CONFIG_RUNLEVEL) += runlevel.o
diff --git a/miscutils/ns_exec.c b/miscutils/ns_exec.c
new file mode 100644
index 0000000..86a70b5
--- /dev/null
+++ b/miscutils/ns_exec.c
@@ -0,0 +1,50 @@
+/*
+ * ns_exec implementation for busybox
+ *
+ * Copyright (C) 2008 JP Sugarbroad
+ *
+ * Licensed under the GPL v2 or later, see the file LICENSE in this tarball.
+ *
+ */
+
+#include "libbb.h"
+
+#include <linux/sched.h>
+#include <sys/syscall.h>
+
+int ns_exec_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int ns_exec_main(int argc UNUSED_PARAM, char **argv)
+{
+ int flags = 0;
+ int use_clone = 0;
+ unsigned opt = getopt32(argv, "amuiUpnc");
+ argv += optind;
+
+ if (!*argv)
+ bb_show_usage();
+
+ if (opt & 1) opt = (unsigned) -1;
+ if (opt & 2) flags = CLONE_NEWNS;
+ if (opt & 4) flags = CLONE_NEWUTS;
+ if (opt & 8) flags = CLONE_NEWIPC;
+ if (opt & 16) flags = CLONE_NEWUSER;
+ if (opt & 32) flags = CLONE_NEWPID;
+ if (opt & 64) flags = CLONE_NEWNET;
+ if (opt & 128) use_clone = 1;
+
+ if (use_clone) {
+ int ret = syscall(__NR_clone, flags, NULL);
+ if (ret == -1) bb_simple_perror_msg_and_die("clone");
+ if (ret) {
+ int status;
+ wait(&status);
+ return WIFEXITED(status) ? WEXITSTATUS(status)
: EXIT_FAILURE;
+ }
+ } else {
+ int ret = syscall(__NR_unshare, flags);
+ if (ret == -1) bb_simple_perror_msg_and_die("unshare");
+ }
+
+ BB_EXECVP(*argv, argv);
+ exit(127);
+}
commit ae25ab8a09e10d79aae677ae83d8fa3a9e663264
Author: Taral <taral@taral.net>
Date: Sat Jul 12 12:18:56 2008 -0700
Add change/replace to ip address
diff --git a/networking/libiproute/ipaddress.c
b/networking/libiproute/ipaddress.c
index 288dcca..be67a34 100644
--- a/networking/libiproute/ipaddress.c
+++ b/networking/libiproute/ipaddress.c
@@ -593,7 +593,7 @@ static int default_scope(inet_prefix *lcl)
}
/* Return value becomes exitcode. It's okay to not return at all */
-static int ipaddr_modify(int cmd, char **argv)
+static int ipaddr_modify(int cmd, int flags, char **argv)
{
static const char option[] ALIGN1 =
"peer\0""remote\0""broadcast\0""brd\0"
@@ -617,7 +617,7 @@ static int ipaddr_modify(int cmd, char **argv)
memset(&req, 0, sizeof(req));
req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
+ req.n.nlmsg_flags = NLM_F_REQUEST | flags;
req.n.nlmsg_type = cmd;
req.ifa.ifa_family = preferred_family;
@@ -763,22 +763,23 @@ static int ipaddr_modify(int cmd, char **argv)
int do_ipaddr(char **argv)
{
static const char commands[] ALIGN1 =
- "add\0""delete\0""list\0""show\0""lst\0""flush\0";
+
"add\0""change\0""replace\0""delete\0""list\0""show\0""lst\0""flush\0";
+ static ushort flags[] ALIGN1 = { NLM_F_CREATE|NLM_F_EXCL,
NLM_F_REPLACE, NLM_F_CREATE|NLM_F_REPLACE };
- int command_num = 2; /* default command is list */
+ int command_num = 4; /* default command is list */
if (*argv) {
command_num = index_in_substrings(commands, *argv);
- if (command_num < 0 || command_num > 5)
+ if (command_num < 0 || command_num > 7)
bb_error_msg_and_die("unknown command %s", *argv);
argv++;
}
- if (command_num == 0) /* add */
- return ipaddr_modify(RTM_NEWADDR, argv);
- if (command_num == 1) /* delete */
- return ipaddr_modify(RTM_DELADDR, argv);
- if (command_num == 5) /* flush */
+ if (command_num < 3) /* add */
+ return ipaddr_modify(RTM_NEWADDR, flags[command_num], argv);
+ if (command_num == 3) /* delete */
+ return ipaddr_modify(RTM_DELADDR, 0, argv);
+ if (command_num == 7) /* flush */
return ipaddr_list_or_flush(argv, 1);
- /* 2 == list, 3 == show, 4 == lst */
+ /* 4 == list, 5 == show, 6 == lst */
return ipaddr_list_or_flush(argv, 0);
}
_______________________________________________
busybox mailing list
busybox@busybox.net
http://busybox.net/cgi-bin/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic