summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2010-04-21 22:15:06 +0200
committerLennart Poettering <lennart@poettering.net>2010-04-21 22:15:06 +0200
commit15ae422b7471cf6f41ccf450243d8afd8ea0a054 (patch)
tree4d44b599571defe496890db757dfe987942594bd
parent020379a7f7d2cca3ab37942db3d67d06c45083fe (diff)
execute: support basic filesystem namespacing
-rw-r--r--.gitignore1
-rw-r--r--Makefile.am15
-rw-r--r--conf-parser.c66
-rw-r--r--conf-parser.h1
-rw-r--r--execute.c67
-rw-r--r--execute.h4
-rw-r--r--load-fragment.c45
-rw-r--r--main.c1
-rw-r--r--missing.h27
-rw-r--r--namespace.c334
-rw-r--r--namespace.h34
-rw-r--r--strv.h3
-rw-r--r--test-ns.c57
-rw-r--r--util.c33
-rw-r--r--util.h1
15 files changed, 675 insertions, 14 deletions
diff --git a/.gitignore b/.gitignore
index f994578e9d..ec58ed7667 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+test-ns
systemd-initctl.service
systemd-logger.service
systemd-cgroups-agent
diff --git a/Makefile.am b/Makefile.am
index 567490ea63..7afa2f1576 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -52,7 +52,8 @@ pkglibexec_PROGRAMS = \
noinst_PROGRAMS = \
test-engine \
- test-job-type
+ test-job-type \
+ test-ns
dbuspolicy_DATA = \
org.freedesktop.systemd1.conf
@@ -161,7 +162,9 @@ COMMON_SOURCES= \
unit-name.c \
unit-name.h \
fdset.c \
- fdset.h
+ fdset.h \
+ namespace.h \
+ namespace.c
systemd_SOURCES = \
$(COMMON_SOURCES) \
@@ -192,6 +195,14 @@ test_job_type_SOURCES = \
test_job_type_CPPFLAGS = $(systemd_CPPFLAGS)
test_job_type_LDADD = $(systemd_LDADD)
+test_ns_SOURCES = \
+ $(BASIC_SOURCES) \
+ test-ns.c \
+ namespace.c
+
+test_ns_CPPFLAGS = $(systemd_CPPFLAGS)
+test_ns_LDADD = $(systemd_LDADD)
+
systemd_logger_SOURCES = \
$(BASIC_SOURCES) \
logger.c
diff --git a/conf-parser.c b/conf-parser.c
index 2cf90f2def..6994211b10 100644
--- a/conf-parser.c
+++ b/conf-parser.c
@@ -329,7 +329,7 @@ int config_parse_path(
assert(rvalue);
assert(data);
- if (*rvalue != '/') {
+ if (!path_is_absolute(rvalue)) {
log_error("[%s:%u] Not an absolute path: %s", filename, line, rvalue);
return -EINVAL;
}
@@ -394,3 +394,67 @@ fail:
return -ENOMEM;
}
+
+int config_parse_path_strv(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ char*** sv = data;
+ char **n;
+ char *w;
+ unsigned k;
+ size_t l;
+ char *state;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ k = strv_length(*sv);
+ FOREACH_WORD_QUOTED(w, l, rvalue, state)
+ k++;
+
+ if (!(n = new(char*, k+1)))
+ return -ENOMEM;
+
+ k = 0;
+ if (*sv)
+ for (; (*sv)[k]; k++)
+ n[k] = (*sv)[k];
+
+ FOREACH_WORD_QUOTED(w, l, rvalue, state) {
+ if (!(n[k] = strndup(w, l))) {
+ r = -ENOMEM;
+ goto fail;
+ }
+
+ if (!path_is_absolute(n[k])) {
+ log_error("[%s:%u] Not an absolute path: %s", filename, line, rvalue);
+ r = -EINVAL;
+ goto fail;
+ }
+
+ k++;
+ }
+
+ n[k] = NULL;
+ free(*sv);
+ *sv = n;
+
+ return 0;
+
+fail:
+ free(n[k]);
+ for (; k > 0; k--)
+ free(n[k-1]);
+ free(n);
+
+ return r;
+}
diff --git a/conf-parser.h b/conf-parser.h
index 33ceed8b3f..bea2a8e9be 100644
--- a/conf-parser.h
+++ b/conf-parser.h
@@ -50,5 +50,6 @@ int config_parse_bool(const char *filename, unsigned line, const char *section,
int config_parse_string(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata);
int config_parse_path(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata);
int config_parse_strv(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata);
+int config_parse_path_strv(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata);
#endif
diff --git a/execute.c b/execute.c
index 38547677cf..fe3dc8b251 100644
--- a/execute.c
+++ b/execute.c
@@ -34,6 +34,7 @@
#include <sys/stat.h>
#include <grp.h>
#include <pwd.h>
+#include <sys/mount.h>
#include "execute.h"
#include "strv.h"
@@ -43,6 +44,7 @@
#include "ioprio.h"
#include "securebits.h"
#include "cgroup.h"
+#include "namespace.h"
/* This assumes there is a 'tty' group */
#define TTY_MODE 0620
@@ -794,8 +796,6 @@ int exec_spawn(ExecCommand *command,
goto fail;
}
- umask(context->umask);
-
if (confirm_spawn) {
char response;
@@ -900,6 +900,19 @@ int exec_spawn(ExecCommand *command,
goto fail;
}
+ if (strv_length(context->read_write_dirs) > 0 ||
+ strv_length(context->read_only_dirs) > 0 ||
+ strv_length(context->inaccessible_dirs) > 0 ||
+ context->mount_flags != MS_SHARED ||
+ context->private_tmp)
+ if ((r = setup_namespace(
+ context->read_write_dirs,
+ context->read_only_dirs,
+ context->inaccessible_dirs,
+ context->private_tmp,
+ context->mount_flags)) < 0)
+ goto fail;
+
if (context->user) {
username = context->user;
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
@@ -920,6 +933,8 @@ int exec_spawn(ExecCommand *command,
goto fail;
}
+ umask(context->umask);
+
if (apply_chroot) {
if (context->root_directory)
if (chroot(context->root_directory) < 0) {
@@ -1066,6 +1081,7 @@ void exec_context_init(ExecContext *c) {
c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0);
c->cpu_sched_policy = SCHED_OTHER;
c->syslog_priority = LOG_DAEMON|LOG_INFO;
+ c->mount_flags = MS_SHARED;
}
void exec_context_done(ExecContext *c) {
@@ -1105,6 +1121,15 @@ void exec_context_done(ExecContext *c) {
cap_free(c->capabilities);
c->capabilities = NULL;
}
+
+ strv_free(c->read_only_dirs);
+ c->read_only_dirs = NULL;
+
+ strv_free(c->read_write_dirs);
+ c->read_write_dirs = NULL;
+
+ strv_free(c->inaccessible_dirs);
+ c->inaccessible_dirs = NULL;
}
void exec_command_done(ExecCommand *c) {
@@ -1143,6 +1168,15 @@ void exec_command_free_array(ExecCommand **c, unsigned n) {
}
}
+static void strv_fprintf(FILE *f, char **l) {
+ char **g;
+
+ assert(f);
+
+ STRV_FOREACH(g, l)
+ fprintf(f, " %s", *g);
+}
+
void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
char ** e;
unsigned i;
@@ -1157,11 +1191,13 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
"%sUMask: %04o\n"
"%sWorkingDirectory: %s\n"
"%sRootDirectory: %s\n"
- "%sNonBlocking: %s\n",
+ "%sNonBlocking: %s\n"
+ "%sPrivateTmp: %s\n",
prefix, c->umask,
prefix, c->working_directory ? c->working_directory : "/",
prefix, c->root_directory ? c->root_directory : "/",
- prefix, yes_no(c->non_blocking));
+ prefix, yes_no(c->non_blocking),
+ prefix, yes_no(c->private_tmp));
if (c->environment)
for (e = c->environment; *e; e++)
@@ -1269,14 +1305,27 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
if (c->group)
fprintf(f, "%sGroup: %s", prefix, c->group);
- if (c->supplementary_groups) {
- char **g;
-
+ if (strv_length(c->supplementary_groups) > 0) {
fprintf(f, "%sSupplementaryGroups:", prefix);
+ strv_fprintf(f, c->supplementary_groups);
+ fputs("\n", f);
+ }
- STRV_FOREACH(g, c->supplementary_groups)
- fprintf(f, " %s", *g);
+ if (strv_length(c->read_write_dirs) > 0) {
+ fprintf(f, "%sReadWriteDirs:", prefix);
+ strv_fprintf(f, c->read_write_dirs);
+ fputs("\n", f);
+ }
+
+ if (strv_length(c->read_only_dirs) > 0) {
+ fprintf(f, "%sReadOnlyDirs:", prefix);
+ strv_fprintf(f, c->read_only_dirs);
+ fputs("\n", f);
+ }
+ if (strv_length(c->inaccessible_dirs) > 0) {
+ fprintf(f, "%sInaccessibleDirs:", prefix);
+ strv_fprintf(f, c->inaccessible_dirs);
fputs("\n", f);
}
}
diff --git a/execute.h b/execute.h
index cafaf6b631..f820d56cb8 100644
--- a/execute.h
+++ b/execute.h
@@ -109,6 +109,9 @@ struct ExecContext {
char *group;
char **supplementary_groups;
+ char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
+ unsigned long mount_flags;
+
uint64_t capability_bounding_set_drop;
cap_t capabilities;
@@ -116,6 +119,7 @@ struct ExecContext {
bool cpu_sched_reset_on_fork;
bool non_blocking;
+ bool private_tmp;
bool oom_adjust_set:1;
bool nice_set:1;
diff --git a/load-fragment.c b/load-fragment.c
index 03205f14b4..680f04171f 100644
--- a/load-fragment.c
+++ b/load-fragment.c
@@ -27,6 +27,7 @@
#include <fcntl.h>
#include <sched.h>
#include <sys/prctl.h>
+#include <sys/mount.h>
#include "unit.h"
#include "strv.h"
@@ -909,6 +910,43 @@ static int config_parse_sysv_priority(
DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode");
+static int config_parse_mount_flags(
+ const char *filename,
+ unsigned line,
+ const char *section,
+ const char *lvalue,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ ExecContext *c = data;
+ char *w;
+ size_t l;
+ char *state;
+ unsigned long flags = 0;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ FOREACH_WORD(w, l, rvalue, state) {
+ if (strncmp(w, "shared", l) == 0)
+ flags |= MS_SHARED;
+ else if (strncmp(w, "slave", l) == 0)
+ flags |= MS_SLAVE;
+ else if (strncmp(w, "private", l) == 0)
+ flags |= MS_PRIVATE;
+ else {
+ log_error("[%s:%u] Failed to parse mount flags: %s", filename, line, rvalue);
+ return -EINVAL;
+ }
+ }
+
+ c->mount_flags = flags;
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
@@ -1149,7 +1187,12 @@ static int load_from_path(Unit *u, const char *path) {
{ "LimitNICE", config_parse_limit, &(context).rlimit[RLIMIT_NICE], section }, \
{ "LimitRTPRIO", config_parse_limit, &(context).rlimit[RLIMIT_RTPRIO], section }, \
{ "LimitRTTIME", config_parse_limit, &(context).rlimit[RLIMIT_RTTIME], section }, \
- { "ControlGroup", config_parse_cgroup, u, section }
+ { "ControlGroup", config_parse_cgroup, u, section }, \
+ { "ReadWriteDirectories", config_parse_path_strv, &(context).read_write_dirs, section }, \
+ { "ReadOnlyDirectories", config_parse_path_strv, &(context).read_only_dirs, section }, \
+ { "InaccessibleDirectories",config_parse_path_strv, &(context).inaccessible_dirs, section }, \
+ { "PrivateTmp", config_parse_bool, &(context).private_tmp, section }, \
+ { "MountFlags", config_parse_mount_flags, &(context), section }
const ConfigItem items[] = {
{ "Names", config_parse_names, u, "Unit" },
diff --git a/main.c b/main.c
index 29be801125..06ad42959b 100644
--- a/main.c
+++ b/main.c
@@ -701,7 +701,6 @@ int main(int argc, char *argv[]) {
break;
case MANAGER_REEXECUTE:
-
if (prepare_reexecute(m, &serialization, &fds) < 0)
goto finish;
diff --git a/missing.h b/missing.h
index 6f1e5998ec..a8b5e80b07 100644
--- a/missing.h
+++ b/missing.h
@@ -1,12 +1,39 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
#ifndef foomissinghfoo
#define foomissinghfoo
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
/* Missing glibc definitions to access certain kernel APIs */
#include <sys/resource.h>
+#include <sys/syscall.h>
#ifndef RLIMIT_RTTIME
#define RLIMIT_RTTIME 15
#endif
+static inline int pivot_root(const char *new_root, const char *put_old) {
+ return syscall(SYS_pivot_root, new_root, put_old);
+}
+
+
#endif
diff --git a/namespace.c b/namespace.c
new file mode 100644
index 0000000000..570b4ce387
--- /dev/null
+++ b/namespace.c
@@ -0,0 +1,334 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <errno.h>
+#include <sys/mount.h>
+#include <string.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sched.h>
+#include <sys/syscall.h>
+#include <limits.h>
+
+#include "strv.h"
+#include "util.h"
+#include "namespace.h"
+#include "missing.h"
+
+typedef enum PathMode {
+ /* This is ordered by priority! */
+ INACCESSIBLE,
+ READONLY,
+ PRIVATE,
+ READWRITE
+} PathMode;
+
+typedef struct Path {
+ const char *path;
+ PathMode mode;
+} Path;
+
+static int append_paths(Path **p, char **strv, PathMode mode) {
+ char **i;
+
+ STRV_FOREACH(i, strv) {
+
+ if (!path_is_absolute(*i))
+ return -EINVAL;
+
+ (*p)->path = *i;
+ (*p)->mode = mode;
+ (*p)++;
+ }
+
+ return 0;
+}
+
+static int path_compare(const void *a, const void *b) {
+ const Path *p = a, *q = b;
+
+ if (path_equal(p->path, q->path)) {
+
+ /* If the paths are equal, check the mode */
+ if (p->mode < q->mode)
+ return -1;
+
+ if (p->mode > q->mode)
+ return 1;
+
+ return 0;
+ }
+
+ /* If the paths are not equal, then order prefixes first */
+ if (path_startswith(p->path, q->path))
+ return 1;
+
+ if (path_startswith(q->path, p->path))
+ return -1;
+
+ return 0;
+}
+
+static void drop_duplicates(Path *p, unsigned *n, bool *need_inaccessible, bool *need_private) {
+ Path *f, *t, *previous;
+
+ assert(p);
+ assert(n);
+ assert(need_inaccessible);
+ assert(need_private);
+
+ for (f = p, t = p, previous = NULL; f < p+*n; f++) {
+
+ if (previous && path_equal(f->path, previous->path))
+ continue;
+
+ t->path = f->path;
+ t->mode = f->mode;
+
+ if (t->mode == PRIVATE)
+ *need_private = true;
+
+ if (t->mode == INACCESSIBLE)
+ *need_inaccessible = true;
+
+ previous = t;
+
+ t++;
+ }
+
+ *n = t - p;
+}
+
+static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_dir, const char *private_dir, unsigned long flags) {
+ const char *what;
+ char *where;
+ int r;
+ bool read_only = false;
+
+ assert(p);
+ assert(root_dir);
+ assert(inaccessible_dir);
+ assert(private_dir);
+
+ if (!(where = strappend(root_dir, p->path)))
+ return -ENOMEM;
+
+ switch (p->mode) {
+
+ case INACCESSIBLE:
+ what = inaccessible_dir;
+ read_only = true;
+ break;
+
+ case READONLY:
+ read_only = true;
+ /* Fall through */
+
+ case READWRITE:
+ what = p->path;
+ break;
+
+ case PRIVATE:
+ what = private_dir;
+ break;
+ }
+
+ if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) {
+ log_debug("Successfully mounted %s to %s", what, where);
+
+ /* The bind mount will always inherit the original
+ * flags. If we want to set any flag we need
+ * to do so in a second indepdant step. */
+ if (flags)
+ r = mount(NULL, where, NULL, MS_REMOUNT|MS_REC|flags, NULL);
+
+ /* Avoid expontial growth of trees */
+ if (r >= 0 && path_equal(p->path, "/"))
+ r = mount(NULL, where, NULL, MS_REMOUNT|MS_UNBINDABLE, NULL);
+
+ if (r >= 0 && read_only)
+ r = mount(NULL, where, NULL, MS_REMOUNT|MS_RDONLY, NULL);
+
+ if (r < 0) {
+ r = -errno;
+ umount2(where, MNT_DETACH);
+ }
+ }
+
+ free(where);
+ return r;
+}
+
+int setup_namespace(
+ char **writable,
+ char **readable,
+ char **inaccessible,
+ bool private_tmp,
+ unsigned long flags) {
+
+ char
+ tmp_dir[] = "/tmp/systemd-namespace-XXXXXX",
+ root_dir[] = "/tmp/systemd-namespace-XXXXXX/root",
+ old_root_dir[] = "/tmp/systemd-namespace-XXXXXX/root/tmp/old-root-XXXXXX",
+ inaccessible_dir[] = "/tmp/systemd-namespace-XXXXXX/inaccessible",
+ private_dir[] = "/tmp/systemd-namespace-XXXXXX/private";
+
+ Path *paths, *p;
+ unsigned n;
+ bool need_private = false, need_inaccessible = false;
+ bool remove_tmp = false, remove_root = false, remove_old_root = false, remove_inaccessible = false, remove_private = false;
+ int r;
+ const char *t;
+
+ n =
+ strv_length(writable) +
+ strv_length(readable) +
+ strv_length(inaccessible) +
+ (private_tmp ? 2 : 1);
+
+ if (!(paths = new(Path, n)))
+ return -ENOMEM;
+
+ p = paths;
+ if ((r = append_paths(&p, writable, READWRITE)) < 0 ||
+ (r = append_paths(&p, readable, READONLY)) < 0 ||
+ (r = append_paths(&p, inaccessible, INACCESSIBLE)) < 0)
+ goto fail;
+
+ if (private_tmp) {
+ p->path = "/tmp";
+ p->mode = PRIVATE;
+ p++;
+ }
+
+ p->path = "/";
+ p->mode = READWRITE;
+ p++;
+
+ assert(paths + n == p);
+
+ qsort(paths, n, sizeof(Path), path_compare);
+ drop_duplicates(paths, &n, &need_inaccessible, &need_private);
+
+ if (!mkdtemp(tmp_dir)) {
+ r = -errno;
+ goto fail;
+ }
+ remove_tmp = true;
+
+ memcpy(root_dir, tmp_dir, sizeof(tmp_dir)-1);
+ if (mkdir(root_dir, 0777) < 0) {
+ r = -errno;
+ goto fail;
+ }
+ remove_root = true;
+
+ if (need_inaccessible) {
+ memcpy(inaccessible_dir, tmp_dir, sizeof(tmp_dir)-1);
+ if (mkdir(inaccessible_dir, 0) < 0) {
+ r = -errno;
+ goto fail;
+ }
+ remove_inaccessible = true;
+ }
+
+ if (need_private) {
+ memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1);
+ if (mkdir(private_dir, 0777 + S_ISVTX) < 0) {
+ r = -errno;
+ goto fail;
+ }
+ remove_private = true;
+ }
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ /* We assume that by default mount events from us won't be
+ * propagated to the root namespace. */
+
+ for (p = paths; p < paths + n; p++)
+ if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0)
+ goto undo_mounts;
+
+ memcpy(old_root_dir, tmp_dir, sizeof(tmp_dir)-1);
+ if (!mkdtemp(old_root_dir)) {
+ r = -errno;
+ goto undo_mounts;
+ }
+ remove_old_root = true;
+
+ if (chdir(root_dir) < 0) {
+ r = -errno;
+ goto undo_mounts;
+ }
+
+ if (pivot_root(root_dir, old_root_dir) < 0) {
+ r = -errno;
+ goto undo_mounts;
+ }
+
+ t = old_root_dir + sizeof(root_dir) - 1;
+ if (umount2(t, MNT_DETACH) < 0)
+ /* At this point it's too late to turn anything back,
+ * since we are already in the new root. */
+ return -errno;
+
+ if (rmdir(t) < 0)
+ return -errno;
+
+ return 0;
+
+undo_mounts:
+
+ for (p--; p >= paths; p--) {
+ char full_path[PATH_MAX];
+
+ snprintf(full_path, sizeof(full_path), "%s%s", root_dir, p->path);
+ char_array_0(full_path);
+
+ umount2(full_path, MNT_DETACH);
+ }
+
+fail:
+ if (remove_old_root)
+ rmdir(old_root_dir);
+
+ if (remove_inaccessible)
+ rmdir(inaccessible_dir);
+
+ if (remove_private)
+ rmdir(private_dir);
+
+ if (remove_root)
+ rmdir(root_dir);
+
+ if (remove_tmp)
+ rmdir(tmp_dir);
+
+ free(paths);
+
+ return r;
+}
diff --git a/namespace.h b/namespace.h
new file mode 100644
index 0000000000..6128646391
--- /dev/null
+++ b/namespace.h
@@ -0,0 +1,34 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
+#ifndef foonamespacehfoo
+#define foonamespacehfoo
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+int setup_namespace(
+ char **writable,
+ char **readable,
+ char **inaccessible,
+ bool private_tmp,
+ unsigned long flags);
+
+#endif
diff --git a/strv.h b/strv.h
index 7ee9a95a8f..603e0e7282 100644
--- a/strv.h
+++ b/strv.h
@@ -22,6 +22,9 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <stdarg.h>
+#include <stdbool.h>
+
#include "macro.h"
char *strv_find(char **l, const char *name);
diff --git a/test-ns.c b/test-ns.c
new file mode 100644
index 0000000000..baf42f6d44
--- /dev/null
+++ b/test-ns.c
@@ -0,0 +1,57 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/mount.h>
+
+#include "namespace.h"
+#include "log.h"
+
+int main(int argc, char *argv[]) {
+ const char * const writable[] = {
+ "/home",
+ NULL
+ };
+
+ const char * const readable[] = {
+ "/var",
+ NULL
+ };
+
+ const char * const inaccessible[] = {
+ "/home/lennart/projects",
+ NULL
+ };
+
+ int r;
+
+ if ((r = setup_namespace((char**) writable, (char**) readable, (char**) inaccessible, true, MS_SHARED)) < 0) {
+ log_error("Failed to setup namespace: %s", strerror(-r));
+ return 1;
+ }
+
+ execl("/bin/sh", "/bin/sh", NULL);
+ log_error("execl(): %m");
+
+ return 1;
+}
diff --git a/util.c b/util.c
index 49f5b4be13..e9f7813b8b 100644
--- a/util.c
+++ b/util.c
@@ -1140,6 +1140,39 @@ bool path_startswith(const char *path, const char *prefix) {
}
}
+bool path_equal(const char *a, const char *b) {
+ assert(a);
+ assert(b);
+
+ if ((a[0] == '/') != (b[0] == '/'))
+ return false;
+
+ for (;;) {
+ size_t j, k;
+
+ a += strspn(a, "/");
+ b += strspn(b, "/");
+
+ if (*a == 0 && *b == 0)
+ return true;
+
+ if (*a == 0 || *b == 0)
+ return false;
+
+ j = strcspn(a, "/");
+ k = strcspn(b, "/");
+
+ if (j != k)
+ return false;
+
+ if (memcmp(a, b, j) != 0)
+ return false;
+
+ a += j;
+ b += k;
+ }
+}
+
char *ascii_strlower(char *t) {
char *p;
diff --git a/util.h b/util.h
index 6f87894d15..0ef3df6d57 100644
--- a/util.h
+++ b/util.h
@@ -157,6 +157,7 @@ char *cunescape(const char *s);
char *path_kill_slashes(char *path);
bool path_startswith(const char *path, const char *prefix);
+bool path_equal(const char *a, const char *b);
char *ascii_strlower(char *path);