diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-04-21 22:15:06 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-04-21 22:15:06 +0200 |
commit | 15ae422b7471cf6f41ccf450243d8afd8ea0a054 (patch) | |
tree | 4d44b599571defe496890db757dfe987942594bd | |
parent | 020379a7f7d2cca3ab37942db3d67d06c45083fe (diff) |
execute: support basic filesystem namespacing
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile.am | 15 | ||||
-rw-r--r-- | conf-parser.c | 66 | ||||
-rw-r--r-- | conf-parser.h | 1 | ||||
-rw-r--r-- | execute.c | 67 | ||||
-rw-r--r-- | execute.h | 4 | ||||
-rw-r--r-- | load-fragment.c | 45 | ||||
-rw-r--r-- | main.c | 1 | ||||
-rw-r--r-- | missing.h | 27 | ||||
-rw-r--r-- | namespace.c | 334 | ||||
-rw-r--r-- | namespace.h | 34 | ||||
-rw-r--r-- | strv.h | 3 | ||||
-rw-r--r-- | test-ns.c | 57 | ||||
-rw-r--r-- | util.c | 33 | ||||
-rw-r--r-- | util.h | 1 |
15 files changed, 675 insertions, 14 deletions
diff --git a/.gitignore b/.gitignore index f994578e9d..ec58ed7667 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +test-ns systemd-initctl.service systemd-logger.service systemd-cgroups-agent diff --git a/Makefile.am b/Makefile.am index 567490ea63..7afa2f1576 100644 --- a/Makefile.am +++ b/Makefile.am @@ -52,7 +52,8 @@ pkglibexec_PROGRAMS = \ noinst_PROGRAMS = \ test-engine \ - test-job-type + test-job-type \ + test-ns dbuspolicy_DATA = \ org.freedesktop.systemd1.conf @@ -161,7 +162,9 @@ COMMON_SOURCES= \ unit-name.c \ unit-name.h \ fdset.c \ - fdset.h + fdset.h \ + namespace.h \ + namespace.c systemd_SOURCES = \ $(COMMON_SOURCES) \ @@ -192,6 +195,14 @@ test_job_type_SOURCES = \ test_job_type_CPPFLAGS = $(systemd_CPPFLAGS) test_job_type_LDADD = $(systemd_LDADD) +test_ns_SOURCES = \ + $(BASIC_SOURCES) \ + test-ns.c \ + namespace.c + +test_ns_CPPFLAGS = $(systemd_CPPFLAGS) +test_ns_LDADD = $(systemd_LDADD) + systemd_logger_SOURCES = \ $(BASIC_SOURCES) \ logger.c diff --git a/conf-parser.c b/conf-parser.c index 2cf90f2def..6994211b10 100644 --- a/conf-parser.c +++ b/conf-parser.c @@ -329,7 +329,7 @@ int config_parse_path( assert(rvalue); assert(data); - if (*rvalue != '/') { + if (!path_is_absolute(rvalue)) { log_error("[%s:%u] Not an absolute path: %s", filename, line, rvalue); return -EINVAL; } @@ -394,3 +394,67 @@ fail: return -ENOMEM; } + +int config_parse_path_strv( + const char *filename, + unsigned line, + const char *section, + const char *lvalue, + const char *rvalue, + void *data, + void *userdata) { + + char*** sv = data; + char **n; + char *w; + unsigned k; + size_t l; + char *state; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + k = strv_length(*sv); + FOREACH_WORD_QUOTED(w, l, rvalue, state) + k++; + + if (!(n = new(char*, k+1))) + return -ENOMEM; + + k = 0; + if (*sv) + for (; (*sv)[k]; k++) + n[k] = (*sv)[k]; + + FOREACH_WORD_QUOTED(w, l, rvalue, state) { + if (!(n[k] = strndup(w, l))) { + r = -ENOMEM; + goto fail; + } + + if (!path_is_absolute(n[k])) { + log_error("[%s:%u] Not an absolute path: %s", filename, line, rvalue); + r = -EINVAL; + goto fail; + } + + k++; + } + + n[k] = NULL; + free(*sv); + *sv = n; + + return 0; + +fail: + free(n[k]); + for (; k > 0; k--) + free(n[k-1]); + free(n); + + return r; +} diff --git a/conf-parser.h b/conf-parser.h index 33ceed8b3f..bea2a8e9be 100644 --- a/conf-parser.h +++ b/conf-parser.h @@ -50,5 +50,6 @@ int config_parse_bool(const char *filename, unsigned line, const char *section, int config_parse_string(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata); int config_parse_path(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata); int config_parse_strv(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata); +int config_parse_path_strv(const char *filename, unsigned line, const char *section, const char *lvalue, const char *rvalue, void *data, void *userdata); #endif @@ -34,6 +34,7 @@ #include <sys/stat.h> #include <grp.h> #include <pwd.h> +#include <sys/mount.h> #include "execute.h" #include "strv.h" @@ -43,6 +44,7 @@ #include "ioprio.h" #include "securebits.h" #include "cgroup.h" +#include "namespace.h" /* This assumes there is a 'tty' group */ #define TTY_MODE 0620 @@ -794,8 +796,6 @@ int exec_spawn(ExecCommand *command, goto fail; } - umask(context->umask); - if (confirm_spawn) { char response; @@ -900,6 +900,19 @@ int exec_spawn(ExecCommand *command, goto fail; } + if (strv_length(context->read_write_dirs) > 0 || + strv_length(context->read_only_dirs) > 0 || + strv_length(context->inaccessible_dirs) > 0 || + context->mount_flags != MS_SHARED || + context->private_tmp) + if ((r = setup_namespace( + context->read_write_dirs, + context->read_only_dirs, + context->inaccessible_dirs, + context->private_tmp, + context->mount_flags)) < 0) + goto fail; + if (context->user) { username = context->user; if (get_user_creds(&username, &uid, &gid, &home) < 0) { @@ -920,6 +933,8 @@ int exec_spawn(ExecCommand *command, goto fail; } + umask(context->umask); + if (apply_chroot) { if (context->root_directory) if (chroot(context->root_directory) < 0) { @@ -1066,6 +1081,7 @@ void exec_context_init(ExecContext *c) { c->ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 0); c->cpu_sched_policy = SCHED_OTHER; c->syslog_priority = LOG_DAEMON|LOG_INFO; + c->mount_flags = MS_SHARED; } void exec_context_done(ExecContext *c) { @@ -1105,6 +1121,15 @@ void exec_context_done(ExecContext *c) { cap_free(c->capabilities); c->capabilities = NULL; } + + strv_free(c->read_only_dirs); + c->read_only_dirs = NULL; + + strv_free(c->read_write_dirs); + c->read_write_dirs = NULL; + + strv_free(c->inaccessible_dirs); + c->inaccessible_dirs = NULL; } void exec_command_done(ExecCommand *c) { @@ -1143,6 +1168,15 @@ void exec_command_free_array(ExecCommand **c, unsigned n) { } } +static void strv_fprintf(FILE *f, char **l) { + char **g; + + assert(f); + + STRV_FOREACH(g, l) + fprintf(f, " %s", *g); +} + void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { char ** e; unsigned i; @@ -1157,11 +1191,13 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { "%sUMask: %04o\n" "%sWorkingDirectory: %s\n" "%sRootDirectory: %s\n" - "%sNonBlocking: %s\n", + "%sNonBlocking: %s\n" + "%sPrivateTmp: %s\n", prefix, c->umask, prefix, c->working_directory ? c->working_directory : "/", prefix, c->root_directory ? c->root_directory : "/", - prefix, yes_no(c->non_blocking)); + prefix, yes_no(c->non_blocking), + prefix, yes_no(c->private_tmp)); if (c->environment) for (e = c->environment; *e; e++) @@ -1269,14 +1305,27 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { if (c->group) fprintf(f, "%sGroup: %s", prefix, c->group); - if (c->supplementary_groups) { - char **g; - + if (strv_length(c->supplementary_groups) > 0) { fprintf(f, "%sSupplementaryGroups:", prefix); + strv_fprintf(f, c->supplementary_groups); + fputs("\n", f); + } - STRV_FOREACH(g, c->supplementary_groups) - fprintf(f, " %s", *g); + if (strv_length(c->read_write_dirs) > 0) { + fprintf(f, "%sReadWriteDirs:", prefix); + strv_fprintf(f, c->read_write_dirs); + fputs("\n", f); + } + + if (strv_length(c->read_only_dirs) > 0) { + fprintf(f, "%sReadOnlyDirs:", prefix); + strv_fprintf(f, c->read_only_dirs); + fputs("\n", f); + } + if (strv_length(c->inaccessible_dirs) > 0) { + fprintf(f, "%sInaccessibleDirs:", prefix); + strv_fprintf(f, c->inaccessible_dirs); fputs("\n", f); } } @@ -109,6 +109,9 @@ struct ExecContext { char *group; char **supplementary_groups; + char **read_write_dirs, **read_only_dirs, **inaccessible_dirs; + unsigned long mount_flags; + uint64_t capability_bounding_set_drop; cap_t capabilities; @@ -116,6 +119,7 @@ struct ExecContext { bool cpu_sched_reset_on_fork; bool non_blocking; + bool private_tmp; bool oom_adjust_set:1; bool nice_set:1; diff --git a/load-fragment.c b/load-fragment.c index 03205f14b4..680f04171f 100644 --- a/load-fragment.c +++ b/load-fragment.c @@ -27,6 +27,7 @@ #include <fcntl.h> #include <sched.h> #include <sys/prctl.h> +#include <sys/mount.h> #include "unit.h" #include "strv.h" @@ -909,6 +910,43 @@ static int config_parse_sysv_priority( DEFINE_CONFIG_PARSE_ENUM(config_parse_kill_mode, kill_mode, KillMode, "Failed to parse kill mode"); +static int config_parse_mount_flags( + const char *filename, + unsigned line, + const char *section, + const char *lvalue, + const char *rvalue, + void *data, + void *userdata) { + + ExecContext *c = data; + char *w; + size_t l; + char *state; + unsigned long flags = 0; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + FOREACH_WORD(w, l, rvalue, state) { + if (strncmp(w, "shared", l) == 0) + flags |= MS_SHARED; + else if (strncmp(w, "slave", l) == 0) + flags |= MS_SLAVE; + else if (strncmp(w, "private", l) == 0) + flags |= MS_PRIVATE; + else { + log_error("[%s:%u] Failed to parse mount flags: %s", filename, line, rvalue); + return -EINVAL; + } + } + + c->mount_flags = flags; + return 0; +} + #define FOLLOW_MAX 8 static int open_follow(char **filename, FILE **_f, Set *names, char **_final) { @@ -1149,7 +1187,12 @@ static int load_from_path(Unit *u, const char *path) { { "LimitNICE", config_parse_limit, &(context).rlimit[RLIMIT_NICE], section }, \ { "LimitRTPRIO", config_parse_limit, &(context).rlimit[RLIMIT_RTPRIO], section }, \ { "LimitRTTIME", config_parse_limit, &(context).rlimit[RLIMIT_RTTIME], section }, \ - { "ControlGroup", config_parse_cgroup, u, section } + { "ControlGroup", config_parse_cgroup, u, section }, \ + { "ReadWriteDirectories", config_parse_path_strv, &(context).read_write_dirs, section }, \ + { "ReadOnlyDirectories", config_parse_path_strv, &(context).read_only_dirs, section }, \ + { "InaccessibleDirectories",config_parse_path_strv, &(context).inaccessible_dirs, section }, \ + { "PrivateTmp", config_parse_bool, &(context).private_tmp, section }, \ + { "MountFlags", config_parse_mount_flags, &(context), section } const ConfigItem items[] = { { "Names", config_parse_names, u, "Unit" }, @@ -701,7 +701,6 @@ int main(int argc, char *argv[]) { break; case MANAGER_REEXECUTE: - if (prepare_reexecute(m, &serialization, &fds) < 0) goto finish; @@ -1,12 +1,39 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + #ifndef foomissinghfoo #define foomissinghfoo +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + /* Missing glibc definitions to access certain kernel APIs */ #include <sys/resource.h> +#include <sys/syscall.h> #ifndef RLIMIT_RTTIME #define RLIMIT_RTTIME 15 #endif +static inline int pivot_root(const char *new_root, const char *put_old) { + return syscall(SYS_pivot_root, new_root, put_old); +} + + #endif diff --git a/namespace.c b/namespace.c new file mode 100644 index 0000000000..570b4ce387 --- /dev/null +++ b/namespace.c @@ -0,0 +1,334 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <errno.h> +#include <sys/mount.h> +#include <string.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <sched.h> +#include <sys/syscall.h> +#include <limits.h> + +#include "strv.h" +#include "util.h" +#include "namespace.h" +#include "missing.h" + +typedef enum PathMode { + /* This is ordered by priority! */ + INACCESSIBLE, + READONLY, + PRIVATE, + READWRITE +} PathMode; + +typedef struct Path { + const char *path; + PathMode mode; +} Path; + +static int append_paths(Path **p, char **strv, PathMode mode) { + char **i; + + STRV_FOREACH(i, strv) { + + if (!path_is_absolute(*i)) + return -EINVAL; + + (*p)->path = *i; + (*p)->mode = mode; + (*p)++; + } + + return 0; +} + +static int path_compare(const void *a, const void *b) { + const Path *p = a, *q = b; + + if (path_equal(p->path, q->path)) { + + /* If the paths are equal, check the mode */ + if (p->mode < q->mode) + return -1; + + if (p->mode > q->mode) + return 1; + + return 0; + } + + /* If the paths are not equal, then order prefixes first */ + if (path_startswith(p->path, q->path)) + return 1; + + if (path_startswith(q->path, p->path)) + return -1; + + return 0; +} + +static void drop_duplicates(Path *p, unsigned *n, bool *need_inaccessible, bool *need_private) { + Path *f, *t, *previous; + + assert(p); + assert(n); + assert(need_inaccessible); + assert(need_private); + + for (f = p, t = p, previous = NULL; f < p+*n; f++) { + + if (previous && path_equal(f->path, previous->path)) + continue; + + t->path = f->path; + t->mode = f->mode; + + if (t->mode == PRIVATE) + *need_private = true; + + if (t->mode == INACCESSIBLE) + *need_inaccessible = true; + + previous = t; + + t++; + } + + *n = t - p; +} + +static int apply_mount(Path *p, const char *root_dir, const char *inaccessible_dir, const char *private_dir, unsigned long flags) { + const char *what; + char *where; + int r; + bool read_only = false; + + assert(p); + assert(root_dir); + assert(inaccessible_dir); + assert(private_dir); + + if (!(where = strappend(root_dir, p->path))) + return -ENOMEM; + + switch (p->mode) { + + case INACCESSIBLE: + what = inaccessible_dir; + read_only = true; + break; + + case READONLY: + read_only = true; + /* Fall through */ + + case READWRITE: + what = p->path; + break; + + case PRIVATE: + what = private_dir; + break; + } + + if ((r = mount(what, where, NULL, MS_BIND|MS_REC, NULL)) >= 0) { + log_debug("Successfully mounted %s to %s", what, where); + + /* The bind mount will always inherit the original + * flags. If we want to set any flag we need + * to do so in a second indepdant step. */ + if (flags) + r = mount(NULL, where, NULL, MS_REMOUNT|MS_REC|flags, NULL); + + /* Avoid expontial growth of trees */ + if (r >= 0 && path_equal(p->path, "/")) + r = mount(NULL, where, NULL, MS_REMOUNT|MS_UNBINDABLE, NULL); + + if (r >= 0 && read_only) + r = mount(NULL, where, NULL, MS_REMOUNT|MS_RDONLY, NULL); + + if (r < 0) { + r = -errno; + umount2(where, MNT_DETACH); + } + } + + free(where); + return r; +} + +int setup_namespace( + char **writable, + char **readable, + char **inaccessible, + bool private_tmp, + unsigned long flags) { + + char + tmp_dir[] = "/tmp/systemd-namespace-XXXXXX", + root_dir[] = "/tmp/systemd-namespace-XXXXXX/root", + old_root_dir[] = "/tmp/systemd-namespace-XXXXXX/root/tmp/old-root-XXXXXX", + inaccessible_dir[] = "/tmp/systemd-namespace-XXXXXX/inaccessible", + private_dir[] = "/tmp/systemd-namespace-XXXXXX/private"; + + Path *paths, *p; + unsigned n; + bool need_private = false, need_inaccessible = false; + bool remove_tmp = false, remove_root = false, remove_old_root = false, remove_inaccessible = false, remove_private = false; + int r; + const char *t; + + n = + strv_length(writable) + + strv_length(readable) + + strv_length(inaccessible) + + (private_tmp ? 2 : 1); + + if (!(paths = new(Path, n))) + return -ENOMEM; + + p = paths; + if ((r = append_paths(&p, writable, READWRITE)) < 0 || + (r = append_paths(&p, readable, READONLY)) < 0 || + (r = append_paths(&p, inaccessible, INACCESSIBLE)) < 0) + goto fail; + + if (private_tmp) { + p->path = "/tmp"; + p->mode = PRIVATE; + p++; + } + + p->path = "/"; + p->mode = READWRITE; + p++; + + assert(paths + n == p); + + qsort(paths, n, sizeof(Path), path_compare); + drop_duplicates(paths, &n, &need_inaccessible, &need_private); + + if (!mkdtemp(tmp_dir)) { + r = -errno; + goto fail; + } + remove_tmp = true; + + memcpy(root_dir, tmp_dir, sizeof(tmp_dir)-1); + if (mkdir(root_dir, 0777) < 0) { + r = -errno; + goto fail; + } + remove_root = true; + + if (need_inaccessible) { + memcpy(inaccessible_dir, tmp_dir, sizeof(tmp_dir)-1); + if (mkdir(inaccessible_dir, 0) < 0) { + r = -errno; + goto fail; + } + remove_inaccessible = true; + } + + if (need_private) { + memcpy(private_dir, tmp_dir, sizeof(tmp_dir)-1); + if (mkdir(private_dir, 0777 + S_ISVTX) < 0) { + r = -errno; + goto fail; + } + remove_private = true; + } + + if (unshare(CLONE_NEWNS) < 0) { + r = -errno; + goto fail; + } + + /* We assume that by default mount events from us won't be + * propagated to the root namespace. */ + + for (p = paths; p < paths + n; p++) + if ((r = apply_mount(p, root_dir, inaccessible_dir, private_dir, flags)) < 0) + goto undo_mounts; + + memcpy(old_root_dir, tmp_dir, sizeof(tmp_dir)-1); + if (!mkdtemp(old_root_dir)) { + r = -errno; + goto undo_mounts; + } + remove_old_root = true; + + if (chdir(root_dir) < 0) { + r = -errno; + goto undo_mounts; + } + + if (pivot_root(root_dir, old_root_dir) < 0) { + r = -errno; + goto undo_mounts; + } + + t = old_root_dir + sizeof(root_dir) - 1; + if (umount2(t, MNT_DETACH) < 0) + /* At this point it's too late to turn anything back, + * since we are already in the new root. */ + return -errno; + + if (rmdir(t) < 0) + return -errno; + + return 0; + +undo_mounts: + + for (p--; p >= paths; p--) { + char full_path[PATH_MAX]; + + snprintf(full_path, sizeof(full_path), "%s%s", root_dir, p->path); + char_array_0(full_path); + + umount2(full_path, MNT_DETACH); + } + +fail: + if (remove_old_root) + rmdir(old_root_dir); + + if (remove_inaccessible) + rmdir(inaccessible_dir); + + if (remove_private) + rmdir(private_dir); + + if (remove_root) + rmdir(root_dir); + + if (remove_tmp) + rmdir(tmp_dir); + + free(paths); + + return r; +} diff --git a/namespace.h b/namespace.h new file mode 100644 index 0000000000..6128646391 --- /dev/null +++ b/namespace.h @@ -0,0 +1,34 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + +#ifndef foonamespacehfoo +#define foonamespacehfoo + +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdbool.h> + +int setup_namespace( + char **writable, + char **readable, + char **inaccessible, + bool private_tmp, + unsigned long flags); + +#endif @@ -22,6 +22,9 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <stdarg.h> +#include <stdbool.h> + #include "macro.h" char *strv_find(char **l, const char *name); diff --git a/test-ns.c b/test-ns.c new file mode 100644 index 0000000000..baf42f6d44 --- /dev/null +++ b/test-ns.c @@ -0,0 +1,57 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/mount.h> + +#include "namespace.h" +#include "log.h" + +int main(int argc, char *argv[]) { + const char * const writable[] = { + "/home", + NULL + }; + + const char * const readable[] = { + "/var", + NULL + }; + + const char * const inaccessible[] = { + "/home/lennart/projects", + NULL + }; + + int r; + + if ((r = setup_namespace((char**) writable, (char**) readable, (char**) inaccessible, true, MS_SHARED)) < 0) { + log_error("Failed to setup namespace: %s", strerror(-r)); + return 1; + } + + execl("/bin/sh", "/bin/sh", NULL); + log_error("execl(): %m"); + + return 1; +} @@ -1140,6 +1140,39 @@ bool path_startswith(const char *path, const char *prefix) { } } +bool path_equal(const char *a, const char *b) { + assert(a); + assert(b); + + if ((a[0] == '/') != (b[0] == '/')) + return false; + + for (;;) { + size_t j, k; + + a += strspn(a, "/"); + b += strspn(b, "/"); + + if (*a == 0 && *b == 0) + return true; + + if (*a == 0 || *b == 0) + return false; + + j = strcspn(a, "/"); + k = strcspn(b, "/"); + + if (j != k) + return false; + + if (memcmp(a, b, j) != 0) + return false; + + a += j; + b += k; + } +} + char *ascii_strlower(char *t) { char *p; @@ -157,6 +157,7 @@ char *cunescape(const char *s); char *path_kill_slashes(char *path); bool path_startswith(const char *path, const char *prefix); +bool path_equal(const char *a, const char *b); char *ascii_strlower(char *path); |