• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/procd/jail/jail.c

  1 /*
  2  * Copyright (C) 2015 John Crispin <blogic@openwrt.org>
  3  * Copyright (C) 2020 Daniel Golle <daniel@makrotopia.org>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU Lesser General Public License version 2.1
  7  * as published by the Free Software Foundation
  8  *
  9  * This program is distributed in the hope that it will be useful,
 10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12  * GNU General Public License for more details.
 13  */
 14 
 15 #define _GNU_SOURCE
 16 #include <sys/mount.h>
 17 #include <sys/prctl.h>
 18 #include <sys/wait.h>
 19 #include <sys/types.h>
 20 #include <sys/time.h>
 21 #include <sys/resource.h>
 22 #include <sys/stat.h>
 23 #include <sys/sysmacros.h>
 24 
 25 /* musl only defined 15 limit types, make sure all 16 are supported */
 26 #ifndef RLIMIT_RTTIME
 27 #define RLIMIT_RTTIME 15
 28 #undef RLIMIT_NLIMITS
 29 #define RLIMIT_NLIMITS 16
 30 #undef RLIM_NLIMITS
 31 #define RLIM_NLIMITS 16
 32 #endif
 33 
 34 #include <assert.h>
 35 #include <stdlib.h>
 36 #include <unistd.h>
 37 #include <errno.h>
 38 #include <pwd.h>
 39 #include <grp.h>
 40 #include <string.h>
 41 #include <fcntl.h>
 42 #include <sched.h>
 43 #include <linux/filter.h>
 44 #include <linux/limits.h>
 45 #include <linux/nsfs.h>
 46 #include <linux/securebits.h>
 47 #include <signal.h>
 48 #include <inttypes.h>
 49 
 50 #include "capabilities.h"
 51 #include "elf.h"
 52 #include "fs.h"
 53 #include "jail.h"
 54 #include "log.h"
 55 #include "seccomp-oci.h"
 56 #include "cgroups.h"
 57 #include "netifd.h"
 58 
 59 #include <libubox/blobmsg.h>
 60 #include <libubox/blobmsg_json.h>
 61 #include <libubox/list.h>
 62 #include <libubox/vlist.h>
 63 #include <libubox/uloop.h>
 64 #include <libubox/utils.h>
 65 #include <libubus.h>
 66 
 67 #ifndef CLONE_NEWCGROUP
 68 #define CLONE_NEWCGROUP 0x02000000
 69 #endif
 70 
 71 #define STACK_SIZE      (1024 * 1024)
 72 #define OPT_ARGS        "cC:d:e:EfFG:h:ij:J:ln:NoO:pP:r:R:sS:uU:w:t:T:y"
 73 
 74 #define OCI_VERSION_STRING "1.0.2"
 75 
 76 struct hook_execvpe {
 77         char *file;
 78         char **argv;
 79         char **envp;
 80         int timeout;
 81 };
 82 
 83 struct sysctl_val {
 84         char *entry;
 85         char *value;
 86 };
 87 
 88 struct mknod_args {
 89         char *path;
 90         mode_t mode;
 91         dev_t dev;
 92         uid_t uid;
 93         gid_t gid;
 94 };
 95 
 96 static struct {
 97         char *name;
 98         char *hostname;
 99         char **jail_argv;
100         char *cwd;
101         char *seccomp;
102         struct sock_fprog *ociseccomp;
103         char *capabilities;
104         struct jail_capset capset;
105         char *user;
106         char *group;
107         char *extroot;
108         char *overlaydir;
109         char *tmpoverlaysize;
110         char **envp;
111         char *uidmap;
112         char *gidmap;
113         char *pidfile;
114         struct sysctl_val **sysctl;
115         int no_new_privs;
116         int namespace;
117         struct {
118                 int pid;
119                 int net;
120                 int ns;
121                 int ipc;
122                 int uts;
123                 int user;
124                 int cgroup;
125 #ifdef CLONE_NEWTIME
126                 int time;
127 #endif
128         } setns;
129         int procfs;
130         int ronly;
131         int sysfs;
132         int console;
133         int pw_uid;
134         int pw_gid;
135         int gr_gid;
136         int root_map_uid;
137         gid_t *additional_gids;
138         size_t num_additional_gids;
139         mode_t umask;
140         bool set_umask;
141         int require_jail;
142         struct {
143                 struct hook_execvpe **createRuntime;
144                 struct hook_execvpe **createContainer;
145                 struct hook_execvpe **startContainer;
146                 struct hook_execvpe **poststart;
147                 struct hook_execvpe **poststop;
148         } hooks;
149         struct rlimit *rlimits[RLIM_NLIMITS];
150         int oom_score_adj;
151         bool set_oom_score_adj;
152         struct mknod_args **devices;
153         char *ocibundle;
154         bool immediately;
155         struct blob_attr *annotations;
156         int term_timeout;
157 } opts;
158 
159 static struct blob_buf ocibuf;
160 
161 extern int pivot_root(const char *new_root, const char *put_old);
162 
163 int debug = 0;
164 
165 static char child_stack[STACK_SIZE];
166 
167 static struct ubus_context *parent_ctx;
168 
169 int console_fd;
170 
171 
172 static inline bool has_namespaces(void)
173 {
174 return ((opts.setns.pid != -1) ||
175         (opts.setns.net != -1) ||
176         (opts.setns.ns != -1) ||
177         (opts.setns.ipc != -1) ||
178         (opts.setns.uts != -1) ||
179         (opts.setns.user != -1) ||
180         (opts.setns.cgroup != -1) ||
181 #ifdef CLONE_NEWTIME
182         (opts.setns.time != -1) ||
183 #endif
184         opts.namespace);
185 }
186 
187 static void free_oci_envp(char **p) {
188         char **tmp;
189 
190         if (p) {
191                 tmp = p;
192                 while (*tmp)
193                         free(*(tmp++));
194 
195                 free(p);
196         }
197 }
198 
199 static void free_hooklist(struct hook_execvpe **hooklist)
200 {
201         struct hook_execvpe *cur;
202 
203         if (!hooklist)
204                 return;
205 
206         cur = *hooklist;
207         while (cur) {
208                 free_oci_envp(cur->argv);
209                 free_oci_envp(cur->envp);
210                 free(cur->file);
211                 free(cur++);
212         }
213         free(hooklist);
214 }
215 
216 static void free_sysctl(void) {
217         struct sysctl_val *cur;
218         cur = *opts.sysctl;
219 
220         while (cur) {
221                 free(cur->entry);
222                 free(cur->value);
223                 free(cur++);
224         }
225         free(opts.sysctl);
226 }
227 
228 static void free_devices(void) {
229         struct mknod_args **cur;
230 
231         if (!opts.devices)
232                 return;
233 
234         cur = opts.devices;
235 
236         while (*cur) {
237                 free((*cur)->path);
238                 free(*(cur++));
239         }
240         free(opts.devices);
241 }
242 
243 static void free_rlimits(void) {
244         int type;
245 
246         for (type = 0; type < RLIM_NLIMITS; ++type)
247                 free(opts.rlimits[type]);
248 }
249 
250 static void free_opts(bool parent) {
251 
252         free_library_search();
253         mount_free();
254         cgroups_free();
255 
256         /* we need to keep argv, envp and seccomp filter in child */
257         if (parent) { /* parent-only */
258                 if (opts.ociseccomp) {
259                         free(opts.ociseccomp->filter);
260                         free(opts.ociseccomp);
261                 }
262 
263                 free_oci_envp(opts.jail_argv);
264                 free_oci_envp(opts.envp);
265         }
266 
267         free_rlimits();
268         free_sysctl();
269         free_devices();
270         free(opts.hostname);
271         free(opts.cwd);
272         free(opts.uidmap);
273         free(opts.gidmap);
274         free(opts.annotations);
275         free(opts.extroot);
276         free(opts.overlaydir);
277         free_hooklist(opts.hooks.createRuntime);
278         free_hooklist(opts.hooks.createContainer);
279         free_hooklist(opts.hooks.startContainer);
280         free_hooklist(opts.hooks.poststart);
281         free_hooklist(opts.hooks.poststop);
282 }
283 
284 static int mount_overlay(char *jail_root, char *overlaydir) {
285         char *upperdir, *workdir, *optsstr, *upperetc, *upperresolvconf;
286         const char mountoptsformat[] = "lowerdir=%s,upperdir=%s,workdir=%s";
287         int ret = -1, fd;
288 
289         if (asprintf(&upperdir, "%s%s", overlaydir, "/upper") < 0)
290                 goto out;
291 
292         if (asprintf(&workdir, "%s%s", overlaydir, "/work") < 0)
293                 goto upper_printf;
294 
295         if (asprintf(&optsstr, mountoptsformat, jail_root, upperdir, workdir) < 0)
296                 goto work_printf;
297 
298         if (mkdir_p(upperdir, 0755) || mkdir_p(workdir, 0755))
299                 goto opts_printf;
300 
301 /*
302  * make sure /etc/resolv.conf exists in overlay and is owned by jail userns root
303  * this is to work-around a bug in overlayfs described in the overlayfs-userns
304  * patch:
305  * 3. modification of a file 'hithere' which is in l but not yet
306  * in u, and which is not owned by T, is not allowed, even if
307  * writes to u are allowed.  This may be a bug in overlayfs,
308  * but it is safe behavior.
309  */
310         if (asprintf(&upperetc, "%s/etc", upperdir) < 0)
311                 goto opts_printf;
312 
313         if (mkdir_p(upperetc, 0755))
314                 goto upper_etc_printf;
315 
316         if (asprintf(&upperresolvconf, "%s/resolv.conf", upperetc) < 0)
317                 goto upper_etc_printf;
318 
319         fd = creat(upperresolvconf, 0644);
320         if (fd < 0) {
321                 if (errno != EEXIST)
322                         ERROR("creat(%s) failed: %m\n", upperresolvconf);
323         } else {
324                 close(fd);
325         }
326         DEBUG("mount -t overlay %s %s (%s)\n", jail_root, jail_root, optsstr);
327 
328         if (mount(jail_root, jail_root, "overlay", MS_NOATIME, optsstr))
329                 goto upper_resolvconf_printf;
330 
331         ret = 0;
332 
333 upper_resolvconf_printf:
334         free(upperresolvconf);
335 upper_etc_printf:
336         free(upperetc);
337 opts_printf:
338         free(optsstr);
339 work_printf:
340         free(workdir);
341 upper_printf:
342         free(upperdir);
343 out:
344         return ret;
345 }
346 
347 static void pass_console(int console_fd)
348 {
349         struct ubus_context *child_ctx = ubus_connect(NULL);
350         static struct blob_buf req;
351         uint32_t id;
352 
353         if (!child_ctx)
354                 return;
355 
356         blob_buf_init(&req, 0);
357         blobmsg_add_string(&req, "name", opts.name);
358 
359         if (ubus_lookup_id(child_ctx, "container", &id) ||
360             ubus_invoke_fd(child_ctx, id, "console_set", req.head, NULL, NULL, 3000, console_fd))
361                 INFO("ubus request failed\n");
362         else
363                 close(console_fd);
364 
365         blob_buf_free(&req);
366         ubus_free(child_ctx);
367 }
368 
369 static int create_dev_console(const char *jail_root)
370 {
371         char *console_fname;
372         char dev_console_path[PATH_MAX];
373         int slave_console_fd;
374 
375         /* Open UNIX/98 virtual console */
376         console_fd = posix_openpt(O_RDWR | O_NOCTTY);
377         if (console_fd < 0)
378                 return -1;
379 
380         console_fname = ptsname(console_fd);
381         DEBUG("got console fd %d and PTS client name %s\n", console_fd, console_fname);
382         if (!console_fname)
383                 goto no_console;
384 
385         grantpt(console_fd);
386         unlockpt(console_fd);
387 
388         /* pass PTY master to procd */
389         pass_console(console_fd);
390 
391         /* mount-bind PTY slave to /dev/console in jail */
392         snprintf(dev_console_path, sizeof(dev_console_path), "%s/dev/console", jail_root);
393         close(creat(dev_console_path, 0620));
394 
395         if (mount(console_fname, dev_console_path, "bind", MS_BIND, NULL))
396                 goto no_console;
397 
398         /* use PTY slave for stdio */
399         slave_console_fd = open(console_fname, O_RDWR); /* | O_NOCTTY */
400         if (slave_console_fd < 0)
401                 goto no_console;
402 
403         dup2(slave_console_fd, 0);
404         dup2(slave_console_fd, 1);
405         dup2(slave_console_fd, 2);
406         close(slave_console_fd);
407 
408         INFO("using guest console %s\n", console_fname);
409 
410         return 0;
411 
412 no_console:
413         close(console_fd);
414         return 1;
415 }
416 
417 static int hook_running = 0;
418 static int hook_return_code = 0;
419 static struct hook_execvpe **current_hook = NULL;
420 typedef void (*hook_return_handler)(void);
421 static hook_return_handler hook_return_cb = NULL;
422 
423 static void hook_process_timeout_cb(struct uloop_timeout *t);
424 static struct uloop_timeout hook_process_timeout = {
425         .cb = hook_process_timeout_cb,
426 };
427 
428 static void run_hooklist(void);
429 static void hook_process_handler(struct uloop_process *c, int ret)
430 {
431         uloop_timeout_cancel(&hook_process_timeout);
432 
433         if (WIFEXITED(ret)) {
434                 hook_return_code = WEXITSTATUS(ret);
435                 if (hook_return_code)
436                         ERROR("hook (%d) exited with exit: %d\n", c->pid, hook_return_code);
437                 else
438                         DEBUG("hook (%d) exited with exit: %d\n", c->pid, hook_return_code);
439 
440         } else {
441                 hook_return_code = WTERMSIG(ret);
442                 ERROR("hook (%d) exited with signal: %d\n", c->pid, hook_return_code);
443         }
444         hook_running = 0;
445         ++current_hook;
446         run_hooklist();
447 }
448 
449 static struct uloop_process hook_process = {
450         .cb = hook_process_handler,
451 };
452 
453 static void hook_process_timeout_cb(struct uloop_timeout *t)
454 {
455         DEBUG("hook process failed to stop, sending SIGKILL\n");
456         kill(hook_process.pid, SIGKILL);
457 }
458 
459 static void run_hooklist(void)
460 {
461         struct hook_execvpe *hook = *current_hook;
462         struct stat s;
463 
464         if (!hook)
465                 return hook_return_cb();
466 
467         DEBUG("executing hook %s\n", hook->file);
468 
469         if (stat(hook->file, &s))
470                 hook_process_handler(&hook_process, ENOENT);
471 
472         if (!((unsigned long)s.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
473                 hook_process_handler(&hook_process, EPERM);
474 
475         hook_running = 1;
476         hook_process.pid = fork();
477         if (hook_process.pid == 0) {
478                 /* child */
479                 execve(hook->file, hook->argv, hook->envp);
480                 ERROR("execve error %m\n");
481                 _exit(errno);
482         } else if (hook_process.pid < 0) {
483                 /* fork error */
484                 ERROR("hook fork error\n");
485                 hook_running = 0;
486                 hook_process_handler(&hook_process, errno);
487         }
488 
489         /* parent */
490         uloop_process_add(&hook_process);
491 
492         if (hook->timeout > 0)
493                 uloop_timeout_set(&hook_process_timeout, 1000 * hook->timeout);
494 
495         uloop_run();
496         if (hook_running) {
497                 DEBUG("uloop interrupted, killing jail process\n");
498                 kill(hook_process.pid, SIGTERM);
499                 uloop_timeout_set(&hook_process_timeout, 1000);
500                 uloop_run();
501         }
502 }
503 
504 static void run_hooks(struct hook_execvpe **hooklist, hook_return_handler return_cb)
505 {
506         if (!hooklist)
507                 return_cb();
508 
509         current_hook = hooklist;
510         hook_return_cb = return_cb;
511 
512         run_hooklist();
513 }
514 
515 static int apply_sysctl(const char *jail_root)
516 {
517         struct sysctl_val **cur;
518         char *procdir, *fname;
519         int f;
520 
521         if (!opts.sysctl)
522                 return 0;
523 
524         if (asprintf(&procdir, "%s/proc", jail_root) < 0)
525                 return ENOMEM;
526 
527         mkdir(procdir, 0700);
528         if (mount("proc", procdir, "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0))
529                 return EPERM;
530 
531         cur = opts.sysctl;
532 
533         while (*cur) {
534                 if (asprintf(&fname, "%s/sys/%s", procdir, (*cur)->entry) < 0)
535                         return ENOMEM;
536 
537                 DEBUG("sysctl: writing '%s' to %s\n", (*cur)->value, fname);
538 
539                 f = open(fname, O_WRONLY);
540                 if (f < 0) {
541                         ERROR("sysctl: can't open %s\n", fname);
542                         free(fname);
543                         return errno;
544                 }
545                 if (write(f, (*cur)->value, strlen((*cur)->value)) < 0) {
546                         ERROR("sysctl: write to %s\n", fname);
547                         free(fname);
548                         close(f);
549                         return errno;
550                 }
551 
552                 free(fname);
553                 close(f);
554                 ++cur;
555         }
556         umount(procdir);
557         rmdir(procdir);
558         free(procdir);
559 
560         return 0;
561 }
562 
563 /* glibc defines makedev calling a function. make sure it's a pure macro */
564 #if defined(__GLIBC__)
565 #undef makedev
566 /* from musl's sys/sysmacros.h */
567 #define makedev(x,y) ( \
568         (((x)&0xfffff000ULL) << 32) | \
569         (((x)&0x00000fffULL) << 8) | \
570         (((y)&0xffffff00ULL) << 12) | \
571         (((y)&0x000000ffULL)) )
572 #endif
573 
574 static struct mknod_args default_devices[] = {
575         { .path = "/dev/null", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH), .dev = makedev(1, 3) },
576         { .path = "/dev/zero", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH), .dev = makedev(1, 5) },
577         { .path = "/dev/full", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH), .dev = makedev(1, 7) },
578         { .path = "/dev/random", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH), .dev = makedev(1, 8) },
579         { .path = "/dev/urandom", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH), .dev = makedev(1, 9) },
580         { .path = "/dev/tty", .mode = (S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP), .dev = makedev(5, 0), .gid = 5 },
581         { 0 },
582 };
583 
584 static int create_devices(void)
585 {
586         struct mknod_args **cur, *curdef;
587         char *path, *tmp;
588         int ret;
589 
590         if (!opts.devices)
591                 goto only_default_devices;
592 
593         cur = opts.devices;
594 
595         while (*cur) {
596                 path = (*cur)->path;
597                 /* don't allow devices outside of /dev */
598                 if (strncmp(path, "/dev", 4))
599                         return EPERM;
600 
601                 /* make sure parent folder exists */
602                 tmp = strrchr(path, '/');
603                 if (!tmp)
604                         return EINVAL;
605 
606                 *tmp = '\0';
607                 if (strcmp(path, "/dev")) {
608                         DEBUG("creating directory %s\n", path);
609 
610                         mkdir_p(path, 0755);
611                 }
612                 *tmp = '/';
613 
614                 DEBUG("creating %s (mode=%08o)\n", path, (*cur)->mode);
615 
616                 /* create device */
617                 if (mknod(path, (*cur)->mode, (*cur)->dev))
618                         return errno;
619 
620                 /* change owner, if needed */
621                 if (((*cur)->uid || (*cur)->gid) &&
622                     chown(path, (*cur)->uid, (*cur)->gid))
623                         return errno;
624 
625                 ++cur;
626         }
627 
628 only_default_devices:
629         curdef = default_devices;
630         while(curdef->path) {
631                 DEBUG("creating %s (mode=%08o)\n", curdef->path, curdef->mode);
632                 if (mknod(curdef->path, curdef->mode, curdef->dev)) {
633                         ++curdef;
634                         continue; /* may already exist, eg. due to a bind-mount */
635                 }
636                 if ((curdef->uid || curdef->gid) &&
637                     chown(curdef->path, curdef->uid, curdef->gid))
638                         return errno;
639 
640                 ++curdef;
641         }
642 
643         /* Dev symbolic links as defined in OCI spec */
644         ret = symlink("/dev/pts/ptmx", "/dev/ptmx");
645         if (ret < 0)
646                 WARNING("symlink() failed to create link to /dev/pts/ptmx");
647 
648         ret = symlink("/proc/self/fd", "/dev/fd");
649         if (ret < 0)
650                 WARNING("symlink() failed to create link to /proc/self/fd");
651 
652         ret = symlink("/proc/self/fd/0", "/dev/stdin");
653         if (ret < 0)
654                 WARNING("symlink() failed to create link to /proc/self/fd/0");
655 
656         ret = symlink("/proc/self/fd/1", "/dev/stdout");
657         if (ret < 0)
658                 WARNING("symlink() failed to create link to /proc/self/fd/1");
659 
660         ret = symlink("/proc/self/fd/2", "/dev/stderr");
661         if (ret < 0)
662                 WARNING("symlink() failed to create link to /proc/self/fd/2");
663 
664         return 0;
665 }
666 
667 static char jail_root[] = "/tmp/ujail-XXXXXX";
668 static char tmpovdir[] = "/tmp/ujail-overlay-XXXXXX";
669 static mode_t old_umask;
670 static void enter_jail_fs(void);
671 static int build_jail_fs(void)
672 {
673         char *overlaydir = NULL;
674         int ret;
675 
676         old_umask = umask(0);
677 
678         if (mkdtemp(jail_root) == NULL) {
679                 ERROR("mkdtemp(%s) failed: %m\n", jail_root);
680                 return -1;
681         }
682 
683         if (apply_sysctl(jail_root)) {
684                 ERROR("failed to apply sysctl values\n");
685                 return -1;
686         }
687 
688         /* oldroot can't be MS_SHARED else pivot_root() fails */
689         if (mount("none", "/", "none", MS_REC|MS_PRIVATE, NULL)) {
690                 ERROR("private mount failed %m\n");
691                 return -1;
692         }
693 
694         if (opts.extroot) {
695                 if (mount(opts.extroot, jail_root, "bind", MS_BIND, NULL)) {
696                         ERROR("extroot mount failed %m\n");
697                         return -1;
698                 }
699         } else {
700                 if (mount("tmpfs", jail_root, "tmpfs", MS_NOATIME, "mode=0755")) {
701                         ERROR("tmpfs mount failed %m\n");
702                         return -1;
703                 }
704         }
705 
706         if (opts.tmpoverlaysize) {
707                 char mountoptsstr[] = "mode=0755,size=XXXXXXXX";
708 
709                 snprintf(mountoptsstr, sizeof(mountoptsstr),
710                          "mode=0755,size=%s", opts.tmpoverlaysize);
711                 if (mkdtemp(tmpovdir) == NULL) {
712                         ERROR("mkdtemp(%s) failed: %m\n", jail_root);
713                         return -1;
714                 }
715                 if (mount("tmpfs", tmpovdir, "tmpfs", MS_NOATIME,
716                           mountoptsstr)) {
717                         ERROR("failed to mount tmpfs for overlay (size=%s)\n", opts.tmpoverlaysize);
718                         return -1;
719                 }
720                 overlaydir = tmpovdir;
721         }
722 
723         if (opts.overlaydir)
724                 overlaydir = opts.overlaydir;
725 
726         if (overlaydir) {
727                 ret = mount_overlay(jail_root, overlaydir);
728                 if (ret)
729                         return ret;
730         }
731 
732         if (chdir(jail_root)) {
733                 ERROR("chdir(%s) (jail_root) failed: %m\n", jail_root);
734                 return -1;
735         }
736 
737         if (mount_all(jail_root)) {
738                 ERROR("mount_all() failed\n");
739                 return -1;
740         }
741 
742         if (opts.console)
743                 create_dev_console(jail_root);
744 
745         /* make sure /etc/resolv.conf exists if in new network namespace */
746         if (opts.namespace & CLONE_NEWNET) {
747                 char jailetc[PATH_MAX], jaillink[PATH_MAX];
748 
749                 snprintf(jailetc, PATH_MAX, "%s/etc", jail_root);
750                 mkdir_p(jailetc, 0755);
751                 snprintf(jaillink, PATH_MAX, "%s/etc/resolv.conf", jail_root);
752                 if (overlaydir)
753                         unlink(jaillink);
754 
755                 ret = symlink("../dev/resolv.conf.d/resolv.conf.auto", jaillink);
756                 if (ret < 0)
757                         WARNING("symlink() failed to create link to ../dev/resolv.conf.d/resolv.conf.auto");
758         }
759 
760         run_hooks(opts.hooks.createContainer, enter_jail_fs);
761 
762         return 0;
763 }
764 
765 static bool exit_from_child;
766 static void free_and_exit(int ret)
767 {
768         if (!exit_from_child && opts.ocibundle)
769                 cgroups_free();
770 
771         if (!exit_from_child && parent_ctx)
772                 ubus_free(parent_ctx);
773 
774         free_opts(!exit_from_child);
775 
776         exit(ret);
777 }
778 
779 static void post_jail_fs(void);
780 static void enter_jail_fs(void)
781 {
782         char dirbuf[sizeof(jail_root) + 4];
783 
784         snprintf(dirbuf, sizeof(dirbuf), "%s/old", jail_root);
785         mkdir(dirbuf, 0755);
786 
787         if (pivot_root(jail_root, dirbuf) == -1) {
788                 ERROR("pivot_root(%s, %s) failed: %m\n", jail_root, dirbuf);
789                 free_and_exit(-1);
790         }
791         if (chdir("/")) {
792                 ERROR("chdir(/) (after pivot_root) failed: %m\n");
793                 free_and_exit(-1);
794         }
795 
796         snprintf(dirbuf, sizeof(dirbuf), "/old%s", jail_root);
797         umount2(dirbuf, MNT_DETACH);
798         rmdir(dirbuf);
799         if (opts.tmpoverlaysize) {
800                 char tmpdirbuf[sizeof(tmpovdir) + 4];
801                 snprintf(tmpdirbuf, sizeof(tmpdirbuf), "/old%s", tmpovdir);
802                 umount2(tmpdirbuf, MNT_DETACH);
803                 rmdir(tmpdirbuf);
804         }
805 
806         umount2("/old", MNT_DETACH);
807         rmdir("/old");
808 
809         if (create_devices()) {
810                 ERROR("create_devices() failed\n");
811                 free_and_exit(-1);
812         }
813         if (opts.ronly)
814                 mount(NULL, "/", "bind", MS_REMOUNT | MS_BIND | MS_RDONLY, 0);
815 
816         umask(old_umask);
817         post_jail_fs();
818 }
819 
820 static int write_uid_gid_map(pid_t child_pid, bool gidmap, char *mapstr)
821 {
822         int map_file;
823         char map_path[64];
824 
825         if (snprintf(map_path, sizeof(map_path), "/proc/%d/%s",
826                 child_pid, gidmap?"gid_map":"uid_map") < 0)
827                 return -1;
828 
829         if ((map_file = open(map_path, O_WRONLY)) < 0)
830                 return -1;
831 
832         if (dprintf(map_file, "%s", mapstr)) {
833                 close(map_file);
834                 return -1;
835         }
836 
837         close(map_file);
838         return 0;
839 }
840 
841 static int write_single_uid_gid_map(pid_t child_pid, bool gidmap, int id)
842 {
843         int map_file;
844         char map_path[64];
845         const char *map_format = "%d %d %d\n";
846         if (snprintf(map_path, sizeof(map_path), "/proc/%d/%s",
847                 child_pid, gidmap?"gid_map":"uid_map") < 0)
848                 return -1;
849 
850         if ((map_file = open(map_path, O_WRONLY)) < 0)
851                 return -1;
852 
853         if (dprintf(map_file, map_format, 0, id, 1) < 0) {
854                 close(map_file);
855                 return -1;
856         }
857 
858         close(map_file);
859         return 0;
860 }
861 
862 static int write_setgroups(pid_t child_pid, bool allow)
863 {
864         int setgroups_file;
865         char setgroups_path[64];
866 
867         if (snprintf(setgroups_path, sizeof(setgroups_path), "/proc/%d/setgroups",
868                 child_pid) < 0) {
869                 return -1;
870         }
871 
872         if ((setgroups_file = open(setgroups_path, O_WRONLY)) < 0) {
873                 return -1;
874         }
875 
876         if (dprintf(setgroups_file, "%s", allow?"allow":"deny") == -1) {
877                 close(setgroups_file);
878                 return -1;
879         }
880 
881         close(setgroups_file);
882         return 0;
883 }
884 
885 static void get_jail_user(int *user, int *user_gid, int *gr_gid)
886 {
887         struct passwd *p = NULL;
888         struct group *g = NULL;
889 
890         if (opts.user) {
891                 p = getpwnam(opts.user);
892                 if (!p) {
893                         ERROR("failed to get uid/gid for user %s: %d (%s)\n",
894                               opts.user, errno, strerror(errno));
895                         free_and_exit(EXIT_FAILURE);
896                 }
897                 *user = p->pw_uid;
898                 *user_gid = p->pw_gid;
899         } else {
900                 *user = -1;
901                 *user_gid = -1;
902         }
903 
904         if (opts.group) {
905                 g = getgrnam(opts.group);
906                 if (!g) {
907                         ERROR("failed to get gid for group %s: %m\n", opts.group);
908                         free_and_exit(EXIT_FAILURE);
909                 }
910                 *gr_gid = g->gr_gid;
911         } else {
912                 *gr_gid = -1;
913         }
914 };
915 
916 static void set_jail_user(int pw_uid, int user_gid, int gr_gid)
917 {
918         if (opts.user && (user_gid != -1) && initgroups(opts.user, user_gid)) {
919                 ERROR("failed to initgroups() for user %s: %m\n", opts.user);
920                 free_and_exit(EXIT_FAILURE);
921         }
922 
923         if ((gr_gid != -1) && setregid(gr_gid, gr_gid)) {
924                 ERROR("failed to set group id %d: %m\n", gr_gid);
925                 free_and_exit(EXIT_FAILURE);
926         }
927 
928         if ((pw_uid != -1) && setreuid(pw_uid, pw_uid)) {
929                 ERROR("failed to set user id %d: %m\n", pw_uid);
930                 free_and_exit(EXIT_FAILURE);
931         }
932 }
933 
934 static int apply_rlimits(void)
935 {
936         int resource;
937 
938         for (resource = 0; resource < RLIM_NLIMITS; ++resource) {
939                 if (opts.rlimits[resource])
940                         DEBUG("applying limits to resource %u\n", resource);
941 
942                 if (opts.rlimits[resource] &&
943                     setrlimit(resource, opts.rlimits[resource]))
944                         return errno;
945         }
946 
947         return 0;
948 }
949 
950 #define MAX_ENVP        64
951 static char** build_envp(const char *seccomp, char **ocienvp)
952 {
953         static char *envp[MAX_ENVP];
954         static char preload_var[PATH_MAX];
955         static char seccomp_var[PATH_MAX];
956         static char seccomp_debug_var[20];
957         static char debug_var[] = "LD_DEBUG=all";
958         static char container_var[] = "container=ujail";
959         const char *preload_lib = find_lib("libpreload-seccomp.so");
960         char **addenv;
961 
962         int count = 0;
963 
964         if (seccomp && !preload_lib) {
965                 ERROR("failed to add preload-lib to env\n");
966                 return NULL;
967         }
968         if (seccomp) {
969                 snprintf(seccomp_var, sizeof(seccomp_var), "SECCOMP_FILE=%s", seccomp);
970                 envp[count++] = seccomp_var;
971                 snprintf(seccomp_debug_var, sizeof(seccomp_debug_var), "SECCOMP_DEBUG=%2d", debug);
972                 envp[count++] = seccomp_debug_var;
973                 snprintf(preload_var, sizeof(preload_var), "LD_PRELOAD=%s", preload_lib);
974                 envp[count++] = preload_var;
975         }
976 
977         envp[count++] = container_var;
978 
979         if (debug > 1)
980                 envp[count++] = debug_var;
981 
982         addenv = ocienvp;
983         while (addenv && *addenv) {
984                 envp[count++] = *(addenv++);
985                 if (count >= MAX_ENVP) {
986                         ERROR("environment limited to %d extra records, truncating\n", MAX_ENVP);
987                         break;
988                 }
989         }
990         return envp;
991 }
992 
993 static void usage(void)
994 {
995         fprintf(stderr, "ujail <options> -- <binary> <params ...>\n");
996         fprintf(stderr, "  -d <num>\tshow debug log (increase num to increase verbosity)\n");
997         fprintf(stderr, "  -S <file>\tseccomp filter config\n");
998         fprintf(stderr, "  -C <file>\tcapabilities drop config\n");
999         fprintf(stderr, "  -c\t\tset PR_SET_NO_NEW_PRIVS\n");
1000         fprintf(stderr, "  -n <name>\tthe name of the jail\n");
1001         fprintf(stderr, "  -e <var>\timport environment variable\n");
1002         fprintf(stderr, "namespace jail options:\n");
1003         fprintf(stderr, "  -h <hostname>\tchange the hostname of the jail\n");
1004         fprintf(stderr, "  -N\t\tjail has network namespace\n");
1005         fprintf(stderr, "  -f\t\tjail has user namespace\n");
1006         fprintf(stderr, "  -F\t\tjail has cgroups namespace\n");
1007         fprintf(stderr, "  -r <file>\treadonly files that should be staged\n");
1008         fprintf(stderr, "  -w <file>\twriteable files that should be staged\n");
1009         fprintf(stderr, "  -p\t\tjail has /proc\n");
1010         fprintf(stderr, "  -s\t\tjail has /sys\n");
1011         fprintf(stderr, "  -l\t\tjail has /dev/log\n");
1012         fprintf(stderr, "  -u\t\tjail has a ubus socket\n");
1013         fprintf(stderr, "  -U <name>\tuser to run jailed process\n");
1014         fprintf(stderr, "  -G <name>\tgroup to run jailed process\n");
1015         fprintf(stderr, "  -o\t\tremont jail root (/) read only\n");
1016         fprintf(stderr, "  -R <dir>\texternal jail rootfs (system container)\n");
1017         fprintf(stderr, "  -O <dir>\tdirectory for r/w overlayfs\n");
1018         fprintf(stderr, "  -T <size>\tuse tmpfs r/w overlayfs with <size>\n");
1019         fprintf(stderr, "  -E\t\tfail if jail cannot be setup\n");
1020         fprintf(stderr, "  -y\t\tprovide jail console\n");
1021         fprintf(stderr, "  -J <dir>\tcreate container from OCI bundle\n");
1022         fprintf(stderr, "  -i\t\tstart container immediately\n");
1023         fprintf(stderr, "  -P <pidfile>\tcreate <pidfile>\n");
1024         fprintf(stderr, "\nWarning: by default root inside the jail is the same\n\
1025 and he has the same powers as root outside the jail,\n\
1026 thus he can escape the jail and/or break stuff.\n\
1027 Please use seccomp/capabilities (-S/-C) to restrict his powers\n\n\
1028 If you use none of the namespace jail options,\n\
1029 ujail will not use namespace/build a jail,\n\
1030 and will only drop capabilities/apply seccomp filter.\n\n");
1031 }
1032 
1033 static int* get_namespace_fd(const unsigned int nstype)
1034 {
1035         switch (nstype) {
1036                 case CLONE_NEWPID:
1037                         return &opts.setns.pid;
1038                 case CLONE_NEWNET:
1039                         return &opts.setns.net;
1040                 case CLONE_NEWNS:
1041                         return &opts.setns.ns;
1042                 case CLONE_NEWIPC:
1043                         return &opts.setns.ipc;
1044                 case CLONE_NEWUTS:
1045                         return &opts.setns.uts;
1046                 case CLONE_NEWUSER:
1047                         return &opts.setns.user;
1048                 case CLONE_NEWCGROUP:
1049                         return &opts.setns.cgroup;
1050 #ifdef CLONE_NEWTIME
1051                 case CLONE_NEWTIME:
1052                         return &opts.setns.time;
1053 #endif
1054                 default:
1055                         return NULL;
1056         }
1057 }
1058 
1059 static int setns_open(unsigned long nstype)
1060 {
1061         int *fd = get_namespace_fd(nstype);
1062 
1063         assert(fd != NULL);
1064 
1065         if (*fd < 0)
1066                 return 0;
1067 
1068         if (setns(*fd, nstype) == -1) {
1069                 close(*fd);
1070                 return errno;
1071         }
1072 
1073         close(*fd);
1074         return 0;
1075 }
1076 
1077 static int jail_running = 0;
1078 static int jail_return_code = 0;
1079 
1080 static void jail_process_timeout_cb(struct uloop_timeout *t);
1081 static struct uloop_timeout jail_process_timeout = {
1082         .cb = jail_process_timeout_cb,
1083 };
1084 static void poststop(void);
1085 static void jail_process_handler(struct uloop_process *c, int ret)
1086 {
1087         uloop_timeout_cancel(&jail_process_timeout);
1088         if (WIFEXITED(ret)) {
1089                 jail_return_code = WEXITSTATUS(ret);
1090                 INFO("jail (%d) exited with exit: %d\n", c->pid, jail_return_code);
1091         } else {
1092                 jail_return_code = WTERMSIG(ret);
1093                 INFO("jail (%d) exited with signal: %d\n", c->pid, jail_return_code);
1094         }
1095         jail_running = 0;
1096         poststop();
1097 }
1098 
1099 static struct uloop_process jail_process = {
1100         .cb = jail_process_handler,
1101 };
1102 
1103 static void jail_process_timeout_cb(struct uloop_timeout *t)
1104 {
1105         DEBUG("jail process failed to stop, sending SIGKILL\n");
1106         kill(jail_process.pid, SIGKILL);
1107 }
1108 
1109 static void jail_handle_signal(int signo)
1110 {
1111         if (hook_running) {
1112                 DEBUG("forwarding signal %d to the hook process\n", signo);
1113                 kill(hook_process.pid, signo);
1114                 /* set timeout to send SIGKILL hook process in case SIGTERM doesn't succeed */
1115                 if (signo == SIGTERM)
1116                         uloop_timeout_set(&hook_process_timeout, opts.term_timeout * 1000);
1117         }
1118 
1119         if (jail_running) {
1120                 DEBUG("forwarding signal %d to the jailed process\n", signo);
1121                 kill(jail_process.pid, signo);
1122                 /* set timeout to send SIGKILL jail process in case SIGTERM doesn't succeed */
1123                 if (signo == SIGTERM)
1124                         uloop_timeout_set(&jail_process_timeout, opts.term_timeout * 1000);
1125         }
1126 }
1127 
1128 static void signals_init(void)
1129 {
1130         int i;
1131         sigset_t sigmask;
1132 
1133         sigfillset(&sigmask);
1134         for (i = 0; i < _NSIG; i++) {
1135                 struct sigaction s = { 0 };
1136 
1137                 if (!sigismember(&sigmask, i))
1138                         continue;
1139                 if ((i == SIGCHLD) || (i == SIGPIPE) || (i == SIGSEGV) || (i == SIGSTOP) || (i == SIGKILL))
1140                         continue;
1141 
1142                 s.sa_handler = jail_handle_signal;
1143                 sigaction(i, &s, NULL);
1144         }
1145 }
1146 
1147 static void pre_exec_jail(struct uloop_timeout *t);
1148 static struct uloop_timeout pre_exec_timeout = {
1149         .cb = pre_exec_jail,
1150 };
1151 
1152 int pipes[4];
1153 static int exec_jail(void *arg)
1154 {
1155         char buf[1];
1156 
1157         exit_from_child = true;
1158         prctl(PR_SET_SECUREBITS, 0);
1159 
1160         uloop_init();
1161         signals_init();
1162 
1163         close(pipes[0]);
1164         close(pipes[3]);
1165 
1166         setns_open(CLONE_NEWUSER);
1167         setns_open(CLONE_NEWNET);
1168         setns_open(CLONE_NEWNS);
1169         setns_open(CLONE_NEWIPC);
1170         setns_open(CLONE_NEWUTS);
1171 
1172         buf[0] = 'i';
1173         if (write(pipes[1], buf, 1) < 1) {
1174                 ERROR("can't write to parent\n");
1175                 return EXIT_FAILURE;
1176         }
1177         close(pipes[1]);
1178         if (read(pipes[2], buf, 1) < 1) {
1179                 ERROR("can't read from parent\n");
1180                 return EXIT_FAILURE;
1181         }
1182         if (buf[0] != 'O') {
1183                 ERROR("parent had an error, child exiting\n");
1184                 return EXIT_FAILURE;
1185         }
1186 
1187         if (opts.namespace & CLONE_NEWCGROUP)
1188                 unshare(CLONE_NEWCGROUP);
1189 
1190         setns_open(CLONE_NEWCGROUP);
1191 
1192         if ((opts.namespace & CLONE_NEWUSER) || (opts.setns.user != -1)) {
1193                 if (setregid(0, 0) < 0) {
1194                         ERROR("setgid\n");
1195                         free_and_exit(EXIT_FAILURE);
1196                 }
1197                 if (setreuid(0, 0) < 0) {
1198                         ERROR("setuid\n");
1199                         free_and_exit(EXIT_FAILURE);
1200                 }
1201                 if (setgroups(0, NULL) < 0) {
1202                         ERROR("setgroups\n");
1203                         free_and_exit(EXIT_FAILURE);
1204                 }
1205         }
1206 
1207         if (opts.namespace && opts.hostname && strlen(opts.hostname) > 0
1208                         && sethostname(opts.hostname, strlen(opts.hostname))) {
1209                 ERROR("sethostname(%s) failed: %m\n", opts.hostname);
1210                 free_and_exit(EXIT_FAILURE);
1211         }
1212 
1213         uloop_timeout_add(&pre_exec_timeout);
1214         uloop_run();
1215 
1216         free_and_exit(-1);
1217         return -1;
1218 }
1219 
1220 static void pre_exec_jail(struct uloop_timeout *t)
1221 {
1222         if ((opts.namespace & CLONE_NEWNS) && build_jail_fs()) {
1223                 ERROR("failed to build jail fs\n");
1224                 free_and_exit(EXIT_FAILURE);
1225         } else {
1226                 run_hooks(opts.hooks.createContainer, post_jail_fs);
1227         }
1228 }
1229 
1230 static void post_start_hook(void);
1231 static void post_jail_fs(void)
1232 {
1233         char buf[1];
1234 
1235         if (read(pipes[2], buf, 1) < 1) {
1236                 ERROR("can't read from parent\n");
1237                 free_and_exit(EXIT_FAILURE);
1238         }
1239         if (buf[0] != '!') {
1240                 ERROR("parent had an error, child exiting\n");
1241                 free_and_exit(EXIT_FAILURE);
1242         }
1243         close(pipes[2]);
1244 
1245         run_hooks(opts.hooks.startContainer, post_start_hook);
1246 }
1247 
1248 static void post_start_hook(void)
1249 {
1250         int pw_uid, pw_gid, gr_gid;
1251 
1252         /*
1253          * make sure setuid/setgid won't drop capabilities in case capabilities
1254          * have been specified explicitely.
1255          */
1256         if (opts.capset.apply) {
1257                 if (prctl(PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP)) {
1258                         ERROR("prctl(PR_SET_SECUREBITS) failed: %m\n");
1259                         free_and_exit(EXIT_FAILURE);
1260                 }
1261         }
1262 
1263         /* drop capabilities, retain those still needed to further setup jail */
1264         if (applyOCIcapabilities(opts.capset, (1LLU << CAP_SETGID) | (1LLU << CAP_SETUID) | (1LLU << CAP_SETPCAP)))
1265                 free_and_exit(EXIT_FAILURE);
1266 
1267         /* use either cmdline-supplied user/group or uid/gid from OCI spec */
1268         get_jail_user(&pw_uid, &pw_gid, &gr_gid);
1269         set_jail_user(opts.pw_uid?:pw_uid, opts.pw_gid?:pw_gid, opts.gr_gid?:gr_gid);
1270 
1271         if (opts.additional_gids &&
1272             (setgroups(opts.num_additional_gids, opts.additional_gids) < 0)) {
1273                 ERROR("setgroups failed: %m\n");
1274                 free_and_exit(EXIT_FAILURE);
1275         }
1276 
1277         if (opts.set_umask)
1278                 umask(opts.umask);
1279 
1280         /* restore securebits back to normal (and lock them if not in userns) */
1281         if (opts.capset.apply) {
1282                 if (prctl(PR_SET_SECUREBITS, (opts.namespace & CLONE_NEWUSER)?0:
1283                     SECBIT_KEEP_CAPS_LOCKED|SECBIT_NO_SETUID_FIXUP_LOCKED|SECBIT_NOROOT_LOCKED)) {
1284                         ERROR("prctl(PR_SET_SECUREBITS) failed: %m\n");
1285                         free_and_exit(EXIT_FAILURE);
1286                 }
1287         }
1288 
1289         /* drop remaining capabilities to end up with specified sets */
1290         if (applyOCIcapabilities(opts.capset, 0))
1291                 free_and_exit(EXIT_FAILURE);
1292 
1293         if (opts.no_new_privs && prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
1294                 ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n");
1295                 free_and_exit(EXIT_FAILURE);
1296         }
1297 
1298         char **envp = build_envp(opts.seccomp, opts.envp);
1299         if (!envp)
1300                 free_and_exit(EXIT_FAILURE);
1301 
1302         if (opts.cwd && chdir(opts.cwd))
1303                 free_and_exit(EXIT_FAILURE);
1304 
1305         if (opts.ociseccomp && applyOCIlinuxseccomp(opts.ociseccomp))
1306                 free_and_exit(EXIT_FAILURE);
1307 
1308         uloop_end();
1309         free_opts(false);
1310         INFO("exec-ing %s\n", *opts.jail_argv);
1311         if (opts.envp) /* respect PATH if potentially set in ENV */
1312                 execvpe(*opts.jail_argv, opts.jail_argv, envp);
1313         else
1314                 execve(*opts.jail_argv, opts.jail_argv, envp);
1315 
1316         /* we get there only if execve fails */
1317         ERROR("failed to execve %s: %m\n", *opts.jail_argv);
1318         exit(EXIT_FAILURE);
1319 }
1320 
1321 int ns_open_pid(const char *nstype, const pid_t target_ns)
1322 {
1323         char pid_pid_path[PATH_MAX];
1324 
1325         snprintf(pid_pid_path, sizeof(pid_pid_path), "/proc/%u/ns/%s", target_ns, nstype);
1326 
1327         return open(pid_pid_path, O_RDONLY);
1328 }
1329 
1330 static int parseOCIenvarray(struct blob_attr *msg, char ***envp)
1331 {
1332         struct blob_attr *cur;
1333         int sz = 0, rem;
1334 
1335         blobmsg_for_each_attr(cur, msg, rem)
1336                 ++sz;
1337 
1338         if (sz > 0) {
1339                 *envp = calloc(1 + sz, sizeof(char*));
1340                 if (!(*envp))
1341                         return ENOMEM;
1342         } else {
1343                 *envp = NULL;
1344                 return 0;
1345         }
1346 
1347         sz = 0;
1348         blobmsg_for_each_attr(cur, msg, rem)
1349                 (*envp)[sz++] = strdup(blobmsg_get_string(cur));
1350 
1351         if (sz)
1352                 (*envp)[sz] = NULL;
1353 
1354         return 0;
1355 }
1356 
1357 enum {
1358         OCI_ROOT_PATH,
1359         OCI_ROOT_READONLY,
1360         __OCI_ROOT_MAX,
1361 };
1362 
1363 static const struct blobmsg_policy oci_root_policy[] = {
1364         [OCI_ROOT_PATH] = { "path", BLOBMSG_TYPE_STRING },
1365         [OCI_ROOT_READONLY] = { "readonly", BLOBMSG_TYPE_BOOL },
1366 };
1367 
1368 static int parseOCIroot(const char *jsonfile, struct blob_attr *msg)
1369 {
1370         char extroot[PATH_MAX] = { 0 };
1371         struct blob_attr *tb[__OCI_ROOT_MAX];
1372         char *cur;
1373         char *root_path;
1374 
1375         blobmsg_parse(oci_root_policy, __OCI_ROOT_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1376 
1377         if (!tb[OCI_ROOT_PATH])
1378                 return ENODATA;
1379 
1380         root_path = blobmsg_get_string(tb[OCI_ROOT_PATH]);
1381 
1382         /* prepend bundle directory in case of relative paths */
1383         if (root_path[0] != '/') {
1384                 strncpy(extroot, jsonfile, PATH_MAX - 1);
1385 
1386                 cur = strrchr(extroot, '/');
1387 
1388                 if (!cur)
1389                         return ENOTDIR;
1390 
1391                 *(++cur) = '\0';
1392         }
1393 
1394         strncat(extroot, root_path, PATH_MAX - (strlen(extroot) + 1));
1395 
1396         /* follow symbolic link(s) */
1397         opts.extroot = realpath(extroot, NULL);
1398         if (!opts.extroot)
1399                 return errno;
1400 
1401         if (tb[OCI_ROOT_READONLY])
1402                 opts.ronly = blobmsg_get_bool(tb[OCI_ROOT_READONLY]);
1403 
1404         return 0;
1405 }
1406 
1407 
1408 enum {
1409         OCI_HOOK_PATH,
1410         OCI_HOOK_ARGS,
1411         OCI_HOOK_ENV,
1412         OCI_HOOK_TIMEOUT,
1413         __OCI_HOOK_MAX,
1414 };
1415 
1416 static const struct blobmsg_policy oci_hook_policy[] = {
1417         [OCI_HOOK_PATH] = { "path", BLOBMSG_TYPE_STRING },
1418         [OCI_HOOK_ARGS] = { "args", BLOBMSG_TYPE_ARRAY },
1419         [OCI_HOOK_ENV] = { "env", BLOBMSG_TYPE_ARRAY },
1420         [OCI_HOOK_TIMEOUT] = { "timeout", BLOBMSG_TYPE_INT32 },
1421 };
1422 
1423 
1424 static int parseOCIhook(struct hook_execvpe ***hooklist, struct blob_attr *msg)
1425 {
1426         struct blob_attr *tb[__OCI_HOOK_MAX];
1427         struct blob_attr *cur;
1428         int rem, ret = 0;
1429         int idx = 0;
1430 
1431         blobmsg_for_each_attr(cur, msg, rem)
1432                 ++idx;
1433 
1434         if (!idx)
1435                 return 0;
1436 
1437         *hooklist = calloc(idx + 1, sizeof(struct hook_execvpe *));
1438         idx = 0;
1439 
1440         if (!(*hooklist))
1441                 return ENOMEM;
1442 
1443         blobmsg_for_each_attr(cur, msg, rem) {
1444                 blobmsg_parse(oci_hook_policy, __OCI_HOOK_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
1445 
1446                 if (!tb[OCI_HOOK_PATH]) {
1447                         ret = EINVAL;
1448                         goto errout;
1449                 }
1450 
1451                 (*hooklist)[idx] = calloc(1, sizeof(struct hook_execvpe));
1452                 if (tb[OCI_HOOK_ARGS]) {
1453                         ret = parseOCIenvarray(tb[OCI_HOOK_ARGS], &((*hooklist)[idx]->argv));
1454                         if (ret)
1455                                 goto errout;
1456                 } else {
1457                         (*hooklist)[idx]->argv = calloc(2, sizeof(char *));
1458                         ((*hooklist)[idx]->argv)[0] = strdup(blobmsg_get_string(tb[OCI_HOOK_PATH]));
1459                         ((*hooklist)[idx]->argv)[1] = NULL;
1460                 };
1461 
1462 
1463                 if (tb[OCI_HOOK_ENV]) {
1464                         ret = parseOCIenvarray(tb[OCI_HOOK_ENV], &((*hooklist)[idx]->envp));
1465                         if (ret)
1466                                 goto errout;
1467                 }
1468 
1469                 if (tb[OCI_HOOK_TIMEOUT])
1470                         (*hooklist)[idx]->timeout = blobmsg_get_u32(tb[OCI_HOOK_TIMEOUT]);
1471 
1472                 (*hooklist)[idx]->file = strdup(blobmsg_get_string(tb[OCI_HOOK_PATH]));
1473 
1474                 ++idx;
1475         }
1476 
1477         (*hooklist)[idx] = NULL;
1478 
1479         DEBUG("added %d hooks\n", idx);
1480 
1481         return 0;
1482 
1483 errout:
1484         free_hooklist(*hooklist);
1485         *hooklist = NULL;
1486 
1487         return ret;
1488 };
1489 
1490 
1491 enum {
1492         OCI_HOOKS_PRESTART,
1493         OCI_HOOKS_CREATERUNTIME,
1494         OCI_HOOKS_CREATECONTAINER,
1495         OCI_HOOKS_STARTCONTAINER,
1496         OCI_HOOKS_POSTSTART,
1497         OCI_HOOKS_POSTSTOP,
1498         __OCI_HOOKS_MAX,
1499 };
1500 
1501 static const struct blobmsg_policy oci_hooks_policy[] = {
1502         [OCI_HOOKS_PRESTART] = { "prestart", BLOBMSG_TYPE_ARRAY },
1503         [OCI_HOOKS_CREATERUNTIME] = { "createRuntime", BLOBMSG_TYPE_ARRAY },
1504         [OCI_HOOKS_CREATECONTAINER] = { "createContainer", BLOBMSG_TYPE_ARRAY },
1505         [OCI_HOOKS_STARTCONTAINER] = { "startContainer", BLOBMSG_TYPE_ARRAY },
1506         [OCI_HOOKS_POSTSTART] = { "poststart", BLOBMSG_TYPE_ARRAY },
1507         [OCI_HOOKS_POSTSTOP] = { "poststop", BLOBMSG_TYPE_ARRAY },
1508 };
1509 
1510 static int parseOCIhooks(struct blob_attr *msg)
1511 {
1512         struct blob_attr *tb[__OCI_HOOKS_MAX];
1513         int ret;
1514 
1515         blobmsg_parse(oci_hooks_policy, __OCI_HOOKS_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1516 
1517         if (tb[OCI_HOOKS_PRESTART])
1518                 INFO("warning: ignoring deprecated prestart hook\n");
1519 
1520         if (tb[OCI_HOOKS_CREATERUNTIME]) {
1521                 ret = parseOCIhook(&opts.hooks.createRuntime, tb[OCI_HOOKS_CREATERUNTIME]);
1522                 if (ret)
1523                         return ret;
1524         }
1525 
1526         if (tb[OCI_HOOKS_CREATECONTAINER]) {
1527                 ret = parseOCIhook(&opts.hooks.createContainer, tb[OCI_HOOKS_CREATECONTAINER]);
1528                 if (ret)
1529                         goto out_createruntime;
1530         }
1531 
1532         if (tb[OCI_HOOKS_STARTCONTAINER]) {
1533                 ret = parseOCIhook(&opts.hooks.startContainer, tb[OCI_HOOKS_STARTCONTAINER]);
1534                 if (ret)
1535                         goto out_createcontainer;
1536         }
1537 
1538         if (tb[OCI_HOOKS_POSTSTART]) {
1539                 ret = parseOCIhook(&opts.hooks.poststart, tb[OCI_HOOKS_POSTSTART]);
1540                 if (ret)
1541                         goto out_startcontainer;
1542         }
1543 
1544         if (tb[OCI_HOOKS_POSTSTOP]) {
1545                 ret = parseOCIhook(&opts.hooks.poststop, tb[OCI_HOOKS_POSTSTOP]);
1546                 if (ret)
1547                         goto out_poststart;
1548         }
1549 
1550         return 0;
1551 
1552 out_poststart:
1553         free_hooklist(opts.hooks.poststart);
1554 out_startcontainer:
1555         free_hooklist(opts.hooks.startContainer);
1556 out_createcontainer:
1557         free_hooklist(opts.hooks.createContainer);
1558 out_createruntime:
1559         free_hooklist(opts.hooks.createRuntime);
1560 
1561         return ret;
1562 };
1563 
1564 
1565 enum {
1566         OCI_PROCESS_USER_UID,
1567         OCI_PROCESS_USER_GID,
1568         OCI_PROCESS_USER_UMASK,
1569         OCI_PROCESS_USER_ADDITIONALGIDS,
1570         __OCI_PROCESS_USER_MAX,
1571 };
1572 
1573 static const struct blobmsg_policy oci_process_user_policy[] = {
1574         [OCI_PROCESS_USER_UID] = { "uid", BLOBMSG_TYPE_INT32 },
1575         [OCI_PROCESS_USER_GID] = { "gid", BLOBMSG_TYPE_INT32 },
1576         [OCI_PROCESS_USER_UMASK] = { "umask", BLOBMSG_TYPE_INT32 },
1577         [OCI_PROCESS_USER_ADDITIONALGIDS] = { "additionalGids", BLOBMSG_TYPE_ARRAY },
1578 };
1579 
1580 static int parseOCIprocessuser(struct blob_attr *msg) {
1581         struct blob_attr *tb[__OCI_PROCESS_USER_MAX];
1582         struct blob_attr *cur;
1583         int rem;
1584         int has_gid = 0;
1585 
1586         blobmsg_parse(oci_process_user_policy, __OCI_PROCESS_USER_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1587 
1588         if (tb[OCI_PROCESS_USER_UID])
1589                 opts.pw_uid = blobmsg_get_u32(tb[OCI_PROCESS_USER_UID]);
1590 
1591         if (tb[OCI_PROCESS_USER_GID]) {
1592                 opts.pw_gid = blobmsg_get_u32(tb[OCI_PROCESS_USER_GID]);
1593                 opts.gr_gid = blobmsg_get_u32(tb[OCI_PROCESS_USER_GID]);
1594                 has_gid = 1;
1595         }
1596 
1597         if (tb[OCI_PROCESS_USER_ADDITIONALGIDS]) {
1598                 size_t gidcnt = 0;
1599 
1600                 blobmsg_for_each_attr(cur, tb[OCI_PROCESS_USER_ADDITIONALGIDS], rem) {
1601                         ++gidcnt;
1602                         if (has_gid && (blobmsg_get_u32(cur) == opts.gr_gid))
1603                                 continue;
1604                 }
1605 
1606                 if (gidcnt) {
1607                         opts.additional_gids = calloc(gidcnt + has_gid, sizeof(gid_t));
1608                         gidcnt = 0;
1609 
1610                         /* always add primary GID to set of GIDs if set */
1611                         if (has_gid)
1612                                 opts.additional_gids[gidcnt++] = opts.gr_gid;
1613 
1614                         blobmsg_for_each_attr(cur, tb[OCI_PROCESS_USER_ADDITIONALGIDS], rem) {
1615                                 if (has_gid && (blobmsg_get_u32(cur) == opts.gr_gid))
1616                                         continue;
1617                                 opts.additional_gids[gidcnt++] = blobmsg_get_u32(cur);
1618                         }
1619                         opts.num_additional_gids = gidcnt;
1620                 }
1621                 DEBUG("read %zu additional groups\n", gidcnt);
1622         }
1623 
1624         if (tb[OCI_PROCESS_USER_UMASK]) {
1625                 opts.umask = blobmsg_get_u32(tb[OCI_PROCESS_USER_UMASK]);
1626                 opts.set_umask = true;
1627         }
1628 
1629         return 0;
1630 }
1631 
1632 enum {
1633         OCI_PROCESS_RLIMIT_TYPE,
1634         OCI_PROCESS_RLIMIT_SOFT,
1635         OCI_PROCESS_RLIMIT_HARD,
1636         __OCI_PROCESS_RLIMIT_MAX,
1637 };
1638 
1639 static const struct blobmsg_policy oci_process_rlimit_policy[] = {
1640         [OCI_PROCESS_RLIMIT_TYPE] = { "type", BLOBMSG_TYPE_STRING },
1641         [OCI_PROCESS_RLIMIT_SOFT] = { "soft", BLOBMSG_CAST_INT64 },
1642         [OCI_PROCESS_RLIMIT_HARD] = { "hard", BLOBMSG_CAST_INT64 },
1643 };
1644 
1645 /* from manpage GETRLIMIT(2) */
1646 static const char* const rlimit_names[RLIM_NLIMITS] = {
1647         [RLIMIT_AS] = "AS",
1648         [RLIMIT_CORE] = "CORE",
1649         [RLIMIT_CPU] = "CPU",
1650         [RLIMIT_DATA] = "DATA",
1651         [RLIMIT_FSIZE] = "FSIZE",
1652         [RLIMIT_LOCKS] = "LOCKS",
1653         [RLIMIT_MEMLOCK] = "MEMLOCK",
1654         [RLIMIT_MSGQUEUE] = "MSGQUEUE",
1655         [RLIMIT_NICE] = "NICE",
1656         [RLIMIT_NOFILE] = "NOFILE",
1657         [RLIMIT_NPROC] = "NPROC",
1658         [RLIMIT_RSS] = "RSS",
1659         [RLIMIT_RTPRIO] = "RTPRIO",
1660         [RLIMIT_RTTIME] = "RTTIME",
1661         [RLIMIT_SIGPENDING] = "SIGPENDING",
1662         [RLIMIT_STACK] = "STACK",
1663 };
1664 
1665 static int resolve_rlimit(char *type) {
1666         unsigned int rltype;
1667 
1668         for (rltype = 0; rltype < RLIM_NLIMITS; ++rltype)
1669                 if (rlimit_names[rltype] &&
1670                     !strncmp("RLIMIT_", type, 7) &&
1671                     !strcmp(rlimit_names[rltype], type + 7))
1672                         return rltype;
1673 
1674         return -1;
1675 }
1676 
1677 
1678 static int parseOCIrlimit(struct blob_attr *msg)
1679 {
1680         struct blob_attr *tb[__OCI_PROCESS_RLIMIT_MAX];
1681         int limtype = -1;
1682         struct rlimit *curlim;
1683 
1684         blobmsg_parse(oci_process_rlimit_policy, __OCI_PROCESS_RLIMIT_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1685 
1686         if (!tb[OCI_PROCESS_RLIMIT_TYPE] ||
1687             !tb[OCI_PROCESS_RLIMIT_SOFT] ||
1688             !tb[OCI_PROCESS_RLIMIT_HARD])
1689                 return ENODATA;
1690 
1691         limtype = resolve_rlimit(blobmsg_get_string(tb[OCI_PROCESS_RLIMIT_TYPE]));
1692 
1693         if (limtype < 0)
1694                 return EINVAL;
1695 
1696         if (opts.rlimits[limtype])
1697                 return ENOTUNIQ;
1698 
1699         curlim = malloc(sizeof(struct rlimit));
1700         curlim->rlim_cur = blobmsg_cast_u64(tb[OCI_PROCESS_RLIMIT_SOFT]);
1701         curlim->rlim_max = blobmsg_cast_u64(tb[OCI_PROCESS_RLIMIT_HARD]);
1702 
1703         opts.rlimits[limtype] = curlim;
1704 
1705         return 0;
1706 };
1707 
1708 enum {
1709         OCI_PROCESS_ARGS,
1710         OCI_PROCESS_CAPABILITIES,
1711         OCI_PROCESS_CWD,
1712         OCI_PROCESS_ENV,
1713         OCI_PROCESS_OOMSCOREADJ,
1714         OCI_PROCESS_NONEWPRIVILEGES,
1715         OCI_PROCESS_RLIMITS,
1716         OCI_PROCESS_TERMINAL,
1717         OCI_PROCESS_USER,
1718         __OCI_PROCESS_MAX,
1719 };
1720 
1721 static const struct blobmsg_policy oci_process_policy[] = {
1722         [OCI_PROCESS_ARGS] = { "args", BLOBMSG_TYPE_ARRAY },
1723         [OCI_PROCESS_CAPABILITIES] = { "capabilities", BLOBMSG_TYPE_TABLE },
1724         [OCI_PROCESS_CWD] = { "cwd", BLOBMSG_TYPE_STRING },
1725         [OCI_PROCESS_ENV] = { "env", BLOBMSG_TYPE_ARRAY },
1726         [OCI_PROCESS_OOMSCOREADJ] = { "oomScoreAdj", BLOBMSG_TYPE_INT32 },
1727         [OCI_PROCESS_NONEWPRIVILEGES] = { "noNewPrivileges", BLOBMSG_TYPE_BOOL },
1728         [OCI_PROCESS_RLIMITS] = { "rlimits", BLOBMSG_TYPE_ARRAY },
1729         [OCI_PROCESS_TERMINAL] = { "terminal", BLOBMSG_TYPE_BOOL },
1730         [OCI_PROCESS_USER] = { "user", BLOBMSG_TYPE_TABLE },
1731 };
1732 
1733 
1734 static int parseOCIprocess(struct blob_attr *msg)
1735 {
1736         struct blob_attr *tb[__OCI_PROCESS_MAX], *cur;
1737         int rem, res;
1738 
1739         blobmsg_parse(oci_process_policy, __OCI_PROCESS_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1740 
1741         if (!tb[OCI_PROCESS_ARGS])
1742                 return ENOENT;
1743 
1744         res = parseOCIenvarray(tb[OCI_PROCESS_ARGS], &opts.jail_argv);
1745         if (res)
1746                 return res;
1747 
1748         if (tb[OCI_PROCESS_TERMINAL])
1749                 opts.console = blobmsg_get_bool(tb[OCI_PROCESS_TERMINAL]);
1750 
1751         if (tb[OCI_PROCESS_NONEWPRIVILEGES])
1752                 opts.no_new_privs = blobmsg_get_bool(tb[OCI_PROCESS_NONEWPRIVILEGES]);
1753 
1754         if (tb[OCI_PROCESS_CWD])
1755                 opts.cwd = strdup(blobmsg_get_string(tb[OCI_PROCESS_CWD]));
1756 
1757         if (tb[OCI_PROCESS_ENV]) {
1758                 res = parseOCIenvarray(tb[OCI_PROCESS_ENV], &opts.envp);
1759                 if (res)
1760                         return res;
1761         }
1762 
1763         if (tb[OCI_PROCESS_USER] && (res = parseOCIprocessuser(tb[OCI_PROCESS_USER])))
1764                 return res;
1765 
1766         if (tb[OCI_PROCESS_CAPABILITIES] &&
1767             (res = parseOCIcapabilities(&opts.capset, tb[OCI_PROCESS_CAPABILITIES])))
1768                 return res;
1769 
1770         if (tb[OCI_PROCESS_RLIMITS]) {
1771                 blobmsg_for_each_attr(cur, tb[OCI_PROCESS_RLIMITS], rem) {
1772                         res = parseOCIrlimit(cur);
1773                         if (res)
1774                                 return res;
1775                 }
1776         }
1777 
1778         if (tb[OCI_PROCESS_OOMSCOREADJ]) {
1779                 opts.oom_score_adj = blobmsg_get_u32(tb[OCI_PROCESS_OOMSCOREADJ]);
1780                 opts.set_oom_score_adj = true;
1781         }
1782 
1783         return 0;
1784 }
1785 
1786 enum {
1787         OCI_LINUX_NAMESPACE_TYPE,
1788         OCI_LINUX_NAMESPACE_PATH,
1789         __OCI_LINUX_NAMESPACE_MAX,
1790 };
1791 
1792 static const struct blobmsg_policy oci_linux_namespace_policy[] = {
1793         [OCI_LINUX_NAMESPACE_TYPE] = { "type", BLOBMSG_TYPE_STRING },
1794         [OCI_LINUX_NAMESPACE_PATH] = { "path", BLOBMSG_TYPE_STRING },
1795 };
1796 
1797 static int resolve_nstype(char *type) {
1798         if (!strcmp("pid", type))
1799                 return CLONE_NEWPID;
1800         else if (!strcmp("network", type))
1801                 return CLONE_NEWNET;
1802         else if (!strcmp("net", type))
1803                 return CLONE_NEWNET;
1804         else if (!strcmp("mount", type))
1805                 return CLONE_NEWNS;
1806         else if (!strcmp("ipc", type))
1807                 return CLONE_NEWIPC;
1808         else if (!strcmp("uts", type))
1809                 return CLONE_NEWUTS;
1810         else if (!strcmp("user", type))
1811                 return CLONE_NEWUSER;
1812         else if (!strcmp("cgroup", type))
1813                 return CLONE_NEWCGROUP;
1814 #ifdef CLONE_NEWTIME
1815         else if (!strcmp("time", type))
1816                 return CLONE_NEWTIME;
1817 #endif
1818         else
1819                 return 0;
1820 }
1821 
1822 static int parseOCIlinuxns(struct blob_attr *msg)
1823 {
1824         struct blob_attr *tb[__OCI_LINUX_NAMESPACE_MAX];
1825         int nstype;
1826         int *setns;
1827         int fd;
1828 
1829         blobmsg_parse(oci_linux_namespace_policy, __OCI_LINUX_NAMESPACE_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
1830 
1831         if (!tb[OCI_LINUX_NAMESPACE_TYPE])
1832                 return EINVAL;
1833 
1834         nstype = resolve_nstype(blobmsg_get_string(tb[OCI_LINUX_NAMESPACE_TYPE]));
1835         if (!nstype)
1836                 return EINVAL;
1837 
1838         if (opts.namespace & nstype)
1839                 return ENOTUNIQ;
1840 
1841         setns = get_namespace_fd(nstype);
1842 
1843         if (!setns)
1844                 return EFAULT;
1845 
1846         if (*setns != -1)
1847                 return ENOTUNIQ;
1848 
1849         if (tb[OCI_LINUX_NAMESPACE_PATH]) {
1850                 DEBUG("opening existing %s namespace from path %s\n",
1851                         blobmsg_get_string(tb[OCI_LINUX_NAMESPACE_TYPE]),
1852                         blobmsg_get_string(tb[OCI_LINUX_NAMESPACE_PATH]));
1853 
1854                 fd = open(blobmsg_get_string(tb[OCI_LINUX_NAMESPACE_PATH]), O_RDONLY);
1855                 if (fd < 0)
1856                         return errno?:ESTALE;
1857 
1858                 if (ioctl(fd, NS_GET_NSTYPE) != nstype) {
1859                         close(fd);
1860                         return EINVAL;
1861                 }
1862 
1863                 DEBUG("opened existing %s namespace got filehandler %u\n",
1864                         blobmsg_get_string(tb[OCI_LINUX_NAMESPACE_TYPE]),
1865                         fd);
1866 
1867                 *setns = fd;
1868         } else {
1869                 opts.namespace |= nstype;
1870         }
1871 
1872         return 0;
1873 }
1874 
1875 /*
1876  * join namespace of existing PID
1877  * The string argument is the reference PID followed by ':' and a
1878  * ',' separated list of namespaces to to join.
1879  */
1880 static int jail_join_ns(char *arg)
1881 {
1882         pid_t pid;
1883         int fd;
1884         int nstype;
1885         char *tmp, *etmp, *nspath;
1886         int *setns;
1887 
1888         tmp = strchr(arg, ':');
1889         if (!tmp)
1890                 return EINVAL;
1891 
1892         *tmp = '\0';
1893         pid = atoi(arg);
1894 
1895         do {
1896                 ++tmp;
1897                 etmp = strchr(tmp, ',');
1898                 if (etmp)
1899                         *etmp = '\0';
1900 
1901                 nstype = resolve_nstype(tmp);
1902                 if (!nstype)
1903                         return EINVAL;
1904 
1905                 if (opts.namespace & nstype)
1906                         return ENOTUNIQ;
1907 
1908                 setns = get_namespace_fd(nstype);
1909 
1910                 if (!setns)
1911                         return EFAULT;
1912 
1913                 if (*setns != -1)
1914                         return ENOTUNIQ;
1915 
1916                 if (asprintf(&nspath, "/proc/%d/ns/%s", pid, tmp) < 0)
1917                         return ENOMEM;
1918 
1919                 fd = open(nspath, O_RDONLY);
1920                 free(nspath);
1921 
1922                 if (fd < 0)
1923                         return errno?:ESTALE;
1924 
1925                 *setns = fd;
1926 
1927                 if (etmp)
1928                         tmp = etmp;
1929                 else
1930                         tmp = NULL;
1931         } while (tmp);
1932 
1933         return 0;
1934 }
1935 
1936 static void get_jail_root_user(bool is_gidmap, uint32_t container_id, uint32_t host_id, uint32_t size)
1937 {
1938         if (container_id == 0 && size >= 1)
1939                 if (!is_gidmap)
1940                         opts.root_map_uid = host_id;
1941 }
1942 
1943 enum {
1944         OCI_LINUX_UIDGIDMAP_CONTAINERID,
1945         OCI_LINUX_UIDGIDMAP_HOSTID,
1946         OCI_LINUX_UIDGIDMAP_SIZE,
1947         __OCI_LINUX_UIDGIDMAP_MAX,
1948 };
1949 
1950 static const struct blobmsg_policy oci_linux_uidgidmap_policy[] = {
1951         [OCI_LINUX_UIDGIDMAP_CONTAINERID] = { "containerID", BLOBMSG_TYPE_INT32 },
1952         [OCI_LINUX_UIDGIDMAP_HOSTID] = { "hostID", BLOBMSG_TYPE_INT32 },
1953         [OCI_LINUX_UIDGIDMAP_SIZE] = { "size", BLOBMSG_TYPE_INT32 },
1954 };
1955 
1956 static int parseOCIuidgidmappings(struct blob_attr *msg, bool is_gidmap)
1957 {
1958         struct blob_attr *tb[__OCI_LINUX_UIDGIDMAP_MAX];
1959         struct blob_attr *cur;
1960         int rem;
1961         char *map;
1962         size_t len, pos, totallen = 0;
1963 
1964         blobmsg_for_each_attr(cur, msg, rem) {
1965                 blobmsg_parse(oci_linux_uidgidmap_policy, __OCI_LINUX_UIDGIDMAP_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
1966 
1967                 if (!tb[OCI_LINUX_UIDGIDMAP_CONTAINERID] ||
1968                     !tb[OCI_LINUX_UIDGIDMAP_HOSTID] ||
1969                     !tb[OCI_LINUX_UIDGIDMAP_SIZE])
1970                         return EINVAL;
1971 
1972                 /* count length */
1973                 totallen += snprintf(NULL, 0, "%d %d %d\n",
1974                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_CONTAINERID]),
1975                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_HOSTID]),
1976                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_SIZE]));
1977         }
1978 
1979         /* allocate combined mapping string */
1980         map = malloc(totallen + 1);
1981         if (!map)
1982                 return ENOMEM;
1983 
1984         pos = 0;
1985         blobmsg_for_each_attr(cur, msg, rem) {
1986                 blobmsg_parse(oci_linux_uidgidmap_policy, __OCI_LINUX_UIDGIDMAP_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
1987 
1988                 get_jail_root_user(is_gidmap, blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_CONTAINERID]),
1989                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_HOSTID]),
1990                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_SIZE]));
1991 
1992                 /* write mapping line into pre-allocated string */
1993                 len = snprintf(&map[pos], totallen + 1, "%d %d %d\n",
1994                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_CONTAINERID]),
1995                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_HOSTID]),
1996                          blobmsg_get_u32(tb[OCI_LINUX_UIDGIDMAP_SIZE]));
1997                 pos += len;
1998                 totallen -= len;
1999         }
2000 
2001         assert(totallen == 0);
2002 
2003         if (is_gidmap)
2004                 opts.gidmap = map;
2005         else
2006                 opts.uidmap = map;
2007 
2008         return 0;
2009 }
2010 
2011 enum {
2012         OCI_DEVICES_TYPE,
2013         OCI_DEVICES_PATH,
2014         OCI_DEVICES_MAJOR,
2015         OCI_DEVICES_MINOR,
2016         OCI_DEVICES_FILEMODE,
2017         OCI_DEVICES_UID,
2018         OCI_DEVICES_GID,
2019         __OCI_DEVICES_MAX,
2020 };
2021 
2022 static const struct blobmsg_policy oci_devices_policy[] = {
2023         [OCI_DEVICES_TYPE] = { "type", BLOBMSG_TYPE_STRING },
2024         [OCI_DEVICES_PATH] = { "path", BLOBMSG_TYPE_STRING },
2025         [OCI_DEVICES_MAJOR] = { "major", BLOBMSG_TYPE_INT32 },
2026         [OCI_DEVICES_MINOR] = { "minor", BLOBMSG_TYPE_INT32 },
2027         [OCI_DEVICES_FILEMODE] = { "fileMode", BLOBMSG_TYPE_INT32 },
2028         [OCI_DEVICES_UID] = { "uid", BLOBMSG_TYPE_INT32 },
2029         [OCI_DEVICES_GID] = { "uid", BLOBMSG_TYPE_INT32 },
2030 };
2031 
2032 static mode_t resolve_devtype(char *tstr)
2033 {
2034         if (!strcmp("c", tstr) ||
2035             !strcmp("u", tstr))
2036                 return S_IFCHR;
2037         else if (!strcmp("b", tstr))
2038                 return S_IFBLK;
2039         else if (!strcmp("p", tstr))
2040                 return S_IFIFO;
2041         else
2042                 return 0;
2043 }
2044 
2045 static int parseOCIdevices(struct blob_attr *msg)
2046 {
2047         struct blob_attr *tb[__OCI_DEVICES_MAX];
2048         struct blob_attr *cur;
2049         int rem;
2050         size_t cnt = 0;
2051         struct mknod_args *tmp;
2052 
2053         blobmsg_for_each_attr(cur, msg, rem)
2054                 ++cnt;
2055 
2056         opts.devices = calloc(cnt + 1, sizeof(struct mknod_args *));
2057 
2058         cnt = 0;
2059         blobmsg_for_each_attr(cur, msg, rem) {
2060                 blobmsg_parse(oci_devices_policy, __OCI_DEVICES_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
2061                 if (!tb[OCI_DEVICES_TYPE] ||
2062                     !tb[OCI_DEVICES_PATH])
2063                         return ENODATA;
2064 
2065                 tmp = calloc(1, sizeof(struct mknod_args));
2066                 if (!tmp)
2067                         return ENOMEM;
2068 
2069                 tmp->mode = resolve_devtype(blobmsg_get_string(tb[OCI_DEVICES_TYPE]));
2070                 if (!tmp->mode) {
2071                         free(tmp);
2072                         return EINVAL;
2073                 }
2074 
2075                 if (tmp->mode != S_IFIFO) {
2076                         if (!tb[OCI_DEVICES_MAJOR] || !tb[OCI_DEVICES_MINOR]) {
2077                                 free(tmp);
2078                                 return ENODATA;
2079                         }
2080 
2081                         tmp->dev = makedev(blobmsg_get_u32(tb[OCI_DEVICES_MAJOR]),
2082                                            blobmsg_get_u32(tb[OCI_DEVICES_MINOR]));
2083                 }
2084 
2085                 if (tb[OCI_DEVICES_FILEMODE]) {
2086                         if (~(S_IRWXU|S_IRWXG|S_IRWXO) & blobmsg_get_u32(tb[OCI_DEVICES_FILEMODE])) {
2087                                 free(tmp);
2088                                 return EINVAL;
2089                         }
2090 
2091                         tmp->mode |= blobmsg_get_u32(tb[OCI_DEVICES_FILEMODE]);
2092                 } else {
2093                         tmp->mode |= (S_IRUSR|S_IWUSR); /* 0600 */
2094                 }
2095 
2096                 tmp->path = strdup(blobmsg_get_string(tb[OCI_DEVICES_PATH]));
2097 
2098                 if (tb[OCI_DEVICES_UID])
2099                         tmp->uid = blobmsg_get_u32(tb[OCI_DEVICES_UID]);
2100                 else
2101                         tmp->uid = -1;
2102 
2103                 if (tb[OCI_DEVICES_GID])
2104                         tmp->gid = blobmsg_get_u32(tb[OCI_DEVICES_GID]);
2105                 else
2106                         tmp->gid = -1;
2107 
2108                 DEBUG("read device %s (%s)\n", blobmsg_get_string(tb[OCI_DEVICES_PATH]), blobmsg_get_string(tb[OCI_DEVICES_TYPE]));
2109                 opts.devices[cnt++] = tmp;
2110         }
2111 
2112         opts.devices[cnt] = NULL;
2113 
2114         return 0;
2115 }
2116 
2117 static int parseOCIsysctl(struct blob_attr *msg)
2118 {
2119         struct blob_attr *cur;
2120         int rem;
2121         char *tmp, *tc;
2122         size_t cnt = 0;
2123 
2124         blobmsg_for_each_attr(cur, msg, rem) {
2125                 if (!blobmsg_name(cur) || !blobmsg_get_string(cur))
2126                         return EINVAL;
2127 
2128                 ++cnt;
2129         }
2130 
2131         if (!cnt)
2132                 return 0;
2133 
2134         opts.sysctl = calloc(cnt + 1, sizeof(struct sysctl_val *));
2135         if (!opts.sysctl)
2136                 return ENOMEM;
2137 
2138         cnt = 0;
2139         blobmsg_for_each_attr(cur, msg, rem) {
2140                 opts.sysctl[cnt] = malloc(sizeof(struct sysctl_val));
2141                 if (!opts.sysctl[cnt])
2142                         return ENOMEM;
2143 
2144                 /* replace '.' with '/' in entry name */
2145                 tc = tmp = strdup(blobmsg_name(cur));
2146                 while ((tc = strchr(tc, '.')))
2147                         *tc = '/';
2148 
2149                 opts.sysctl[cnt]->value = strdup(blobmsg_get_string(cur));
2150                 opts.sysctl[cnt]->entry = tmp;
2151 
2152                 ++cnt;
2153         }
2154 
2155         opts.sysctl[cnt] = NULL;
2156 
2157         return 0;
2158 }
2159 
2160 
2161 enum {
2162         OCI_LINUX_CGROUPSPATH,
2163         OCI_LINUX_RESOURCES,
2164         OCI_LINUX_SECCOMP,
2165         OCI_LINUX_SYSCTL,
2166         OCI_LINUX_NAMESPACES,
2167         OCI_LINUX_DEVICES,
2168         OCI_LINUX_UIDMAPPINGS,
2169         OCI_LINUX_GIDMAPPINGS,
2170         OCI_LINUX_MASKEDPATHS,
2171         OCI_LINUX_READONLYPATHS,
2172         OCI_LINUX_ROOTFSPROPAGATION,
2173         __OCI_LINUX_MAX,
2174 };
2175 
2176 static const struct blobmsg_policy oci_linux_policy[] = {
2177         [OCI_LINUX_CGROUPSPATH] = { "cgroupsPath", BLOBMSG_TYPE_STRING },
2178         [OCI_LINUX_RESOURCES] = { "resources", BLOBMSG_TYPE_TABLE },
2179         [OCI_LINUX_SECCOMP] = { "seccomp", BLOBMSG_TYPE_TABLE },
2180         [OCI_LINUX_SYSCTL] = { "sysctl", BLOBMSG_TYPE_TABLE },
2181         [OCI_LINUX_NAMESPACES] = { "namespaces", BLOBMSG_TYPE_ARRAY },
2182         [OCI_LINUX_DEVICES] = { "devices", BLOBMSG_TYPE_ARRAY },
2183         [OCI_LINUX_UIDMAPPINGS] = { "uidMappings", BLOBMSG_TYPE_ARRAY },
2184         [OCI_LINUX_GIDMAPPINGS] = { "gidMappings", BLOBMSG_TYPE_ARRAY },
2185         [OCI_LINUX_MASKEDPATHS] = { "maskedPaths", BLOBMSG_TYPE_ARRAY },
2186         [OCI_LINUX_READONLYPATHS] = { "readonlyPaths", BLOBMSG_TYPE_ARRAY },
2187         [OCI_LINUX_ROOTFSPROPAGATION] = { "rootfsPropagation", BLOBMSG_TYPE_STRING },
2188 };
2189 
2190 static int parseOCIlinux(struct blob_attr *msg)
2191 {
2192         struct blob_attr *tb[__OCI_LINUX_MAX];
2193         struct blob_attr *cur;
2194         int rem;
2195         int res = 0;
2196         char *cgpath;
2197         char cgfullpath[256] = "/sys/fs/cgroup";
2198 
2199         blobmsg_parse(oci_linux_policy, __OCI_LINUX_MAX, tb, blobmsg_data(msg), blobmsg_len(msg));
2200 
2201         if (tb[OCI_LINUX_NAMESPACES]) {
2202                 blobmsg_for_each_attr(cur, tb[OCI_LINUX_NAMESPACES], rem) {
2203                         res = parseOCIlinuxns(cur);
2204                         if (res)
2205                                 return res;
2206                 }
2207         }
2208 
2209         if (tb[OCI_LINUX_UIDMAPPINGS]) {
2210                 res = parseOCIuidgidmappings(tb[OCI_LINUX_GIDMAPPINGS], 0);
2211                 if (res)
2212                         return res;
2213         }
2214 
2215         if (tb[OCI_LINUX_GIDMAPPINGS]) {
2216                 res = parseOCIuidgidmappings(tb[OCI_LINUX_GIDMAPPINGS], 1);
2217                 if (res)
2218                         return res;
2219         }
2220 
2221         if (tb[OCI_LINUX_READONLYPATHS]) {
2222                 blobmsg_for_each_attr(cur, tb[OCI_LINUX_READONLYPATHS], rem) {
2223                         res = add_mount(NULL, blobmsg_get_string(cur), NULL, MS_BIND | MS_REC | MS_RDONLY, 0, NULL, 0);
2224                         if (res)
2225                                 return res;
2226                 }
2227         }
2228 
2229         if (tb[OCI_LINUX_MASKEDPATHS]) {
2230                 blobmsg_for_each_attr(cur, tb[OCI_LINUX_MASKEDPATHS], rem) {
2231                         res = add_mount((void *)(-1), blobmsg_get_string(cur), NULL, 0, 0, NULL, 0);
2232                         if (res)
2233                                 return res;
2234                 }
2235         }
2236 
2237         if (tb[OCI_LINUX_SYSCTL]) {
2238                 res = parseOCIsysctl(tb[OCI_LINUX_SYSCTL]);
2239                 if (res)
2240                         return res;
2241         }
2242 
2243         if (tb[OCI_LINUX_SECCOMP]) {
2244                 opts.ociseccomp = parseOCIlinuxseccomp(tb[OCI_LINUX_SECCOMP]);
2245                 if (!opts.ociseccomp)
2246                         return EINVAL;
2247         }
2248 
2249         if (tb[OCI_LINUX_DEVICES]) {
2250                 res = parseOCIdevices(tb[OCI_LINUX_DEVICES]);
2251                 if (res)
2252                         return res;
2253         }
2254 
2255         if (tb[OCI_LINUX_CGROUPSPATH]) {
2256                 cgpath = blobmsg_get_string(tb[OCI_LINUX_CGROUPSPATH]);
2257                 if (cgpath[0] == '/') {
2258                         if (strlen(cgpath) + 1 >= (sizeof(cgfullpath) - strlen(cgfullpath)))
2259                                 return E2BIG;
2260 
2261                         strcat(cgfullpath, cgpath);
2262                 } else {
2263                         strcat(cgfullpath, "/containers/");
2264                         if (strlen(opts.name) + strlen(cgpath) + 2 >= (sizeof(cgfullpath) - strlen(cgfullpath)))
2265                                 return E2BIG;
2266 
2267                         strcat(cgfullpath, opts.name); /* should be container name rather than jail name */
2268                         strcat(cgfullpath, "/");
2269                         strcat(cgfullpath, cgpath);
2270                 }
2271         } else {
2272                 strcat(cgfullpath, "/containers/");
2273                 if (2 * strlen(opts.name) + 2 >= (sizeof(cgfullpath) - strlen(cgfullpath)))
2274                         return E2BIG;
2275 
2276                 strcat(cgfullpath, opts.name); /* should be container name rather than jail name */
2277                 strcat(cgfullpath, "/");
2278                 strcat(cgfullpath, opts.name); /* should be container instance name rather than jail name */
2279         }
2280 
2281         cgroups_init(cgfullpath);
2282 
2283         if (tb[OCI_LINUX_RESOURCES]) {
2284                 res = parseOCIlinuxcgroups(tb[OCI_LINUX_RESOURCES]);
2285                 if (res)
2286                         return res;
2287         }
2288 
2289         return 0;
2290 }
2291 
2292 enum {
2293         OCI_VERSION,
2294         OCI_HOSTNAME,
2295         OCI_PROCESS,
2296         OCI_ROOT,
2297         OCI_MOUNTS,
2298         OCI_HOOKS,
2299         OCI_LINUX,
2300         OCI_ANNOTATIONS,
2301         __OCI_MAX,
2302 };
2303 
2304 static const struct blobmsg_policy oci_policy[] = {
2305         [OCI_VERSION] = { "ociVersion", BLOBMSG_TYPE_STRING },
2306         [OCI_HOSTNAME] = { "hostname", BLOBMSG_TYPE_STRING },
2307         [OCI_PROCESS] = { "process", BLOBMSG_TYPE_TABLE },
2308         [OCI_ROOT] = { "root", BLOBMSG_TYPE_TABLE },
2309         [OCI_MOUNTS] = { "mounts", BLOBMSG_TYPE_ARRAY },
2310         [OCI_HOOKS] = { "hooks", BLOBMSG_TYPE_TABLE },
2311         [OCI_LINUX] = { "linux", BLOBMSG_TYPE_TABLE },
2312         [OCI_ANNOTATIONS] = { "annotations", BLOBMSG_TYPE_TABLE },
2313 };
2314 
2315 static int parseOCI(const char *jsonfile)
2316 {
2317         struct blob_attr *tb[__OCI_MAX];
2318         struct blob_attr *cur;
2319         int rem;
2320         int res;
2321 
2322         blob_buf_init(&ocibuf, 0);
2323 
2324         if (!blobmsg_add_json_from_file(&ocibuf, jsonfile)) {
2325                 res=ENOENT;
2326                 goto errout;
2327         }
2328 
2329         blobmsg_parse(oci_policy, __OCI_MAX, tb, blob_data(ocibuf.head), blob_len(ocibuf.head));
2330 
2331         if (!tb[OCI_VERSION]) {
2332                 res=ENOMSG;
2333                 goto errout;
2334         }
2335 
2336         if (strncmp("1.0", blobmsg_get_string(tb[OCI_VERSION]), 3)) {
2337                 ERROR("unsupported ociVersion %s\n", blobmsg_get_string(tb[OCI_VERSION]));
2338                 res=ENOTSUP;
2339                 goto errout;
2340         }
2341 
2342         if (tb[OCI_HOSTNAME])
2343                 opts.hostname = strdup(blobmsg_get_string(tb[OCI_HOSTNAME]));
2344 
2345         if (!tb[OCI_PROCESS]) {
2346                 res=ENODATA;
2347                 goto errout;
2348         }
2349 
2350         if ((res = parseOCIprocess(tb[OCI_PROCESS])))
2351                 goto errout;
2352 
2353         if (!tb[OCI_ROOT]) {
2354                 res=ENODATA;
2355                 goto errout;
2356         }
2357         if ((res = parseOCIroot(jsonfile, tb[OCI_ROOT])))
2358                 goto errout;
2359 
2360         if (!tb[OCI_MOUNTS]) {
2361                 res=ENODATA;
2362                 goto errout;
2363         }
2364 
2365         blobmsg_for_each_attr(cur, tb[OCI_MOUNTS], rem)
2366                 if ((res = parseOCImount(cur)))
2367                         goto errout;
2368 
2369         if (tb[OCI_LINUX] && (res = parseOCIlinux(tb[OCI_LINUX])))
2370                 goto errout;
2371 
2372         if (tb[OCI_HOOKS] && (res = parseOCIhooks(tb[OCI_HOOKS])))
2373                 goto errout;
2374 
2375         if (tb[OCI_ANNOTATIONS])
2376                 opts.annotations = blob_memdup(tb[OCI_ANNOTATIONS]);
2377 
2378 errout:
2379         blob_buf_free(&ocibuf);
2380 
2381         return res;
2382 }
2383 
2384 static int set_oom_score_adj(void)
2385 {
2386         int f;
2387         char fname[32];
2388 
2389         if (!opts.set_oom_score_adj)
2390                 return 0;
2391 
2392         snprintf(fname, sizeof(fname), "/proc/%u/oom_score_adj", jail_process.pid);
2393         f = open(fname, O_WRONLY | O_TRUNC);
2394         if (f < 0)
2395                 return errno;
2396 
2397         dprintf(f, "%d", opts.oom_score_adj);
2398         close(f);
2399 
2400         return 0;
2401 }
2402 
2403 
2404 enum {
2405         OCI_STATE_CREATING,
2406         OCI_STATE_CREATED,
2407         OCI_STATE_RUNNING,
2408         OCI_STATE_STOPPED,
2409 };
2410 
2411 static int jail_oci_state = OCI_STATE_CREATED;
2412 static void pipe_send_start_container(struct uloop_timeout *t);
2413 static struct uloop_timeout start_container_timeout = {
2414         .cb = pipe_send_start_container,
2415 };
2416 
2417 static int handle_start(struct ubus_context *ctx, struct ubus_object *obj,
2418                         struct ubus_request_data *req, const char *method,
2419                         struct blob_attr *msg)
2420 {
2421         if (jail_oci_state != OCI_STATE_CREATED)
2422                 return UBUS_STATUS_INVALID_ARGUMENT;
2423 
2424         uloop_timeout_add(&start_container_timeout);
2425 
2426         return UBUS_STATUS_OK;
2427 }
2428 
2429 static struct blob_buf bb;
2430 static int handle_state(struct ubus_context *ctx, struct ubus_object *obj,
2431                         struct ubus_request_data *req, const char *method,
2432                         struct blob_attr *msg)
2433 {
2434         char *statusstr;
2435 
2436         switch (jail_oci_state) {
2437                 case OCI_STATE_CREATING:
2438                         statusstr = "creating";
2439                         break;
2440                 case OCI_STATE_CREATED:
2441                         statusstr = "created";
2442                         break;
2443                 case OCI_STATE_RUNNING:
2444                         statusstr = "running";
2445                         break;
2446                 case OCI_STATE_STOPPED:
2447                         statusstr = "stopped";
2448                         break;
2449                 default:
2450                         statusstr = "unknown";
2451         }
2452 
2453         blob_buf_init(&bb, 0);
2454         blobmsg_add_string(&bb, "ociVersion", OCI_VERSION_STRING);
2455         blobmsg_add_string(&bb, "id", opts.name);
2456         blobmsg_add_string(&bb, "status", statusstr);
2457         if (jail_oci_state == OCI_STATE_CREATED ||
2458             jail_oci_state == OCI_STATE_RUNNING)
2459                 blobmsg_add_u32(&bb, "pid", jail_process.pid);
2460 
2461         blobmsg_add_string(&bb, "bundle", opts.ocibundle);
2462 
2463         if (opts.annotations)
2464                 blobmsg_add_blob(&bb, opts.annotations);
2465 
2466         ubus_send_reply(ctx, req, bb.head);
2467 
2468         return UBUS_STATUS_OK;
2469 }
2470 
2471 enum {
2472         CONTAINER_KILL_ATTR_SIGNAL,
2473         __CONTAINER_KILL_ATTR_MAX,
2474 };
2475 
2476 static const struct blobmsg_policy container_kill_attrs[__CONTAINER_KILL_ATTR_MAX] = {
2477         [CONTAINER_KILL_ATTR_SIGNAL] = { "signal", BLOBMSG_TYPE_INT32 },
2478 };
2479 
2480 static int
2481 container_handle_kill(struct ubus_context *ctx, struct ubus_object *obj,
2482                     struct ubus_request_data *req, const char *method,
2483                     struct blob_attr *msg)
2484 {
2485         struct blob_attr *tb[__CONTAINER_KILL_ATTR_MAX], *cur;
2486         int sig = SIGTERM;
2487 
2488         blobmsg_parse(container_kill_attrs, __CONTAINER_KILL_ATTR_MAX, tb, blobmsg_data(msg), blobmsg_data_len(msg));
2489 
2490         cur = tb[CONTAINER_KILL_ATTR_SIGNAL];
2491         if (cur)
2492                 sig = blobmsg_get_u32(cur);
2493 
2494         if (jail_oci_state == OCI_STATE_CREATING)
2495                 return UBUS_STATUS_NOT_FOUND;
2496 
2497         if (kill(jail_process.pid, sig) == 0)
2498                 return 0;
2499 
2500         switch (errno) {
2501         case EINVAL: return UBUS_STATUS_INVALID_ARGUMENT;
2502         case EPERM:  return UBUS_STATUS_PERMISSION_DENIED;
2503         case ESRCH:  return UBUS_STATUS_NOT_FOUND;
2504         }
2505 
2506         return UBUS_STATUS_UNKNOWN_ERROR;
2507 }
2508 
2509 static int
2510 jail_writepid(pid_t pid)
2511 {
2512         FILE *_pidfile;
2513 
2514         if (!opts.pidfile)
2515                 return 0;
2516 
2517         _pidfile = fopen(opts.pidfile, "w");
2518         if (_pidfile == NULL)
2519                 return errno;
2520 
2521         if (fprintf(_pidfile, "%d\n", pid) < 0) {
2522                 fclose(_pidfile);
2523                 return errno;
2524         }
2525 
2526         if (fclose(_pidfile))
2527                 return errno;
2528 
2529         return 0;
2530 }
2531 
2532 static int checkpath(const char *path)
2533 {
2534         int dirfd = open(path, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
2535         if (dirfd < 0) {
2536                 ERROR("path %s open failed %m\n", path);
2537                 return -1;
2538         }
2539         close(dirfd);
2540 
2541         return 0;
2542 }
2543 
2544 static struct ubus_method container_methods[] = {
2545         UBUS_METHOD_NOARG("start", handle_start),
2546         UBUS_METHOD_NOARG("state", handle_state),
2547         UBUS_METHOD("kill", container_handle_kill, container_kill_attrs),
2548 };
2549 
2550 static struct ubus_object_type container_object_type =
2551         UBUS_OBJECT_TYPE("container", container_methods);
2552 
2553 static struct ubus_object container_object = {
2554         .type = &container_object_type,
2555         .methods = container_methods,
2556         .n_methods = ARRAY_SIZE(container_methods),
2557 };
2558 
2559 static void post_main(struct uloop_timeout *t);
2560 static struct uloop_timeout post_main_timeout = {
2561         .cb = post_main,
2562 };
2563 static int netns_fd;
2564 static int pidns_fd;
2565 #ifdef CLONE_NEWTIME
2566 static int timens_fd;
2567 #endif
2568 static void post_create_runtime(void);
2569 
2570 struct env_e {
2571         struct list_head list;
2572         char *envarg;
2573 };
2574 
2575 int main(int argc, char **argv)
2576 {
2577         uid_t uid = getuid();
2578         const char log[] = "/dev/log";
2579         const char ubus[] = "/var/run/ubus/ubus.sock";
2580         int ret = EXIT_FAILURE;
2581         int ch;
2582         char *tmp;
2583         struct list_head envl = LIST_HEAD_INIT(envl);
2584         struct env_e *enve, *tmpenve;
2585         unsigned short int envn = 0, envc = 0;
2586 
2587         if (uid) {
2588                 ERROR("not root, aborting: %m\n");
2589                 return EXIT_FAILURE;
2590         }
2591 
2592         /* those are filehandlers, so -1 indicates unused */
2593         opts.setns.pid = -1;
2594         opts.setns.net = -1;
2595         opts.setns.ns = -1;
2596         opts.setns.ipc = -1;
2597         opts.setns.uts = -1;
2598         opts.setns.user = -1;
2599         opts.setns.cgroup = -1;
2600 #ifdef CLONE_NEWTIME
2601         opts.setns.time = -1;
2602 #endif
2603 
2604         /* default 5 seconds timeout after SIGTERM before SIGKILL is sent */
2605         opts.term_timeout = 5;
2606 
2607         umask(022);
2608         mount_list_init();
2609         init_library_search();
2610         cgroups_prepare();
2611         exit_from_child = false;
2612 
2613         while ((ch = getopt(argc, argv, OPT_ARGS)) != -1) {
2614                 switch (ch) {
2615                 case 'd':
2616                         debug = atoi(optarg);
2617                         break;
2618                 case 'e':
2619                         enve = calloc(1, sizeof(*enve));
2620                         enve->envarg = optarg;
2621                         list_add_tail(&enve->list, &envl);
2622                         break;
2623                 case 'p':
2624                         opts.namespace |= CLONE_NEWNS;
2625                         opts.procfs = 1;
2626                         break;
2627                 case 'o':
2628                         opts.namespace |= CLONE_NEWNS;
2629                         opts.ronly = 1;
2630                         break;
2631                 case 'f':
2632                         opts.namespace |= CLONE_NEWUSER;
2633                         break;
2634                 case 'F':
2635                         opts.namespace |= CLONE_NEWCGROUP;
2636                         break;
2637                 case 'R':
2638                         opts.extroot = realpath(optarg, NULL);
2639                         break;
2640                 case 's':
2641                         opts.namespace |= CLONE_NEWNS;
2642                         opts.sysfs = 1;
2643                         break;
2644                 case 'S':
2645                         opts.seccomp = optarg;
2646                         add_mount_bind(optarg, 1, -1);
2647                         break;
2648                 case 'C':
2649                         opts.capabilities = optarg;
2650                         break;
2651                 case 'c':
2652                         opts.no_new_privs = 1;
2653                         break;
2654                 case 'n':
2655                         opts.name = optarg;
2656                         break;
2657                 case 'N':
2658                         opts.namespace |= CLONE_NEWNET;
2659                         break;
2660                 case 'h':
2661                         opts.namespace |= CLONE_NEWUTS;
2662                         opts.hostname = strdup(optarg);
2663                         break;
2664                 case 'j':
2665                         jail_join_ns(optarg);
2666                         break;
2667                 case 'r':
2668                         opts.namespace |= CLONE_NEWNS;
2669                         tmp = strchr(optarg, ':');
2670                         if (tmp) {
2671                                 *(tmp++) = '\0';
2672                                 add_2paths_and_deps(optarg, tmp, 1, 0, 0);
2673                         } else {
2674                                 add_path_and_deps(optarg, 1, 0, 0);
2675                         }
2676                         break;
2677                 case 'w':
2678                         opts.namespace |= CLONE_NEWNS;
2679                         tmp = strchr(optarg, ':');
2680                         if (tmp) {
2681                                 *(tmp++) = '\0';
2682                                 add_2paths_and_deps(optarg, tmp, 0, 0, 0);
2683                         } else {
2684                                 add_path_and_deps(optarg, 0, 0, 0);
2685                         }
2686                         break;
2687                 case 'u':
2688                         opts.namespace |= CLONE_NEWNS;
2689                         add_mount_bind(ubus, 0, -1);
2690                         break;
2691                 case 'l':
2692                         opts.namespace |= CLONE_NEWNS;
2693                         add_mount_bind(log, 0, -1);
2694                         break;
2695                 case 'U':
2696                         opts.user = optarg;
2697                         break;
2698                 case 'G':
2699                         opts.group = optarg;
2700                         break;
2701                 case 'O':
2702                         opts.overlaydir = realpath(optarg, NULL);
2703                         break;
2704                 case 't':
2705                         opts.term_timeout = atoi(optarg);
2706                         break;
2707                 case 'T':
2708                         opts.tmpoverlaysize = optarg;
2709                         break;
2710                 case 'E':
2711                         opts.require_jail = 1;
2712                         break;
2713                 case 'y':
2714                         opts.console = 1;
2715                         break;
2716                 case 'J':
2717                         opts.ocibundle = optarg;
2718                         break;
2719                 case 'i':
2720                         opts.immediately = true;
2721                         break;
2722                 case 'P':
2723                         opts.pidfile = optarg;
2724                         break;
2725                 }
2726         }
2727 
2728         if (opts.namespace && !opts.ocibundle)
2729                 opts.namespace |= CLONE_NEWIPC | CLONE_NEWPID;
2730 
2731         /*
2732          * env import from cmdline is not available for OCI containers
2733          */
2734         if (opts.ocibundle && !list_empty(&envl)) {
2735                 ret=-ENOTSUP;
2736                 goto errout;
2737         }
2738 
2739         /*
2740          * prepare list of env variables to import for slim containers
2741          */
2742         if (!list_empty(&envl)) {
2743                 list_for_each_entry(enve, &envl, list)
2744                         ++envn;
2745 
2746                 opts.envp = calloc(1 + envn, sizeof(char*));
2747                 list_for_each_entry_safe(enve, tmpenve, &envl, list) {
2748                         tmp = getenv(enve->envarg);
2749                         if (tmp) {
2750                                 ret = asprintf(&opts.envp[envc++], "%s=%s", enve->envarg, tmp);
2751                                 if (ret < 0) {
2752                                         ERROR("filed to handle envargs %s\n", tmp);
2753                                         free(enve);
2754                                         goto errout;
2755                                 }
2756                         }
2757 
2758                         list_del(&enve->list);
2759                         free(enve);
2760                 }
2761 
2762                 opts.envp[envc] = NULL;
2763         }
2764 
2765         /*
2766          * uid in parent user namespace representing root user in new
2767          * user namespace, defaults to nobody unless specified in uidMappings
2768          */
2769         opts.root_map_uid = 65534;
2770 
2771         if (opts.capabilities && parseOCIcapabilities_from_file(&opts.capset, opts.capabilities)) {
2772                 ERROR("failed to read capabilities from file %s\n", opts.capabilities);
2773                 ret=-1;
2774                 goto errout;
2775         }
2776 
2777         if (opts.ocibundle) {
2778                 char *jsonfile;
2779                 int ocires;
2780 
2781                 if (!opts.name) {
2782                         ERROR("OCI bundle needs a named jail\n");
2783                         ret=-1;
2784                         goto errout;
2785                 }
2786                 if (asprintf(&jsonfile, "%s/config.json", opts.ocibundle) < 0) {
2787                         ret=-ENOMEM;
2788                         goto errout;
2789                 }
2790                 ocires = parseOCI(jsonfile);
2791                 free(jsonfile);
2792                 if (ocires) {
2793                         ERROR("parsing of OCI JSON spec has failed: %s (%d)\n", strerror(ocires), ocires);
2794                         ret=ocires;
2795                         goto errout;
2796                 }
2797         }
2798 
2799         if (opts.namespace & CLONE_NEWNET) {
2800                 if (!opts.name) {
2801                         ERROR("netns needs a named jail\n");
2802                         ret=-1;
2803                         goto errout;
2804                 }
2805         }
2806 
2807 
2808         if (opts.tmpoverlaysize && strlen(opts.tmpoverlaysize) > 8) {
2809                 ERROR("size parameter too long: \"%s\"\n", opts.tmpoverlaysize);
2810                 ret=-1;
2811                 goto errout;
2812         }
2813 
2814         if (opts.extroot && checkpath(opts.extroot)) {
2815                 ERROR("invalid rootfs path '%s'", opts.extroot);
2816                 ret=-1;
2817                 goto errout;
2818         }
2819 
2820         if (opts.overlaydir && checkpath(opts.overlaydir)) {
2821                 ERROR("invalid rootfs overlay path '%s'", opts.overlaydir);
2822                 ret=-1;
2823                 goto errout;
2824         }
2825 
2826         /* no <binary> param found */
2827         if (!opts.ocibundle && (argc - optind < 1)) {
2828                 usage();
2829                 ret=EXIT_FAILURE;
2830                 goto errout;
2831         }
2832         if (!(opts.ocibundle||opts.namespace||opts.capabilities||opts.seccomp||
2833                 (opts.setns.net != -1) ||
2834                 (opts.setns.ns != -1) ||
2835                 (opts.setns.ipc != -1) ||
2836                 (opts.setns.uts != -1) ||
2837                 (opts.setns.user != -1) ||
2838                 (opts.setns.cgroup != -1))) {
2839                 ERROR("Not using namespaces, capabilities or seccomp !!!\n\n");
2840                 usage();
2841                 ret=EXIT_FAILURE;
2842                 goto errout;
2843         }
2844         DEBUG("Using namespaces(0x%08x), capabilities(%d), seccomp(%d)\n",
2845                 opts.namespace,
2846                 opts.capset.apply,
2847                 opts.seccomp != 0 || opts.ociseccomp != 0);
2848 
2849         uloop_init();
2850         signals_init();
2851 
2852         parent_ctx = ubus_connect(NULL);
2853         ubus_add_uloop(parent_ctx);
2854 
2855         if (opts.ocibundle) {
2856                 char *objname;
2857                 if (asprintf(&objname, "container.%s", opts.name) < 0) {
2858                         ret=-ENOMEM;
2859                         goto errout;
2860                 }
2861 
2862                 container_object.name = objname;
2863                 ret = ubus_add_object(parent_ctx, &container_object);
2864                 if (ret) {
2865                         ERROR("Failed to add object: %s\n", ubus_strerror(ret));
2866                         ret=-1;
2867                         goto errout;
2868                 }
2869         }
2870 
2871         /* deliberately not using 'else' on unrelated conditional branches */
2872         if (!opts.ocibundle) {
2873                 /* allocate NULL-terminated array for argv */
2874                 opts.jail_argv = calloc(1 + argc - optind, sizeof(void *));
2875                 if (!opts.jail_argv) {
2876                         ret=EXIT_FAILURE;
2877                         goto errout;
2878                 }
2879                 for (size_t s = optind; s < argc; s++)
2880                         opts.jail_argv[s - optind] = strdup(argv[s]);
2881 
2882                 if (opts.namespace & CLONE_NEWUSER)
2883                         get_jail_user(&opts.pw_uid, &opts.pw_gid, &opts.gr_gid);
2884         }
2885 
2886         if (!opts.extroot) {
2887                 if (opts.namespace && add_path_and_deps(*opts.jail_argv, 1, -1, 0)) {
2888                         ERROR("failed to load dependencies\n");
2889                         ret=-1;
2890                         goto errout;
2891                 }
2892         }
2893 
2894         if (opts.namespace && opts.seccomp && add_path_and_deps("libpreload-seccomp.so", 1, -1, 1)) {
2895                 ERROR("failed to load libpreload-seccomp.so\n");
2896                 opts.seccomp = 0;
2897                 if (opts.require_jail) {
2898                         ret=-1;
2899                         goto errout;
2900                 }
2901         }
2902 
2903         uloop_timeout_add(&post_main_timeout);
2904         uloop_run();
2905 
2906 errout:
2907         if (opts.ocibundle)
2908                 cgroups_free();
2909 
2910         free_opts(true);
2911 
2912         return ret;
2913 }
2914 
2915 static void post_main(struct uloop_timeout *t)
2916 {
2917         if (apply_rlimits()) {
2918                 ERROR("error applying resource limits\n");
2919                 free_and_exit(EXIT_FAILURE);
2920         }
2921 
2922         if (opts.name)
2923                 prctl(PR_SET_NAME, opts.name, NULL, NULL, NULL);
2924 
2925         if (pipe(&pipes[0]) < 0 || pipe(&pipes[2]) < 0)
2926                 free_and_exit(-1);
2927 
2928         if (has_namespaces()) {
2929                 if (opts.namespace & CLONE_NEWNS) {
2930                         if (!opts.extroot && (opts.user || opts.group)) {
2931                                 add_mount_bind("/etc/passwd", 1, -1);
2932                                 add_mount_bind("/etc/group", 1, -1);
2933                         }
2934 
2935 #if defined(__GLIBC__)
2936                         if (!opts.extroot)
2937                                 add_mount_bind("/etc/nsswitch.conf", 1, -1);
2938 #endif
2939                         if (opts.setns.ns == -1) {
2940                                 if (!(opts.namespace & CLONE_NEWNET)) {
2941                                         add_mount_bind("/etc/resolv.conf", 1, 0);
2942                                 } else {
2943                                         /* new mount namespace to provide /dev/resolv.conf.d */
2944                                         char hostdir[PATH_MAX];
2945 
2946                                         snprintf(hostdir, PATH_MAX, "/tmp/resolv.conf-%s.d", opts.name);
2947                                         mkdir_p(hostdir, 0755);
2948                                         add_mount(hostdir, "/dev/resolv.conf.d", NULL,
2949                                                 MS_BIND | MS_NOEXEC | MS_NOATIME | MS_NOSUID | MS_NODEV | MS_RDONLY, 0, NULL, 0);
2950                                 }
2951                         }
2952                         /* default mounts */
2953                         add_mount(NULL, "/dev", "tmpfs", MS_NOATIME | MS_NOEXEC | MS_NOSUID, 0, "size=1M", -1);
2954                         add_mount(NULL, "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | MS_NOSUID, 0, "newinstance,ptmxmode=0666,mode=0620,gid=5", 0);
2955 
2956                         if (opts.procfs || opts.ocibundle) {
2957                                 add_mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID, 0, NULL, -1);
2958 
2959                                 /*
2960                                  * hack to make /proc/sys/net read-write while the rest of /proc/sys is read-only
2961                                  * which cannot be expressed with OCI spec, but happends to be very useful.
2962                                  * Only apply it if '/proc/sys' is not already listed as mount, maskedPath or
2963                                  * readonlyPath.
2964                                  * If not running in a new network namespace, only make /proc/sys read-only.
2965                                  * If running in a new network namespace, temporarily stash (ie. mount-bind)
2966                                  * /proc/sys/net into (totally unrelated, but surely existing) /proc/self/net.
2967                                  * Then we mount-bind /proc/sys read-only and then mount-move /proc/self/net into
2968                                  * /proc/sys/net.
2969                                  * This works because mounts are executed in incrementing strcmp() order and
2970                                  * /proc/self/net appears there before /proc/sys/net and hence the operation
2971                                  * succeeds as the bind-mount of /proc/self/net is performed first and then
2972                                  * move-mount of /proc/sys/net follows because 'e' preceeds 'y' in the ASCII
2973                                  * table (and in the alphabet).
2974                                  */
2975                                 if (!add_mount(NULL, "/proc/sys", NULL, MS_BIND | MS_RDONLY, 0, NULL, -1))
2976                                         if (opts.namespace & CLONE_NEWNET)
2977                                                 if (!add_mount_inner("/proc/self/net", "/proc/sys/net", NULL, MS_MOVE, 0, NULL, -1))
2978                                                         add_mount_inner("/proc/sys/net", "/proc/self/net", NULL, MS_BIND, 0, NULL, -1);
2979 
2980                         }
2981                         if (opts.sysfs || opts.ocibundle)
2982                                 add_mount("sysfs", "/sys", "sysfs", MS_RELATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RDONLY, 0, NULL, -1);
2983 
2984                         if (opts.ocibundle)
2985                                 add_mount("shm", "/dev/shm", "tmpfs", MS_NOSUID | MS_NOEXEC | MS_NODEV, 0, "mode=1777", -1);
2986 
2987                 }
2988 
2989                 if (opts.setns.pid != -1) {
2990                         pidns_fd = ns_open_pid("pid", getpid());
2991                         setns_open(CLONE_NEWPID);
2992                 } else {
2993                         pidns_fd = -1;
2994                 }
2995 
2996 #ifdef CLONE_NEWTIME
2997                 if (opts.setns.time != -1) {
2998                         timens_fd = ns_open_pid("time", getpid());
2999                         setns_open(CLONE_NEWTIME);
3000                 } else {
3001                         timens_fd = -1;
3002                 }
3003 #endif
3004 
3005                 if (opts.namespace & CLONE_NEWUSER) {
3006                         if (prctl(PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP)) {
3007                                 ERROR("prctl(PR_SET_SECUREBITS) failed: %m\n");
3008                                 free_and_exit(EXIT_FAILURE);
3009                         }
3010                         if (seteuid(opts.root_map_uid)) {
3011                                 ERROR("seteuid(%d) failed: %m\n", opts.root_map_uid);
3012                                 free_and_exit(EXIT_FAILURE);
3013                         }
3014                 }
3015 
3016                 jail_process.pid = clone(exec_jail, child_stack + STACK_SIZE, SIGCHLD | (opts.namespace & (~CLONE_NEWCGROUP)), NULL);
3017         } else {
3018                 jail_process.pid = fork();
3019         }
3020 
3021         if (jail_process.pid > 0) {
3022                 /* parent process */
3023                 char sig_buf[1];
3024 
3025                 uloop_process_add(&jail_process);
3026                 jail_running = 1;
3027                 if (seteuid(0)) {
3028                         ERROR("seteuid(%d) failed: %m\n", opts.root_map_uid);
3029                         free_and_exit(EXIT_FAILURE);
3030                 }
3031 
3032                 prctl(PR_SET_SECUREBITS, 0);
3033 
3034                 if (pidns_fd != -1) {
3035                         setns(pidns_fd, CLONE_NEWPID);
3036                         close(pidns_fd);
3037                 }
3038 #ifdef CLONE_NEWTIME
3039                 if (timens_fd != -1) {
3040                         setns(timens_fd, CLONE_NEWTIME);
3041                         close(timens_fd);
3042                 }
3043 #endif
3044                 if (opts.setns.net != -1)
3045                         close(opts.setns.net);
3046                 if (opts.setns.ns != -1)
3047                         close(opts.setns.ns);
3048                 if (opts.setns.ipc != -1)
3049                         close(opts.setns.ipc);
3050                 if (opts.setns.uts != -1)
3051                         close(opts.setns.uts);
3052                 if (opts.setns.user != -1)
3053                         close(opts.setns.user);
3054                 if (opts.setns.cgroup != -1)
3055                         close(opts.setns.cgroup);
3056                 close(pipes[1]);
3057                 close(pipes[2]);
3058                 if (read(pipes[0], sig_buf, 1) < 1) {
3059                         ERROR("can't read from child\n");
3060                         free_and_exit(-1);
3061                 }
3062                 close(pipes[0]);
3063                 set_oom_score_adj();
3064 
3065                 if (opts.ocibundle)
3066                         cgroups_apply(jail_process.pid);
3067 
3068                 if (opts.namespace & CLONE_NEWUSER) {
3069                         if (write_setgroups(jail_process.pid, true)) {
3070                                 ERROR("can't write setgroups\n");
3071                                 free_and_exit(-1);
3072                         }
3073                         if (!opts.uidmap) {
3074                                 bool has_gr = (opts.gr_gid != -1);
3075                                 if (opts.pw_uid != -1) {
3076                                         write_single_uid_gid_map(jail_process.pid, 0, opts.pw_uid);
3077                                         write_single_uid_gid_map(jail_process.pid, 1, has_gr?opts.gr_gid:opts.pw_gid);
3078                                 } else {
3079                                         write_single_uid_gid_map(jail_process.pid, 0, 65534);
3080                                         write_single_uid_gid_map(jail_process.pid, 1, has_gr?opts.gr_gid:65534);
3081                                 }
3082                         } else {
3083                                 write_uid_gid_map(jail_process.pid, 0, opts.uidmap);
3084                                 if (opts.gidmap)
3085                                         write_uid_gid_map(jail_process.pid, 1, opts.gidmap);
3086                         }
3087                 }
3088 
3089                 if (opts.namespace & CLONE_NEWNET)
3090                         jail_network_start(parent_ctx, opts.name, jail_process.pid);
3091 
3092                 if (jail_writepid(jail_process.pid)) {
3093                         ERROR("failed to write pidfile: %m\n");
3094                         free_and_exit(-1);
3095                 }
3096         } else if (jail_process.pid == 0) {
3097                 /* fork child process */
3098                 free_and_exit(exec_jail(NULL));
3099         } else {
3100                 ERROR("failed to clone/fork: %m\n");
3101                 free_and_exit(EXIT_FAILURE);
3102         }
3103         run_hooks(opts.hooks.createRuntime, post_create_runtime);
3104 }
3105 
3106 static void post_poststart(void);
3107 static void post_create_runtime(void)
3108 {
3109         char sig_buf[1];
3110 
3111         sig_buf[0] = 'O';
3112         if (write(pipes[3], sig_buf, 1) < 0) {
3113                 ERROR("can't write to child\n");
3114                 free_and_exit(-1);
3115         }
3116 
3117         jail_oci_state = OCI_STATE_CREATED;
3118         if (opts.ocibundle && !opts.immediately)
3119                 uloop_run(); /* wait for 'start' command via ubus */
3120         else
3121                 pipe_send_start_container(NULL);
3122 }
3123 
3124 static void pipe_send_start_container(struct uloop_timeout *t)
3125 {
3126         char sig_buf[1];
3127 
3128         jail_oci_state = OCI_STATE_RUNNING;
3129         sig_buf[0] = '!';
3130         if (write(pipes[3], sig_buf, 1) < 0) {
3131                 ERROR("can't write to child\n");
3132                 free_and_exit(-1);
3133         }
3134         close(pipes[3]);
3135 
3136         run_hooks(opts.hooks.poststart, post_poststart);
3137 }
3138 
3139 static void post_poststart(void)
3140 {
3141         uloop_run(); /* idle here while jail is running */
3142         if (jail_running) {
3143                 DEBUG("uloop interrupted, killing jail process\n");
3144                 kill(jail_process.pid, SIGTERM);
3145                 uloop_timeout_set(&jail_process_timeout, 1000);
3146                 uloop_run();
3147         }
3148         uloop_done();
3149         poststop();
3150 }
3151 
3152 static void post_poststop(void);
3153 static void poststop(void) {
3154         if (opts.namespace & CLONE_NEWNET) {
3155                 setns(netns_fd, CLONE_NEWNET);
3156                 jail_network_stop();
3157                 close(netns_fd);
3158         }
3159         run_hooks(opts.hooks.poststop, post_poststop);
3160 }
3161 
3162 static void post_poststop(void)
3163 {
3164         free_opts(true);
3165         if (parent_ctx)
3166                 ubus_free(parent_ctx);
3167 
3168         exit(jail_return_code);
3169 }
3170 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt