]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/attach.c
fix getline(3) memory leaks
[mirror_lxc.git] / src / lxc / attach.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <unistd.h>
26 #include <stdio.h>
27 #include <string.h>
28 #include <stdlib.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <sys/param.h>
32 #include <sys/prctl.h>
33 #include <sys/mount.h>
34 #include <sys/syscall.h>
35 #include <sys/wait.h>
36 #include <linux/unistd.h>
37 #include <pwd.h>
38
39 #if !HAVE_DECL_PR_CAPBSET_DROP
40 #define PR_CAPBSET_DROP 24
41 #endif
42
43 #include "namespace.h"
44 #include "log.h"
45 #include "attach.h"
46 #include "caps.h"
47 #include "config.h"
48 #include "apparmor.h"
49
50 lxc_log_define(lxc_attach, lxc);
51
52 /* Define setns() if missing from the C library */
53 #ifndef HAVE_SETNS
54 static int setns(int fd, int nstype)
55 {
56 #ifdef __NR_setns
57 return syscall(__NR_setns, fd, nstype);
58 #else
59 errno = ENOSYS;
60 return -1;
61 #endif
62 }
63 #endif
64
65 /* Define unshare() if missing from the C library */
66 #ifndef HAVE_UNSHARE
67 static int unshare(int flags)
68 {
69 #ifdef __NR_unshare
70 return syscall(__NR_unshare, flags);
71 #else
72 errno = ENOSYS;
73 return -1;
74 #endif
75 }
76 #endif
77
78 /* Define getline() if missing from the C library */
79 #ifndef HAVE_GETLINE
80 #ifdef HAVE_FGETLN
81 #include <../include/getline.h>
82 #endif
83 #endif
84
85 struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
86 {
87 struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
88 FILE *proc_file;
89 char proc_fn[MAXPATHLEN];
90 char *line = NULL;
91 size_t line_bufsz = 0;
92 int ret, found;
93
94 if (!info) {
95 SYSERROR("Could not allocate memory.");
96 return NULL;
97 }
98
99 /* read capabilities */
100 snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", pid);
101
102 proc_file = fopen(proc_fn, "r");
103 if (!proc_file) {
104 SYSERROR("Could not open %s", proc_fn);
105 goto out_error;
106 }
107
108 found = 0;
109 while (getline(&line, &line_bufsz, proc_file) != -1) {
110 ret = sscanf(line, "CapBnd: %llx", &info->capability_mask);
111 if (ret != EOF && ret > 0) {
112 found = 1;
113 break;
114 }
115 }
116
117 free(line);
118 fclose(proc_file);
119
120 if (!found) {
121 SYSERROR("Could not read capability bounding set from %s", proc_fn);
122 errno = ENOENT;
123 goto out_error;
124 }
125
126 /* read personality */
127 snprintf(proc_fn, MAXPATHLEN, "/proc/%d/personality", pid);
128
129 proc_file = fopen(proc_fn, "r");
130 if (!proc_file) {
131 SYSERROR("Could not open %s", proc_fn);
132 goto out_error;
133 }
134
135 ret = fscanf(proc_file, "%lx", &info->personality);
136 fclose(proc_file);
137
138 if (ret == EOF || ret == 0) {
139 SYSERROR("Could not read personality from %s", proc_fn);
140 errno = ENOENT;
141 goto out_error;
142 }
143 info->aa_profile = aa_get_profile(pid);
144
145 return info;
146
147 out_error:
148 free(info);
149 return NULL;
150 }
151
152 int lxc_attach_to_ns(pid_t pid, int which)
153 {
154 char path[MAXPATHLEN];
155 /* according to <http://article.gmane.org/gmane.linux.kernel.containers.lxc.devel/1429>,
156 * the file for user namepsaces in /proc/$pid/ns will be called
157 * 'user' once the kernel supports it
158 */
159 static char *ns[] = { "mnt", "pid", "uts", "ipc", "user", "net" };
160 static int flags[] = {
161 CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC,
162 CLONE_NEWUSER, CLONE_NEWNET
163 };
164 static const int size = sizeof(ns) / sizeof(char *);
165 int fd[size];
166 int i, j, saved_errno;
167
168
169 snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid);
170 if (access(path, X_OK)) {
171 ERROR("Does this kernel version support 'attach' ?");
172 return -1;
173 }
174
175 for (i = 0; i < size; i++) {
176 /* ignore if we are not supposed to attach to that
177 * namespace
178 */
179 if (which != -1 && !(which & flags[i])) {
180 fd[i] = -1;
181 continue;
182 }
183
184 snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns[i]);
185 fd[i] = open(path, O_RDONLY);
186 if (fd[i] < 0) {
187 saved_errno = errno;
188
189 /* close all already opened file descriptors before
190 * we return an error, so we don't leak them
191 */
192 for (j = 0; j < i; j++)
193 close(fd[j]);
194
195 errno = saved_errno;
196 SYSERROR("failed to open '%s'", path);
197 return -1;
198 }
199 }
200
201 for (i = 0; i < size; i++) {
202 if (fd[i] >= 0 && setns(fd[i], 0) != 0) {
203 saved_errno = errno;
204
205 for (j = i; j < size; j++)
206 close(fd[j]);
207
208 errno = saved_errno;
209 SYSERROR("failed to set namespace '%s'", ns[i]);
210 return -1;
211 }
212
213 close(fd[i]);
214 }
215
216 return 0;
217 }
218
219 int lxc_attach_remount_sys_proc()
220 {
221 int ret;
222
223 ret = unshare(CLONE_NEWNS);
224 if (ret < 0) {
225 SYSERROR("failed to unshare mount namespace");
226 return -1;
227 }
228
229 /* assume /proc is always mounted, so remount it */
230 ret = umount2("/proc", MNT_DETACH);
231 if (ret < 0) {
232 SYSERROR("failed to unmount /proc");
233 return -1;
234 }
235
236 ret = mount("none", "/proc", "proc", 0, NULL);
237 if (ret < 0) {
238 SYSERROR("failed to remount /proc");
239 return -1;
240 }
241
242 /* try to umount /sys - if it's not a mount point,
243 * we'll get EINVAL, then we ignore it because it
244 * may not have been mounted in the first place
245 */
246 ret = umount2("/sys", MNT_DETACH);
247 if (ret < 0 && errno != EINVAL) {
248 SYSERROR("failed to unmount /sys");
249 return -1;
250 } else if (ret == 0) {
251 /* remount it */
252 ret = mount("none", "/sys", "sysfs", 0, NULL);
253 if (ret < 0) {
254 SYSERROR("failed to remount /sys");
255 return -1;
256 }
257 }
258
259 return 0;
260 }
261
262 int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
263 {
264 int last_cap = lxc_caps_last_cap();
265 int cap;
266
267 for (cap = 0; cap <= last_cap; cap++) {
268 if (ctx->capability_mask & (1LL << cap))
269 continue;
270
271 if (prctl(PR_CAPBSET_DROP, cap, 0, 0, 0)) {
272 SYSERROR("failed to remove capability id %d", cap);
273 return -1;
274 }
275 }
276
277 return 0;
278 }
279
280 int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep)
281 {
282 /* TODO: implement extra_env, extra_keep
283 * Rationale:
284 * - extra_env is an array of strings of the form
285 * "VAR=VALUE", which are to be set (after clearing or not,
286 * depending on the value of the policy variable)
287 * - extra_keep is an array of strings of the form
288 * "VAR", which are extra environment variables to be kept
289 * around after clearing (if that is done, otherwise, the
290 * remain anyway)
291 */
292 (void) extra_env;
293 (void) extra_keep;
294
295 if (policy == LXC_ATTACH_CLEAR_ENV) {
296 if (clearenv()) {
297 SYSERROR("failed to clear environment");
298 /* don't error out though */
299 }
300 }
301
302 if (putenv("container=lxc")) {
303 SYSERROR("failed to set environment variable");
304 return -1;
305 }
306
307 return 0;
308 }
309
310 char *lxc_attach_getpwshell(uid_t uid)
311 {
312 /* local variables */
313 pid_t pid;
314 int pipes[2];
315 int ret;
316 int fd;
317 char *result = NULL;
318
319 /* we need to fork off a process that runs the
320 * getent program, and we need to capture its
321 * output, so we use a pipe for that purpose
322 */
323 ret = pipe(pipes);
324 if (ret < 0)
325 return NULL;
326
327 pid = fork();
328 if (pid < 0) {
329 close(pipes[0]);
330 close(pipes[1]);
331 return NULL;
332 }
333
334 if (pid) {
335 /* parent process */
336 FILE *pipe_f;
337 char *line = NULL;
338 size_t line_bufsz = 0;
339 int found = 0;
340 int status;
341
342 close(pipes[1]);
343
344 pipe_f = fdopen(pipes[0], "r");
345 while (getline(&line, &line_bufsz, pipe_f) != -1) {
346 char *token;
347 char *saveptr = NULL;
348 long value;
349 char *endptr = NULL;
350 int i;
351
352 /* if we already found something, just continue
353 * to read until the pipe doesn't deliver any more
354 * data, but don't modify the existing data
355 * structure
356 */
357 if (found)
358 continue;
359
360 /* trim line on the right hand side */
361 for (i = strlen(line); i > 0 && (line[i - 1] == '\n' || line[i - 1] == '\r'); --i)
362 line[i - 1] = '\0';
363
364 /* split into tokens: first user name */
365 token = strtok_r(line, ":", &saveptr);
366 if (!token)
367 continue;
368 /* next: dummy password field */
369 token = strtok_r(NULL, ":", &saveptr);
370 if (!token)
371 continue;
372 /* next: user id */
373 token = strtok_r(NULL, ":", &saveptr);
374 value = token ? strtol(token, &endptr, 10) : 0;
375 if (!token || !endptr || *endptr || value == LONG_MIN || value == LONG_MAX)
376 continue;
377 /* dummy sanity check: user id matches */
378 if ((uid_t) value != uid)
379 continue;
380 /* skip fields: gid, gecos, dir, go to next field 'shell' */
381 for (i = 0; i < 4; i++) {
382 token = strtok_r(NULL, ":", &saveptr);
383 if (!token)
384 break;
385 }
386 if (!token)
387 continue;
388 if (result)
389 free(result);
390 result = strdup(token);
391
392 /* sanity check that there are no fields after that */
393 token = strtok_r(NULL, ":", &saveptr);
394 if (token)
395 continue;
396
397 found = 1;
398 }
399
400 free(line);
401 fclose(pipe_f);
402 again:
403 if (waitpid(pid, &status, 0) < 0) {
404 if (errno == EINTR)
405 goto again;
406 return NULL;
407 }
408
409 /* some sanity checks: if anything even hinted at going
410 * wrong: we can't be sure we have a valid result, so
411 * we assume we don't
412 */
413
414 if (!WIFEXITED(status))
415 return NULL;
416
417 if (WEXITSTATUS(status) != 0)
418 return NULL;
419
420 if (!found)
421 return NULL;
422
423 return result;
424 } else {
425 /* child process */
426 char uid_buf[32];
427 char *arguments[] = {
428 "getent",
429 "passwd",
430 uid_buf,
431 NULL
432 };
433
434 close(pipes[0]);
435
436 /* we want to capture stdout */
437 dup2(pipes[1], 1);
438 close(pipes[1]);
439
440 /* get rid of stdin/stderr, so we try to associate it
441 * with /dev/null
442 */
443 fd = open("/dev/null", O_RDWR);
444 if (fd < 0) {
445 close(0);
446 close(2);
447 } else {
448 dup2(fd, 0);
449 dup2(fd, 2);
450 close(fd);
451 }
452
453 /* finish argument list */
454 ret = snprintf(uid_buf, sizeof(uid_buf), "%ld", (long) uid);
455 if (ret <= 0)
456 exit(-1);
457
458 /* try to run getent program */
459 (void) execvp("getent", arguments);
460 exit(-1);
461 }
462 }
463
464 void lxc_attach_get_init_uidgid(uid_t* init_uid, gid_t* init_gid)
465 {
466 FILE *proc_file;
467 char proc_fn[MAXPATHLEN];
468 char *line = NULL;
469 size_t line_bufsz = 0;
470 int ret;
471 long value = -1;
472 uid_t uid = (uid_t)-1;
473 gid_t gid = (gid_t)-1;
474
475 /* read capabilities */
476 snprintf(proc_fn, MAXPATHLEN, "/proc/%d/status", 1);
477
478 proc_file = fopen(proc_fn, "r");
479 if (!proc_file)
480 return;
481
482 while (getline(&line, &line_bufsz, proc_file) != -1) {
483 /* format is: real, effective, saved set user, fs
484 * we only care about real uid
485 */
486 ret = sscanf(line, "Uid: %ld", &value);
487 if (ret != EOF && ret > 0) {
488 uid = (uid_t) value;
489 } else {
490 ret = sscanf(line, "Gid: %ld", &value);
491 if (ret != EOF && ret > 0)
492 gid = (gid_t) value;
493 }
494 if (uid != (uid_t)-1 && gid != (gid_t)-1)
495 break;
496 }
497
498 fclose(proc_file);
499 free(line);
500
501 /* only override arguments if we found something */
502 if (uid != (uid_t)-1)
503 *init_uid = uid;
504 if (gid != (gid_t)-1)
505 *init_gid = gid;
506
507 /* TODO: we should also parse supplementary groups and use
508 * setgroups() to set them */
509 }