From: benjamin@sipsolutions.net
To: gdb-patches@sourceware.org
Cc: Benjamin Berg <benjamin@sipsolutions.net>
Subject: [PATCH] nat: linux-namespaces: Also enter user namespace
Date: Tue, 21 Mar 2023 13:01:26 +0100 [thread overview]
Message-ID: <20230321120126.1418012-1-benjamin@sipsolutions.net> (raw)
From: Benjamin Berg <benjamin@sipsolutions.net>
The use of user namespaces is required for normal users to use mount
namespaces. Also entering the user namespace means that a normal user
can debug processes created that way.
---
gdb/nat/linux-namespaces.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/gdb/nat/linux-namespaces.c b/gdb/nat/linux-namespaces.c
index 4b1fee18425..95277b403d7 100644
--- a/gdb/nat/linux-namespaces.c
+++ b/gdb/nat/linux-namespaces.c
@@ -880,11 +880,12 @@ enum mnsh_fs_code
static enum mnsh_fs_code
linux_mntns_access_fs (pid_t pid)
{
- struct linux_ns *ns;
+ struct linux_ns *ns, *ns_user;
struct stat sb;
struct linux_mnsh *helper;
ssize_t size;
- int fd;
+ int fd, fd_user = -1;
+ int result, error;
if (pid == getpid ())
return MNSH_FS_DIRECT;
@@ -901,6 +902,8 @@ linux_mntns_access_fs (pid_t pid)
{
int save_errno = errno;
close (fd);
+ if (fd_user >= 0)
+ close (fd_user);
errno = save_errno;
};
@@ -910,13 +913,23 @@ linux_mntns_access_fs (pid_t pid)
if (sb.st_ino == ns->id)
return MNSH_FS_DIRECT;
+ ns_user = linux_ns_get_namespace (LINUX_NS_USER);
+ if (ns_user != NULL)
+ fd_user = gdb_open_cloexec (linux_ns_filename (ns_user, pid), O_RDONLY, 0).release ();
+
helper = linux_mntns_get_helper ();
if (helper == NULL)
return MNSH_FS_ERROR;
if (sb.st_ino != helper->nsid)
{
- int result, error;
+ /* Try to enter user namespace */
+ if (fd_user >= 0)
+ {
+ mnsh_send_setns (helper, fd_user, 0);
+ if (mnsh_recv_int (helper, &result, &error) != 0)
+ warning (_("Could not enter user namespace"));
+ }
size = mnsh_send_setns (helper, fd, 0);
if (size < 0)
--
2.39.2
next reply other threads:[~2023-03-21 12:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 12:01 benjamin [this message]
2023-09-19 18:45 ` Tom Tromey
2023-09-20 8:15 ` Benjamin Berg
2023-12-20 11:42 ` Benjamin Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230321120126.1418012-1-benjamin@sipsolutions.net \
--to=benjamin@sipsolutions.net \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).