aboutgitcodelistschat:MatrixIRC
diff options
context:
space:
mode:
-rw-r--r--common/util.h8
-rw-r--r--operations.c19
2 files changed, 18 insertions, 9 deletions
diff --git a/common/util.h b/common/util.h
index 4b59e77..1367c0d 100644
--- a/common/util.h
+++ b/common/util.h
@@ -130,4 +130,12 @@ void debug(const char *format, ...);
#define BITS_PER_NUM(n) (const_ilog2(n) + 1)
#define N_SYSCALL 512
extern const char *syscall_name_str[N_SYSCALL + 1];
+
+#define ret_clone_err(c, ...) \
+ do { \
+ c->err = -1; \
+ err(__VA_ARGS__); \
+ return -1; \
+ } while (0)
+
#endif /* UTIL_H */
diff --git a/operations.c b/operations.c
index 306d1ab..0121023 100644
--- a/operations.c
+++ b/operations.c
@@ -178,12 +178,13 @@ static int prepare_arg_clone(const struct seccomp_notif *req, struct gluten *g,
return 0;
}
- for (dst = c->ns_path; cdesc->spec != CONTEXT_SPEC_NONE; cdesc++) {
+ for (dst = c->ns_path; cdesc->spec != CONTEXT_SPEC_NONE && cdesc->type < CONTEXT_TYPE_MAX; cdesc++) {
enum context_spec_type spec = cdesc->spec;
enum context_type type = cdesc->type;
- debug(" op_call: adding context for %s, type: %s",
- context_type_name[type], context_spec_type_name[spec]);
+ debug(" op_call: adding context for %s, type: %s %u, pid: %d",
+ context_type_name[type], context_spec_type_name[spec], type,
+ req->pid);
if (spec == CONTEXT_SPEC_NONE)
break;
@@ -265,10 +266,10 @@ static int set_namespaces(struct arg_clone *c)
for (path = c->ns_path; **path; *path++) {
if ((fd = open(*path, O_CLOEXEC)) < 0)
- ret_err(-1, "open for file %s", *path);
+ ret_err(-1, " failed opening %s", *path);
if (setns(fd, 0) != 0)
- ret_err(-1, "setns");
+ ret_err(-1, " setns");
}
return 0;
}
@@ -281,16 +282,16 @@ static int execute_syscall(void *args)
* non-zero UID/GID to zero.
*/
if (c->uid && setuid(c->uid))
- exit(EXIT_FAILURE);
+ ret_clone_err(c, " failed setting uid");
if (c->gid && setgid(c->gid))
- exit(EXIT_FAILURE);
+ ret_clone_err(c, " failed setting gid");
if (*c->cwd && chdir(c->cwd) < 0)
- exit(EXIT_FAILURE);
+ ret_clone_err(c, " failed setting current directory");
if (set_namespaces(c) < 0)
- exit(EXIT_FAILURE);
+ ret_clone_err(c, " failed setting the namespace for the clone");
errno = 0;
/* execute syscall */