X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=setns.c;h=e8a4302be9f13b522470b4f3868b197145cc9a18;hb=ffef501d56ae22d9317337eda7d0a73addea6711;hp=776804d358a57c5ec4fcd9f1e608ff27f8261997;hpb=6b7a68f13c328f74592f5397e362ff6cabe4f209;p=lxc-userspace.git

diff --git a/setns.c b/setns.c
index 776804d..e8a4302 100644
--- a/setns.c
+++ b/setns.c
@@ -1,7 +1,45 @@
 #include <Python.h>
 #include <fcntl.h>
 #include <stdio.h>
-#include <asm-generic/unistd.h>
+#include <asm/unistd.h>
+#include <sys/mount.h>
+#include <errno.h>
+#include <sys/prctl.h>
+#include <linux/capability.h>
+
+static PyObject *
+drop_caps(PyObject *self, PyObject *args)
+{
+	unsigned int to_drop[128]
+		= {CAP_NET_ADMIN, CAP_SYS_ADMIN, CAP_SYS_BOOT,
+			CAP_MKNOD, CAP_MAC_ADMIN, CAP_SYS_MODULE};
+	unsigned int i;
+	for (i = 0; i<6 ; i++) {
+		if (prctl(PR_CAPBSET_DROP, to_drop[i], 0, 0, 0) == -1) {
+			perror("prctl");
+			return Py_BuildValue("i", 2);
+		}
+	}
+	return Py_BuildValue("i", 0);
+}
+
+static PyObject *
+proc_mount(PyObject *self, PyObject *args)
+{
+    int sts;
+    sts = mount("none","/proc","proc",0,NULL);
+
+    return Py_BuildValue("i", sts);
+}
+
+static PyObject *
+proc_umount(PyObject *self, PyObject *args)
+{
+    int sts;
+    sts = umount("/proc");
+
+    return Py_BuildValue("i", sts);
+}
 
 static PyObject *
 chfscontext(PyObject *self, PyObject *args)
@@ -14,19 +52,20 @@ chfscontext(PyObject *self, PyObject *args)
 
     int fd = open(filepath, O_RDONLY);
     if (fd < 0) {
-	    //printf("Could not open ns file\n");
-        sts = -1;
+        sts = -errno;
         goto out;
     }
-    
-    if (setns(fd, 666)) {
-        sts = -1;
+
+    if (setns(fd, 0)) {
+        sts = -errno;
     }
     close(fd);
+    sts = 0;
 
 out:
     return Py_BuildValue("i", sts);
 }
+
 static PyObject *
 chcontext(PyObject *self, PyObject *args)
 {
@@ -38,15 +77,15 @@ chcontext(PyObject *self, PyObject *args)
 
     int fd = open(filepath, O_RDONLY);
     if (fd < 0) {
-//	printf("Could not open ns file\n");
-        sts = -1;
+        sts = -errno;
         goto out;
     }
-    
+
     if (setns(fd, 0)) {
-        sts = -1;
+        sts = -errno;
     }
     close(fd);
+    sts = 0;
 
 out:
     return Py_BuildValue("i", sts);
@@ -54,14 +93,17 @@ out:
 
 static PyMethodDef SetnsMethods[] =
 {
-         {"chcontext", chcontext, METH_VARARGS, "Switch into an lxc container."},
-         {"chfscontext", chfscontext, METH_VARARGS, "Switch into an lxc container."},
-              {NULL, NULL, 0, NULL}
+	{"proc_mount", proc_mount, METH_VARARGS, "Mount a volume via the mount system call."},
+	{"proc_umount", proc_umount, METH_VARARGS, "Umount a volume via the umount system call."},
+	{"chcontext", chcontext, METH_VARARGS, "Switch into an lxc container."},
+	{"drop_caps", drop_caps, METH_VARARGS, "Drop dangerous capabilities."},
+	{"chfscontext", chfscontext, METH_VARARGS, "Switch into an lxc container."},
+	{NULL, NULL, 0, NULL}
 };
- 
+
 PyMODINIT_FUNC
- 
+
 initsetns(void)
 {
-         (void) Py_InitModule("setns", SetnsMethods);
+	(void) Py_InitModule("setns", SetnsMethods);
 }