lxcsu-internal to call capsh with --user=<slicename>

[lxc-userspace.git] / lxcsu-internal

diff --git a/lxcsu-internal b/lxcsu-internal
index 9897ede..9dbb9ef 100755 (executable)
--- a/lxcsu-internal
+++ b/lxcsu-internal
@@ -25,7 +25,7 @@ def getarch(f):
 
 def umount(fs_dir):
     output = os.popen('/bin/umount %s 2>&1'%fs_dir).read()
-    return ('device is busy' not in fs_dir)
+    return ('device is busy' not in output)
 
 def main ():
     parser = ArgumentParser()
@@ -47,10 +47,10 @@ def main ():
     parser.add_argument ("slice_name")
     parser.add_argument ("command_to_run",nargs="*")
 
-    options = parser.parse_args()
-    slice_name=options.slice_name
+    args = parser.parse_args()
+    slice_name=args.slice_name
     # support for either setting debug at the top of this file, or on the command-line
-    if options.debug:
+    if args.debug:
         global debug
         debug=True
 
@@ -80,7 +80,7 @@ def main ():
                 slice_path = path
                 pid = slice_path.split('/')[2]
                 cmdline = open('/proc/%s/cmdline'%pid).read().rstrip('\n\x00')
-                if (cmdline == '/sbin/init'):
+                if (cmdline == '/sbin/init') or (cmdline.startswith("init [")):
                     slice_spec = slice_path
                     arch = getarch('/proc/%s/exe'%pid)
                     break
@@ -142,19 +142,25 @@ def main ():
 
     setns.chcontext('/proc/%s/ns/uts'%pid)
     setns.chcontext('/proc/%s/ns/ipc'%pid)
+    
+    if (not args.pidns):
+        setns.chcontext('/proc/%s/ns/pid'%pid)
 
-    if (not options.netns):
+    if (not args.netns):
         setns.chcontext('/proc/%s/ns/net'%pid)
 
-    if (not options.mntns):
+    if (not args.mntns):
         setns.chcontext('/proc/%s/ns/mnt'%pid)
 
-    if (not options.pidns):
-        setns.chcontext('/proc/%s/ns/pid'%pid)
+    
 
+    proc_mounted = False
     if (not os.access('/proc/self',0)):
+        proc_mounted = True
         setns.proc_mount()
 
+    
+
     # cgroups is not yet LXC-safe, so we need to use the course grained access control
     # strategy of unmounting the filesystem
 
@@ -174,17 +180,17 @@ def main ():
     if (pid == 0):
         cap_arg = '--drop='+drop_capabilities
 
-        if (not options.root):
-            exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login']+options.command_to_run
-# Thierry's suggestion:exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+options.command_to_run
+        if (not args.root):
+            exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
         else:
-            exec_args = [arch,'/usr/sbin/capsh','--','--login']+options.command_to_run
+            exec_args = [arch,'/usr/sbin/capsh','--','--login']+args.command_to_run
 
         os.environ['SHELL'] = '/bin/sh'
 # Thierry's suggestion:os.environ['HOME'] = '/home/%s'%slice_name
         if debug: print 'lxcsu-internal:execv:','/usr/bin/setarch',exec_args
         os.execv('/usr/bin/setarch',exec_args)
     else:
+        setns.proc_umount()
         _,status = os.waitpid(pid,0)
         exit(os.WEXITSTATUS(status))