kozorizki/pve-lxc-syscalld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.3.0-alt1

Browse Source 
- 1.3.0
This commit is contained in:
kozorizki 2024-12-18 14:34:08 +03:00
commit 4ee2989e3a
10 changed files with 21 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.cargo/config → .cargo/config.toml
View File

5
src/error.rs
View File

@ -1,5 +0,0 @@
use std::io;
pub fn io_err_other<E: ToString>(e: E) -> io::Error {
io::Error::new(io::ErrorKind::Other, e.to_string())
}

2
src/io/cmsg.rs
View File

@ -16,7 +16,7 @@ pub fn buffer<T: Sized>() -> Vec<u8> {
let capacity = capacity::<T>();
unsafe {
let data = std::alloc::alloc(std::alloc::Layout::array::<u8>(capacity).unwrap());
Vec::from_raw_parts(data as *mut u8, capacity, capacity)
Vec::from_raw_parts(data, capacity, capacity)
}
}

2
src/io/seq_packet.rs
View File

@ -116,7 +116,7 @@ impl SeqPacketSocket {
let mut msg = AssertSendSync(libc::msghdr {
msg_name: ptr::null_mut(),
msg_namelen: 0,
msg_iov: iov.as_ptr() as _,
msg_iov: iov.as_mut_ptr() as _,
msg_iovlen: iov.len(),
msg_control: cmsg_buf.as_mut_ptr() as *mut std::ffi::c_void,
msg_controllen: cmsg_buf.len(),

24
src/macros.rs
View File

@ -10,13 +10,13 @@ macro_rules! c_str {
macro_rules! file_descriptor_type {
($type:ident) => {
#[repr(transparent)]
pub struct $type(::std::os::unix::io::RawFd);
pub struct $type(::std::os::unix::io::OwnedFd);
file_descriptor_impl!($type);
impl ::std::os::unix::io::FromRawFd for $type {
unsafe fn from_raw_fd(fd: ::std::os::unix::io::RawFd) -> Self {
Self(fd)
Self(unsafe { ::std::os::unix::io::FromRawFd::from_raw_fd(fd) })
}
}
};
@ -24,33 +24,21 @@ macro_rules! file_descriptor_type {
macro_rules! file_descriptor_impl {
($type:ty) => {
impl Drop for $type {
fn drop(&mut self) {
if self.0 >= 0 {
unsafe {
libc::close(self.0);
}
}
}
}
impl ::std::os::unix::io::AsFd for $type {
fn as_fd(&self) -> ::std::os::unix::io::BorrowedFd<'_> {
unsafe { ::std::os::unix::io::BorrowedFd::borrow_raw(self.0) }
::std::os::unix::io::AsFd::as_fd(&self.0)
}
}
impl ::std::os::unix::io::AsRawFd for $type {
fn as_raw_fd(&self) -> ::std::os::unix::io::RawFd {
self.0
::std::os::unix::io::AsRawFd::as_raw_fd(&self.0)
}
}
impl ::std::os::unix::io::IntoRawFd for $type {
fn into_raw_fd(mut self) -> ::std::os::unix::io::RawFd {
let fd = self.0;
self.0 = -libc::EBADF;
fd
fn into_raw_fd(self) -> ::std::os::unix::io::RawFd {
::std::os::unix::io::IntoRawFd::into_raw_fd(self.0)
}
}
};

1
src/main.rs
View File

@ -15,7 +15,6 @@ mod macros;
pub mod apparmor;
pub mod capability;
pub mod client;
pub mod error;
pub mod fork;
pub mod io;
pub mod lxcseccomp;

6
src/nsfd.rs
View File

@ -4,7 +4,7 @@ use std::ffi::CStr;
use std::io;
use std::marker::PhantomData;
use std::os::raw::c_int;
use std::os::unix::io::RawFd;
use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
pub mod ns_type {
pub trait NsType {
@ -38,11 +38,11 @@ impl RawNsFd {
let fd =
c_try!(unsafe { libc::openat(fd, path.as_ptr(), libc::O_RDONLY | libc::O_CLOEXEC) });
Ok(Self(fd))
Ok(unsafe { Self::from_raw_fd(fd) })
}
pub fn setns(&self, ns_type: c_int) -> io::Result<()> {
c_try!(unsafe { libc::setns(self.0, ns_type) });
c_try!(unsafe { libc::setns(self.as_raw_fd(), ns_type) });
Ok(())
}
}

2
src/process/id_map.rs
View File

@ -26,7 +26,7 @@ impl IdMap {
pub fn map_from(&self, id: u64) -> Option<u64> {
for entry in self.0.iter() {
if entry.ns <= id && entry.ns + entry.range > id {
return Some(id + entry.host);
return Some(entry.host + id - entry.ns);
}
}

16
src/process/pid_fd.rs
View File

@ -10,12 +10,11 @@ use anyhow::{bail, Error};
use libc::pid_t;
use crate::capability::Capabilities;
use crate::error::io_err_other;
use crate::nsfd::{ns_type, NsFd};
use super::{CGroups, IdMap, IdMapEntry, ProcStatus, Uids, UserCaps};
pub struct PidFd(RawFd, pid_t);
pub struct PidFd(OwnedFd, pid_t);
file_descriptor_impl!(PidFd);
impl PidFd {
@ -27,6 +26,7 @@ impl PidFd {
let path = CString::new(format!("/proc/{pid}")).unwrap();
let fd = c_try!(unsafe { libc::open(path.as_ptr(), libc::O_DIRECTORY | libc::O_CLOEXEC) });
let fd = unsafe { OwnedFd::from_raw_fd(fd) };
Ok(Self(fd, pid))
}
@ -39,22 +39,22 @@ impl PidFd {
/// fails if reading the pid from the pidfd's proc entry fails.
pub unsafe fn try_from_fd(fd: OwnedFd) -> io::Result<Self> {
#[allow(clippy::unnecessary_cast)] // pid_t is a type alias
let mut this = Self(fd.into_raw_fd(), -1 as pid_t);
let mut this = Self(fd, -1 as pid_t);
let pid = this.read_pid()?;
this.1 = pid;
Ok(this)
}
pub fn mount_namespace(&self) -> io::Result<NsFd<ns_type::Mount>> {
NsFd::openat(self.0, c_str!("ns/mnt"))
NsFd::openat(self.0.as_raw_fd(), c_str!("ns/mnt"))
}
pub fn cgroup_namespace(&self) -> io::Result<NsFd<ns_type::Cgroup>> {
NsFd::openat(self.0, c_str!("ns/cgroup"))
NsFd::openat(self.0.as_raw_fd(), c_str!("ns/cgroup"))
}
pub fn user_namespace(&self) -> io::Result<NsFd<ns_type::User>> {
NsFd::openat(self.0, c_str!("ns/user"))
NsFd::openat(self.0.as_raw_fd(), c_str!("ns/user"))
}
fn fd(&self, path: &CStr, flags: c_int, mode: c_int) -> io::Result<OwnedFd> {
@ -152,7 +152,7 @@ impl PidFd {
})?,
16,
)
.map_err(io_err_other)
.map_err(io::Error::other)
}
#[inline]
@ -163,7 +163,7 @@ impl PidFd {
})?,
8,
)
.map_err(io_err_other)
.map_err(io::Error::other)
}
let mut ids = Uids::default();

2
src/tools.rs
View File

@ -33,7 +33,7 @@ pub mod vec {
pub unsafe fn uninitialized(len: usize) -> Vec<u8> {
unsafe {
let data = std::alloc::alloc(std::alloc::Layout::array::<u8>(len).unwrap());
Vec::from_raw_parts(data as *mut u8, len, len)
Vec::from_raw_parts(data, len, len)
}
}
}