^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #define _GNU_SOURCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #include <sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #include <unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) #include <stdio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) #include <stdlib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #include <signal.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <sys/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <sys/stat.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <fcntl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <sys/ioctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <sys/prctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <sys/wait.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #define NSIO 0xb7
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #define NS_GET_USERNS _IO(NSIO, 0x1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #define pr_err(fmt, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) ({ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) fprintf(stderr, "%s:%d:" fmt ": %m\n", \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) __func__, __LINE__, ##__VA_ARGS__); \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 1; \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) })
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) int main(int argc, char *argvp[])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) int pfd[2], ns, uns, init_uns;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) struct stat st1, st2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) char path[128];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) pid_t pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) char c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (pipe(pfd))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) pid = fork();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) if (pid < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) return pr_err("fork");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) if (pid == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) prctl(PR_SET_PDEATHSIG, SIGKILL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) if (unshare(CLONE_NEWUTS | CLONE_NEWUSER))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) return pr_err("unshare");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) close(pfd[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) close(pfd[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) while (1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) sleep(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) close(pfd[1]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) if (read(pfd[0], &c, 1) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) return pr_err("Unable to read from pipe");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) close(pfd[0]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) snprintf(path, sizeof(path), "/proc/%d/ns/uts", pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) ns = open(path, O_RDONLY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) if (ns < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) return pr_err("Unable to open %s", path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) uns = ioctl(ns, NS_GET_USERNS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) if (uns < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) return pr_err("Unable to get an owning user namespace");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) if (fstat(uns, &st1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) return pr_err("fstat");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) snprintf(path, sizeof(path), "/proc/%d/ns/user", pid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) if (stat(path, &st2))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) return pr_err("stat");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) if (st1.st_ino != st2.st_ino)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) return pr_err("NS_GET_USERNS returned a wrong namespace");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) init_uns = ioctl(uns, NS_GET_USERNS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) if (uns < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) return pr_err("Unable to get an owning user namespace");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) return pr_err("Don't get EPERM");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) if (unshare(CLONE_NEWUSER))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) return pr_err("unshare");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) if (ioctl(ns, NS_GET_USERNS) >= 0 || errno != EPERM)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) return pr_err("Don't get EPERM");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) if (ioctl(init_uns, NS_GET_USERNS) >= 0 || errno != EPERM)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) return pr_err("Don't get EPERM");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) kill(pid, SIGKILL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) wait(NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags