bubblewrap: add --as-pid-1

It allows to run a process with PID=1 in the new pid namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
author: Giuseppe Scrivano <gscrivan@redhat.com> 2016-09-23 14:44:36 +0200
committer: Giuseppe Scrivano <gscrivan@redhat.com> 2017-06-13 22:13:51 +0200
commit: 6e778109aa0f2488a153475cbe3b2cd89e240084 (patch)
tree: cc998ebc76f7e9e8411a332f144cc0e20b6b52d4
parent: 6ef45aae778b6ce68c39d97089479fdfe6b441b3 (diff)
download: bubblewrap-6e778109aa0f2488a153475cbe3b2cd89e240084.tar.gz
4 files changed, 32 insertions, 4 deletions
diff --git a/bubblewrap.c b/bubblewrap.c
index 5adb0e5..ed94923 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -53,6 +53,7 @@ static const char *host_tty_dev;
 static int proc_fd = -1;
 static char *opt_exec_label = NULL;
 static char *opt_file_label = NULL;
+static bool opt_as_pid_1;
 
 char *opt_chdir_path = NULL;
 bool opt_unshare_user = FALSE;
@@ -219,6 +220,7 @@ usage (int ecode, FILE *out)
            "    --info-fd FD                 Write information about the running container to FD\n"
            "    --new-session                Create a new terminal session\n"
            "    --die-with-parent            Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.\n"
+           "    --as-pid-1                   Do not install a reaper process with PID=1\n"
           );
   exit (ecode);
 }
@@ -1652,6 +1654,10 @@ parse_args_recurse (int    *argcp,
         {
           opt_die_with_parent = TRUE;
         }
+      else if (strcmp (arg, "--as-pid-1") == 0)
+        {
+          opt_as_pid_1 = TRUE;
+        }
       else if (*arg == '-')
         {
           die ("Unknown option %s", arg);
@@ -1810,6 +1816,12 @@ main (int    argc,
   if (!opt_unshare_uts && opt_sandbox_hostname != NULL)
     die ("Specifying --hostname requires --unshare-uts");
 
+  if (opt_as_pid_1 && !opt_unshare_pid)
+    die ("Specifying --as-pid-1 requires --unshare-pid");
+
+  if (opt_as_pid_1 && lock_files != NULL)
+    die ("Specifying --as-pid-1 and --lock-file is not permitted");
+
   /* We need to read stuff from proc during the pivot_root dance, etc.
      Lets keep a fd to it open */
   proc_fd = open ("/proc", O_RDONLY | O_PATH);
@@ -1829,7 +1841,7 @@ main (int    argc,
 
   __debug__ (("creating new namespace\n"));
 
-  if (opt_unshare_pid)
+  if (opt_unshare_pid && !opt_as_pid_1)
     {
       event_fd = eventfd (0, EFD_CLOEXEC | EFD_NONBLOCK);
       if (event_fd == -1)
@@ -2162,7 +2174,7 @@ main (int    argc,
 
   __debug__ (("forking for child\n"));
 
-  if (opt_unshare_pid || lock_files != NULL || opt_sync_fd != -1)
+  if (!opt_as_pid_1 && (opt_unshare_pid || lock_files != NULL || opt_sync_fd != -1))
     {
       /* We have to have a pid 1 in the pid namespace, because
        * otherwise we'll get a bunch of zombies as nothing reaps
@@ -2201,8 +2213,13 @@ main (int    argc,
   if (proc_fd != -1)
     close (proc_fd);
 
-  if (opt_sync_fd != -1)
-    close (opt_sync_fd);
+  /* If we are using --as-pid-1 leak the sync fd into the sandbox.
+     --sync-fd will still work unless the container process doesn't close this file.  */
+  if (!opt_as_pid_1)
+    {
+      if (opt_sync_fd != -1)
+        close (opt_sync_fd);
+    }
 
   /* We want sigchild in the child */
   unblock_sigchild ();
diff --git a/bwrap.xml b/bwrap.xml
index 24d67b9..e16d259 100644
--- a/bwrap.xml
+++ b/bwrap.xml
@@ -289,6 +289,12 @@
         See prctl, PR_SET_PDEATHSIG.
       </para></listitem>
     </varlistentry>
+    <varlistentry>
+      <term><option>--as-pid-1</option></term>
+      <listitem><para>
+	Do not create a process with PID=1 in the sandbox to reap child processes.
+      </para></listitem>
+    </varlistentry>
   </variablelist>
 </refsect1>
 
diff --git a/completions/bash/bwrap b/completions/bash/bwrap
index 57d9677..6378164 100644
--- a/completions/bash/bwrap
+++ b/completions/bash/bwrap
@@ -18,6 +18,7 @@ _bwrap() {
 		--unshare-pid
 		--unshare-uts
 		--version
+		--as-pid-1
 	"
 
 	local options_with_args="
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 4c74f09..e79d51c 100755
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -85,6 +85,10 @@ for ALT in "" "--unshare-user-try"  "--unshare-pid" "--unshare-user-try --unshar
     $RUN $ALT --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
 done
 
+# Test --as-pid-1
+$RUN --unshare-pid --as-pid-1 --bind / / bash -c 'echo $$' > as_pid_1.txt
+assert_file_has_content as_pid_1.txt "1"
+
 # Test --die-with-parent
 
 cat >lockf-n.py <<EOF
author	Giuseppe Scrivano <gscrivan@redhat.com>	2016-09-23 14:44:36 +0200
committer	Giuseppe Scrivano <gscrivan@redhat.com>	2017-06-13 22:13:51 +0200
commit	6e778109aa0f2488a153475cbe3b2cd89e240084 (patch)
tree	cc998ebc76f7e9e8411a332f144cc0e20b6b52d4
parent	6ef45aae778b6ce68c39d97089479fdfe6b441b3 (diff)
download	bubblewrap-6e778109aa0f2488a153475cbe3b2cd89e240084.tar.gz