diff options
-rw-r--r-- | bubblewrap.c | 41 | ||||
-rw-r--r-- | bwrap.xml | 4 | ||||
-rw-r--r-- | completions/bash/bwrap | 1 |
3 files changed, 45 insertions, 1 deletions
diff --git a/bubblewrap.c b/bubblewrap.c index b54e935..f8122d0 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -64,8 +64,13 @@ typedef enum { SETUP_MAKE_BIND_FILE, SETUP_MAKE_SYMLINK, SETUP_REMOUNT_RO_NO_RECURSIVE, + SETUP_SET_HOSTNAME, } SetupOpType; +typedef enum { + NO_CREATE_DEST = (1 << 0), +} SetupOpFlag; + typedef struct _SetupOp SetupOp; struct _SetupOp @@ -74,6 +79,7 @@ struct _SetupOp const char *source; const char *dest; int fd; + SetupOpFlag flags; SetupOp *next; }; @@ -98,6 +104,7 @@ enum { PRIV_SEP_OP_DEVPTS_MOUNT, PRIV_SEP_OP_MQUEUE_MOUNT, PRIV_SEP_OP_REMOUNT_RO_NO_RECURSIVE, + PRIV_SEP_OP_SET_HOSTNAME, }; typedef struct @@ -115,6 +122,7 @@ setup_op_new (SetupOpType type) op->type = type; op->fd = -1; + op->flags = 0; if (last_op != NULL) last_op->next = op; else @@ -159,6 +167,7 @@ usage (int ecode, FILE *out) " --unshare-cgroup-try Create new cgroup namespace if possible else continue by skipping it\n" " --uid UID Custom uid in the sandbox (requires --unshare-user)\n" " --gid GID Custon gid in the sandbox (requires --unshare-user)\n" + " --hostname NAME Custom hostname in the sandbox (requires --unshare-uts)\n" " --chdir DIR Change directory to DIR\n" " --setenv VAR VALUE Set an environment variable\n" " --unsetenv VAR Unset an environment variable\n" @@ -582,6 +591,11 @@ privileged_op (int privileged_op_socket, die_with_error ("Can't mount mqueue on %s", arg1); break; + case PRIV_SEP_OP_SET_HOSTNAME: + if (sethostname (arg1, strlen(arg1)) != 0) + die_with_error ("Can't set hostname to %s", arg1); + break; + default: die ("Unexpected privileged op %d", op); } @@ -609,7 +623,8 @@ setup_newroot (bool unshare_pid, die_with_error ("Can't get type of source %s", op->source); } - if (op->dest) + if (op->dest && + (op->flags & NO_CREATE_DEST) == 0) { dest = get_newroot_path (op->dest); if (mkdir_with_parents (dest, 0755, FALSE) != 0) @@ -809,6 +824,12 @@ setup_newroot (bool unshare_pid, die_with_error ("Can't make symlink at %s", op->dest); break; + case SETUP_SET_HOSTNAME: + privileged_op (privileged_op_socket, + PRIV_SEP_OP_SET_HOSTNAME, 0, + op->dest, NULL); + break; + default: die ("Unexpected type %d", op->type); } @@ -878,6 +899,7 @@ int opt_sync_fd = -1; int opt_block_fd = -1; int opt_info_fd = -1; int opt_seccomp_fd = -1; +char *opt_sandbox_hostname = NULL; static void @@ -1329,6 +1351,20 @@ parse_args_recurse (int *argcp, argv += 1; argc -= 1; } + else if (strcmp (arg, "--hostname") == 0) + { + if (argc < 2) + die ("--hostname takes an argument"); + + op = setup_op_new (SETUP_SET_HOSTNAME); + op->dest = argv[1]; + op->flags = NO_CREATE_DEST; + + opt_sandbox_hostname = argv[1]; + + argv += 1; + argc -= 1; + } else if (*arg == '-') { die ("Unknown option %s", arg); @@ -1440,6 +1476,9 @@ main (int argc, if (!opt_unshare_user && opt_sandbox_gid != gid) die ("Specifying --gid requires --unshare-user"); + if (!opt_unshare_uts && opt_sandbox_hostname != NULL) + die ("Specifying --hostname requires --unshare-uts"); + /* We need to read stuff from proc during the pivot_root dance, etc. Lets keep a fd to it open */ proc_fd = open ("/proc", O_RDONLY | O_PATH); @@ -129,6 +129,10 @@ <term><option>--gid <arg choice="plain">GID</arg></option></term> <listitem><para>Use a custom group id in the sandbox (incompatible with <option>--share-user</option>)</para></listitem> </varlistentry> + <varlistentry> + <term><option>--hostname <arg choice="plain">HOSTNAME</arg></option></term> + <listitem><para>Use a custom hostname in the sandbox (requires <option>--unshare-uts</option>)</para></listitem> + </varlistentry> </variablelist> <para>Options about environment setup:</para> <variablelist> diff --git a/completions/bash/bwrap b/completions/bash/bwrap index 6dc5a19..954c114 100644 --- a/completions/bash/bwrap +++ b/completions/bash/bwrap @@ -30,6 +30,7 @@ _bwrap() { --file --file-label --gid + --hostname --lock-file --proc --ro-bind |