On Sun, Oct 19, 2014 at 6:53 PM, Rob Landley <[email protected]> wrote: > On 10/19/14 18:13, Andy Lutomirski wrote: >> On Sun, Oct 19, 2014 at 2:48 PM, Rob Landley <[email protected]> wrote: >>> I imported the first one, but applied the second as a patch because new >>> commands go in the "pending" directory so I don't lose track of what >>> I've fully reviewed yet. >>> >>> On 10/17/14 22:01, Andy Lutomirski wrote: >>>> nsenter: A tool to use setns(2) >>> >>> I don't have this command on my host system, and it's not even in the >>> python "install this package if you want this command" thing. >> >> It's in util-linux. I bet you're using Ubuntu or Debian :) Except >> for very new Debians (IIRC), they're both quite a few years behind on >> util-linux updates. > > Possibly I should have a third directory for entries where the standard > is the Linux man page maintained by Michael Kerrisk: > > http://man7.org/linux/man-pages/man1/nsenter.1.html > > That said, there isn't a good way to snapshot a version of that, or > point to a specific release. With posix I could still point to the 2001 > spec after 2008 came out. (When the 2013 spec went up they replaced the > 2008 pages in situ, which is obnoxious, but _mostly_ it didn't change. > Still, I'd probably be referring to it as posix-2013 and not still using > my old local 2008 snapshot if they _hadn't_ done that. The easy way to > get me to reject an upgrade is to try to force it down my throat...) > > I should poke Michael and see if there's some way of getting LTS > versions of this...
I think that the real canonical home of the nsenter docs is: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/tree/sys-utils/nsenter.1 > >>>> This implements all of the namespace parts of nsenter, but UID and GID >>>> switching are missing, as are -r and -w (both because they're not strictly >>>> necessary and because the nsenter manpage has an insufficient >>>> description of how they work). > > It looks like -r is just chroot and -w is just chdir. I doubt that. > > Except that it's not chroot, it's pivot_root in the new namespace: I doubt that. pivot_root edits the namespace, and setns will set the root to the (pivoted) ns root. The parts that I thought were unclear were: 1. What happens if -r is passed a relative path? 2. What is the working directory if -r is used and -w is not used? 3. What happens if -w is passed a relative path? On inspection of the source, if -r and -w have arguments, then they are interpreted *prior to* the setns calls. I strongly suggest not implementing that part of nsenter -- I think that's garbage. That being said, my code has a bug: I should open all the ns fds prior to setnsing any of them. Otherwise some of the setns calls may drop required privilege or lose access to the filesystem outright. --Andy _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
