Use root abstract socket namespace for exec

PiperOrigin-RevId: 211999211 Change-Id: I5968dd1a8313d3e49bb6e6614e130107495de41d
author: Fabricio Voznika <fvoznika@google.com> 2018-09-07 10:44:50 -0700
committer: Shentubot <shentubot@google.com> 2018-09-07 10:45:55 -0700
commit: f895cb4d8b4b37a563b7a5b9dc92eae552084b44 (patch)
tree: b22f978207dc0eb2bb312215bda012d47143d44b /pkg/sentry
parent: 169e2efc5a2116755beca91e65802780282ab4c1 (diff)
2 files changed, 39 insertions, 25 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go
index 4848a5d2b..6949a3ae5 100644
--- a/pkg/sentry/control/proc.go
+++ b/pkg/sentry/control/proc.go
@@ -95,17 +95,18 @@ func (proc *Proc) Exec(args *ExecArgs, waitStatus *uint32) error {
 		proc.Kernel.RootUserNamespace())
 
 	initArgs := kernel.CreateProcessArgs{
-		Filename:             args.Filename,
-		Argv:                 args.Argv,
-		Envv:                 args.Envv,
-		WorkingDirectory:     args.WorkingDirectory,
-		Credentials:          creds,
-		FDMap:                fdm,
-		Umask:                0022,
-		Limits:               l,
-		MaxSymlinkTraversals: linux.MaxSymlinkTraversals,
-		UTSNamespace:         proc.Kernel.RootUTSNamespace(),
-		IPCNamespace:         proc.Kernel.RootIPCNamespace(),
+		Filename:                args.Filename,
+		Argv:                    args.Argv,
+		Envv:                    args.Envv,
+		WorkingDirectory:        args.WorkingDirectory,
+		Credentials:             creds,
+		FDMap:                   fdm,
+		Umask:                   0022,
+		Limits:                  l,
+		MaxSymlinkTraversals:    linux.MaxSymlinkTraversals,
+		UTSNamespace:            proc.Kernel.RootUTSNamespace(),
+		IPCNamespace:            proc.Kernel.RootIPCNamespace(),
+		AbstractSocketNamespace: proc.Kernel.RootAbstractSocketNamespace(),
 	}
 	ctx := initArgs.NewContext(proc.Kernel)
 	mounter := fs.FileOwnerFromContext(ctx)
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
index 31a2f068d..bc41c3963 100644
--- a/pkg/sentry/kernel/kernel.go
+++ b/pkg/sentry/kernel/kernel.go
@@ -90,17 +90,18 @@ type Kernel struct {
 	platform.Platform `state:"nosave"`
 
 	// See InitKernelArgs for the meaning of these fields.
-	featureSet        *cpuid.FeatureSet
-	timekeeper        *Timekeeper
-	tasks             *TaskSet
-	rootUserNamespace *auth.UserNamespace
-	networkStack      inet.Stack `state:"nosave"`
-	applicationCores  uint
-	useHostCores      bool
-	extraAuxv         []arch.AuxEntry
-	vdso              *loader.VDSO
-	rootUTSNamespace  *UTSNamespace
-	rootIPCNamespace  *IPCNamespace
+	featureSet                  *cpuid.FeatureSet
+	timekeeper                  *Timekeeper
+	tasks                       *TaskSet
+	rootUserNamespace           *auth.UserNamespace
+	networkStack                inet.Stack `state:"nosave"`
+	applicationCores            uint
+	useHostCores                bool
+	extraAuxv                   []arch.AuxEntry
+	vdso                        *loader.VDSO
+	rootUTSNamespace            *UTSNamespace
+	rootIPCNamespace            *IPCNamespace
+	rootAbstractSocketNamespace *AbstractSocketNamespace
 
 	// mounts holds the state of the virtual filesystem. mounts is initially
 	// nil, and must be set by calling Kernel.SetRootMountNamespace before
@@ -201,11 +202,14 @@ type InitKernelArgs struct {
 	// Vdso holds the VDSO and its parameter page.
 	Vdso *loader.VDSO
 
-	// RootUTSNamespace is the root UTS namepsace.
+	// RootUTSNamespace is the root UTS namespace.
 	RootUTSNamespace *UTSNamespace
 
-	// RootIPCNamespace is the root IPC namepsace.
+	// RootIPCNamespace is the root IPC namespace.
 	RootIPCNamespace *IPCNamespace
+
+	// RootAbstractSocketNamespace is the root Abstract Socket namespace.
+	RootAbstractSocketNamespace *AbstractSocketNamespace
 }
 
 // Init initialize the Kernel with no tasks.
@@ -231,6 +235,7 @@ func (k *Kernel) Init(args InitKernelArgs) error {
 	k.rootUserNamespace = args.RootUserNamespace
 	k.rootUTSNamespace = args.RootUTSNamespace
 	k.rootIPCNamespace = args.RootIPCNamespace
+	k.rootAbstractSocketNamespace = args.RootAbstractSocketNamespace
 	k.networkStack = args.NetworkStack
 	k.applicationCores = args.ApplicationCores
 	if args.UseHostCores {
@@ -509,6 +514,9 @@ type CreateProcessArgs struct {
 	// IPCNamespace is the initial IPC namespace.
 	IPCNamespace *IPCNamespace
 
+	// AbstractSocketNamespace is the initial Abstract Socket namespace.
+	AbstractSocketNamespace *AbstractSocketNamespace
+
 	// Root optionally contains the dirent that serves as the root for the
 	// process. If nil, the mount namespace's root is used as the process'
 	// root.
@@ -651,7 +659,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, error) {
 		AllowedCPUMask:          sched.NewFullCPUSet(k.applicationCores),
 		UTSNamespace:            args.UTSNamespace,
 		IPCNamespace:            args.IPCNamespace,
-		AbstractSocketNamespace: NewAbstractSocketNamespace(), // FIXME
+		AbstractSocketNamespace: args.AbstractSocketNamespace,
 	}
 	t, err := k.tasks.NewTask(config)
 	if err != nil {
@@ -839,6 +847,11 @@ func (k *Kernel) RootIPCNamespace() *IPCNamespace {
 	return k.rootIPCNamespace
 }
 
+// RootAbstractSocketNamespace returns the root AbstractSocketNamespace.
+func (k *Kernel) RootAbstractSocketNamespace() *AbstractSocketNamespace {
+	return k.rootAbstractSocketNamespace
+}
+
 // RootMountNamespace returns the MountNamespace.
 func (k *Kernel) RootMountNamespace() *fs.MountNamespace {
 	k.extMu.Lock()
author	Fabricio Voznika <fvoznika@google.com>	2018-09-07 10:44:50 -0700
committer	Shentubot <shentubot@google.com>	2018-09-07 10:45:55 -0700
commit	f895cb4d8b4b37a563b7a5b9dc92eae552084b44 (patch)
tree	b22f978207dc0eb2bb312215bda012d47143d44b /pkg/sentry
parent	169e2efc5a2116755beca91e65802780282ab4c1 (diff)