summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/control/proc.go22
-rwxr-xr-xpkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go4
-rwxr-xr-xpkg/sentry/platform/ring0/defs_impl.go5
-rwxr-xr-xpkg/sentry/time/seqatomic_parameters_unsafe.go4
4 files changed, 26 insertions, 9 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go
index 6ae60c5cb..60e6c9285 100644
--- a/pkg/sentry/control/proc.go
+++ b/pkg/sentry/control/proc.go
@@ -54,6 +54,12 @@ type ExecArgs struct {
// Envv is a list of environment variables.
Envv []string `json:"envv"`
+ // MountNamespace is the mount namespace to execute the new process in.
+ // A reference on MountNamespace must be held for the lifetime of the
+ // ExecArgs. If MountNamespace is nil, it will default to the kernel's
+ // root MountNamespace.
+ MountNamespace *fs.MountNamespace
+
// Root defines the root directory for the new process. A reference on
// Root must be held for the lifetime of the ExecArgs. If Root is nil,
// it will default to the VFS root.
@@ -145,6 +151,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI
Argv: args.Argv,
Envv: args.Envv,
WorkingDirectory: args.WorkingDirectory,
+ MountNamespace: args.MountNamespace,
Root: args.Root,
Credentials: creds,
FDTable: fdTable,
@@ -157,16 +164,25 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI
ContainerID: args.ContainerID,
}
if initArgs.Root != nil {
- // initArgs must hold a reference on Root. This ref is dropped
- // in CreateProcess.
+ // initArgs must hold a reference on Root, which will be
+ // donated to the new process in CreateProcess.
initArgs.Root.IncRef()
}
+ if initArgs.MountNamespace != nil {
+ // initArgs must hold a reference on MountNamespace, which will
+ // be donated to the new process in CreateProcess.
+ initArgs.MountNamespace.IncRef()
+ }
ctx := initArgs.NewContext(proc.Kernel)
if initArgs.Filename == "" {
// Get the full path to the filename from the PATH env variable.
paths := fs.GetPath(initArgs.Envv)
- f, err := proc.Kernel.RootMountNamespace().ResolveExecutablePath(ctx, initArgs.WorkingDirectory, initArgs.Argv[0], paths)
+ mns := initArgs.MountNamespace
+ if mns == nil {
+ mns = proc.Kernel.RootMountNamespace()
+ }
+ f, err := mns.ResolveExecutablePath(ctx, initArgs.WorkingDirectory, initArgs.Argv[0], paths)
if err != nil {
return nil, 0, nil, fmt.Errorf("error finding executable %q in PATH %v: %v", initArgs.Argv[0], paths, err)
}
diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
index 25ad17a4e..24528b66a 100755
--- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
+++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go
@@ -1,12 +1,12 @@
package kernel
import (
- "fmt"
- "reflect"
"strings"
"unsafe"
+ "fmt"
"gvisor.dev/gvisor/third_party/gvsync"
+ "reflect"
)
// SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race
diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go
index 5032ac56e..ea3f514cd 100755
--- a/pkg/sentry/platform/ring0/defs_impl.go
+++ b/pkg/sentry/platform/ring0/defs_impl.go
@@ -1,13 +1,14 @@
package ring0
import (
- "fmt"
"gvisor.dev/gvisor/pkg/cpuid"
+ "syscall"
+
+ "fmt"
"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
"gvisor.dev/gvisor/pkg/sentry/usermem"
"io"
"reflect"
- "syscall"
)
var (
diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go
index 89792c56d..fb30a22c6 100755
--- a/pkg/sentry/time/seqatomic_parameters_unsafe.go
+++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go
@@ -1,12 +1,12 @@
package time
import (
- "fmt"
- "reflect"
"strings"
"unsafe"
+ "fmt"
"gvisor.dev/gvisor/third_party/gvsync"
+ "reflect"
)
// SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race