diff options
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/control/proc.go | 22 | ||||
-rwxr-xr-x | pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go | 4 | ||||
-rwxr-xr-x | pkg/sentry/platform/ring0/defs_impl.go | 5 | ||||
-rwxr-xr-x | pkg/sentry/time/seqatomic_parameters_unsafe.go | 4 |
4 files changed, 26 insertions, 9 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go index 6ae60c5cb..60e6c9285 100644 --- a/pkg/sentry/control/proc.go +++ b/pkg/sentry/control/proc.go @@ -54,6 +54,12 @@ type ExecArgs struct { // Envv is a list of environment variables. Envv []string `json:"envv"` + // MountNamespace is the mount namespace to execute the new process in. + // A reference on MountNamespace must be held for the lifetime of the + // ExecArgs. If MountNamespace is nil, it will default to the kernel's + // root MountNamespace. + MountNamespace *fs.MountNamespace + // Root defines the root directory for the new process. A reference on // Root must be held for the lifetime of the ExecArgs. If Root is nil, // it will default to the VFS root. @@ -145,6 +151,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI Argv: args.Argv, Envv: args.Envv, WorkingDirectory: args.WorkingDirectory, + MountNamespace: args.MountNamespace, Root: args.Root, Credentials: creds, FDTable: fdTable, @@ -157,16 +164,25 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI ContainerID: args.ContainerID, } if initArgs.Root != nil { - // initArgs must hold a reference on Root. This ref is dropped - // in CreateProcess. + // initArgs must hold a reference on Root, which will be + // donated to the new process in CreateProcess. initArgs.Root.IncRef() } + if initArgs.MountNamespace != nil { + // initArgs must hold a reference on MountNamespace, which will + // be donated to the new process in CreateProcess. + initArgs.MountNamespace.IncRef() + } ctx := initArgs.NewContext(proc.Kernel) if initArgs.Filename == "" { // Get the full path to the filename from the PATH env variable. paths := fs.GetPath(initArgs.Envv) - f, err := proc.Kernel.RootMountNamespace().ResolveExecutablePath(ctx, initArgs.WorkingDirectory, initArgs.Argv[0], paths) + mns := initArgs.MountNamespace + if mns == nil { + mns = proc.Kernel.RootMountNamespace() + } + f, err := mns.ResolveExecutablePath(ctx, initArgs.WorkingDirectory, initArgs.Argv[0], paths) if err != nil { return nil, 0, nil, fmt.Errorf("error finding executable %q in PATH %v: %v", initArgs.Argv[0], paths, err) } diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go index 25ad17a4e..24528b66a 100755 --- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go +++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo_unsafe.go @@ -1,12 +1,12 @@ package kernel import ( - "fmt" - "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/third_party/gvsync" + "reflect" ) // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go index 5032ac56e..ea3f514cd 100755 --- a/pkg/sentry/platform/ring0/defs_impl.go +++ b/pkg/sentry/platform/ring0/defs_impl.go @@ -1,13 +1,14 @@ package ring0 import ( - "fmt" "gvisor.dev/gvisor/pkg/cpuid" + "syscall" + + "fmt" "gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables" "gvisor.dev/gvisor/pkg/sentry/usermem" "io" "reflect" - "syscall" ) var ( diff --git a/pkg/sentry/time/seqatomic_parameters_unsafe.go b/pkg/sentry/time/seqatomic_parameters_unsafe.go index 89792c56d..fb30a22c6 100755 --- a/pkg/sentry/time/seqatomic_parameters_unsafe.go +++ b/pkg/sentry/time/seqatomic_parameters_unsafe.go @@ -1,12 +1,12 @@ package time import ( - "fmt" - "reflect" "strings" "unsafe" + "fmt" "gvisor.dev/gvisor/third_party/gvsync" + "reflect" ) // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race |