From f895cb4d8b4b37a563b7a5b9dc92eae552084b44 Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Fri, 7 Sep 2018 10:44:50 -0700 Subject: Use root abstract socket namespace for exec PiperOrigin-RevId: 211999211 Change-Id: I5968dd1a8313d3e49bb6e6614e130107495de41d --- pkg/sentry/kernel/kernel.go | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) (limited to 'pkg/sentry/kernel') diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index 31a2f068d..bc41c3963 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -90,17 +90,18 @@ type Kernel struct { platform.Platform `state:"nosave"` // See InitKernelArgs for the meaning of these fields. - featureSet *cpuid.FeatureSet - timekeeper *Timekeeper - tasks *TaskSet - rootUserNamespace *auth.UserNamespace - networkStack inet.Stack `state:"nosave"` - applicationCores uint - useHostCores bool - extraAuxv []arch.AuxEntry - vdso *loader.VDSO - rootUTSNamespace *UTSNamespace - rootIPCNamespace *IPCNamespace + featureSet *cpuid.FeatureSet + timekeeper *Timekeeper + tasks *TaskSet + rootUserNamespace *auth.UserNamespace + networkStack inet.Stack `state:"nosave"` + applicationCores uint + useHostCores bool + extraAuxv []arch.AuxEntry + vdso *loader.VDSO + rootUTSNamespace *UTSNamespace + rootIPCNamespace *IPCNamespace + rootAbstractSocketNamespace *AbstractSocketNamespace // mounts holds the state of the virtual filesystem. mounts is initially // nil, and must be set by calling Kernel.SetRootMountNamespace before @@ -201,11 +202,14 @@ type InitKernelArgs struct { // Vdso holds the VDSO and its parameter page. Vdso *loader.VDSO - // RootUTSNamespace is the root UTS namepsace. + // RootUTSNamespace is the root UTS namespace. RootUTSNamespace *UTSNamespace - // RootIPCNamespace is the root IPC namepsace. + // RootIPCNamespace is the root IPC namespace. RootIPCNamespace *IPCNamespace + + // RootAbstractSocketNamespace is the root Abstract Socket namespace. + RootAbstractSocketNamespace *AbstractSocketNamespace } // Init initialize the Kernel with no tasks. @@ -231,6 +235,7 @@ func (k *Kernel) Init(args InitKernelArgs) error { k.rootUserNamespace = args.RootUserNamespace k.rootUTSNamespace = args.RootUTSNamespace k.rootIPCNamespace = args.RootIPCNamespace + k.rootAbstractSocketNamespace = args.RootAbstractSocketNamespace k.networkStack = args.NetworkStack k.applicationCores = args.ApplicationCores if args.UseHostCores { @@ -509,6 +514,9 @@ type CreateProcessArgs struct { // IPCNamespace is the initial IPC namespace. IPCNamespace *IPCNamespace + // AbstractSocketNamespace is the initial Abstract Socket namespace. + AbstractSocketNamespace *AbstractSocketNamespace + // Root optionally contains the dirent that serves as the root for the // process. If nil, the mount namespace's root is used as the process' // root. @@ -651,7 +659,7 @@ func (k *Kernel) CreateProcess(args CreateProcessArgs) (*ThreadGroup, error) { AllowedCPUMask: sched.NewFullCPUSet(k.applicationCores), UTSNamespace: args.UTSNamespace, IPCNamespace: args.IPCNamespace, - AbstractSocketNamespace: NewAbstractSocketNamespace(), // FIXME + AbstractSocketNamespace: args.AbstractSocketNamespace, } t, err := k.tasks.NewTask(config) if err != nil { @@ -839,6 +847,11 @@ func (k *Kernel) RootIPCNamespace() *IPCNamespace { return k.rootIPCNamespace } +// RootAbstractSocketNamespace returns the root AbstractSocketNamespace. +func (k *Kernel) RootAbstractSocketNamespace() *AbstractSocketNamespace { + return k.rootAbstractSocketNamespace +} + // RootMountNamespace returns the MountNamespace. func (k *Kernel) RootMountNamespace() *fs.MountNamespace { k.extMu.Lock() -- cgit v1.2.3