diff options
| author | Karel Kočí <karel.koci@nic.cz> | 2018-08-27 16:46:12 +0200 |
|---|---|---|
| committer | Karel Kočí <karel.koci@nic.cz> | 2018-08-27 16:54:40 +0200 |
| commit | 5a7d5fa43536484508aad9d9553f64a33212311b (patch) | |
| tree | e4ca1be7213a1460df47b63a2fbd9229d61d86d4 /main.c | |
| download | uroot-5a7d5fa43536484508aad9d9553f64a33212311b.tar.gz uroot-5a7d5fa43536484508aad9d9553f64a33212311b.tar.bz2 uroot-5a7d5fa43536484508aad9d9553f64a33212311b.zip | |
Initial commit
Diffstat (limited to 'main.c')
| -rw-r--r-- | main.c | 58 |
1 files changed, 58 insertions, 0 deletions
@@ -0,0 +1,58 @@ +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <stdbool.h> +#include <unistd.h> +#include <sys/types.h> +#include <sched.h> +#include <errno.h> +#include <assert.h> +#include <string.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include "utils.h" + +void sigint_handler(int sig) { } + +int main(int argc, char **argv) { + pid_t ppid = getpid(); + + if (!fork()) { + system(aprintf("newuidmap %d 0 %d 1 1 65537 65536", ppid, getuid())); + system(aprintf("newgidmap %d 0 %d 1 1 65537 65536", ppid, getgid())); + kill(ppid, SIGINT); + return 0; + } + + unshare(CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWPID); + + signal(SIGINT, sigint_handler); + pause(); + errno = 0; // Just clear error from pause() + + pid_t chpid = fork(); + if (chpid) { + int stat; + waitpid(chpid, &stat, 0); + return stat; + } + + // mount /sys and /proc + mount("none", "/", NULL, MS_REC | MS_PRIVATE, NULL); + assert_perror(errno); + mount("none", "/proc", NULL, MS_REC | MS_PRIVATE, NULL); + assert_perror(errno); + mount("none", "/sys", NULL, MS_REC | MS_PRIVATE, NULL); + assert_perror(errno); + mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL); + assert_perror(errno); + + // mount proc to root + // rbind mount dev and sys to root + + // TODO verify that all upper directories have +rx rights + // TODO chroot + execv("/bin/sh", NULL); +} |