[PATCH 1/2] unshare,nsenter: spawn shell by default

[PATCH 1/2] unshare,nsenter: spawn shell by default

[Zbigniew Jędrzejewski-Szmek]

The behaviour mimics chroot.

Possibly it would have been nicer to to query the password database in
the new namepace and run the shell of the user there, but it's hard to
do correctly. getpwuid() might need to load nss plugins, and the arch
in the new namespace might be different (in case of NEWNS mounts), or
the hostname might be different, etc. So in general it's not possible
to do it reliably.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
---
 include/exec_shell.h    |  1 +
 lib/Makemodule.am       |  3 ++-
 lib/exec_shell.c        | 19 +++++++++++++++++++
 sys-utils/Makemodule.am |  1 +
 sys-utils/nsenter.1     |  5 ++++-
 sys-utils/nsenter.c     | 13 +++++++------
 sys-utils/unshare.c     |  9 +++++----
 7 files changed, 39 insertions(+), 12 deletions(-)
 create mode 100644 include/exec_shell.h
 create mode 100644 lib/exec_shell.c

diff --git a/include/exec_shell.h b/include/exec_shell.h
new file mode 100644
index 0000000..a2aa757
--- /dev/null
+++ b/include/exec_shell.h
@@ -0,0 +1 @@
+extern void __attribute__((__noreturn__)) exec_shell(void);
diff --git a/lib/Makemodule.am b/lib/Makemodule.am
index 81e20b1..74b6bc1 100644
--- a/lib/Makemodule.am
+++ b/lib/Makemodule.am
@@ -24,7 +24,8 @@ libcommon_la_SOURCES = \
 	lib/tt.c \
 	lib/wholedisk.c \
 	lib/ttyutils.c \
-	lib/xgetpass.c
+	lib/xgetpass.c \
+	lib/exec_shell.c
 
 if LINUX
 libcommon_la_SOURCES += \
diff --git a/lib/exec_shell.c b/lib/exec_shell.c
new file mode 100644
index 0000000..cfd7801
--- /dev/null
+++ b/lib/exec_shell.c
@@ -0,0 +1,19 @@
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include "nls.h"
+#include "c.h"
+
+#include "exec_shell.h"
+
+#define DEFAULT_SHELL "/bin/sh"
+
+void __attribute__((__noreturn__)) exec_shell(void) {
+	const char *shell = getenv("SHELL");
+	if (!shell)
+		shell = DEFAULT_SHELL;
+	execl(shell, basename(shell), "-i", NULL);
+	err(EXIT_FAILURE, _("exec %s failed"), shell);
+}
diff --git a/sys-utils/Makemodule.am b/sys-utils/Makemodule.am
index 86c529e..c214b92 100644
--- a/sys-utils/Makemodule.am
+++ b/sys-utils/Makemodule.am
@@ -287,6 +287,7 @@ if BUILD_UNSHARE
 usrbin_exec_PROGRAMS += unshare
 dist_man_MANS += sys-utils/unshare.1
 unshare_SOURCES = sys-utils/unshare.c
+unshare_LDADD = $(LDADD) libcommon.la
 endif
 
 if BUILD_NSENTER
diff --git a/sys-utils/nsenter.1 b/sys-utils/nsenter.1
index ea3c1b0..4a6a34d 100644
--- a/sys-utils/nsenter.1
+++ b/sys-utils/nsenter.1
@@ -4,7 +4,7 @@ nsenter \- run program with namespaces of other processes
 .SH SYNOPSIS
 .B nsenter
 .RI [ options ]
-program
+.RI [ program ]
 .RI [ arguments ]
 .SH DESCRIPTION
 Enters the contexts of one or more other processes and then executes specified
@@ -50,6 +50,9 @@ flag).
 See the
 .BR clone (2)
 for exact semantics of the flags.
+.TP
+If program is not given, run ``${SHELL} \fB\-i\fR'' (default: /bin\:/sh).
+
 .SH OPTIONS
 Argument with square brakets, such as [\fIfile\fR], means optional argument.
 Command line syntax to specify optional argument \-\-mount=/path\:/to\:/file.
diff --git a/sys-utils/nsenter.c b/sys-utils/nsenter.c
index 3df4338..ea2c5b1 100644
--- a/sys-utils/nsenter.c
+++ b/sys-utils/nsenter.c
@@ -17,8 +17,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <sys/types.h>
-#include <sys/wait.h>
 #include <dirent.h>
 #include <errno.h>
 #include <getopt.h>
@@ -28,12 +26,15 @@
 #include <stdbool.h>
 #include <unistd.h>
 #include <assert.h>
+#include <sys/types.h>
+#include <sys/wait.h>
 
 #include "strutils.h"
 #include "nls.h"
 #include "c.h"
 #include "closestream.h"
 #include "namespace.h"
+#include "exec_shell.h"
 
 static struct namespace_file {
 	int nstype;
@@ -253,9 +254,6 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	if (optind >= argc)
-		usage(EXIT_FAILURE);
-
 	/*
 	 * Open remaining namespace and directory descriptors.
 	 */
@@ -317,7 +315,10 @@ int main(int argc, char *argv[])
 	if (do_fork == 1)
 		continue_as_child();
 
-	execvp(argv[optind], argv + optind);
+	if (optind < argc)
+		execvp(argv[optind], argv + optind);
+	else
+		exec_shell();
 
 	err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
 }
diff --git a/sys-utils/unshare.c b/sys-utils/unshare.c
index 62d2fcb..52a76e8 100644
--- a/sys-utils/unshare.c
+++ b/sys-utils/unshare.c
@@ -29,6 +29,7 @@
 #include "c.h"
 #include "closestream.h"
 #include "namespace.h"
+#include "exec_shell.h"
 
 static void usage(int status)
 {
@@ -107,13 +108,13 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	if(optind >= argc)
-		usage(EXIT_FAILURE);
-
 	if(-1 == unshare(unshare_flags))
 		err(EXIT_FAILURE, _("unshare failed"));
 
-	execvp(argv[optind], argv + optind);
+	if (optind < argc)
+		execvp(argv[optind], argv + optind);
+	else
+		exec_shell();
 
 	err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
 }
-- 
1.8.1

[PATCH 2/2] nsenter: fix errors in manpage

[Zbigniew Jędrzejewski-Szmek]

- spell abbreviations with capital letters
- fix the names of a few options and files

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
---
 sys-utils/nsenter.1 | 36 +++++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/sys-utils/nsenter.1 b/sys-utils/nsenter.1
index 4a6a34d..37c46d7 100644
--- a/sys-utils/nsenter.1
+++ b/sys-utils/nsenter.1
@@ -7,14 +7,14 @@ nsenter \- run program with namespaces of other processes
 .RI [ program ]
 .RI [ arguments ]
 .SH DESCRIPTION
-Enters the contexts of one or more other processes and then executes specified
+Enters the namespaces of one or more other processes and then executes the specified
 program.  Enterable namespaces are:
 .TP
 .B mount namespace
 mounting and unmounting filesystems will not affect rest of the system
 .RB ( CLONE_\:NEWNS
 flag), except for filesystems which are explicitly marked as shared (by mount
---make-\:shared).  See /proc\:/self\:/mountinfo for the shared flags.
+--make-\:shared).  See /proc\:/self\:/mountinfo for the shared flag.
 .TP
 .B UTS namespace
 setting hostname, domainname will not affect rest of the system
@@ -37,13 +37,19 @@ directory trees, sockets etc.
 .RB ( CLONE_\:NEWNET
 flag).
 .TP
-.B pid namespace
-children will have a distinct set of pid to process mappings thantheir parent.
+.B PID namespace
+children will have a set of PID to process mappings separate from the
+.B nsenter
+process
 .RB ( CLONE_\:NEWPID
 flag).
+.B nsenter
+will fork by default if changing the PID namespace, so that the new program
+and its children share the same PID namespace and are visible to each other.
+If \-\-no\-fork is used, the new program will be exec'ed without forking.
 .TP
 .B user namespace
-process will have distinct set of uids, gids and capabilities.
+process will have distinct set of UIDs, GIDs and capabilities
 .RB ( CLONE_\:NEWUSER
 flag).
 .TP
@@ -71,16 +77,16 @@ are:
 the mount namespace
 .TP
 /proc/\fIpid\fR/ns/uts
-the uts namespace
+the UTS namespace
 .TP
 /proc/\fIpid\fR/ns/ipc
-the ipc namespace
+the IPC namespace
 .TP
 /proc/\fIpid\fR/ns/net
-the ipc namespace
+the network namespace
 .TP
 /proc/\fIpid\fR/ns/pid
-the pid namespace
+the PID namespace
 .TP
 /proc/\fIpid\fR/ns/user
 the user namespace
@@ -88,7 +94,7 @@ the user namespace
 /proc/\fIpid\fR/root
 the root directory
 .TP
-/proc/\fIpid\fR/cw
+/proc/\fIpid\fR/cwd
 the working directory respectively
 .PD
 .RE
@@ -99,13 +105,13 @@ of the target process.  If file is specified enter the mount namespace
 specified by file.
 .TP
 \fB\-u\fR, \fB\-\-uts\fR [\fIfile\fR]
-Enter the uts namespace.  If no file is specified enter the uts namespace of
-the target process.  If file is specified enter the uts namespace specified by
+Enter the UTS namespace.  If no file is specified enter the UTS namespace of
+the target process.  If file is specified enter the UTS namespace specified by
 file.
 .TP
 \fB\-i\fR, \fB\-\-ipc\fR [\fIfile\fR]
 Enter the IPC namespace.  If no file is specified enter the IPC namespace of
-the target process.  If file is specified enter the uts namespace specified by
+the target process.  If file is specified enter the IPC namespace specified by
 file.
 .TP
 \fB\-n\fR, \fB\-\-net\fR [\fIfile\fR]
@@ -114,8 +120,8 @@ namespace of the target process.  If file is specified enter the network
 namespace specified by file.
 .TP
 \fB\-p\fR, \fB\-\-pid\fR [\fIfile\fR]
-Enter the pid namespace.  If no file is specified enter the pid namespace of
-the target process.  If file is specified enter the pid namespace specified by
+Enter the PID namespace.  If no file is specified enter the PID namespace of
+the target process.  If file is specified enter the PID namespace specified by
 file.
 .TP
 \fB\-U\fR, \fB\-\-user\fR [\fIfile\fR]
-- 
1.8.1

Re: [PATCH 1/2] unshare,nsenter: spawn shell by default

[Karel Zak]

On Thu, Feb 07, 2013 at 07:09:01PM -0500, Zbigniew Jędrzejewski-Szmek wrote:
> +#define DEFAULT_SHELL "/bin/sh"
> +
> +void __attribute__((__noreturn__)) exec_shell(void) {
> +	const char *shell = getenv("SHELL");
> +	if (!shell)
> +		shell = DEFAULT_SHELL;
> +	execl(shell, basename(shell), "-i", NULL);
> +	err(EXIT_FAILURE, _("exec %s failed"), shell);
> +}

 Do we really need "-i", for example su(1) uses

     arg0[0] = '-';
     strcpy (arg0 + 1, shell_basename);

     execv (shell, (char **) args);

 see login-utils/su-common.c

 man bash:

   A login shell is one whose first character of argument zero is a -,
   or one started with the --login option.

 Not sure, but I guess that "-basename" as argv[0] is more portable
 solution (it's originally from coreutils, it has to be portable :-).

> +	if (optind < argc)
> +		execvp(argv[optind], argv + optind);
> +	else
> +		exec_shell();
>  
>  	err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);

 It would be more readable:

   if (optind < argc) {
        execvp(argv[optind], argv + optind);
        err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
   }
   exec_shell();

   
   Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

[PATCHv2 1/2] unshare,nsenter: spawn shell by default

[Zbigniew Jędrzejewski-Szmek]

The behaviour mimics chroot.

Possibly it would have been nicer to to query the password database in
the new namepace and run the shell of the user there, but it's hard to
do correctly. getpwuid() might need to load nss plugins, and the arch
in the new namespace might be different (in case of NEWNS mounts), or
the hostname might be different, etc. So in general it's not possible
to do it reliably.

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
---
v2: - use [-$shell] instead of [$shell, -i].
    - exec_shell() invocation is slightly reordered.

 include/exec_shell.h    |  1 +
 lib/Makemodule.am       |  3 ++-
 lib/exec_shell.c        | 27 +++++++++++++++++++++++++++
 sys-utils/Makemodule.am |  1 +
 sys-utils/nsenter.1     |  5 ++++-
 sys-utils/nsenter.c     | 16 ++++++++--------
 sys-utils/unshare.c     | 12 ++++++------
 7 files changed, 49 insertions(+), 16 deletions(-)
 create mode 100644 include/exec_shell.h
 create mode 100644 lib/exec_shell.c

diff --git include/exec_shell.h include/exec_shell.h
new file mode 100644
index 0000000..a2aa757
--- /dev/null
+++ include/exec_shell.h
@@ -0,0 +1 @@
+extern void __attribute__((__noreturn__)) exec_shell(void);
diff --git lib/Makemodule.am lib/Makemodule.am
index 81e20b1..74b6bc1 100644
--- lib/Makemodule.am
+++ lib/Makemodule.am
@@ -24,7 +24,8 @@ libcommon_la_SOURCES = \
 	lib/tt.c \
 	lib/wholedisk.c \
 	lib/ttyutils.c \
-	lib/xgetpass.c
+	lib/xgetpass.c \
+	lib/exec_shell.c
 
 if LINUX
 libcommon_la_SOURCES += \
diff --git lib/exec_shell.c lib/exec_shell.c
new file mode 100644
index 0000000..95620cd
--- /dev/null
+++ lib/exec_shell.c
@@ -0,0 +1,27 @@
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#include "nls.h"
+#include "c.h"
+#include "xalloc.h"
+
+#include "exec_shell.h"
+
+#define DEFAULT_SHELL "/bin/sh"
+
+void __attribute__((__noreturn__)) exec_shell(void) {
+	const char *shell = getenv("SHELL"), *shell_basename;
+	char *arg0;
+	if (!shell)
+		shell = DEFAULT_SHELL;
+
+	shell_basename = basename(shell);
+	arg0 = xmalloc(strlen(shell_basename) + 2);
+	arg0[0] = '-';
+	strcpy(arg0 + 1, shell_basename);
+
+	execl(shell, arg0, NULL);
+	err(EXIT_FAILURE, _("failed to execute %s"), shell);
+}
diff --git sys-utils/Makemodule.am sys-utils/Makemodule.am
index 86c529e..c214b92 100644
--- sys-utils/Makemodule.am
+++ sys-utils/Makemodule.am
@@ -287,6 +287,7 @@ if BUILD_UNSHARE
 usrbin_exec_PROGRAMS += unshare
 dist_man_MANS += sys-utils/unshare.1
 unshare_SOURCES = sys-utils/unshare.c
+unshare_LDADD = $(LDADD) libcommon.la
 endif
 
 if BUILD_NSENTER
diff --git sys-utils/nsenter.1 sys-utils/nsenter.1
index ea3c1b0..4a6a34d 100644
--- sys-utils/nsenter.1
+++ sys-utils/nsenter.1
@@ -4,7 +4,7 @@ nsenter \- run program with namespaces of other processes
 .SH SYNOPSIS
 .B nsenter
 .RI [ options ]
-program
+.RI [ program ]
 .RI [ arguments ]
 .SH DESCRIPTION
 Enters the contexts of one or more other processes and then executes specified
@@ -50,6 +50,9 @@ flag).
 See the
 .BR clone (2)
 for exact semantics of the flags.
+.TP
+If program is not given, run ``${SHELL} \fB\-i\fR'' (default: /bin\:/sh).
+
 .SH OPTIONS
 Argument with square brakets, such as [\fIfile\fR], means optional argument.
 Command line syntax to specify optional argument \-\-mount=/path\:/to\:/file.
diff --git sys-utils/nsenter.c sys-utils/nsenter.c
index 3df4338..106349c 100644
--- sys-utils/nsenter.c
+++ sys-utils/nsenter.c
@@ -17,8 +17,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <sys/types.h>
-#include <sys/wait.h>
 #include <dirent.h>
 #include <errno.h>
 #include <getopt.h>
@@ -28,12 +26,15 @@
 #include <stdbool.h>
 #include <unistd.h>
 #include <assert.h>
+#include <sys/types.h>
+#include <sys/wait.h>
 
 #include "strutils.h"
 #include "nls.h"
 #include "c.h"
 #include "closestream.h"
 #include "namespace.h"
+#include "exec_shell.h"
 
 static struct namespace_file {
 	int nstype;
@@ -253,9 +254,6 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	if (optind >= argc)
-		usage(EXIT_FAILURE);
-
 	/*
 	 * Open remaining namespace and directory descriptors.
 	 */
@@ -317,7 +315,9 @@ int main(int argc, char *argv[])
 	if (do_fork == 1)
 		continue_as_child();
 
-	execvp(argv[optind], argv + optind);
-
-	err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
+	if (optind < argc) {
+		execvp(argv[optind], argv + optind);
+		err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
+	}
+	exec_shell();
 }
diff --git sys-utils/unshare.c sys-utils/unshare.c
index 62d2fcb..2eea165 100644
--- sys-utils/unshare.c
+++ sys-utils/unshare.c
@@ -29,6 +29,7 @@
 #include "c.h"
 #include "closestream.h"
 #include "namespace.h"
+#include "exec_shell.h"
 
 static void usage(int status)
 {
@@ -107,13 +108,12 @@ int main(int argc, char *argv[])
 		}
 	}
 
-	if(optind >= argc)
-		usage(EXIT_FAILURE);
-
 	if(-1 == unshare(unshare_flags))
 		err(EXIT_FAILURE, _("unshare failed"));
 
-	execvp(argv[optind], argv + optind);
-
-	err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
+	if (optind < argc) {
+		execvp(argv[optind], argv + optind);
+		err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
+	}
+	exec_shell();
 }
-- 
1.8.1

[PATCHv2 2/2] nsenter: fix errors in manpage

[Zbigniew Jędrzejewski-Szmek]

- spell abbreviations with capital letters
- fix the names of a few options and files

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
---
This one is actually unchanged from v1.

 sys-utils/nsenter.1 | 36 +++++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git sys-utils/nsenter.1 sys-utils/nsenter.1
index 4a6a34d..37c46d7 100644
--- sys-utils/nsenter.1
+++ sys-utils/nsenter.1
@@ -7,14 +7,14 @@ nsenter \- run program with namespaces of other processes
 .RI [ program ]
 .RI [ arguments ]
 .SH DESCRIPTION
-Enters the contexts of one or more other processes and then executes specified
+Enters the namespaces of one or more other processes and then executes the specified
 program.  Enterable namespaces are:
 .TP
 .B mount namespace
 mounting and unmounting filesystems will not affect rest of the system
 .RB ( CLONE_\:NEWNS
 flag), except for filesystems which are explicitly marked as shared (by mount
---make-\:shared).  See /proc\:/self\:/mountinfo for the shared flags.
+--make-\:shared).  See /proc\:/self\:/mountinfo for the shared flag.
 .TP
 .B UTS namespace
 setting hostname, domainname will not affect rest of the system
@@ -37,13 +37,19 @@ directory trees, sockets etc.
 .RB ( CLONE_\:NEWNET
 flag).
 .TP
-.B pid namespace
-children will have a distinct set of pid to process mappings thantheir parent.
+.B PID namespace
+children will have a set of PID to process mappings separate from the
+.B nsenter
+process
 .RB ( CLONE_\:NEWPID
 flag).
+.B nsenter
+will fork by default if changing the PID namespace, so that the new program
+and its children share the same PID namespace and are visible to each other.
+If \-\-no\-fork is used, the new program will be exec'ed without forking.
 .TP
 .B user namespace
-process will have distinct set of uids, gids and capabilities.
+process will have distinct set of UIDs, GIDs and capabilities
 .RB ( CLONE_\:NEWUSER
 flag).
 .TP
@@ -71,16 +77,16 @@ are:
 the mount namespace
 .TP
 /proc/\fIpid\fR/ns/uts
-the uts namespace
+the UTS namespace
 .TP
 /proc/\fIpid\fR/ns/ipc
-the ipc namespace
+the IPC namespace
 .TP
 /proc/\fIpid\fR/ns/net
-the ipc namespace
+the network namespace
 .TP
 /proc/\fIpid\fR/ns/pid
-the pid namespace
+the PID namespace
 .TP
 /proc/\fIpid\fR/ns/user
 the user namespace
@@ -88,7 +94,7 @@ the user namespace
 /proc/\fIpid\fR/root
 the root directory
 .TP
-/proc/\fIpid\fR/cw
+/proc/\fIpid\fR/cwd
 the working directory respectively
 .PD
 .RE
@@ -99,13 +105,13 @@ of the target process.  If file is specified enter the mount namespace
 specified by file.
 .TP
 \fB\-u\fR, \fB\-\-uts\fR [\fIfile\fR]
-Enter the uts namespace.  If no file is specified enter the uts namespace of
-the target process.  If file is specified enter the uts namespace specified by
+Enter the UTS namespace.  If no file is specified enter the UTS namespace of
+the target process.  If file is specified enter the UTS namespace specified by
 file.
 .TP
 \fB\-i\fR, \fB\-\-ipc\fR [\fIfile\fR]
 Enter the IPC namespace.  If no file is specified enter the IPC namespace of
-the target process.  If file is specified enter the uts namespace specified by
+the target process.  If file is specified enter the IPC namespace specified by
 file.
 .TP
 \fB\-n\fR, \fB\-\-net\fR [\fIfile\fR]
@@ -114,8 +120,8 @@ namespace of the target process.  If file is specified enter the network
 namespace specified by file.
 .TP
 \fB\-p\fR, \fB\-\-pid\fR [\fIfile\fR]
-Enter the pid namespace.  If no file is specified enter the pid namespace of
-the target process.  If file is specified enter the pid namespace specified by
+Enter the PID namespace.  If no file is specified enter the PID namespace of
+the target process.  If file is specified enter the PID namespace specified by
 file.
 .TP
 \fB\-U\fR, \fB\-\-user\fR [\fIfile\fR]
-- 
1.8.1

Re: [PATCHv2 2/2] nsenter: fix errors in manpage

[Karel Zak]

On Wed, Feb 13, 2013 at 09:05:49PM -0500, Zbigniew Jędrzejewski-Szmek wrote:
>  sys-utils/nsenter.1 | 36 +++++++++++++++++++++---------------
>  1 file changed, 21 insertions(+), 15 deletions(-)

 Applied, thanks.

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: [PATCHv2 1/2] unshare,nsenter: spawn shell by default

[Karel Zak]

On Wed, Feb 13, 2013 at 09:05:48PM -0500, Zbigniew Jędrzejewski-Szmek wrote:
>  include/exec_shell.h    |  1 +
>  lib/Makemodule.am       |  3 ++-
>  lib/exec_shell.c        | 27 +++++++++++++++++++++++++++
>  sys-utils/Makemodule.am |  1 +
>  sys-utils/nsenter.1     |  5 ++++-
>  sys-utils/nsenter.c     | 16 ++++++++--------
>  sys-utils/unshare.c     | 12 ++++++------
>  7 files changed, 49 insertions(+), 16 deletions(-)
>  create mode 100644 include/exec_shell.h
>  create mode 100644 lib/exec_shell.c

 Applied, thanks.

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com