From mboxrd@z Thu Jan 1 00:00:00 1970 From: George Dunlap Subject: [PATCH v4 4/6] tools/dm_restrict: Unshare mount and IPC namespaces on Linux Date: Mon, 5 Nov 2018 18:07:09 +0000 Message-ID: <20181105180711.20322-4-george.dunlap@citrix.com> References: <20181105180711.20322-1-george.dunlap@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1gJjHz-0000Wg-4b for xen-devel@lists.xenproject.org; Mon, 05 Nov 2018 18:07:51 +0000 In-Reply-To: <20181105180711.20322-1-george.dunlap@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" To: xen-devel@lists.xenproject.org Cc: Anthony Perard , Ian Jackson , Wei Liu , George Dunlap List-Id: xen-devel@lists.xenproject.org UUVNVSBydW5uaW5nIHVuZGVyIFhlbiBkb2Vzbid0IG5lZWQgbW91bnQgb3IgSVBDIGZ1bmN0aW9u YWxpdHkuCkNyZWF0ZSBhbmQgZW50ZXIgc2VwYXJhdGUgbmFtZXNwYWNlcyBmb3IgZWFjaCBvZiB0 aGVzZSBiZWZvcmUKZXhlY3V0aW5nIFFFTVUsIHNvIHRoYXQgaW4gdGhlIGV2ZW50IHRoYXQgb3Ro ZXIgcmVzdHJpY3Rpb25zIGZhaWwsIHRoZQpwcm9jZXNzIHdvbid0IGJlIGFibGUgdG8gZXZlbiBu YW1lIHN5c3RlbSBtb3VudCBwb2ludHMgb3IgZXhzdGluZwpub24tZmlsZS1iYXNlZCBJUEMgZGVz Y3JpcHRvcnMgdG8gYXR0ZW1wdCB0byBhdHRhY2sgdGhlbS4KClVuc2hhcmluZyBpcyBzb21ldGhp bmcgYSBwcm9jZXNzIGNhbiBvbmx5IGRvIHRvIGl0c2VsZiAoaXQgd291bGQKc2VlbSk7IHNvIGFk ZCBhbiBvcy1zcGVjaWZpYyAiZG1fcHJlZXhlY19yZXN0cmljdCgpIiBob29rIGp1c3QgYmVmb3Jl CndlIGV4ZWMoKSB0aGUgZGV2aWNlIG1vZGVsLgoKQWxzbyBhZGQgY2hlY2tzIHRvIGRlcHJpdi1w cm9jZXNzLWNoZWNrZXIuc2ggdG8gdmVyaWZ5IHRoYXQgZG0gaXMKcnVubmluZyBpbiBhIG5ldyBu YW1lc3BhY2UgKG9yIGF0IGxlYXN0LCBhIGRpZmZlcmVudCBvbmUgdGhhbiB0aGUKY2FsbGVyKS4K ClN1Z2dlc3RlZC1ieTogUm9zcyBMYWdlcndhbGwgPHJvc3MubGFnZXJ3YWxsQGNpdHJpeC5jb20+ ClNpZ25lZC1vZmYtYnk6IEdlb3JnZSBEdW5sYXAgPGdlb3JnZS5kdW5sYXBAY2l0cml4LmNvbT4K QWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0KQ2hh bmdlcyBzaW5jZSB2MzoKLSBGaXggc29tZSBtb3JlIHN0eWxlIGlzc3VlcwoKQ2hhbmdlcyBzaW5j ZSB2MjoKLSBSZXR1cm4gYW4gZXJyb3IgcmF0aGVyIHRoYW4gY2FsbGluZyBleGl0KCkKLSBVc2Ug TE9HRSgpIGFuZCBwcmludCB0byB0aGUgY3VycmVudCBzdGRlcnIgZmQsIHJhdGhlciB0aGFuCiAg cHJpbnRpbmcgdG8gdGhlIG5ldyBzdGRlcnIgZmQgdmlhIHdyaXRlKCkKLSBVc2UgciBmb3IgZXh0 ZXJuYWwgcmV0dXJuIHZhbHVlcyByYXRoZXIgdGhhbiByYy4KCkNDOiBJYW4gSmFja3NvbiA8aWFu LmphY2tzb25AY2l0cml4LmNvbT4KQ0M6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+CkND OiBBbnRob255IFBlcmFyZCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4KLS0tCiBkb2NzL2Rl c2lnbnMvcWVtdS1kZXByaXZpbGVnZS5tZCB8IDEyICsrKysrKy0tLS0tLQogdG9vbHMvbGlieGwv bGlieGxfZG0uYyAgICAgICAgICAgfCAgNSArKysrKwogdG9vbHMvbGlieGwvbGlieGxfZnJlZWJz ZC5jICAgICAgfCAgNSArKysrKwogdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaCAgICAgfCAg NSArKysrKwogdG9vbHMvbGlieGwvbGlieGxfbGludXguYyAgICAgICAgfCAxNCArKysrKysrKysr KysrKwogdG9vbHMvbGlieGwvbGlieGxfbmV0YnNkLmMgICAgICAgfCAgNSArKysrKwogNiBmaWxl cyBjaGFuZ2VkLCA0MCBpbnNlcnRpb25zKCspLCA2IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBh L2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdlLm1kIGIvZG9jcy9kZXNpZ25zL3FlbXUtZGVw cml2aWxlZ2UubWQKaW5kZXggMDM5NWJiYmI0MC4uYTQ2MWViYmFkZCAxMDA2NDQKLS0tIGEvZG9j cy9kZXNpZ25zL3FlbXUtZGVwcml2aWxlZ2UubWQKKysrIGIvZG9jcy9kZXNpZ25zL3FlbXUtZGVw cml2aWxlZ2UubWQKQEAgLTc4LDEyICs3OCw2IEBAIFRoZW4gYWRkcyB0aGUgZm9sbG93aW5nIHRv IHRoZSBxZW11IGNvbW1hbmQtbGluZToKIAkKICcnJ1Rlc3RlZCcnJzogTm90IHRlc3RlZAogCi0j IyBSZXN0cmljdGlvbnMgLyBpbXByb3ZlbWVudHMgc3RpbGwgdG8gZG8KLQotVGhpcyBsaXN0cyBw b3RlbnRpYWwgcmVzdHJpY3Rpb25zIHN0aWxsIHRvIGRvLiAgSXQgaXMgbWVhbnQgdG8gYmUKLWxp c3RlZCBpbiBvcmRlciBvZiBlYXNlIG9mIGltcGxlbWVudGF0aW9uLCB3aXRoIGxvdy1oYW5naW5n IGZydWl0Ci1maXJzdC4KLQogIyMgTmFtZXNwYWNlcyBmb3IgdW51c2VkIGZ1bmN0aW9uYWxpdHkg KExpbnV4IG9ubHkpCiAKICcnJ0Rlc2NyaXB0aW9uJycnOiBRRU1VIGRvZXNuJ3QgdXNlIHRoZSBm dW5jdGlvbmFsaXR5IGFzc29jaWF0ZWQgd2l0aApAQCAtMTExLDYgKzEwNSwxMiBAQCBjYWxsOgog CiBbcWVtdS1uYW1lc3BhY2VzXTogaHR0cHM6Ly9saXN0cy5nbnUub3JnL2FyY2hpdmUvaHRtbC9x ZW11LWRldmVsLzIwMTctMTAvbXNnMDQ3MjMuaHRtbAogCisjIFJlc3RyaWN0aW9ucyAvIGltcHJv dmVtZW50cyBzdGlsbCB0byBkbworCitUaGlzIGxpc3RzIHBvdGVudGlhbCByZXN0cmljdGlvbnMg c3RpbGwgdG8gZG8uICBJdCBpcyBtZWFudCB0byBiZQorbGlzdGVkIGluIG9yZGVyIG9mIGVhc2Ug b2YgaW1wbGVtZW50YXRpb24sIHdpdGggbG93LWhhbmdpbmcgZnJ1aXQKK2ZpcnN0LgorCiAjIyMg QmFzaWMgUkxJTUlUcwogCiAnJydEZXNjcmlwdGlvbicnJzogQSBudW1iZXIgb2YgbGltaXRzIG9u IHRoZSByZXNvdXJjZXMgdGhhdCBhIGdpdmVuCmRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4 bF9kbS5jIGIvdG9vbHMvbGlieGwvbGlieGxfZG0uYwppbmRleCBhZDNlZmNjNzgzLi4yNzhjZmQ2 ZTZlIDEwMDY0NAotLS0gYS90b29scy9saWJ4bC9saWJ4bF9kbS5jCisrKyBiL3Rvb2xzL2xpYnhs L2xpYnhsX2RtLmMKQEAgLTIzOTMsNiArMjM5MywxMSBAQCByZXRyeV90cmFuc2FjdGlvbjoKICAg ICAgICAgZ290byBvdXRfY2xvc2U7CiAgICAgaWYgKCFyYykgeyAvKiBpbm5lciBjaGlsZCAqLwog ICAgICAgICBzZXRzaWQoKTsKKyAgICAgICAgaWYgKGxpYnhsX2RlZmJvb2xfdmFsKGJfaW5mby0+ ZG1fcmVzdHJpY3QpKSB7CisgICAgICAgICAgICByYyA9IGxpYnhsX19sb2NhbF9kbV9wcmVleGVj X3Jlc3RyaWN0KGdjKTsKKyAgICAgICAgICAgIGlmIChyYykKKyAgICAgICAgICAgICAgICBfZXhp dCgtMSk7CisgICAgICAgIH0KICAgICAgICAgbGlieGxfX2V4ZWMoZ2MsIG51bGwsIGxvZ2ZpbGVf dywgbG9nZmlsZV93LCBkbSwgYXJncywgZW52cyk7CiAgICAgfQogCmRpZmYgLS1naXQgYS90b29s cy9saWJ4bC9saWJ4bF9mcmVlYnNkLmMgYi90b29scy9saWJ4bC9saWJ4bF9mcmVlYnNkLmMKaW5k ZXggNjQ0MmNjZWM3Mi4uZjdlZjRhODkxMCAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxf ZnJlZWJzZC5jCisrKyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2ZyZWVic2QuYwpAQCAtMjQ1LDMgKzI0 NSw4IEBAIGludCBsaWJ4bF9fcGNpX3RvcG9sb2d5X2luaXQobGlieGxfX2djICpnYywKIHsKICAg ICByZXR1cm4gRVJST1JfTkk7CiB9CisKK2ludCBsaWJ4bF9fbG9jYWxfZG1fcHJlZXhlY19yZXN0 cmljdChsaWJ4bF9fZ2MgKmdjKQoreworICAgIHJldHVybiAwOworfQpkaWZmIC0tZ2l0IGEvdG9v bHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaCBiL3Rvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFsLmgK aW5kZXggZmY4ODkzODVmZS4uZTQ5ODQzNWUxNiAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGli eGxfaW50ZXJuYWwuaAorKysgYi90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oCkBAIC0zNzc0 LDYgKzM3NzQsMTEgQEAgc3RydWN0IGxpYnhsX19kbV9zcGF3bl9zdGF0ZSB7CiAKIF9oaWRkZW4g dm9pZCBsaWJ4bF9fc3Bhd25fbG9jYWxfZG0obGlieGxfX2VnYyAqZWdjLCBsaWJ4bF9fZG1fc3Bh d25fc3RhdGUqKTsKIAorLyogCisgKiBDYWxsZWQgYWZ0ZXIgZm9ya2luZyBidXQgYmVmb3JlIGV4 ZWN1dGluZyB0aGUgbG9jYWwgZGV2aWNlbW9kZWwuCisgKi8KK19oaWRkZW4gaW50IGxpYnhsX19s b2NhbF9kbV9wcmVleGVjX3Jlc3RyaWN0KGxpYnhsX19nYyAqZ2MpOworCiAvKiBTdHViZG9tIGRl dmljZSBtb2RlbHMuICovCiAKIHR5cGVkZWYgc3RydWN0IHsKZGlmZiAtLWdpdCBhL3Rvb2xzL2xp YnhsL2xpYnhsX2xpbnV4LmMgYi90b29scy9saWJ4bC9saWJ4bF9saW51eC5jCmluZGV4IDZlZjBh YmM2OTMuLmM3YTM0NWY0YmIgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhsX2xpbnV4LmMK KysrIGIvdG9vbHMvbGlieGwvbGlieGxfbGludXguYwpAQCAtMzA3LDYgKzMwNywyMCBAQCBpbnQg bGlieGxfX3BjaV90b3BvbG9neV9pbml0KGxpYnhsX19nYyAqZ2MsCiAgICAgcmV0dXJuIGVycjsK IH0KIAoraW50IGxpYnhsX19sb2NhbF9kbV9wcmVleGVjX3Jlc3RyaWN0KGxpYnhsX19nYyAqZ2Mp Cit7CisgICAgaW50IHI7CisKKyAgICAvKiBVbnNoYXJlIG1vdW50IGFuZCBJUEMgbmFtZXNwYWNl cy4gIFRoZXNlIGFyZSB1bnVzZWQgYnkgUUVNVS4gKi8KKyAgICByID0gdW5zaGFyZShDTE9ORV9O RVdOUyB8IENMT05FX05FV0lQQyk7CisgICAgaWYgKHIpIHsKKyAgICAgICAgTE9HRShFUlJPUiwg ImxpYnhsOiBNb3VudCBhbmQgSVBDIG5hbWVzcGFjZSB1bmZhaWxlZCIpOworICAgICAgICByZXR1 cm4gRVJST1JfRkFJTDsKKyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKwogLyoKICAqIExvY2Fs IHZhcmlhYmxlczoKICAqIG1vZGU6IEMKZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX25l dGJzZC5jIGIvdG9vbHMvbGlieGwvbGlieGxfbmV0YnNkLmMKaW5kZXggMmVkZmIwMDY0MS4uZGNl M2YxZmRjZSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfbmV0YnNkLmMKKysrIGIvdG9v bHMvbGlieGwvbGlieGxfbmV0YnNkLmMKQEAgLTEyNCwzICsxMjQsOCBAQCBpbnQgbGlieGxfX3Bj aV90b3BvbG9neV9pbml0KGxpYnhsX19nYyAqZ2MsCiB7CiAgICAgcmV0dXJuIEVSUk9SX05JOwog fQorCit2b2lkIGxpYnhsX19sb2NhbF9kbV9wcmVleGVjX3Jlc3RyaWN0KGxpYnhsX19nYyAqZ2Ms IGludCBzdGRlcnJmZCkKK3sKKyAgICByZXR1cm47Cit9Ci0tIAoyLjE5LjEKCgpfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBs aXN0Clhlbi1kZXZlbEBsaXN0cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2pl Y3Qub3JnL21haWxtYW4vbGlzdGluZm8veGVuLWRldmVs