From e0372cc840d058373dbd9676db1c2378e093bbbd Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Fri, 13 Sep 2024 14:03:46 +0000
Subject:  Add pid namespace support to cspawn

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 package/deps.mak             |  2 +-
 src/include/skalibs/cspawn.h |  1 +
 src/libenvexec/cspawn.c      | 17 ++++-------------
 3 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/package/deps.mak b/package/deps.mak
index 6edc71f..7fca3ab 100644
--- a/package/deps.mak
+++ b/package/deps.mak
@@ -122,7 +122,7 @@ src/libenvexec/child_spawn1_pipe.o src/libenvexec/child_spawn1_pipe.lo: src/libe
 src/libenvexec/child_spawn1_socket.o src/libenvexec/child_spawn1_socket.lo: src/libenvexec/child_spawn1_socket.c src/libenvexec/cspawn-internal.h src/include/skalibs/cspawn.h src/include/skalibs/socket.h
 src/libenvexec/child_spawn2.o src/libenvexec/child_spawn2.lo: src/libenvexec/child_spawn2.c src/include/skalibs/cspawn.h src/include/skalibs/djbunix.h
 src/libenvexec/child_spawn3.o src/libenvexec/child_spawn3.lo: src/libenvexec/child_spawn3.c src/include/skalibs/cspawn.h src/include/skalibs/djbunix.h src/include/skalibs/env.h src/include/skalibs/types.h
-src/libenvexec/cspawn.o src/libenvexec/cspawn.lo: src/libenvexec/cspawn.c src/include/skalibs/allreadwrite.h src/include/skalibs/config.h src/include/skalibs/cspawn.h src/include/skalibs/djbunix.h src/include/skalibs/exec.h src/include/skalibs/nonposix.h src/include/skalibs/selfpipe.h src/include/skalibs/sig.h src/include/skalibs/sysdeps.h
+src/libenvexec/cspawn.o src/libenvexec/cspawn.lo: src/libenvexec/cspawn.c src/include/skalibs/allreadwrite.h src/include/skalibs/config.h src/include/skalibs/cspawn.h src/include/skalibs/djbunix.h src/include/skalibs/exec.h src/include/skalibs/nonposix.h src/include/skalibs/posixplz.h src/include/skalibs/selfpipe.h src/include/skalibs/sig.h src/include/skalibs/sysdeps.h
 src/libenvexec/env_addmodif.o src/libenvexec/env_addmodif.lo: src/libenvexec/env_addmodif.c src/include/skalibs/env.h src/include/skalibs/stralloc.h
 src/libenvexec/env_dump.o src/libenvexec/env_dump.lo: src/libenvexec/env_dump.c src/include/skalibs/bytestr.h src/include/skalibs/djbunix.h src/include/skalibs/env.h src/include/skalibs/nonposix.h src/include/skalibs/unix-transactional.h
 src/libenvexec/env_get.o src/libenvexec/env_get.lo: src/libenvexec/env_get.c src/include/skalibs/posixplz.h
diff --git a/src/include/skalibs/cspawn.h b/src/include/skalibs/cspawn.h
index 0d8dd50..7f3adf7 100644
--- a/src/include/skalibs/cspawn.h
+++ b/src/include/skalibs/cspawn.h
@@ -9,6 +9,7 @@
 #define CSPAWN_FLAGS_SELFPIPE_FINISH 0x0001U
 #define CSPAWN_FLAGS_SIGBLOCKNONE 0x0002U
 #define CSPAWN_FLAGS_SETSID 0x0004U
+#define CSPAWN_FLAGS_NEWPIDNS 0x8000U
 
 enum cspawn_fileaction_type_e
 {
diff --git a/src/libenvexec/cspawn.c b/src/libenvexec/cspawn.c
index e5e0c4f..654ce10 100644
--- a/src/libenvexec/cspawn.c
+++ b/src/libenvexec/cspawn.c
@@ -11,6 +11,7 @@
 
 #include <skalibs/allreadwrite.h>
 #include <skalibs/sig.h>
+#include <skalibs/posixplz.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/selfpipe.h>
 #include <skalibs/exec.h>
@@ -62,7 +63,7 @@ static inline pid_t cspawn_fork (char const *prog, char const *const *argv, char
   char c ;
 
   if (pipecoe(p) == -1) return 0 ;
-  pid = fork() ;
+  pid = flags & CSPAWN_FLAGS_NEWPIDNS ? fork_newpid() : fork() ;
   if (pid == -1)
   {
     fd_close(p[1]) ;
@@ -71,7 +72,7 @@ static inline pid_t cspawn_fork (char const *prog, char const *const *argv, char
   }
   if (!pid)
   {
-    cspawn_child_exec(prog, argv, envp, flags, fa, n) ;
+    cspawn_child_exec(prog, argv, envp, flags & ~CSPAWN_FLAGS_NEWPIDNS, fa, n) ;
     c = errno ;
     fd_write(p[1], &c, 1) ;
     _exit(127) ;
@@ -260,17 +261,9 @@ static inline pid_t cspawn_pspawn (char const *prog, char const *const *argv, ch
   return 0 ;
 }
 
-#if (defined(SKALIBS_HASPOSIXSPAWNSETSID) || defined(SKALIBS_HASPOSIXSPAWNSETSIDNP)) && (defined(SKALIBS_HASPOSIXSPAWNCHDIR) || defined(SKALIBS_HASPOSIXSPAWNCHDIRNP))
-
-pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
-{
-  return cspawn_pspawn(prog, argv, envp, flags, fa, n) ;
-}
-
-#else
-
 pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
 {
+  if (flags & CSPAWN_FLAGS_NEWPIDNS) goto dofork ;
 #if !defined(SKALIBS_HASPOSIXSPAWNSETSID) && !defined(SKALIBS_HASPOSIXSPAWNSETSIDNP)
   if (flags & CSPAWN_FLAGS_SETSID) goto dofork ;
 #endif
@@ -285,8 +278,6 @@ pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp
   return cspawn_fork(prog, argv, envp, flags, fa, n) ;
 }
 
-#endif
-
 #else
 
 pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
-- 
cgit v1.2.3