From e0372cc840d058373dbd9676db1c2378e093bbbd Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Fri, 13 Sep 2024 14:03:46 +0000
Subject:  Add pid namespace support to cspawn

Signed-off-by: Laurent Bercot <ska@appnovation.com>
---
 src/libenvexec/cspawn.c | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

(limited to 'src/libenvexec')

diff --git a/src/libenvexec/cspawn.c b/src/libenvexec/cspawn.c
index e5e0c4f..654ce10 100644
--- a/src/libenvexec/cspawn.c
+++ b/src/libenvexec/cspawn.c
@@ -11,6 +11,7 @@
 
 #include <skalibs/allreadwrite.h>
 #include <skalibs/sig.h>
+#include <skalibs/posixplz.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/selfpipe.h>
 #include <skalibs/exec.h>
@@ -62,7 +63,7 @@ static inline pid_t cspawn_fork (char const *prog, char const *const *argv, char
   char c ;
 
   if (pipecoe(p) == -1) return 0 ;
-  pid = fork() ;
+  pid = flags & CSPAWN_FLAGS_NEWPIDNS ? fork_newpid() : fork() ;
   if (pid == -1)
   {
     fd_close(p[1]) ;
@@ -71,7 +72,7 @@ static inline pid_t cspawn_fork (char const *prog, char const *const *argv, char
   }
   if (!pid)
   {
-    cspawn_child_exec(prog, argv, envp, flags, fa, n) ;
+    cspawn_child_exec(prog, argv, envp, flags & ~CSPAWN_FLAGS_NEWPIDNS, fa, n) ;
     c = errno ;
     fd_write(p[1], &c, 1) ;
     _exit(127) ;
@@ -260,17 +261,9 @@ static inline pid_t cspawn_pspawn (char const *prog, char const *const *argv, ch
   return 0 ;
 }
 
-#if (defined(SKALIBS_HASPOSIXSPAWNSETSID) || defined(SKALIBS_HASPOSIXSPAWNSETSIDNP)) && (defined(SKALIBS_HASPOSIXSPAWNCHDIR) || defined(SKALIBS_HASPOSIXSPAWNCHDIRNP))
-
-pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
-{
-  return cspawn_pspawn(prog, argv, envp, flags, fa, n) ;
-}
-
-#else
-
 pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
 {
+  if (flags & CSPAWN_FLAGS_NEWPIDNS) goto dofork ;
 #if !defined(SKALIBS_HASPOSIXSPAWNSETSID) && !defined(SKALIBS_HASPOSIXSPAWNSETSIDNP)
   if (flags & CSPAWN_FLAGS_SETSID) goto dofork ;
 #endif
@@ -285,8 +278,6 @@ pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp
   return cspawn_fork(prog, argv, envp, flags, fa, n) ;
 }
 
-#endif
-
 #else
 
 pid_t cspawn (char const *prog, char const *const *argv, char const *const *envp, uint16_t flags, cspawn_fileaction const *fa, size_t n)
-- 
cgit v1.2.3