[Toybox] Using toybox for poking around weird namespaces?
Rob Landley
rob at landley.net
Thu Oct 23 17:21:42 PDT 2014
On 10/16/14 20:17, Andy Lutomirski wrote:
> Toybox's magical ability to present a usable shell without needing to
> exec anything is almost perfect for poking around in a namespace. The
> only real missing piece is how to get into the namespace in the first
> place.
Sorry for the delay on this one, you posted this before subscribing and
I only clean out the spam filter infrequently. (There were about 50 spam
and two good emails since last time.)
> Would it make sense to add some optional top-level command-line
> options to enable this? For example:
>
> toybox --userns=/proc/whatever/user --uid=x --gid=y
>
> Alternatively, if toybox were to implement nsenter and setpriv, it
> would get this for free. (I own copyright on a large portion of
> setpriv, and I would be happy to relicense it.) Then we could do:
>
> toybox nsenter --whatever setpriv --whatever sh
>
> and it might all just work.
>
> Thoughts?
>
> --Andy
I believe you already submitted nsenter (which I merged but got
distracted halfway through cleaning up. I can probably finish cleanup
this weekend). I don't remember setpriv, but it sounds like fun. (What
does it do?)
Yes, the correct way to do it would be ala:
./toybox renice -n 5 nsenter --walrus setpriv --thingy setsid nohup \
env -i time netcat tL -p 9876 echo hello world
I.E. wrapper commands that exec their arguments. A fairly established
pattern. (sudo! detach! Don't ask me why Eric Raymond decided this was
named "bernstein chaining" in The Art of Unix Programming, I argued
against it at the time. It predates that guy by 15 years. It's just a
wrapper command.)
And it's one of the reasons xexec() has a counter and does an actual
exec() instead of just recursive command_main() calls after a certain
number of levels. Otherwise "time time time time time time time time"
could get a bit annoying. Not _hugely_ so because Linux caps environment
space at 32 pages so 128k total, including environment variables and
arguments _and_ the "char *[]" arrays for argv and envp. (I needed to
know this to implement xargs properly.) But still, you could chain
pretty deep and it goes from "optimization" to "silly" after a certain
point...
Rob
1414110102.0
More information about the Toybox
mailing list