GNU bug report logs -
#77638
[PATCH 0/8] Harden 'call-with-container'
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Tue, 8 Apr 2025 12:23:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #17 received at 77638 <at> debbugs.gnu.org (full text, mbox):
* guix/build/syscalls.scm (NS_GET_USERNS): New variable.
(get-user-ns): New procedure.
Change-Id: I0cfba6a7cdf2ab64ef658b0f821ba4e7c6c89eab
---
guix/build/syscalls.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 42232fc7f1..9cb4b98908 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -146,6 +146,7 @@ (define-module (guix build syscalls)
CLONE_NEWNET
clone
setns
+ get-user-ns
kexec-load-file
KEXEC_FILE_UNLOAD
@@ -1229,6 +1230,19 @@ (define setns
(list fdes nstype (strerror err))
(list err))))))))
+(define NS_GET_USERNS #xb701)
+
+(define (get-user-ns fdes)
+ "Return an open file descriptor to the user namespace that owns the
+namespace pointed to by FDES, a file descriptor obtained by opening
+/proc/PID/ns/*."
+ (let-values (((ret err) (%ioctl fdes NS_GET_USERNS %null-pointer)))
+ (when (< ret 0)
+ (throw 'system-error "get-user-ns" "~d: ~A"
+ (list fdes (strerror err))
+ (list err)))
+ ret))
+
(define pivot-root
(let ((proc (syscall->procedure int "pivot_root" (list '* '*))))
(lambda (new-root put-old)
--
2.49.0
This bug report was last modified 64 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.