diff options
author | Rob Landley <rob@landley.net> | 2013-08-29 17:55:46 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2013-08-29 17:55:46 -0500 |
commit | dd4bed0f1dff419b9dca9424f2945baab727c3dd (patch) | |
tree | 2884653286182defb30ee960f3f8e045b6e8414e | |
parent | 455865a837f2a6c44f91e5a5a2cd40c3a64d4b68 (diff) | |
download | toybox-dd4bed0f1dff419b9dca9424f2945baab727c3dd.tar.gz |
PID and UID namespaces for unshare, pointed out by heehooman@gmail.com.
-rw-r--r-- | toys/other/unshare.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/toys/other/unshare.c b/toys/other/unshare.c index 87db6039..d9a8d3fb 100644 --- a/toys/other/unshare.c +++ b/toys/other/unshare.c @@ -2,7 +2,7 @@ * * Copyright 2011 Rob Landley <rob@landley.net> -USE_UNSHARE(NEWTOY(unshare, "<1^nium", TOYFLAG_USR|TOYFLAG_BIN)) +USE_UNSHARE(NEWTOY(unshare, "<1^niumpU", TOYFLAG_USR|TOYFLAG_BIN)) config UNSHARE bool "unshare" @@ -15,10 +15,12 @@ config UNSHARE attribute is not shared with the parent process. This is part of Linux Containers. Each process can have its own: - -m Mount/unmount tree - -u Host and domain names -i SysV IPC (message queues, semaphores, shared memory) + -m Mount/unmount tree -n Network address, sockets, routing, iptables + -p Process IDs and init + -u Host and domain names + -U UIDs, GIDs, capabilities */ #include "toys.h" @@ -27,7 +29,8 @@ extern int unshare (int __flags); void unshare_main(void) { - unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, 0}; + unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, + CLONE_NEWPID, CLONE_NEWUSER, 0}; unsigned f=0; int i; |