Use rustix to replace some unsafe calls
This commit is contained in:
LoveSy
@@ -1,6 +1,5 @@
|
||||
use anyhow::{bail, Context, Result};
|
||||
use log::{info, warn};
|
||||
use std::path::PathBuf;
|
||||
use std::{collections::HashMap, path::Path};
|
||||
|
||||
use crate::module::prune_modules;
|
||||
|
||||
@@ -14,6 +14,12 @@ use crate::{
|
||||
utils::{self, umask},
|
||||
};
|
||||
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
use rustix::{
|
||||
process::getuid,
|
||||
thread::{set_thread_res_gid, set_thread_res_uid, Gid, Uid},
|
||||
};
|
||||
|
||||
pub const KERNEL_SU_OPTION: u32 = 0xDEAD_BEEF;
|
||||
|
||||
const CMD_GRANT_ROOT: u64 = 0;
|
||||
@@ -65,8 +71,13 @@ fn set_identity(uid: u32, gid: u32, groups: &[u32]) {
|
||||
if !groups.is_empty() {
|
||||
libc::setgroups(groups.len(), groups.as_ptr());
|
||||
}
|
||||
libc::setresgid(gid, gid, gid);
|
||||
libc::setresuid(uid, uid, uid);
|
||||
}
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
{
|
||||
let gid = unsafe { Gid::from_raw(gid) };
|
||||
let uid = unsafe { Uid::from_raw(uid) };
|
||||
set_thread_res_gid(gid, gid, gid).ok();
|
||||
set_thread_res_uid(uid, uid, uid).ok();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -203,7 +214,7 @@ pub fn root_shell() -> Result<()> {
|
||||
}
|
||||
|
||||
// use current uid if no user specified, these has been done in kernel!
|
||||
let mut uid = unsafe { libc::getuid() };
|
||||
let mut uid = getuid().as_raw();
|
||||
if free_idx < matches.free.len() {
|
||||
let name = &matches.free[free_idx];
|
||||
uid = unsafe {
|
||||
|
||||
@@ -15,6 +15,12 @@ use std::os::unix::prelude::PermissionsExt;
|
||||
use hole_punch::*;
|
||||
use std::io::{Read, Seek, SeekFrom};
|
||||
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
use rustix::{
|
||||
process,
|
||||
thread::{move_into_link_name_space, unshare, LinkNameSpaceType, UnshareFlags},
|
||||
};
|
||||
|
||||
pub fn ensure_clean_dir(dir: &str) -> Result<()> {
|
||||
let path = Path::new(dir);
|
||||
log::debug!("ensure_clean_dir: {}", path.display());
|
||||
@@ -115,24 +121,23 @@ pub fn get_zip_uncompressed_size(zip_path: &str) -> Result<u64> {
|
||||
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
pub fn switch_mnt_ns(pid: i32) -> Result<()> {
|
||||
use anyhow::ensure;
|
||||
use std::os::fd::AsRawFd;
|
||||
use rustix::{
|
||||
fd::AsFd,
|
||||
fs::{open, Mode, OFlags},
|
||||
};
|
||||
let path = format!("/proc/{pid}/ns/mnt");
|
||||
let fd = std::fs::File::open(path)?;
|
||||
let fd = open(path, OFlags::RDONLY, Mode::from_raw_mode(0))?;
|
||||
let current_dir = std::env::current_dir();
|
||||
let ret = unsafe { libc::setns(fd.as_raw_fd(), libc::CLONE_NEWNS) };
|
||||
move_into_link_name_space(fd.as_fd(), Some(LinkNameSpaceType::Mount))?;
|
||||
if let std::result::Result::Ok(current_dir) = current_dir {
|
||||
let _ = std::env::set_current_dir(current_dir);
|
||||
}
|
||||
ensure!(ret == 0, "switch mnt ns failed");
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
pub fn unshare_mnt_ns() -> Result<()> {
|
||||
use anyhow::ensure;
|
||||
let ret = unsafe { libc::unshare(libc::CLONE_NEWNS) };
|
||||
ensure!(ret == 0, "unshare mnt ns failed");
|
||||
unshare(UnshareFlags::NEWNS)?;
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -164,7 +169,7 @@ pub fn switch_cgroups() {
|
||||
|
||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||
pub fn umask(mask: u32) {
|
||||
unsafe { libc::umask(mask) };
|
||||
process::umask(rustix::fs::Mode::from_raw_mode(mask));
|
||||
}
|
||||
|
||||
#[cfg(not(any(target_os = "linux", target_os = "android")))]
|
||||
|
||||
Reference in New Issue
Block a user