From 2b4a401aa922cff2e12fa556ff7c4c5b6b6594cb Mon Sep 17 00:00:00 2001 From: whokilleddb Date: Fri, 18 Feb 2022 01:57:20 +0530 Subject: [PATCH] Set hostname inside namespace --- include/networkns.h | 2 +- include/uts.h | 5 +++++ src/isolate.c | 41 +++++++++++++++++++++++++++++++++++++++++ src/networkns.c | 6 ++++-- 4 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 include/uts.h diff --git a/include/networkns.h b/include/networkns.h index b4eec38..c59acc0 100644 --- a/include/networkns.h +++ b/include/networkns.h @@ -17,4 +17,4 @@ int interface_up(char *ifname, char *ip, char *netmask, short if_flags); int ns_fd(int pid); int add_route(); int create_veth(int child_pid); -#endif \ No newline at end of file +#endif diff --git a/include/uts.h b/include/uts.h new file mode 100644 index 0000000..981d317 --- /dev/null +++ b/include/uts.h @@ -0,0 +1,5 @@ +#pragma once +#ifndef __UTS_NS +#define __UTS_NS +#define HOSTNAME "isolate" // Hostname to be used inside the new namespace +#endif \ No newline at end of file diff --git a/src/isolate.c b/src/isolate.c index b4bd32f..66e266c 100644 --- a/src/isolate.c +++ b/src/isolate.c @@ -12,6 +12,7 @@ // User-defined headers #include "utils.h" +#include "uts.h" #include "mountns.h" #include "userns.h" #include "networkns.h" @@ -49,11 +50,39 @@ void print_isolated_cmd(int argc, char **argv){ fprintf(stdout,"\n"); } + +// Set hostname and prepare /etc/hostname +int configure_hostname(){ + // Set hostname for new namespace + if (sethostname(HOSTNAME,sizeof(HOSTNAME)) != 0){ + fprintf(stderr,"["RED("!")"] Failed to set Hostname with "RED("sethostname()")"\n"); + return -1; + } + + // Write to /etc/hostname + FILE *fp = fopen("/etc/hostname","w"); + if(fp == NULL){ + fprintf(stderr,"["RED("!")"] Failed open "RED("/etc/hostname")" for writing\n"); + return -1; + } + if(fprintf(fp,"%s\n",HOSTNAME) < 0){ + fprintf(stderr,"["RED("!")"] Failed to write to "RED("/etc/hostname")"\n"); + fclose(fp); + return -1; + } + if (fclose(fp) != 0){ + fprintf(stderr,"["RED("!")"] Failed to close "RED("/etc/hostname")" after writing\n"); + return -1; + } + return 0; +} + // Child process to be called to run a command int cmd_exec(void *arg){ // Send a SIGKILL if the isolated process dies if (prctl(PR_SET_PDEATHSIG, SIGKILL)<0){ fprintf(stderr,"[" RED("!") "] Cannot Set" RED("prctl()")"\n"); + exit(EXIT_FAILURE); return -1; } @@ -64,25 +93,36 @@ int cmd_exec(void *arg){ char buf[2]; if(read(params->fd[0],buf,2)!= 2){ fprintf(stderr, "[" RED("!") "] Failed to read from pipe while awaiting "RED("'setup done'")" from main"); + exit(EXIT_FAILURE); return -1; } // Prepare MOUNT namespace if (prepare_mountns() != 0){ fprintf(stderr,"[" RED("!") "] Failed to create "RED("MOUNT") " namespace\n"); + exit(EXIT_FAILURE); return -1; } fprintf(stdout,"[" GREEN("i") "] Successfully created " GREEN("MOUNT") " namespace\n"); + // Set hostname for new namespace + if (configure_hostname() != 0){ + fprintf(stderr,"["RED("!")"] Could not set hostname inside new namespace\n"); + exit(EXIT_FAILURE); + return -1; + } + // Close reading end of the pipe once done if(close(params->fd[0])){ fprintf(stderr, "[" RED("!") "] Failed to close pipe\n"); + exit(EXIT_FAILURE); return -1; } // Drop superuser privileges if ((setuid(0)==-1) || setgid(0) == -1){ fprintf(stderr, "[" RED("!") "] Could not set privileges\n"); + exit(EXIT_FAILURE); return -1; } @@ -91,6 +131,7 @@ int cmd_exec(void *arg){ if (execvp(cmd,argv)==-1){ fprintf(stderr,"[" RED("!")"] Cannot execute command in Isolation :(\n"); + exit(EXIT_FAILURE); return -1; } diff --git a/src/networkns.c b/src/networkns.c index 74c489c..59a14b3 100644 --- a/src/networkns.c +++ b/src/networkns.c @@ -195,6 +195,8 @@ int prepare_networkns(int child_pid){ fprintf(stderr, "["RED("!")"] Could not setup %s interface\n", VETH1); return -1; } + + // Add route via default gateway inside namespace if (add_route() != 0){ fprintf(stderr, "["RED("!")"] Failed to add route\n"); return -1; @@ -205,8 +207,8 @@ int prepare_networkns(int child_pid){ fprintf(stderr,"["RED("!")"] Failed to move thread back to host namespace\n"); return -1; } - + close(host_fd); close(child_fd); return 0; -} \ No newline at end of file +}