allow different arguments, fix environment variables

Author: Mic92

README.md

@@ -29,6 +29,8 @@ container and mount itself as a fuse filesystem.
   * apparamor/selinux
   * capabilities
   * user/group ids
+  * environment variables
+  * the following files: /etc/passwd, /etc/hostname, /etc/hosts, /etc/resolv.conf
 
 ## Usage
 

src/attach/child.rs

@@ -20,6 +20,8 @@ use types::{Error, Result};
 use void::Void;
 
 pub struct ChildOptions<'a> {
+    pub command: Option<String>,
+    pub arguments: Vec<String>,
     pub container_pid: Pid,
     pub mount_ready_sock: &'a ipc::Socket,
     pub fs: fs::CntrFs,
@@ -55,7 +57,15 @@ pub fn run(options: &ChildOptions) -> Result<Void> {
         "failed to change cgroup"
     );
 
-    let cmd = tryfmt!(Cmd::new(options.container_pid, options.home), "");
+    let cmd = tryfmt!(
+        Cmd::new(
+            options.command.clone(),
+            options.arguments.clone(),
+            options.container_pid,
+            options.home,
+        ),
+        ""
+    );
 
     let supported_namespaces = tryfmt!(
         namespace::supported_namespaces(),

src/attach/mod.rs

@@ -13,6 +13,8 @@ mod child;
 mod parent;
 
 pub struct AttachOptions {
+    pub command: Option<String>,
+    pub arguments: Vec<String>,
     pub container_name: String,
     pub container_types: Vec<Box<container::Container>>,
     pub effective_user: Option<pwd::Passwd>,
@@ -66,15 +68,17 @@ pub fn attach(opts: &AttachOptions) -> Result<Void> {
     match tryfmt!(unistd::fork(), "failed to fork") {
         ForkResult::Parent { child } => parent::run(child, &parent_sock, cntrfs),
         ForkResult::Child => {
-            let opts = child::ChildOptions {
+            let child_opts = child::ChildOptions {
+                command: opts.command.clone(),
+                arguments: opts.arguments.clone(),
                 container_pid,
                 mount_ready_sock: &child_sock,
                 uid: container_uid,
                 gid: container_gid,
                 fs: cntrfs,
                 home,
             };
-            child::run(&opts)
+            child::run(&child_opts)
         }
     }
 }

src/bin/main.rs

@@ -2,7 +2,7 @@ extern crate argparse;
 extern crate cntr;
 extern crate nix;
 
-use argparse::{ArgumentParser, Store, List};
+use argparse::{ArgumentParser, Store, List, Collect};
 use cntr::pwd::pwnam;
 use std::io::{stdout, stderr};
 use std::process;
@@ -28,13 +28,16 @@ impl FromStr for Command {
 
 fn parse_attach_args(args: Vec<String>) -> cntr::AttachOptions {
     let mut options = cntr::AttachOptions {
+        command: None,
+        arguments: vec![],
         container_name: String::from(""),
         container_types: vec![],
         effective_user: None,
     };
     let mut container_type = String::from("");
     let mut container_name = String::from("");
     let mut effective_username = String::from("");
+    let mut command = String::from("");
     {
         let mut ap = ArgumentParser::new();
         ap.set_description("Enter container");
@@ -46,13 +49,23 @@ fn parse_attach_args(args: Vec<String>) -> cntr::AttachOptions {
         ap.refer(&mut container_type).add_option(
             &["--type"],
             Store,
-            "Container type (docker|lxc|rkt|process_id|nspawn)",
+            "Container type (docker|lxc|rkt|process_id|nspawn, default: all)",
         );
-        ap.refer(&mut container_name).add_argument(
+        ap.refer(&mut container_name).required().add_argument(
             "id",
             Store,
             "container id, container name or process id",
         );
+        ap.refer(&mut command).add_argument(
+            "command",
+            Store,
+            "command to execute after attach (default: $SHELL)",
+        );
+        ap.refer(&mut options.arguments).add_argument(
+            "arguments",
+            Collect,
+            "arguments passed to command",
+        );
         match ap.parse(args, &mut stdout(), &mut stderr()) {
             Ok(()) =>  {}
             Err(x) => {
@@ -95,6 +108,10 @@ fn parse_attach_args(args: Vec<String>) -> cntr::AttachOptions {
         };
     }
 
+    if command != "" {
+        options.command = Some(command);
+    }
+
     options
 }
 
@@ -106,8 +123,36 @@ fn attach_command(args: Vec<String>) {
     };
 }
 
-fn exec_command(args: &[String]) {
-    if let Err(err) = cntr::exec(&args[1], &args[2..]) {
+fn exec_command(args: Vec<String>) {
+    let mut command = String::from("");
+    let mut arguments = vec![];
+    {
+        let mut ap = ArgumentParser::new();
+        ap.set_description("Execute command in container filesystem");
+        ap.refer(&mut command).add_argument(
+            &"command",
+            Store,
+            "command to execute (default: $SHELL)",
+        );
+        ap.refer(&mut arguments).add_argument(
+            &"arguments",
+            List,
+            "Arguments to pass to command",
+        );
+        match ap.parse(args, &mut stdout(), &mut stderr()) {
+            Ok(()) =>  {}
+            Err(x) => {
+                std::process::exit(x);
+            }
+        }
+    }
+    let command = if command.is_empty() {
+        None
+    } else {
+        Some(command)
+    };
+
+    if let Err(err) = cntr::exec(command, arguments) {
         eprintln!("{}", err);
         process::exit(1);
     }
@@ -119,7 +164,7 @@ fn main() {
     {
         let mut ap = ArgumentParser::new();
         ap.set_description("Enter or executed in container");
-        ap.refer(&mut subcommand).add_argument(
+        ap.refer(&mut subcommand).required().add_argument(
             "command",
             Store,
             r#"Command to run (either "attach" or "exec")"#,
@@ -138,6 +183,6 @@ fn main() {
 
     match subcommand {
         Command::attach => attach_command(args),
-        Command::exec => exec_command(&args),
+        Command::exec => exec_command(args),
     }
 }

src/cmd.rs

@@ -1,16 +1,22 @@
-use nix::unistd;
+use libc;
+use nix::{self, unistd};
 use std::collections::HashMap;
 use std::env;
-use std::ffi::{CStr, OsStr, OsString};
+use std::ffi::{CStr, CString, OsStr, OsString};
 use std::fs::File;
+use std::io;
 use std::io::{BufRead, BufReader};
 use std::os::unix::ffi::{OsStringExt, OsStrExt};
+use std::os::unix::process::CommandExt;
 use std::path::PathBuf;
 use std::process::{Command, ExitStatus};
 use types::{Error, Result};
 
 pub struct Cmd {
     environment: HashMap<OsString, OsString>,
+    command: String,
+    arguments: Vec<String>,
+    home: Option<CString>,
 }
 
 fn read_environment(pid: unistd::Pid) -> Result<HashMap<OsString, OsString>> {
@@ -32,7 +38,7 @@ fn read_environment(pid: unistd::Pid) -> Result<HashMap<OsString, OsString>> {
                 Err(_) => return None,
             };
 
-            let tuple: Vec<&[u8]> = var.splitn(1, |b| *b == b'=').collect();
+            let tuple: Vec<&[u8]> = var.splitn(2, |b| *b == b'=').collect();
             if tuple.len() != 2 {
                 return None;
             }
@@ -46,32 +52,83 @@ fn read_environment(pid: unistd::Pid) -> Result<HashMap<OsString, OsString>> {
 }
 
 impl Cmd {
-    pub fn new(pid: unistd::Pid, home: Option<&CStr>) -> Result<Cmd> {
-        let mut variables = tryfmt!(
+    pub fn new(
+        command: Option<String>,
+        args: Vec<String>,
+        pid: unistd::Pid,
+        home: Option<&CStr>,
+    ) -> Result<Cmd> {
+        let command =
+            command.unwrap_or_else(|| env::var("SHELL").unwrap_or_else(|_| String::from("sh")));
+        let arguments = if args.is_empty() {
+            vec![String::from("-l")]
+        } else {
+            args
+        };
+
+        let variables = tryfmt!(
             read_environment(pid),
             "could not inherit environment variables of container"
         );
+        Ok(Cmd {
+            command,
+            arguments: arguments,
+            environment: variables,
+            home: home.map(|h| h.to_owned()),
+        })
+    }
+    pub fn run(mut self) -> Result<ExitStatus> {
         let default_path = OsString::from(
             "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
         );
-        variables.insert(
+        self.environment.insert(
             OsString::from("PATH"),
             env::var_os("PATH").unwrap_or(default_path),
         );
-        if let Some(path) = home {
-            variables.insert(
+
+        if let Some(path) = self.home {
+            self.environment.insert(
                 OsString::from("HOME"),
                 OsStr::from_bytes(path.to_bytes()).to_os_string(),
             );
         }
-        Ok(Cmd { environment: variables })
-    }
-    pub fn run(self) -> Result<ExitStatus> {
-        let shell = env::var("SHELL").unwrap_or_else(|_| String::from("sh"));
-        let cmd = Command::new(shell)
-            .args(&["-l"])
+
+        let cmd = Command::new(self.command)
+            .args(self.arguments)
             .envs(self.environment)
             .status();
         Ok(tryfmt!(cmd, "failed to run `sh -l`"))
     }
+
+    pub fn exec_chroot(self) -> Result<()> {
+        let err = Command::new(&self.command)
+            .args(self.arguments)
+            .envs(self.environment)
+            .before_exec(|| {
+                match unistd::chroot("/var/lib/cntr") {
+                    Err(nix::Error::Sys(errno)) => {
+                        warn!(
+                            "failed to chroot to /var/lib/cntr: {}",
+                            nix::Error::Sys(errno)
+                        );
+                        return Err(io::Error::from(errno));
+                    }
+                    Err(e) => {
+                        warn!("failed to chroot to /var/lib/cntr: {}", e);
+                        return Err(io::Error::from_raw_os_error(libc::EINVAL));
+                    }
+                    _ => {}
+                }
+
+                if let Err(e) = env::set_current_dir("/") {
+                    warn!("failed to change directory to /");
+                    return Err(e);
+                }
+
+                Ok(())
+            })
+            .exec();
+        tryfmt!(Err(err), "failed to execute `{}`", self.command);
+        Ok(())
+    }
 }

src/exec.rs

@@ -1,39 +1,11 @@
-use libc;
-use nix::{self, unistd};
-use std::env;
-use std::io;
-use std::os::unix::process::CommandExt;
-use std::process::Command;
-use types::{Error, Result};
-
 
-pub fn exec(exe: &String, args: &[String]) -> Result<()> {
-    let err = Command::new(exe)
-        .args(args)
-        .before_exec(|| {
-            match unistd::chroot("/var/lib/cntr") {
-                Err(nix::Error::Sys(errno)) => {
-                    warn!(
-                        "failed to chroot to /var/lib/cntr: {}",
-                        nix::Error::Sys(errno)
-                    );
-                    return Err(io::Error::from(errno));
-                }
-                Err(e) => {
-                    warn!("failed to chroot to /var/lib/cntr: {}", e);
-                    return Err(io::Error::from_raw_os_error(libc::EINVAL));
-                }
-                _ => {}
-            }
-
-            if let Err(e) = env::set_current_dir("/") {
-                warn!("failed to change directory to /");
-                return Err(e);
-            }
+use cmd::Cmd;
+use nix::unistd::Pid;
+use types::{Error, Result};
 
-            Ok(())
-        })
-        .exec();
-    tryfmt!(Err(err), "failed to execute `{}`", exe);
+pub fn exec(exe: Option<String>, args: Vec<String>) -> Result<()> {
+    println!("$ {:?} {}", exe, args.join(" "));
+    let cmd = tryfmt!(Cmd::new(exe, args, Pid::from_raw(1), None), "");
+    tryfmt!(cmd.exec_chroot(), "failed to execute command in container");
     Ok(())
 }