Asymmetric keyrings can require key payloads to be X.509 certificates
signed by a key in a different keyring. This can be helpful for rotating
keys on a live machines for subsystems like IMA while preventing local
tampering.
Tested locally by applying the "key_or_keyring:<id>" restriction to a
keyring.
Change-Id: Ia8dcb343abc5f405d374c357d5cac3d5181d7159
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178400
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Add wrappers for Getcap/Setcap on Linux as well as some related types
and consts.
Change-Id: I07764c2e64717214850ea3cbdc238e313d1e38c4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/183218
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
The kernel raw syscall takes an additional parameter specifying
the size of the Sigset_t parameter, returns a file descriptor and sets errno.
Add a uintptr maxSize parameter, adjust the return to be (newfd int, err error).
Add the _NSIG #define and a wrapper to call with maxSize set to _C__NSIG/8 as done
in glibc/musl.
Change-Id: I277db0aab5c12364533c26ea800b7f394ec83ae4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/178858
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Also add KexecFileLoad on linux/arm now that is has SYS_KEXEC_FILE_LOAD.
Change-Id: I519bc2f611b511af994e1c7bbaa07f68cd615ef4
Reviewed-on: https://go-review.googlesource.com/c/sys/+/175158
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
No usable change for users in this CL; just auto-generated syscall
wrapper funcs & types.
The next CL will have hand-written code adding the nice Go API around
these unexported symbols. (as outlined in the comment at
https://golang.org/issue/30537#issuecomment-470284573)
Updates golang/go#30537
Change-Id: I5e34df517efcf509fff97f670425500cc6608d59
Reviewed-on: https://go-review.googlesource.com/c/sys/+/172584
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Follow CL 165217 which did this for package syscall.
Android O seems to require Pipe to call the pipe2 system call.
But kernel version 2.6.23 only supports pipe, not pipe2.
So try pipe2 first, then fall back to pipe.
Updates golang/go#30549
Change-Id: Icf21433fa046ff137c0265fa96410229def482f7
Reviewed-on: https://go-review.googlesource.com/c/sys/+/165297
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This teaches unix/mksyscall.go about mapping uint64 to syscall
arguments, similar to existing handling of int64.
Change-Id: I536b4b09bbf6a8e3016565a4a04d2b9d32cbc624
Reviewed-on: https://go-review.googlesource.com/c/164664
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
On linux/riscv64, the renameat syscall no longer exists and has been
superseded by renameat2. Use Renameat2 to implement Renameat on
linux/riscv64.
Based on a patch by Ryan O'Leary.
Updates golang/go#27532
Change-Id: I7c60c7f824750408265f67397b8ac1fa7226f425
Reviewed-on: https://go-review.googlesource.com/c/157899
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This adds the ClockNanosleep syscall and the TIMER_* constants;
currently only TIMER_ABSTIME for specifying an absolute timestamp.
Change-Id: Ic8d857eb92818529aadab569cd8646a19bb9c055
Reviewed-on: https://go-review.googlesource.com/c/157658
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Use the arm_sync_file_range to implement SyncFileRange.
This is an alias for sync_file_range2 syscall which is already used to
implement SyncFileRange on ppc64x. These have the order of the flags and
offset arguments reversed in order to fit the syscall arguments within 6
registers.
For more information see:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edd5cd4a9424f22b0fa08bef5e299d41befd5622
This makes TestSyncFileRange build and pass on linux/arm.
Change-Id: I1316328ebcf550a3fb70f9ce5ebf54d8bcaa932c
Reviewed-on: https://go-review.googlesource.com/c/153939
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Port mksyscall.pl Perl script to mksyscall.go.
mkall scripts are modified to run mksyscall.go.
Running ./mkall.sh does not generate any git diff besides
the command name in comments of generated files.
Updates golang/go#27779
Change-Id: I8c6eb852e6821f4a91dc03cc042d8d343f1bcf66
Reviewed-on: https://go-review.googlesource.com/c/150217
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
InitModule loads a kernel module from an ELF image. FinitModule loads a
kernel module from a file descriptor. DeleteModule unloads a kernel
module.
These syscalls require the CAP_SYS_MODULE capability.
See http://man7.org/linux/man-pages/man2/init_module.2.html and
http://man7.org/linux/man-pages/man2/delete_module.2.html for details.
Also drop deprecated syscalls related to kernel modules from the list
of unimplemented syscalls.
Change-Id: I131e17f02c5617640f5f4073982d2b27a6d78bbf
Reviewed-on: https://go-review.googlesource.com/c/144173
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Add a wrapper for the memfd_create syscall on Linux. See
http://man7.org/linux/man-pages/man2/memfd_create.2.html for more
information.
Also add the corresponding MFD_* constants to be used in the flags
argument.
Change-Id: Ib30a007e15575a38ecf204601ffede9c913799b6
Reviewed-on: https://go-review.googlesource.com/135915
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Fsetxattr should just return an error (like Setxattr and like Fsetxattr
is already doing on FreeBSD).
Fix for CL 128176
Updates golang/go#26832
Change-Id: Id1c1315d9eb6952128e0c0ce44b19060e0403cc0
Reviewed-on: https://go-review.googlesource.com/128495
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Renameat2 is Linux-specific and allows to pass an additional flags
argument to the renameat syscall. Also add the corresponding RENAME_*
flag mask values.
Change-Id: Ib4baa46fdd0b07ccd0988ac624862ce69d5c3ad5
Reviewed-on: https://go-review.googlesource.com/127763
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
On linux/arm64 we used to manually define syscall numbers for some
deprecated syscalls. Most of them are unused by now anyhow. Convert the
remaining syscall wrappers using them to implement the respective
functionality using a non-deprecated syscall (in the same way glibc does
it):
- Implement EpollCreate using EpollCreate1 and additionally check
that the passed size argument is larger than 0.
- Implement Futimesat and utimes using utimensat. Also change futimesat
on the other geese to take a string instead of *byte and let the
generated wrapper do the BytePtrFromString conversion.
- Return ENOSYS from Ustat. The ustat syscall has been deprecated for a
long time in favor of fstatfs and statfs. Even glibc will deprecate
ustat in the upcoming 2.28 release [1].
[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=NEWS;h=d51fa09544f03899b7ff5a80569db088c3c23c28;hb=HEAD#l90
Change-Id: I7ea38a3cd394b0875f17443b14e107fd9c70350d
Reviewed-on: https://go-review.googlesource.com/119655
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This adds a wrapper around perf_event_open, exported constants and
two structs:
- perf_event_attr, used to configure the syscall
- perf_event_mmap_page to coordinate the kernel's mmap ring buffer
Change-Id: Ife7ded8344de9e3eb74441bd51ab9a04c81b4965
Reviewed-on: https://go-review.googlesource.com/105756
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
statx(2) allows to get enhanced file status information (not currently
available through the existing stat syscalls), lightweight stat,
heavyweight stat. The Statx_t type used by Statx has consistent field
sizes on all arches (with year-2038-capable timestamps) and is closer to
the BSD implementation of Stat_t.
See http://man7.org/linux/man-pages/man2/statx.2.html for details. The
syscall was added in Linux kernel 4.11.
See https://github.com/tklauser/statx for an example of how this
function and types can be used to report stat(1)-like file status
information.
Change-Id: I9e9642b5b42a393f94fd532453888ce9ba4f0003
Reviewed-on: https://go-review.googlesource.com/87555
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Add the SyscallNoError and RawSyscallNoError wrapper functions which are
used for syscalls that don't return an error. Also convert all applicable
syscalls to use these wrappers.
Updates golang/go#22924
Change-Id: Ie143abc99de8d12d36b67ac278e08d7565f73ce0
Reviewed-on: https://go-review.googlesource.com/85756
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Looks like it's enough to just add wrappers pointing to the
corresponding SYS_FSTATAT{,64} or SYS_NEWFSTATAT syscall. Add a test to
verify that assumption which checks that the returned stat data matches
what is returned by Stat/Lstat.
Also add the AT_NO_AUTOMOUNT constant which may be used for the flags
parmeter.
Fixesgolang/go#14216
Change-Id: I73f27b483bd97d2dcf09d4b95a7957e75d194395
Reviewed-on: https://go-review.googlesource.com/79795
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Follow CL 70590 which did the same for syscall.
unix.Select uses SYS_PSELECT6 on arm64 and mipx64x, however this
syscall expects its 5th argument to be of type Timespec (with seconds
and nanoseconds) instead of type Timeval (with seconds and microseconds)
This leads to the timeout being too short by a factor of 1000.
This CL fixes this by adjusting the timeout argument accordingly,
similarly to how glibc does it for architectures where neither
SYS_SELECT nor SYS__NEWSELECT are available. It also makes Pselect
generaly available on linux.
Updates golang/go#22246
Change-Id: I69f8821a40c59ee469b8a986d784a4db8727ee9a
Reviewed-on: https://go-review.googlesource.com/70610
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Change https://go-review.googlesource.com/c/sys/+/56172 did not run
./mkall.sh after modifying syscall_linux.go. This change simply runs
./mkall.sh to correctly generate the modified files.
Note that the previous change simply reordered a few functions, so the
functions are simply reordered in the generated files.
Change-Id: I2d819f9ca4ae0e59e67e42d04bb6e6513b3c6c45
Reviewed-on: https://go-review.googlesource.com/61750
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Syncfs is Linux-specific system call to synchronize to disk one
filesystem specified by fd to any of its files.
See http://man7.org/linux/man-pages/man2/syncfs.2.html for details.
Change-Id: Ia2ad6208c3fa0e9c40d5112ce938edd5d374131d
Reviewed-on: https://go-review.googlesource.com/51510
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Currently Linux' fchmodat(2) syscall implementation doesn't support the
flags parameter (though it might in future versions [1]). Fchmodat in
x/sys/unix takes the parameter and (wrongly) passes it on to the syscall
which will ignore it.
According to the POSIX.1-2008 manual page [2], AT_SYMLINK_NOFOLLOW is
the only valid value for the flags parameter and EOPNOTSUPP should be
returned in case changing the mode of a symbolic link is not supported
by the underlying system. EINVAL should be returned for any other value
of the flags parameter.
[1] https://patchwork.kernel.org/patch/9596301/
[2] http://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html
Change the Fchmodat implementation accordingly and also add the
corresponding test.
Fixesgolang/go#20130
Change-Id: I62e677e6674d3702eaf388af0ac3d7e623a35c24
Reviewed-on: https://go-review.googlesource.com/46474
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Add support for the eventfd2 syscall on Linux.
Use the eventfd2 syscall instead of eventfd, as the latter does not
provide a flags argument and glibc also maps its eventfd() function to
the eventfd2 syscall, see the Notes section in
http://man7.org/linux/man-pages/man2/eventfd.2.html
Also add the corresponding flags values EFD_CLOEXEC, EFD_NONBLOCK and
EFD_SEMAPHORE.
Change-Id: Ia8c99e68d5966ab5c7ebe7e45423943fd7d8214e
Reviewed-on: https://go-review.googlesource.com/45093
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This CL adds basic integer get/set functions which wrap a generic
ioctl call. The API is similar the one introduced for solaris/amd64
in CL 14587, but the request parameter has been changed to a uint
instead of an int. This makes requests with a number larger than the
maximum signed 32-bit integer work on linux/386.
For consistency, the solaris/amd64 API has also been updated to make
use of a uint instead of an int for the request number.
Fixesgolang/go#20474
Change-Id: Iaae1ee2e4bb4bfcc420dcec252fe53c8d90ce81d
Reviewed-on: https://go-review.googlesource.com/44009
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This CL adds support for the ADD_KEY, REQUESET_KEY, and KEYCTL syscalls.
These syscalls allow access to the kernel keyring facilities. In C code,
these syscalls are wrapped by the libkeyutils package. See:
http://man7.org/linux/man-pages/man7/keyutils.7.html
The ADD_KEY and REQUEST_KEY calls are fairly straightforward, but the
KEYCTL syscall is a multiplexor for a number of key management
functions. See:
http://man7.org/linux/man-pages/man3/keyctl.3.html
The Go bindings for the KEYCTL functions attempt to replicate what
libkeyutils does. This is done via generated helper functions.
Change-Id: If8c97d4ef5bce14c43dee3e6772ded42dc3c595a
Reviewed-on: https://go-review.googlesource.com/41415
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Introduces the CopyFileRange syscall which first appears in Linux 4.5.
Allows copying file content between file descriptors within the kernel
without transferring data to user space. This syscall also allows the
kernel to take advantage of reflinking or other fast copy methods on
supported file systems.
http://man7.org/linux/man-pages/man2/copy_file_range.2.html
Change-Id: Id365f1e5d4d5ddf7159478e3a13084c9576ebd5c
Reviewed-on: https://go-review.googlesource.com/39992
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Right now the process for adding in new constants, errors, or syscalls
for Linux is a pain and unreliable. The scripts are designed to be run
on the target architecture and use the header files installed on the
user's system. This makes it hard to generate files for all the
architectures or to have consistency between users. See golang/go#15282.
This CL fixes this issue by making all of the files for the 11 supported
architectures directly from source checkouts of Linux, glibc, and bluez.
This is done using Docker, the gcc cross-compilers, and qemu emulation.
Previously discussed here:
https://go-review.googlesource.com/c/37589/
A README.md file is also added to explain how all the parts of the build
system work.
In order to get the build working for all the architectures, I made
some changes to the other scripts called from mkall_linux.go:
- Files only used for generating linux code, moved to linux/
- linux/mksysnum.pl supports a specified CC compiler.
- The generated C code in mkerrors.sh changed to avoid a warning
- mkerrors.sh headers changed to fix powerpc64 bug in sys/ioctl.h
- linux/types.go no longer needs to export Ptrace structs in lowercase
Build instructions:
- Host system needs to be x86-64 Linux
- Install Docker (https://docs.docker.com/engine/installation/)
- ./mkall.sh (That's it!!!)
Change-Id: I87067c14442ba12f8d51991349a43a9d73f38ae0
Reviewed-on: https://go-review.googlesource.com/37943
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This CL introduces the Getrandom syscall. Allowing users of
sufficiently new kernels (3.17) to detect when the operating system
lacks enough entropy to generate cryptographic random data. See:
http://man7.org/linux/man-pages/man2/getrandom.2.html
As we have updated the syscall numbers, the Getrandom function can
just be generated normally. The only other change is to mkerrors.sh
to include the GRND_* flags for getrandom from <linux/random.h>.
It is important to note that currently the mkerrors.sh script cannot
actually be run as it has fallen behind the 4.10 kernel. The GRND_*
flags were added manually.
This was originally part of a larger commit that was split up.
See CL: https://go-review.googlesource.com/37570
Change-Id: I464088a9c9f7224abdcdae476b30a4f2f412d9f5
Reviewed-on: https://go-review.googlesource.com/37589
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Matt Layher <mdlayher@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Update mksyscall*.pl to skip generating calls to "use".
Make build tag handling match what's used in the syscall package.
See issue https://golang.org/issue/16607
and CL https://golang.org/cl/36616
Change-Id: I2d2e823fe1846d2110c07eb1bf976852706ecf60
Reviewed-on: https://go-review.googlesource.com/36715
Run-TryBot: Sameer Ajmani <sameer@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Use a shim for Poll on arm64.
Fixesgolang/go#16052.
Change-Id: I929e7a2293561bddb9355bf65f98bc68b91905b2
Reviewed-on: https://go-review.googlesource.com/24062
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Change-Id: I273bd852f85d204694872a1615be51dc027b97ee
Reviewed-on: https://go-review.googlesource.com/23661
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Pause is a legacy syscall not available on linux-arm64. Use ppoll with
all args as 0 to emulate - this is the way musl libc does Pause when the
pause syscall isn't available.
With the changes in syscall_linux* and regenerating zsyscall_linux*,
this calling Pause on linux-arm64 works and returns EINTR as expected.
Change-Id: I88236290313f18c742d826e759e86ff260a8b383
Reviewed-on: https://go-review.googlesource.com/22014
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
epoll_wait syscall doesn't exist on arm64. Implement it with
by callign epoll_pwait(). According to man epoll_pwait,
calling epoll_pwait with sigmask of NULL is identical to
epoll_wait.
Testing exposed that EpollEvent needs padding on arm64
like on arm.
This changeset is to fix:
https://github.com/fsnotify/fsnotify/issues/130
Testcase: go test with fsnotify ported from syscall to x/sys:
https://github.com/suihkulokki/fsnotify/tree/go-sys
Change-Id: I76136bf4c82c2ee597549133848f490da46dd488
Reviewed-on: https://go-review.googlesource.com/21971
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Since Linux 3.11, O_TMPFILE flag can be used in open syscall to create
an unnamed file in a directory. The file occupies space in the
filesystem, and can be given a name using linkat syscall. If the file is
closed without being given a name, its contents are deleted.
See the manpage open(2) in Linux for details.
Exports O_TMPFILE for Linux in 386 and amd64 (other architectures
already had it). Exports Linkat syscall and AT_SYMLINK_FOLLOW (used for
giving a name to the file) for all Linux in all architectures.
Fixesgolang/go#7830.
Change-Id: Ib82e44f405b227e227b9cbf317c2657b32e046f5
Reviewed-on: https://go-review.googlesource.com/21003
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This system call is used to reassociate the current thread with a Linux
namespace (e.g. a network namespace or a mount namespace). This system
call is key to interacting with the primitives enabling Linux containers.
The users of this system call will most likely want to wrap their calls
with a pair of LockOSThread / UnlockOSThread calls. Here is an example
that is a reasonably close approximation of the `ns_exec' program given
as an example in `man 2 setns':
package main
import (
"log"
"os"
"os/exec"
"runtime"
"golang.org/x/sys/unix"
)
func main() {
if len(os.Args) < 3 {
log.Fatalf("%s /proc/PID/ns/FILE cmd args...", os.Args[0])
}
fd, err := unix.Open(os.Args[1], unix.O_RDONLY, 0)
if err != nil {
log.Fatalf("open: %s", err)
}
runtime.LockOSThread()
defer runtime.UnlockOSThread()
if err = unix.Setns(fd, 0); err != nil {
log.Fatalf("setns: %s", err)
}
cmd := exec.Command(os.Args[2], os.Args[3:]...)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
err = cmd.Run()
if err != nil {
log.Fatalf("exec: %s", err)
}
}
Fixesgolang/go#5968.
Change-Id: I78dc54667cfaef4f9e99a08d48f6e423686f1b22
Reviewed-on: https://go-review.googlesource.com/20054
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Eric Chiang
Tobias Klauser
Yuval Pavel Zholkover
Brad Fitzpatrick
Dominik Honnef
Sebastian Schmidt
Visweswara R
Andrei Gherzan
Thanabodee Charoenpiriyakij
Adam Sindelar
Joe Richey joerichey@google.com
Kirill Smelkov
Matt Layher
Derek McGowan
Sameer Ajmani
Alexander Menzhinsky
Ian Lance Taylor
Hiroshi Ioka
kortschak
Riku Voipio
Caio Marcelo de Oliveira Filho
Benoit Sigoure