Usage
plash sudo [CMD1 [CMD2 ..]]
Description
Setup a Linux user namespace. Then run the specified commands there. The
default command is the default user shell.
This is useful to access files written to disk by a container, when they
where written by a non-root user (from the containers perspective). It can
also be used as a general purpose utility to "fake" root access.
Tested Behaviour
#!/bin/bash
set -eux
• user inside plash sudo is root
test $(plash sudo id -u) = 0
• no arguments gives shell
test "$(echo 'echo itsbash' | plash sudo)" = 'itsbash'
• unknown command
set +e
out=$(plash sudo cmdnotfound 2>&1)
set -e
[[ "$out" = *'No such file or directory'* ]]
[[ "$out" = *'cmdnotfound'* ]]
• different user and mount namespace
test ! "$(readlink /proc/self/ns/{mnt,user})" = "$(plash sudo readlink /proc/self/ns/{mnt,user})"
• same other mount namespaces
test "$(readlink /proc/self/ns/{cgroup,ipc,net,pid,uts})" = "$(plash sudo readlink /proc/self/ns/{cgroup,ipc,net,pid,uts})"
Source Code
#define USAGE "usage: plash sudo [CMD1 [CMD2 ..]]\n"
#include <pwd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <plash.h>
int sudo_main(int argc, char *argv[]) {
struct passwd *pw = getpwuid(getuid());
pl_unshare_user();
pl_unshare_mount();
char *default_shell = pw ? pw->pw_shell : "/bin/sh";
if (argc <= 1) {
execlp(default_shell, default_shell, NULL);
} else {
execvp(argv[1], argv + 1);
}
pl_fatal("could not exec \"%s\"", argv[1]);
return EXIT_FAILURE;
}