| … | |
… | |
| 6 | |
6 | |
| 7 | use Linux::Clone; |
7 | use Linux::Clone; |
| 8 | |
8 | |
| 9 | =head1 DESCRIPTION |
9 | =head1 DESCRIPTION |
| 10 | |
10 | |
| 11 | This module exposes the linux clone(2), unshare(2) and related syscalls to |
11 | This module exposes the linux clone(2), unshare(2) and some related |
| 12 | Perl. |
12 | syscalls to Perl. |
| 13 | |
13 | |
| 14 | =over 4 |
14 | =over 4 |
| 15 | |
15 | |
| 16 | =item $retval = unshare $flags |
16 | =item $retval = unshare $flags |
| 17 | |
17 | |
| … | |
… | |
| 30 | Linux::Clone::NEWPID |
30 | Linux::Clone::NEWPID |
| 31 | Linux::Clone::NEWUTS |
31 | Linux::Clone::NEWUTS |
| 32 | Linux::Clone::NEWIPC |
32 | Linux::Clone::NEWIPC |
| 33 | Linux::Clone::NEWNET |
33 | Linux::Clone::NEWNET |
| 34 | Linux::Clone::NEWCGROUP |
34 | Linux::Clone::NEWCGROUP |
|
|
35 | Linux::Clone::NEWTIME |
| 35 | |
36 | |
| 36 | Example: unshare the network namespace and prove that by calling ifconfig, |
37 | Example: unshare the network namespace and prove that by calling ifconfig, |
| 37 | showing only an unconfigured lo interface. |
38 | showing only the unconfigured lo interface. |
| 38 | |
39 | |
| 39 | Linux::Clone::unshare Linux::Clone::NEWNET |
40 | Linux::Clone::unshare Linux::Clone::NEWNET |
| 40 | and "unshare: $!"; |
41 | and "unshare: $!"; |
|
|
42 | Linux::Clone::configure_loopback; |
| 41 | system "ifconfig -a"; |
43 | system "ifconfig"; |
| 42 | |
44 | |
| 43 | Example: unshare the network namespace, initialise the loopback interface, |
45 | Example: unshare the network namespace, initialise the loopback interface, |
| 44 | create a veth interface pair, put one interface into the parent processes |
46 | create a veth interface pair, put one interface into the parent processes |
| 45 | namespace (use ifconfig -a from another shell), configure the other |
47 | namespace (use ifconfig -a from another shell), configure the other |
| 46 | interface with 192.168.99.2 -> 192.168.99.1 and start a shell. |
48 | interface with 192.168.99.2 -> 192.168.99.1 and start a shell. |
| … | |
… | |
| 49 | |
51 | |
| 50 | # unshare our network namespace |
52 | # unshare our network namespace |
| 51 | Linux::Clone::unshare Linux::Clone::NEWNET |
53 | Linux::Clone::unshare Linux::Clone::NEWNET |
| 52 | and "unshare: $!"; |
54 | and "unshare: $!"; |
| 53 | |
55 | |
|
|
56 | Linux::Clone::configure_loopback; |
|
|
57 | |
| 54 | my $ppid = getppid; |
58 | my $ppid = getppid; |
| 55 | |
59 | |
| 56 | system " |
60 | system " |
| 57 | # configure loopback interface |
|
|
| 58 | ip link set lo up |
|
|
| 59 | ip route add 127.0.0.0/8 dev lo |
|
|
| 60 | |
|
|
| 61 | # create veth pair |
61 | # create veth pair |
| 62 | ip link add name veth_master type veth peer name veth_slave |
62 | ip link add name veth_master type veth peer name veth_slave |
| 63 | |
63 | |
| 64 | # move veth_master to our parent process' namespace |
64 | # move veth_master to our parent process' namespace |
| 65 | ip link set veth_master netns $ppid |
65 | ip link set veth_master netns $ppid |
| … | |
… | |
| 88 | use Linux::Clone; |
88 | use Linux::Clone; |
| 89 | |
89 | |
| 90 | Linux::Clone::unshare Linux::Clone::NEWNS |
90 | Linux::Clone::unshare Linux::Clone::NEWNS |
| 91 | and die "unshare: $!"; |
91 | and die "unshare: $!"; |
| 92 | |
92 | |
| 93 | # now bind-mount /lib over /etc and ls -l /etc - scary |
93 | # now bind-mount /lib over /etc and ls -l /etc - looks scary |
| 94 | system "mount -n --bind /lib /etc"; |
94 | system "mount -n --bind /lib /etc"; |
| 95 | system "ls -l /etc"; |
95 | system "ls -l /etc"; |
| 96 | |
96 | |
| 97 | =item $retval = Linux::Clone::clone $coderef, $stacksize, $flags[, $ptid, $tls, $ctid] |
97 | =item $retval = Linux::Clone::clone $coderef, $stacksize, $flags[, $ptid, $tls, $ctid] |
| 98 | |
98 | |
| … | |
… | |
| 123 | Linux::Clone::VFORK |
123 | Linux::Clone::VFORK |
| 124 | Linux::Clone::SETTLS (not yet implemented) |
124 | Linux::Clone::SETTLS (not yet implemented) |
| 125 | Linux::Clone::PARENT_SETTID (not yet implemented) |
125 | Linux::Clone::PARENT_SETTID (not yet implemented) |
| 126 | Linux::Clone::CHILD_SETTID (not yet implemented) |
126 | Linux::Clone::CHILD_SETTID (not yet implemented) |
| 127 | Linux::Clone::CHILD_CLEARTID (not yet implemented) |
127 | Linux::Clone::CHILD_CLEARTID (not yet implemented) |
|
|
128 | Linux::Clone::PIDFD (not yet implemented) |
| 128 | Linux::Clone::DETACHED |
129 | Linux::Clone::DETACHED |
| 129 | Linux::Clone::UNTRACED |
130 | Linux::Clone::UNTRACED |
| 130 | Linux::Clone::IO |
131 | Linux::Clone::IO |
|
|
132 | Linux::Clone::CSIGNAL exit signal mask |
| 131 | |
133 | |
| 132 | Note that for practical reasons you basically must not use |
134 | Note that for practical reasons you basically must not use |
| 133 | C<Linux::Clone::VM> or C<Linux::Clone::VFORK>, as perl is unlikely to cope |
135 | C<Linux::Clone::VM> or C<Linux::Clone::VFORK>, as perl is unlikely to cope |
| 134 | with that. |
136 | with that. |
| 135 | |
137 | |
| … | |
… | |
| 159 | |
161 | |
| 160 | The following C<$type> constants are available if the kcmp syscall number |
162 | The following C<$type> constants are available if the kcmp syscall number |
| 161 | was available during compilation: |
163 | was available during compilation: |
| 162 | |
164 | |
| 163 | C<Linux::Clone::KCMP_FILE>, C<Linux::Clone::KCMP_VM>, C<Linux::Clone::KCMP_FILES>, |
165 | C<Linux::Clone::KCMP_FILE>, C<Linux::Clone::KCMP_VM>, C<Linux::Clone::KCMP_FILES>, |
| 164 | C<Linux::Clone::KCMP_FS>, C<Linux::Clone::KCMP_SIGHAND>, C<Linux::Clone::KCMP_IO> and |
166 | C<Linux::Clone::KCMP_FS>, C<Linux::Clone::KCMP_SIGHAND>, C<Linux::Clone::KCMP_IO>, |
| 165 | C<Linux::Clone::KCMP_SYSVSEM>. |
167 | C<Linux::Clone::KCMP_SYSVSEM> and C<Linux::Clone::KCMP_EPOLL_TFD>. |
| 166 | |
168 | |
|
|
169 | =item Linux::Clone::configure_loopback |
|
|
170 | |
|
|
171 | Configures a working loopback interface (basically, does the equivalent of |
|
|
172 | "ifconfig lo up" which automatically adds ipv4/ipv6 addresses and routes), |
|
|
173 | which can be useful to get a network namespace going. |
|
|
174 | |
|
|
175 | Dies on error and returns nothing. |
|
|
176 | |
|
|
177 | =item C<ioctl> symbols |
|
|
178 | |
|
|
179 | The following ioctl symbols are also provided by this module (see L<ioctl_ns(8)>). |
|
|
180 | |
|
|
181 | Linux::Clone::NS_GET_USERNS |
|
|
182 | Linux::Clone::NS_GET_PARENT |
|
|
183 | Linux::Clone::NS_GET_NSTYPE |
|
|
184 | Linux::Clone::NS_OWNER_UID |
| 167 | |
185 | |
| 168 | =back |
186 | =back |
| 169 | |
187 | |
| 170 | =cut |
188 | =cut |
| 171 | |
189 | |
| 172 | package Linux::Clone; |
190 | package Linux::Clone; |
| 173 | |
191 | |
| 174 | # use common::sense; |
192 | # use common::sense; |
| 175 | |
193 | |
| 176 | BEGIN { |
194 | BEGIN { |
| 177 | our $VERSION = '1.2'; |
195 | our $VERSION = '1.3'; |
| 178 | |
196 | |
| 179 | require XSLoader; |
197 | require XSLoader; |
| 180 | XSLoader::load (__PACKAGE__, $VERSION); |
198 | XSLoader::load (__PACKAGE__, $VERSION); |
| 181 | } |
199 | } |
| 182 | |
200 | |
|
|
201 | sub configure_loopback() { |
|
|
202 | siocsifflags "lo" |
|
|
203 | and die "Linux::Clone::configure_looopback: unable to bring up loopback interface: $!\n"; |
|
|
204 | } |
|
|
205 | |
| 183 | 1; |
206 | 1; |
|
|
207 | |
|
|
208 | =head1 SEE ALSO |
|
|
209 | |
|
|
210 | L<IO::AIO> has some related functions, such as C<pidfd_send_signal>, and |
|
|
211 | some unrelated functions that might be useful. |
|
|
212 | |
|
|
213 | L<namspaces(7)>, L<cgroup_namespaces(7)>, L<pid_namespaces(7)>, |
|
|
214 | L<user_namespaces(7)>, L<time_namespaces(7)>, L<ip-netns(8)>, |
|
|
215 | L<switch_root(8)>, L<ioctl_ns(2)>, L<lsns(8)>Q |
| 184 | |
216 | |
| 185 | =head1 AUTHOR |
217 | =head1 AUTHOR |
| 186 | |
218 | |
| 187 | Marc Lehmann <schmorp@schmorp.de> |
219 | Marc Lehmann <schmorp@schmorp.de> |
| 188 | http://home.schmorp.de/ |
220 | http://home.schmorp.de/ |
