newpid/0000755000000000000000000000000012265743746007252 5ustar newpid/README.md0000644000000000000000000000114312265740014010511 0ustar newpid ====== Very simple wrapper around clone(CLONE_NEWPID) that launches a command in a new PID namespace. /proc is also remounted so it sees the new process space. Needs root to run. I haven't seen this functionality as a standalone command elsewhere. If you find something else, please let me know. Example: $ sudo newpid ps aux 
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   4080    84 pts/3    S+   12:15   0:00 newpid ps aux
root         2  0.0  0.0  19984  1316 pts/3    R+   12:15   0:00 ps aux
-- Christoph Berg newpid/debian/0000755000000000000000000000000012265743746010474 5ustar newpid/debian/control0000664000000000000000000000125712263476313012075 0ustar Source: newpid Section: utils Priority: optional Maintainer: Debian PostgreSQL Maintainers Uploaders: Christoph Berg Standards-Version: 3.9.5 Build-Depends: debhelper (>= 9~) Vcs-Browser: https://github.com/ChristophBerg/newpid Vcs-Git: git://github.com/ChristophBerg/newpid.git XS-Testsuite: autopkgtest Package: newpid Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: run a command in a new PID namespace newpid is a very simple wrapper around clone(CLONE_NEWPID) that launches a command in a new PID namespace. /proc is also remounted so it sees the new process space. Needs root to run. newpid/debian/tests/0000775000000000000000000000000012263502432011617 5ustar newpid/debian/tests/control0000664000000000000000000000006212263476313013230 0ustar Depends: @ Tests: zombie Restrictions: needs-root newpid/debian/tests/zombie0000775000000000000000000000031612263502432013032 0ustar #!/bin/sh set -eu newpid ./zombie.pl 2>&1 | tee z.out grep -q 'version code' z.out && sed -i -e '1,/version code/d' z.out # remove "Non-standard uts for running kernel" on lucid diff -u z.expected z.out newpid/debian/changelog0000664000000000000000000000055712265743705012352 0ustar newpid (2) unstable; urgency=low * Add autopkgtest. * Enable build hardening. * Ignore errors on umount("/proc"), it could be busy. * Add manpage. -- Christoph Berg Thu, 16 Jan 2014 12:51:32 +0100 newpid (1) UNRELEASED; urgency=low * Initial release. -- Christoph Berg Mon, 21 Jan 2013 22:48:32 +0100 newpid/debian/copyright0000644000000000000000000000213212100221044012367 0ustar Author, Copyright, and Debianization: Copyright (C) 2013 Christoph Berg Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. newpid/debian/compat0000664000000000000000000000000212263476313011663 0ustar 9 newpid/debian/source/0000755000000000000000000000000012100221044011736 5ustar newpid/debian/source/format0000644000000000000000000000001512100221044013145 0ustar 3.0 (native) newpid/debian/rules0000775000000000000000000000011712263476313011544 0ustar #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all %: dh $@ newpid/zombie.pl0000775000000000000000000000065012263476313011071 0ustar #!/usr/bin/perl # This script forks twice, and the middle process exits immediately. The third # process will then gets pid 1 as parent, and exit later. At that point, pid 1 # receives a SIGCHLD signal. The first process keeps running so we can actually # observe this effect. if (fork == 0) { if (fork == 0) { sleep 1; exit 1; } else { exit 2; } } else { sleep 2; system "ps -opid,ppid,command xf"; exit 0; } newpid/newpid.pod0000664000000000000000000000125312265743441011237 0ustar =head1 NAME newpid - launch a command in a new PID namespace =head1 SYNOPSIS B I =head1 DESCRIPTION B uses the B syscall to launch a command in a new PID namespace. The B filesystem is also remounted so the new process IDs are also visible there. =head1 OPTIONS None. =head1 EXAMPLE $ sudo newpid ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 4080 84 pts/3 S+ 12:15 0:00 newpid ps aux root 2 0.0 0.0 19984 1316 pts/3 R+ 12:15 0:00 ps aux =head1 SEE ALSO clone(2), unshare(1). =head1 AUTHOR Christoph Berg newpid/newpid.c0000644000000000000000000000574112263501331010667 0ustar /* * newpid: launch a subprocess in a new PID namespace * Copyright (C) 2013, 2014 Christoph Berg * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to * deal in the Software without restriction, including without limitation the * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or * sell copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include int run (void *argv_void) { char *const *argv = argv_void; char *argv_sh[] = { NULL, NULL }; pid_t child; pid_t pid; if (umount ("/proc") != 0) { /* ignore errors here, /proc could be busy perror ("umount /proc"); exit (1); */ } if (mount ("proc", "/proc", "proc", 0, NULL) != 0) { perror ("mount proc"); exit (1); } if (argv[0] == NULL) { char *shell = getenv ("SHELL"); if (shell) argv_sh[0] = shell; else argv_sh[0] = "/bin/sh"; argv = argv_sh; } if ((child = fork ()) == 0) { if (execvp (argv[0], argv) < 0) { perror ("execvp"); exit (1); } /* NOT REACHED */ } if (child < 0) { perror ("fork"); exit (1); } int status; while ((pid = wait (&status)) != child) { if (pid < 0 && errno != EINTR) { perror ("waitpid"); exit (1); } /* ignore SIGCHLD for other children and retry */ // printf ("Reaped child %d with status %d\n", pid, status); } if (WIFEXITED (status)) return WEXITSTATUS (status); if (WIFSIGNALED (status)) return 128 + WTERMSIG (status); return -1; } int main (int argc, char *argv[], char *envp[]) { char cstack[2048]; int child; int status; if ((child = clone (run, cstack + 1024, /* middle of array so we don't care which way the stack grows */ CLONE_NEWPID | CLONE_NEWNS | SIGCHLD, /* new pid & mount namespace, send SIGCHLD on termination */ argv + 1) /* skip argv[0] */ ) < 0) { perror ("clone"); exit (1); } if (waitpid (child, &status, 0) < 0) { perror ("waitpid"); } if (WIFEXITED (status)) return WEXITSTATUS (status); if (WIFSIGNALED (status)) return 128 + WTERMSIG (status); return -1; } newpid/Makefile0000664000000000000000000000066012265743532010707 0ustar CFLAGS += -g -O2 -Wall -Werror PREFIX = /usr all: newpid newpid.1 newpid: newpid.o newpid.1: newpid.pod pod2man --center "" -r "" --quotes=none --section 1 $< > $@ install: newpid newpid.1 install -d $(DESTDIR)$(PREFIX)/bin install newpid $(DESTDIR)$(PREFIX)/bin/newpid install -d $(DESTDIR)$(PREFIX)/share/man/man1 install newpid.1 $(DESTDIR)$(PREFIX)/share/man/man1/newpid.1 clean: rm -f newpid newpid.o newpid.1 z.out newpid/z.expected0000664000000000000000000000025012263476313011234 0ustar PID PPID COMMAND 1 0 newpid ./zombie.pl 2 1 /usr/bin/perl ./zombie.pl 3 2 \_ [zombie.pl] 5 2 \_ ps -opid,ppid,command xf