Rework namespace functions and types

- Add set_namespaces function.
- Deprecate move_into_link_name_space and move_into_thread_name_spaces
  functions.
- Add NamespaceType.
- Deprecate ThreadNameSpaceType and LinkNameSpaceType.
- Add nsfs ioctls.
- Add NoArgGetter ioctl pattern.

Author: rusty-snake

src/ioctl/patterns.rs

@@ -52,6 +52,50 @@ unsafe impl<const OPCODE: Opcode> Ioctl for NoArg<OPCODE> {
     }
 }
 
+/// Implements an `ioctl` with no real arguments.
+///
+/// To compute a value for the `OPCODE` argument, see the functions in the
+/// [`opcode`] module.
+///
+/// [`opcode`]: rustix::ioctl::opcode
+pub struct NoArgGetter<const OPCODE: Opcode> {}
+impl<const OPCODE: Opcode> fmt::Debug for NoArgGetter<OPCODE> {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("NoArgGetter").field(&OPCODE).finish()
+    }
+}
+impl<const OPCODE: Opcode> NoArgGetter<OPCODE> {
+    /// Create a new no-argument-getter `ioctl` object.
+    ///
+    /// # Safety
+    ///
+    /// - `OPCODE` must provide a valid opcode.
+    #[inline]
+    pub const unsafe fn new() -> Self {
+        Self {}
+    }
+}
+unsafe impl<const OPCODE: Opcode> Ioctl for NoArgGetter<OPCODE> {
+    type Output = IoctlOutput;
+
+    const IS_MUTATING: bool = false;
+
+    fn opcode(&self) -> self::Opcode {
+        OPCODE
+    }
+
+    fn as_ptr(&mut self) -> *mut core::ffi::c_void {
+        core::ptr::null_mut()
+    }
+
+    unsafe fn output_from_ptr(
+        output: IoctlOutput,
+        _: *mut core::ffi::c_void,
+    ) -> Result<Self::Output> {
+        Ok(output)
+    }
+}
+
 /// Implements the traditional “getter” pattern for `ioctl`s.
 ///
 /// Some `ioctl`s just read data into the userspace. As this is a popular

src/thread/mod.rs

@@ -11,12 +11,12 @@ mod libcap;
 #[cfg(linux_kernel)]
 mod membarrier;
 #[cfg(linux_kernel)]
+mod ns;
+#[cfg(linux_kernel)]
 mod prctl;
 #[cfg(any(freebsdlike, linux_kernel, target_os = "fuchsia"))]
 mod sched;
 mod sched_yield;
-#[cfg(linux_kernel)]
-mod setns;
 
 #[cfg(not(target_os = "redox"))]
 pub use clock::*;
@@ -29,9 +29,9 @@ pub use libcap::{capabilities, set_capabilities, CapabilityFlags, CapabilitySet,
 #[cfg(linux_kernel)]
 pub use membarrier::*;
 #[cfg(linux_kernel)]
+pub use ns::*;
+#[cfg(linux_kernel)]
 pub use prctl::*;
 #[cfg(any(freebsdlike, linux_kernel, target_os = "fuchsia"))]
 pub use sched::*;
 pub use sched_yield::sched_yield;
-#[cfg(linux_kernel)]
-pub use setns::*;

src/thread/setns.rs renamed to src/thread/ns.rs

@@ -3,14 +3,80 @@ use linux_raw_sys::general::{
     CLONE_FILES, CLONE_FS, CLONE_NEWCGROUP, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID,
     CLONE_NEWTIME, CLONE_NEWUSER, CLONE_NEWUTS, CLONE_SYSVSEM,
 };
+use linux_raw_sys::ioctl::{NS_GET_NSTYPE, NS_GET_OWNER_UID, NS_GET_PARENT, NS_GET_USERNS};
 
 use crate::backend::c::c_int;
 use crate::backend::thread::syscalls;
 use crate::fd::BorrowedFd;
+use crate::fd::{AsFd, FromRawFd, OwnedFd};
 use crate::io;
+use crate::ioctl;
+
+use super::{RawUid, Uid};
+
+bitflags! {
+    /// Namespace type.
+    #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+    #[repr(transparent)]
+    pub struct NamespaceType: u32 {
+        /// Control group (CGroup) namespace.
+        const CGROUP = CLONE_NEWCGROUP;
+        /// System V IPC and POSIX message queue namespace.
+        const IPC = CLONE_NEWIPC;
+        /// Mount namespace.
+        const MOUNT = CLONE_NEWNS;
+        /// Network namespace.
+        const NETWORK = CLONE_NEWNET;
+        /// Process ID namespace.
+        const PID = CLONE_NEWPID;
+        /// Time namespace.
+        const TIME = CLONE_NEWTIME;
+        /// User and group ID namespace.
+        const USER = CLONE_NEWUSER;
+        /// `Host name` and `NIS domain name` (UTS) namespace.
+        const UTS = CLONE_NEWUTS;
+
+        /// <https://docs.rs/bitflags/*/bitflags/#externally-defined-flags>
+        const _ = !0;
+    }
+}
+
+bitflags! {
+    /// `CLONE_*` for use with [`unshare`].
+    #[repr(transparent)]
+    #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
+    pub struct UnshareFlags: u32 {
+        /// `CLONE_FILES`
+        const FILES = CLONE_FILES;
+        /// `CLONE_FS`
+        const FS = CLONE_FS;
+        /// `CLONE_NEWCGROUP`
+        const NEWCGROUP = CLONE_NEWCGROUP;
+        /// `CLONE_NEWIPC`
+        const NEWIPC = CLONE_NEWIPC;
+        /// `CLONE_NEWNET`
+        const NEWNET = CLONE_NEWNET;
+        /// `CLONE_NEWNS`
+        const NEWNS = CLONE_NEWNS;
+        /// `CLONE_NEWPID`
+        const NEWPID = CLONE_NEWPID;
+        /// `CLONE_NEWTIME`
+        const NEWTIME = CLONE_NEWTIME;
+        /// `CLONE_NEWUSER`
+        const NEWUSER = CLONE_NEWUSER;
+        /// `CLONE_NEWUTS`
+        const NEWUTS = CLONE_NEWUTS;
+        /// `CLONE_SYSVSEM`
+        const SYSVSEM = CLONE_SYSVSEM;
+
+        /// <https://docs.rs/bitflags/*/bitflags/#externally-defined-flags>
+        const _ = !0;
+    }
+}
 
 bitflags! {
     /// Thread name space type.
+    #[deprecated(since = "1.1.0", note = "Use NamespaceType instead")]
     #[repr(transparent)]
     #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
     pub struct ThreadNameSpaceType: u32 {
@@ -37,6 +103,7 @@ bitflags! {
 }
 
 /// Type of name space referred to by a link.
+#[deprecated(since = "1.1.0", note = "Use NamespaceType instead")]
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
 #[repr(u32)]
 pub enum LinkNameSpaceType {
@@ -58,37 +125,28 @@ pub enum LinkNameSpaceType {
     Network = CLONE_NEWNET,
 }
 
-bitflags! {
-    /// `CLONE_*` for use with [`unshare`].
-    #[repr(transparent)]
-    #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
-    pub struct UnshareFlags: u32 {
-        /// `CLONE_FILES`
-        const FILES = CLONE_FILES;
-        /// `CLONE_FS`
-        const FS = CLONE_FS;
-        /// `CLONE_NEWCGROUP`
-        const NEWCGROUP = CLONE_NEWCGROUP;
-        /// `CLONE_NEWIPC`
-        const NEWIPC = CLONE_NEWIPC;
-        /// `CLONE_NEWNET`
-        const NEWNET = CLONE_NEWNET;
-        /// `CLONE_NEWNS`
-        const NEWNS = CLONE_NEWNS;
-        /// `CLONE_NEWPID`
-        const NEWPID = CLONE_NEWPID;
-        /// `CLONE_NEWTIME`
-        const NEWTIME = CLONE_NEWTIME;
-        /// `CLONE_NEWUSER`
-        const NEWUSER = CLONE_NEWUSER;
-        /// `CLONE_NEWUTS`
-        const NEWUTS = CLONE_NEWUTS;
-        /// `CLONE_SYSVSEM`
-        const SYSVSEM = CLONE_SYSVSEM;
+/// Move the calling thread into different namespaces
+///
+/// This function has two different semantics depending on the `fd` argument.
+///
+/// - If `fd` refers to one of the magic links in a `/proc/[pid]/ns/` directory
+///   or a bind mount to such a link, the calling thread is moved to the namespaces
+///   referred to by `fd`. `namespace_type` must either be [`NamespaceType::empty()`]
+///   in which case all namespace types can be joined or a single [`NamespaceType`]
+///   bit in which case only namespaces of this type can be joined.
+/// - If `fd` refers to a pidfd, the calling thread is moved to all namespaces of this
+///   process that are specified in `namespace_type`.
+///
+/// # References
+///  - [Linux]
+///
+/// [Linux]: https://man7.org/linux/man-pages/man2/setns.2.html
+#[deprecated(since = "1.1.0", note = "Use setns instead")]
+#[doc(alias = "setns")]
+pub fn set_namespace(fd: BorrowedFd<'_>, namespace_type: NamespaceType) -> io::Result<()> {
+    syscalls::setns(fd, namespace_type.bits() as c_int)?;
 
-        /// <https://docs.rs/bitflags/*/bitflags/#externally-defined-flags>
-        const _ = !0;
-    }
+    Ok(())
 }
 
 /// Reassociate the calling thread with the namespace associated with link
@@ -101,7 +159,9 @@ bitflags! {
 ///  - [Linux]
 ///
 /// [Linux]: https://man7.org/linux/man-pages/man2/setns.2.html
+#[deprecated(since = "1.1.0", note = "Use setns instead")]
 #[doc(alias = "setns")]
+#[allow(deprecated)]
 pub fn move_into_link_name_space(
     fd: BorrowedFd<'_>,
     allowed_type: Option<LinkNameSpaceType>,
@@ -119,7 +179,9 @@ pub fn move_into_link_name_space(
 ///  - [Linux]
 ///
 /// [Linux]: https://man7.org/linux/man-pages/man2/setns.2.html
+#[deprecated(since = "1.1.0", note = "Use setns instead")]
 #[doc(alias = "setns")]
+#[allow(deprecated)]
 pub fn move_into_thread_name_spaces(
     fd: BorrowedFd<'_>,
     allowed_types: ThreadNameSpaceType,
@@ -137,3 +199,63 @@ pub fn move_into_thread_name_spaces(
 pub fn unshare(flags: UnshareFlags) -> io::Result<()> {
     syscalls::unshare(flags)
 }
+
+/// `ioctl(ns_fd, NS_GET_USERNS)`
+///
+/// # Safety
+///
+/// `fd` must refer to a `/proc/pid/ns/*` file.
+#[inline]
+#[doc(alias = "NS_GET_USERNS")]
+pub fn ioctl_ns_get_userns<FD: AsFd>(fd: FD) -> io::Result<OwnedFd> {
+    #[allow(unsafe_code)]
+    unsafe {
+        let ctl = ioctl::NoArgGetter::<{ NS_GET_USERNS }>::new();
+        ioctl::ioctl(fd, ctl).map(|fd| OwnedFd::from_raw_fd(fd))
+    }
+}
+
+/// `ioctl(ns_fd, NS_GET_PARENT)`
+///
+/// # Safety
+///
+/// `fd` must refer to a `/proc/pid/ns/*` file.
+#[inline]
+#[doc(alias = "NS_GET_PARENT")]
+pub fn ioctl_ns_get_parent<FD: AsFd>(fd: FD) -> io::Result<OwnedFd> {
+    #[allow(unsafe_code)]
+    unsafe {
+        let ctl = ioctl::NoArgGetter::<{ NS_GET_PARENT }>::new();
+        ioctl::ioctl(fd, ctl).map(|fd| OwnedFd::from_raw_fd(fd))
+    }
+}
+
+/// `ioctl(ns_fd, NS_GET_NSTYPE)`
+///
+/// # Safety
+///
+/// `fd` must refer to a `/proc/pid/ns/*` file.
+#[inline]
+#[doc(alias = "NS_GET_NSTYPE")]
+pub fn ioctl_ns_get_nstype<FD: AsFd>(fd: FD) -> io::Result<NamespaceType> {
+    #[allow(unsafe_code)]
+    unsafe {
+        let ctl = ioctl::NoArgGetter::<{ NS_GET_NSTYPE }>::new();
+        ioctl::ioctl(fd, ctl).map(|ns| NamespaceType::from_bits_retain(ns as u32))
+    }
+}
+
+/// `ioctl(ns_fd, NS_GET_OWNER_UID)`
+///
+/// # Safety
+///
+/// `fd` must refer to a `/proc/pid/ns/*` file.
+#[inline]
+#[doc(alias = "NS_GET_OWNER_UID")]
+pub fn ioctl_ns_get_owner_uid<FD: AsFd>(fd: FD) -> io::Result<Uid> {
+    #[allow(unsafe_code)]
+    unsafe {
+        let ctl = ioctl::Getter::<{ NS_GET_OWNER_UID }, RawUid>::new();
+        ioctl::ioctl(fd, ctl).map(Uid::from_raw)
+    }
+}