diff options
-rw-r--r-- | src/runner/container/mod.rs | 14 | ||||
-rw-r--r-- | src/util/clone.rs | 15 |
2 files changed, 21 insertions, 8 deletions
diff --git a/src/runner/container/mod.rs b/src/runner/container/mod.rs index 70c76cc..58823a6 100644 --- a/src/runner/container/mod.rs +++ b/src/runner/container/mod.rs @@ -70,16 +70,16 @@ impl ContainerRunner { let (tx, rx) = ipc::channel().expect("IPC channel creation failed"); - match clone::clone(CloneFlags::CLONE_NEWUSER | CloneFlags::CLONE_NEWNS).expect("clone()") { - unistd::ForkResult::Parent { .. } => { - drop(rx); - } - unistd::ForkResult::Child => { + let (_, (tx, _rx)) = clone::spawn( + CloneFlags::CLONE_NEWUSER | CloneFlags::CLONE_NEWNS, + (tx, rx), + |(tx, rx)| { drop(tx); runner(uid, gid, rx); /* Not reached */ - } - }; + }, + ) + .expect("clone()"); Ok(ContainerRunner { channel: tx }) } diff --git a/src/util/clone.rs b/src/util/clone.rs index 93b7b24..de3175c 100644 --- a/src/util/clone.rs +++ b/src/util/clone.rs @@ -1,4 +1,4 @@ -use std::mem; +use std::{mem, process}; use nix::{errno, sched, unistd}; @@ -34,3 +34,16 @@ pub unsafe fn clone(flags: sched::CloneFlags) -> nix::Result<unistd::ForkResult> }) } } + +pub unsafe fn spawn<T, F>(flags: sched::CloneFlags, arg: T, f: F) -> nix::Result<(unistd::Pid, T)> +where + F: FnOnce(T), +{ + match clone(flags)? { + unistd::ForkResult::Parent { child } => Ok((child, arg)), + unistd::ForkResult::Child => { + f(arg); + process::exit(0) + } + } +} |