fixup! linux: switch to target process UID/GID

Author: mdavidsaver

ci_core_dumper/linux.py

@@ -71,7 +71,7 @@ def forknpark(fn, **kws):
         if sts!=0:
             raise RuntimeError(sts)
 
-def nsenter(pid):
+def nsenter(pid, limit=None):
     """Join the current process to all of the namespaces
        of the target PID of which it is not already a member.
     """
@@ -95,7 +95,7 @@ def setns(F, nstype=0):
     # must open all NS files first (from init mount ns)
     # before entering any (including mount ns)
     for ns in os.listdir('/proc/%d/ns'%pid):
-        if ns not in ('mnt',):
+        if limit and ns not in limit:
             continue
         NSs.append((ns,
                     open('/proc/%d/ns/%s'%(pid, ns), 'rb'),
@@ -108,6 +108,23 @@ def setns(F, nstype=0):
         T.close()
         S.close()
 
+def read_uid_gid(pid):
+    'Detect UID/GID of target PID'
+    res = os.stat('/proc/{}/status'.format(pid))
+    return res.st_uid, res.st_gid
+
+def readenv(pid):
+    'Read environment of running process'
+    env = {}
+    with open('/proc/{}/environ'.format(pid), 'r') as F:
+        # b"VAR=value\0...\0"
+        lines = F.read().split('\0')
+        lines.pop() # trailing nil
+        for ev in lines:
+            K, V = ev.split('=', 1)
+            env[K] = V
+    return env
+
 class FLock(object):
     def __init__(self, file):
         self._file = file
@@ -285,8 +302,10 @@ def dump(outdir, gdb, extra_cmds):
         print('Dumping PID %d (%d) @ %d %s'%(tpid, ipid, dtime, time.ctime(dtime)))
 
         try:
-            nsenter(ipid)
+            # only need to join mount namespace
+            nsenter(ipid, limit=('mnt', 'pid'))
 
+            # must fork in order to fully join
             forknpark(dump2, pid=tpid, gdb=gdb, extra_cmds=extra_cmds)
         except:
             traceback.print_exc()
@@ -296,48 +315,11 @@ def dump(outdir, gdb, extra_cmds):
 
 def dump2(pid, gdb, extra_cmds):
     # running as root, fully in the target/container namespaces
-    print('Initial uid %d, gid %d'%(os.getuid(), os.getgid()))
-
-    uid = gid = None
-    with open('/proc/{}/status'.format(pid)) as F:
-        for line in F:
-            if line.startswith('Uid:'): # Uid:    1000    1000    1000    1000
-                uid = int(line.split()[1])
-
-            elif line.startswith('Gid:'): # Gid:    1000    1000    1000    1000
-                gid = int(line.split()[1])
-
-    if gid:
-        os.setgid(gid)
-    if uid:
-        os.setuid(uid)
-    print('Target UID %s/%s'%(uid, gid))
-
-    # os.environ is still from the init namespaces.
-    # copy the target process environment
-    env = os.environ.copy()
-
-    with open('/proc/{}/environ'.format(pid), 'rb') as F:
-        for ev in F.read().split(b'\0'):
-            K, _sep, V = ev.partition(b'=')
-            if K and V is not None:
-                env[K.decode(errors='replace')] = V.decode(errors='replace')
-
-    # fill in some ~sensible defaults
-    env.setdefault('TERM', 'vt100')
-    env.setdefault('USER', 'root')
-    env.setdefault('PATH', "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
-    for sh in (os.environ.get('SHELL','sh'), 'sh', 'bash', 'dash'):
-        shell = find_executable(sh, path=env['PATH'])
-        if sh:
-            env['SHELL'] = shell
-            break
-    else:
-        print('ERROR: no support shell in target')
-        sys.exit(1)
+
+    env = readenv(pid)
 
     for gname in (gdb, 'gdb'):
-        gdb = find_executable(gname, path=env['PATH'])
+        gdb = find_executable(gname, path=env.get('PATH') or '')
         if gdb:
             break
     else: