| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALzDPu1K4vY+b2Wc_1eEaXX09opXi_yRN3nE2LoUGkW2gP0r9g@mail.gmail.com>
Date: Fri, 17 Jan 2025 19:48:25 +0530
From: K V V <krishnavivek.vitta@...il.com>
To: christian@...uner.io, linux-kernel@...r.kernel.org
Subject: Finding init process of namespace at global level using BPF
Hi Christian, experts,
Need help in finding the first process of pid namespace using BPF
program when an unshare(unshare -p -f --mount-proc /bin/bash) call is
made. Am using a ubuntu(20.04) machine. Kernel version: 5.15
>From documentation, it is found that child_reaper would give this info
from pid_namespace structure. From shell, I see that pid namespace is
created and and a new process is also forked.
But while accessing child_reaper, it is found NULL.
I am using the following prog to get it, but it is unsuccessful.
struct pid_namespace *pid_ns = BPF_CORE_READ(current_task_struct,
nsproxy, pid_ns_for_children);
if (pid_ns) {
// Access the child_reaper process
struct task_struct *child_reaper =
BPF_CORE_READ(pid_ns, child_reaper);
if (child_reaper) {
// Get the global PID of the child_reaper process
pid2 = BPF_CORE_READ(child_reaper, pid);
} else {
pid2 = 100;
}
} else {
pid2 = 10;
}
May I know how I can retrieve the init process of a new namespace
using a BPF program ?
Thanks in advance.
--Krishna Vivek
Powered by blists - more mailing lists