luckyimnotanigger/tun2proxy
1
0
Fork 0
mirror of https://github.com/tun2proxy/tun2proxy.git synced 2025-06-06 14:50:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Increase security and portability through the use of /proc/self/exe

Browse source
This commit is contained in:
B. Blechschmidt 2024-04-07 21:44:50 +02:00
parent 4f5a128972
commit 40368dd232
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/bin/main.rs
View file

@ -45,13 +45,17 @@ async fn namespace_proxy_main(
_args: Args,
_shutdown_token: tokio_util::sync::CancellationToken,
) -> Result<std::process::ExitStatus, tun2proxy::Error> {
use nix::fcntl::{open, OFlag};
use nix::sys::stat::Mode;
use std::os::fd::AsRawFd;
let (socket, remote_fd) = tun2proxy::socket_transfer::create_transfer_socket_pair().await?;
let fd = open("/proc/self/exe", OFlag::O_PATH, Mode::empty())?;
let child = tokio::process::Command::new("unshare")
.args("--user --map-current-user --net --mount --keep-caps --kill-child --fork".split(' '))
.arg(std::env::current_exe()?)
.arg(format!("/proc/self/fd/{}", fd))
.arg("--socket-transfer-fd")
.arg(remote_fd.as_raw_fd().to_string())
.args(std::env::args().skip(1))