Merge pull request #119 from koitococo/master

Write unshare pid into file for scripting purposes

src/args.rs

@@ -32,6 +32,11 @@ pub struct Args {
     #[arg(long)]
     pub unshare: bool,
 
+    /// Create a pidfile of `unshare` process when using `--unshare`.
+    #[cfg(target_os = "linux")]
+    #[arg(long)]
+    pub unshare_pidfile: Option<String>,
+
     /// File descriptor for UNIX datagram socket meant to transfer
     /// network sockets from global namespace to the new one.
     /// See `unshare(1)`, `namespaces(7)`, `sendmsg(2)`, `unix(7)`.
@@ -103,6 +108,8 @@ impl Default for Args {
             #[cfg(target_os = "linux")]
             unshare: false,
             #[cfg(target_os = "linux")]
+            unshare_pidfile: None,
+            #[cfg(target_os = "linux")]
             socket_transfer_fd: None,
             #[cfg(target_os = "linux")]
             admin_command: Vec::new(),

src/bin/main.rs

@@ -72,6 +72,7 @@ async fn namespace_proxy_main(
         child => child?,
     };
 
+    let unshare_pid = child.id().unwrap_or(0);
     log::info!("The tun proxy is running in unprivileged mode. See `namespaces(7)`.");
     log::info!("");
     log::info!("If you need to run a process that relies on root-like capabilities (e.g. `openvpn`)");
@@ -80,10 +81,13 @@ async fn namespace_proxy_main(
     log::info!("To run a new process in the created namespace (e.g. a flatpak app)");
     log::info!(
         "Use `nsenter --preserve-credentials --user --net --mount  --target {} /bin/sh`",
-        child.id().unwrap_or(0)
+        unshare_pid
     );
     log::info!("");
-
+    if let Some(pidfile) = _args.unshare_pidfile.as_ref() {
+        log::info!("Writing unshare pid to {}", pidfile);
+        std::fs::write(pidfile, unshare_pid.to_string()).ok();
+    }
     tokio::spawn(async move { tun2proxy::socket_transfer::process_socket_requests(&socket).await });
 
     Ok(child.wait().await?)