From 215821ee57616e85390d4ee999ee5b6e8f482345 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=B3=E5=85=89=E5=B0=91=E5=B9=B4?= <849317537@qq.com>
Date: Tue, 13 Aug 2024 12:56:55 +0000
Subject: [PATCH] =?UTF-8?q?=E5=8A=9F=E8=83=BD=E6=9B=B4=E6=96=B0,=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0time=20namespac?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main.rs | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 9cdbc26..c26be25 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,4 +1,4 @@
-use std::fs::OpenOptions;
+use std::fs::{remove_dir_all, OpenOptions};
 use std::os::unix::fs::OpenOptionsExt;
 use std::{io, fs, fmt, os, path, process, time};
 use fmt::Display;
@@ -25,7 +25,8 @@ static WORKSPACE: &str = "/home/rocker";
 static USER_NAME: &str = "rocker";
 static INFO_FILE: &str = "info.toml";
 static mut STACK: [u8; 1024*1024*1] = [0; 1024*1024*1];
-static CLONE_FLAG: i32 = 0b1101100000000100000000000000000;  // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
+// 在/usr/src目录执行 "find . -name "*.h" -exec grep -H "CLONE_NEWTIME" {} \;"   查找时间的namespac的值
+static CLONE_FLAG: i32 = 0b1101100000000100000000000000000 | 0x00000080;  // CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
 static START_T: OnceLock<time::Instant> = OnceLock::new();
 
 static LOGO: &str = r#"
@@ -224,7 +225,7 @@ fn init_container_env(env: &String) -> Result<()>{
     for (k, _) in std::env::vars(){
         std::env::remove_var(k);
     }
-    let mut env_vec = if env.starts_with("./") || env.starts_with("/") {
+    let env_vec = if env.starts_with("./") || env.starts_with("/") {
         // 读取出路径指定的文件作为env
         let env_text = fs::read_to_string(env)?;
         env_text.lines().map(String::from).collect::<Vec<String>>()
@@ -293,6 +294,12 @@ fn init_container_proc() -> Result<()> {
     Ok(())
 }
 
+fn init_container_pts() -> Result<()> {
+    let mount_flags = MsFlags::MS_NODEV | MsFlags::MS_NOEXEC | MsFlags::MS_NOSUID;
+    mount(Some("devpts"), "/dev/pts", Some("devpts"), mount_flags, Some("mode=777"))?;
+    Ok(())
+}
+
 fn init_container_log() -> Result<()> {
     let log_path = Path::new("logs");
     let log_file = fs::OpenOptions::new()
@@ -334,7 +341,7 @@ fn check_container_is_running(pid: &Pid, main_exe: &Path) -> Result<bool> {
 
 fn init_exec_ns(pid: i32) -> Result<()>{
     // 把当前进程加入到指定pid的namespace
-    for ns_name in vec!["ipc", "uts", "net", "pid", "mnt"] {
+    for ns_name in vec!["ipc", "uts", "net", "pid", "mnt", "time"] {
         let ns_path = format!("/proc/{pid}/ns/{ns_name}");
         let ns_fild = fs::File::open(ns_path)?;
         setns(ns_fild.as_fd(), CloneFlags::from_bits_retain(0))?    }
@@ -461,13 +468,15 @@ fn run_container(container_info: &ContainerInfo, is_exec_cmd: Option<&String>) -
                 init_container_dev(&container_merged_path).unwrap();
             }
             
-
             // 设置pivot
             init_container_pivot(&container_merged_path).unwrap();
 
             // 挂载proc
             init_container_proc().unwrap();
 
+            // 
+            init_container_pts().unwrap();
+
             if container_info.log {
                 init_container_log().unwrap();
             }