linux: Support setting execution domain via linux personality.

Signed-off-by: Aditya Rajan <[email protected]>
opencontainers · Aug 3, 2021 · e787337 · e787337
1 parent 2aabb29
commit e787337
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 0 deletions.
diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
@@ -206,6 +206,9 @@ type Config struct {
 	// RootlessCgroups is set when unlikely to have the full access to cgroups.
 	// When RootlessCgroups is set, cgroups errors are ignored.
 	RootlessCgroups bool `json:"rootless_cgroups,omitempty"`
+
+	// Personality contains configuration for the Linux personality syscall
+	Personality *LinuxPersonality `json:"personality,omitempty"`
 }
 
 type (

diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go
@@ -9,6 +9,19 @@ var (
 	errNoGroupMap = errors.New("User namespaces enabled, but no group mapping found.")
 )
 
+// Please check https://man7.org/linux/man-pages/man2/personality.2.html for const details.
+// https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/personality.h
+const (
+	PER_LINUX   = 0x0000
+	PER_LINUX32 = 0x0008
+)
+
+type LinuxPersonality struct {
+	// Domain for the personality
+	// can only contain values "LINUX" and "LINUX32"
+	Domain string `json:"domain"`
+}
+
 // HostUID gets the translated uid for the process on host which could be
 // different when user namespaces are enabled.
 func (c Config) HostUID(containerId int) (int, error) {

diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -305,6 +305,11 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 				MemBwSchema:   spec.Linux.IntelRdt.MemBwSchema,
 			}
 		}
+		if spec.Linux.Personality != nil {
+			config.Personality = &configs.LinuxPersonality{
+				Domain: string(spec.Linux.Personality.Domain),
+			}
+		}
 	}
 	if spec.Process != nil {
 		config.OomScoreAdj = spec.Process.OOMScoreAdj

diff --git a/utils_linux.go b/utils_linux.go
@@ -10,6 +10,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strconv"
+	"syscall"
 
 	"github.com/coreos/go-systemd/v22/activation"
 	"github.com/opencontainers/runtime-spec/specs-go"
@@ -272,6 +273,13 @@ func (r *runner) run(config *specs.Process) (int, error) {
 	if err = r.checkTerminal(config); err != nil {
 		return -1, err
 	}
+	// configure linux personality
+	if r.container.Config().Personality != nil {
+		err = setLinuxPersonality(r.container.Config().Personality.Domain)
+		if err != nil {
+			return -1, err
+		}
+	}
 	process, err := newProcess(*config, r.init, r.logLevel)
 	if err != nil {
 		return -1, err
@@ -454,3 +462,20 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
 	}
 	return r.run(spec.Process)
 }
+
+/* setLinuxPersonality: sets the Linux execution personality. For more information see the personality syscall documentation.
+   LINUX: PER_LINUX (since Linux 1.2.0)
+   LINUX32: PER_LINUX32 (since Linux 2.2) LINUX32 will set the uname system call to show a 32 bit CPU type, such as i686.
+   Default: LINUX i.e PER_LINUX
+*/
+func setLinuxPersonality(domain string) error {
+	persona := configs.PER_LINUX
+	if domain == "LINUX32" {
+		persona = configs.PER_LINUX32
+	}
+	_, _, errno := syscall.Syscall(syscall.SYS_PERSONALITY, uintptr(persona), 0, 0)
+	if errno != 0 {
+		return fmt.Errorf("syscall: SYS_PERSONALITY failed with error code: %d", errno)
+	}
+	return nil
+}