Merge pull request #119 from koitococo/master

Write unshare pid into file for scripting purposes
2 years ago · 4243057fbf
2 changed files with 13 additions and 2 deletions
--- a/src/args.rs
+++ b/src/args.rs
@ -32,6 +32,11 @@ pub struct Args {
    #[arg(long)]
    pub unshare: bool,

+    /// Create a pidfile of `unshare` process when using `--unshare`.
+    #[cfg(target_os = "linux")]
+    #[arg(long)]
+    pub unshare_pidfile: Option<String>,
+
    /// File descriptor for UNIX datagram socket meant to transfer
    /// network sockets from global namespace to the new one.
    /// See `unshare(1)`, `namespaces(7)`, `sendmsg(2)`, `unix(7)`.
@ -103,6 +108,8 @@ impl Default for Args {
            #[cfg(target_os = "linux")]
            unshare: false,
            #[cfg(target_os = "linux")]
+            unshare_pidfile: None,
+            #[cfg(target_os = "linux")]
            socket_transfer_fd: None,
            #[cfg(target_os = "linux")]
            admin_command: Vec::new(),
--- a/src/bin/main.rs
+++ b/src/bin/main.rs
@ -72,6 +72,7 @@ async fn namespace_proxy_main(
        child => child?,
    };

+    let unshare_pid = child.id().unwrap_or(0);
    log::info!("The tun proxy is running in unprivileged mode. See `namespaces(7)`.");
    log::info!("");
    log::info!("If you need to run a process that relies on root-like capabilities (e.g. `openvpn`)");
@ -80,10 +81,13 @@ async fn namespace_proxy_main(
    log::info!("To run a new process in the created namespace (e.g. a flatpak app)");
    log::info!(
        "Use `nsenter --preserve-credentials --user --net --mount  --target {} /bin/sh`",
-        child.id().unwrap_or(0)
+        unshare_pid
    );
    log::info!("");
-
+    if let Some(pidfile) = _args.unshare_pidfile.as_ref() {
+        log::info!("Writing unshare pid to {}", pidfile);
+        std::fs::write(pidfile, unshare_pid.to_string()).ok();
+    }
    tokio::spawn(async move { tun2proxy::socket_transfer::process_socket_requests(&socket).await });

    Ok(child.wait().await?)