unistd: add execveat() on Linux and Android

lucab · lucab · commit c5feda5ef586 · 2017-11-19T11:20:58.000Z
This adds execveat() to `nix::unistd`. It uses the execveat(2) Linux kernel syscall, which is available since 3.19. This is a Linus-specific extension which is not covered by POSIX and does not have any userland libc wrapper. Ref: http://man7.org/linux/man-pages/man2/execveat.2.html
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -41,6 +41,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Added `nix::sys::uio::{process_vm_readv, process_vm_writev}` on Linux
   ([#568](https://github.com/nix-rust/nix/pull/568))
 - Added `nix::unistd::{getgroups, setgroups, getgrouplist, initgroups}`. ([#733](https://github.com/nix-rust/nix/pull/733))
+- Added `nix::unistd::execveat` on Linux and Android.
+  ([#800](https://github.com/nix-rust/nix/pull/800))
 
 ### Changed
 - Renamed existing `ptrace` wrappers to encourage namespacing ([#692](https://github.com/nix-rust/nix/pull/692))
diff --git a/src/unistd.rs b/src/unistd.rs
@@ -644,6 +644,31 @@ pub fn fexecve(fd: RawFd, args: &[CString], env: &[CString]) -> Result<Void> {
     Err(Error::Sys(Errno::last()))
 }
 
+/// Execute program relative to a directory file descriptor (see
+/// [execveat(2)](http://man7.org/linux/man-pages/man2/execveat.2.html)).
+///
+/// The `execveat` function allows for another process to be "called" which will
+/// replace the current process image.  That is, this process becomes the new
+/// command that is run. On success, this function will not return. Instead,
+/// the new program will run until it exits.
+///
+/// This function is similar to `execve`, except that the program to be executed
+/// is referenced as a file descriptor to the base directory plus a path.
+#[cfg(any(target_os = "android", target_os = "linux"))]
+#[inline]
+pub fn execveat(dirfd: RawFd, pathname: &CString, args: &[CString],
+                env: &[CString], flags: super::fcntl::AtFlags) -> Result<Void> {
+    let args_p = to_exec_array(args);
+    let env_p = to_exec_array(env);
+
+    unsafe {
+        libc::syscall(libc::SYS_execveat, dirfd, pathname.as_ptr(),
+                      args_p.as_ptr(), env_p.as_ptr(), flags);
+    };
+
+    Err(Error::Sys(Errno::last()))
+}
+
 /// Daemonize this process by detaching from the controlling terminal (see
 /// [daemon(3)](http://man7.org/linux/man-pages/man3/daemon.3.html)).
 ///
diff --git a/test/test_unistd.rs b/test/test_unistd.rs
@@ -1,5 +1,6 @@
 extern crate tempdir;
 
+use nix::fcntl;
 use nix::unistd::*;
 use nix::unistd::ForkResult::*;
 use nix::sys::wait::*;
@@ -190,7 +191,7 @@ fn test_initgroups() {
 }
 
 macro_rules! execve_test_factory(
-    ($test_name:ident, $syscall:ident, $exe: expr) => (
+    ($test_name:ident, $syscall:ident, $exe: expr $(, $pathname:expr, $flags:expr)*) => (
     #[test]
     fn $test_name() {
         #[allow(unused_variables)]
@@ -211,12 +212,14 @@ macro_rules! execve_test_factory(
                 // exec!
                 $syscall(
                     $exe,
+                    $(&CString::new($pathname).unwrap(), )*
                     &[CString::new(b"".as_ref()).unwrap(),
                       CString::new(b"-c".as_ref()).unwrap(),
                       CString::new(b"echo nix!!! && echo foo=$foo && echo baz=$baz"
                                    .as_ref()).unwrap()],
                     &[CString::new(b"foo=bar".as_ref()).unwrap(),
-                      CString::new(b"baz=quux".as_ref()).unwrap()]).unwrap();
+                      CString::new(b"baz=quux".as_ref()).unwrap()]
+                    $(, $flags)*).unwrap();
             },
             Parent { child } => {
                 // Wait for the child to exit.
@@ -239,16 +242,31 @@ cfg_if!{
     if #[cfg(target_os = "android")] {
         execve_test_factory!(test_execve, execve, &CString::new("/system/bin/sh").unwrap());
         execve_test_factory!(test_fexecve, fexecve, File::open("/system/bin/sh").unwrap().into_raw_fd());
+        execve_test_factory!(test_execveat_empty, execveat, File::open("/system/bin/sh").unwrap().into_raw_fd(),
+                             "", fcntl::AT_EMPTY_PATH);
+        execve_test_factory!(test_execveat_relative, execveat, File::open("/system/bin/").unwrap().into_raw_fd(),
+                             "./sh", fcntl::AtFlags::empty());
+        execve_test_factory!(test_execveat_absolute, execveat, File::open("/").unwrap().into_raw_fd(),
+                             "/system/bin/sh", fcntl::AtFlags::empty());
+    } else if #[cfg(target_os = "linux")] {
+        execve_test_factory!(test_execve, execve, &CString::new("/bin/sh").unwrap());
+        execve_test_factory!(test_fexecve, fexecve, File::open("/bin/sh").unwrap().into_raw_fd());
+        execve_test_factory!(test_execveat_empty, execveat, File::open("/bin/sh").unwrap().into_raw_fd(),
+                             "", fcntl::AT_EMPTY_PATH);
+        execve_test_factory!(test_execveat_relative, execveat, File::open("/bin/").unwrap().into_raw_fd(),
+                             "./sh", fcntl::AtFlags::empty());
+        execve_test_factory!(test_execveat_absolute, execveat, File::open("/").unwrap().into_raw_fd(),
+                             "/bin/sh", fcntl::AtFlags::empty());
     } else if #[cfg(any(target_os = "dragonfly",
                         target_os = "freebsd",
                         target_os = "netbsd",
-                        target_os = "openbsd",
-                        target_os = "linux", ))] {
+                        target_os = "openbsd", ))] {
+        // No execveat() on BSD.
         execve_test_factory!(test_execve, execve, &CString::new("/bin/sh").unwrap());
         execve_test_factory!(test_fexecve, fexecve, File::open("/bin/sh").unwrap().into_raw_fd());
     } else if #[cfg(any(target_os = "ios", target_os = "macos", ))] {
         execve_test_factory!(test_execve, execve, &CString::new("/bin/sh").unwrap());
-        // No fexecve() on macos/ios.
+        // No fexecve() and execveat() on macos/ios.
     }
 }
 
