|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #80657 Linux namespace support
Submitted: 2021-01-22 09:39 UTC Modified: -
From: martynas at martynas dot it Assigned:
Status: Open Package: FPM related
PHP Version: Next Minor Version OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2021-01-22 09:39 UTC] martynas at martynas dot it
Current chroot implementation was okay to use years ago, even if it had its own drawbacks.

Things are changing, and it'd be awesome to have linux mount namespaces for the isolation (and maybe some other namespaces). is a nice example.

By using mount namespace + pivot_root after (, mntent.h include from glibc) full paths wouldn't change for the applications, as user homedir (for example /home/user), could be still mounted as /home/user in linux namespace).

In addition to this, /etc/passwd could store just the user details needed.

clone() with CLONE_NEWNS would need to be used instead of fork():

getpid() would need to be replaced with syscall(__NR_getpid) where it's used, because old glibc wrapper for getpid() returns a cached pid invalidated only by fork() calls.

It'd be nice to have it as extensive as example (so that users could specify the environment needed), but a basic implementation would still be way better to have than the current chroot option.


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jul 31 08:01:24 2021 UTC