Here's the updated version that switches from fstatvfs() to fstatfs()
to reuse infrastructure we already have and to correctly check for the fs type.
The logic stays the same:
1. open() O_PATH fd which won't trigger an actual open()
2. fstats() the O_PATH fd and verify that f_type == NSFS_MAGIC
3. build proc path to the O_PATH fd and reopen O_PATH fd with O_RDONLY | O_CLOEXEC
4. perform setns(netns_fd, CLONE_NEWNET) (which will fail on anything else than an actual netns fd
Doing the O_PATH open and then the /proc reopen trick let's us avoid TOCTOU.
Here's the updated version that switches from fstatvfs() to fstatfs()
to reuse infrastructure we already have and to correctly check for the fs type.
The logic stays the same:
1. open() O_PATH fd which won't trigger an actual open()
2. fstats() the O_PATH fd and verify that f_type == NSFS_MAGIC
3. build proc path to the O_PATH fd and reopen O_PATH fd with O_RDONLY | O_CLOEXEC
4. perform setns(netns_fd, CLONE_NEWNET) (which will fail on anything else than an actual netns fd
Doing the O_PATH open and then the /proc reopen trick let's us avoid TOCTOU.