Blob Blame History Raw
Introduce nat/linux-namespaces.[ch]

From: Gary Benson <gbenson@redhat.com>

This commit introduces new shared files nat/linux-namespaces.[ch]
containing code to support Linux namespaces that will be used by
both GDB and gdbserver.

gdb/ChangeLog:

	* configure.ac (AC_CHECK_FUNCS): Add setns.
	* config.in: Regenerate.
	* configure: Likewise.
	* nat/linux-namespaces.h: New file.
	* nat/linux-namespaces.c: Likewise.
	* Makefile.in (HFILES_NO_SRCDIR): Add nat/linux-namespaces.h.
	(linux-namespaces.o): New rule.
	* config/aarch64/linux.mh (NATDEPFILES): Add linux-namespaces.o.
	* config/alpha/alpha-linux.mh (NATDEPFILES): Likewise.
	* config/arm/linux.mh (NATDEPFILES): Likewise.
	* config/i386/linux.mh (NATDEPFILES): Likewise.
	* config/i386/linux64.mh (NATDEPFILES): Likewise.
	* config/ia64/linux.mh (NATDEPFILES): Likewise.
	* config/m32r/linux.mh (NATDEPFILES): Likewise.
	* config/m68k/linux.mh (NATDEPFILES): Likewise.
	* config/mips/linux.mh (NATDEPFILES): Likewise.
	* config/pa/linux.mh (NATDEPFILES): Likewise.
	* config/powerpc/linux.mh (NATDEPFILES): Likewise.
	* config/powerpc/ppc64-linux.mh (NATDEPFILES): Likewise.
	* config/powerpc/spu-linux.mh (NATDEPFILES): Likewise.
	* config/s390/linux.mh (NATDEPFILES): Likewise.
	* config/sparc/linux.mh (NATDEPFILES): Likewise.
	* config/sparc/linux64.mh (NATDEPFILES): Likewise.
	* config/tilegx/linux.mh (NATDEPFILES): Likewise.
	* config/xtensa/linux.mh (NATDEPFILES): Likewise.

gdb/gdbserver/ChangeLog:

	* configure.ac (AC_CHECK_FUNCS): Add setns.
	* config.in: Regenerate.
	* configure: Likewise.
	* Makefile.in (SFILES): Add nat/linux-namespaces.c.
	(linux-namespaces.o): New rule.
	* configure.srv (srv_linux_obj): Add linux-namespaces.o.
---
 gdb/Makefile.in             |    7 
 gdb/gdbserver/Makefile.in   |    6 
 gdb/gdbserver/config.in     |    3 
 gdb/gdbserver/configure     |    2 
 gdb/gdbserver/configure.ac  |    2 
 gdb/gdbserver/configure.srv |   38 +
 gdb/nat/linux-namespaces.c  | 1093 +++++++++++++++++++++++++++++++++++++++++++
 gdb/nat/linux-namespaces.h  |   78 +++
 8 files changed, 1206 insertions(+), 23 deletions(-)
 create mode 100644 gdb/nat/linux-namespaces.c
 create mode 100644 gdb/nat/linux-namespaces.h

Index: gdb-7.6.1/gdb/Makefile.in
===================================================================
--- gdb-7.6.1.orig/gdb/Makefile.in	2018-05-18 10:55:27.630976775 +0200
+++ gdb-7.6.1/gdb/Makefile.in	2018-05-18 10:55:28.422983192 +0200
@@ -840,7 +840,8 @@
 common/common-utils.h common/xml-utils.h common/buffer.h common/ptid.h \
 common/format.h common/host-defs.h utils.h common/queue.h common/gdb_string.h \
 common/linux-osdata.h gdb-dlfcn.h auto-load.h probe.h stap-probe.h \
-gdb_bfd.h sparc-ravenscar-thread.h ppc-ravenscar-thread.h common/linux-btrace.h
+gdb_bfd.h sparc-ravenscar-thread.h ppc-ravenscar-thread.h common/linux-btrace.h \
+nat/linux-namespaces.h
 
 # Header files that already have srcdir in them, or which are in objdir.
 
@@ -2037,6 +2038,10 @@
 	$(COMPILE) $(srcdir)/common/linux-btrace.c
 	$(POSTCOMPILE)
 
+linux-namespaces.o: ${srcdir}/nat/linux-namespaces.c
+	$(COMPILE) $(srcdir)/nat/linux-namespaces.c
+	$(POSTCOMPILE)
+
 #
 # gdb/tui/ dependencies
 #
Index: gdb-7.6.1/gdb/gdbserver/Makefile.in
===================================================================
--- gdb-7.6.1.orig/gdb/gdbserver/Makefile.in	2018-05-18 10:55:28.251981806 +0200
+++ gdb-7.6.1/gdb/gdbserver/Makefile.in	2018-05-18 10:55:28.422983192 +0200
@@ -155,7 +155,8 @@
 	$(srcdir)/common/vec.c $(srcdir)/common/gdb_vecs.c \
 	$(srcdir)/common/common-utils.c $(srcdir)/common/xml-utils.c \
 	$(srcdir)/common/linux-osdata.c $(srcdir)/common/ptid.c \
-	$(srcdir)/common/buffer.c $(srcdir)/common/linux-btrace.c
+	$(srcdir)/common/buffer.c $(srcdir)/common/linux-btrace.c \
+	$(srcdir)/nat/linux-namespaces.c
 
 DEPFILES = @GDBSERVER_DEPFILES@
 
@@ -568,6 +569,9 @@
 linux-low.o: linux-low.c
 	$(COMPILE) $< @USE_THREAD_DB@
 	$(POSTCOMPILE)
+linux-namespaces.o: ../nat/linux-namespaces.c
+	$(COMPILE) $<
+	$(POSTCOMPILE)
 
 win32_low_h = $(srcdir)/win32-low.h
 
Index: gdb-7.6.1/gdb/gdbserver/config.in
===================================================================
--- gdb-7.6.1.orig/gdb/gdbserver/config.in	2018-05-18 10:55:26.840970375 +0200
+++ gdb-7.6.1/gdb/gdbserver/config.in	2018-05-18 11:00:34.000000000 +0200
@@ -146,12 +146,18 @@
 /* Define to 1 if you have the <selinux/selinux.h> header file. */
 #undef HAVE_SELINUX_SELINUX_H
 
+/* Define to 1 if you have the `setns' function. */
+#undef HAVE_SETNS
+
 /* Define to 1 if you have the <sgtty.h> header file. */
 #undef HAVE_SGTTY_H
 
 /* Define to 1 if you have the <signal.h> header file. */
 #undef HAVE_SIGNAL_H
 
+/* Define to 1 if you have the `socketpair' function. */
+#undef HAVE_SOCKETPAIR
+
 /* Define to 1 if the system has the type `socklen_t'. */
 #undef HAVE_SOCKLEN_T
 
Index: gdb-7.6.1/gdb/gdbserver/configure
===================================================================
--- gdb-7.6.1.orig/gdb/gdbserver/configure	2018-05-18 10:55:26.841970383 +0200
+++ gdb-7.6.1/gdb/gdbserver/configure	2018-05-18 11:00:35.421470381 +0200
@@ -4796,7 +4796,7 @@
 
 done
 
-for ac_func in pread pwrite pread64 readlink
+for ac_func in pread pwrite pread64 readlink socketpair setns
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
Index: gdb-7.6.1/gdb/gdbserver/configure.ac
===================================================================
--- gdb-7.6.1.orig/gdb/gdbserver/configure.ac	2018-05-18 10:55:26.828970278 +0200
+++ gdb-7.6.1/gdb/gdbserver/configure.ac	2018-05-18 11:00:13.703294429 +0200
@@ -70,7 +70,7 @@
 		 sys/ioctl.h netinet/in.h sys/socket.h netdb.h dnl
 		 netinet/tcp.h arpa/inet.h sys/wait.h wait.h sys/un.h dnl
 		 linux/perf_event.h)
-AC_CHECK_FUNCS(pread pwrite pread64 readlink)
+AC_CHECK_FUNCS(pread pwrite pread64 readlink socketpair setns)
 AC_REPLACE_FUNCS(vasprintf vsnprintf)
 
 # Check for UST
Index: gdb-7.6.1/gdb/gdbserver/configure.srv
===================================================================
--- gdb-7.6.1.orig/gdb/gdbserver/configure.srv	2018-05-18 10:55:28.252981814 +0200
+++ gdb-7.6.1/gdb/gdbserver/configure.srv	2018-05-18 10:55:28.424983208 +0200
@@ -45,7 +45,7 @@
   aarch64*-*-linux*)
 			srv_regobj="aarch64.o aarch64-without-fpu.o"
 			srv_tgtobj="linux-aarch64-low.o"
-			srv_tgtobj="${srv_tgtobj} linux-low.o"
+			srv_tgtobj="${srv_tgtobj} linux-low.o linux-namespaces.o"
 			srv_tgtobj="${srv_tgtobj} linux-osdata.o"
 			srv_tgtobj="${srv_tgtobj} linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
@@ -61,7 +61,7 @@
 			srv_regobj="${srv_regobj} arm-with-vfpv2.o"
 			srv_regobj="${srv_regobj} arm-with-vfpv3.o"
 			srv_regobj="${srv_regobj} arm-with-neon.o"
-			srv_tgtobj="linux-low.o linux-osdata.o linux-arm-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-arm-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_xmlfiles="arm-with-iwmmxt.xml"
 			srv_xmlfiles="${srv_xmlfiles} arm-with-vfpv2.xml"
@@ -84,19 +84,19 @@
 			srv_mingwce=yes
 			;;
   bfin-*-*linux*)	srv_regobj=reg-bfin.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-bfin-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-bfin-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_thread_db=yes
 			;;
   crisv32-*-linux*)	srv_regobj=reg-crisv32.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-crisv32-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-crisv32-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_regsets=yes
 			srv_linux_thread_db=yes
 			;;
   cris-*-linux*)	srv_regobj=reg-cris.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-cris-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-cris-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_thread_db=yes
@@ -111,7 +111,7 @@
 			    srv_regobj="$srv_regobj $srv_amd64_linux_regobj"
 			    srv_xmlfiles="${srv_xmlfiles} $srv_amd64_linux_xmlfiles"
 			fi
-			srv_tgtobj="linux-low.o linux-osdata.o linux-x86-low.o i386-low.o i387-fp.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-x86-low.o i386-low.o i387-fp.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o linux-btrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_regsets=yes
@@ -147,12 +147,12 @@
 			srv_qnx="yes"
 			;;
   ia64-*-linux*)	srv_regobj=reg-ia64.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-ia64-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-ia64-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			;;
   m32r*-*-linux*)	srv_regobj=reg-m32r.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-m32r-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-m32r-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
  			srv_linux_thread_db=yes
@@ -162,7 +162,7 @@
                         else
                           srv_regobj=reg-m68k.o
                         fi
-			srv_tgtobj="linux-low.o linux-osdata.o linux-m68k-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-m68k-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_regsets=yes
@@ -173,7 +173,7 @@
                         else
                           srv_regobj=reg-m68k.o
                         fi
-			srv_tgtobj="linux-low.o linux-osdata.o linux-m68k-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-m68k-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_regsets=yes
@@ -183,7 +183,7 @@
 			srv_regobj="${srv_regobj} mips-dsp-linux.o"
 			srv_regobj="${srv_regobj} mips64-linux.o"
 			srv_regobj="${srv_regobj} mips64-dsp-linux.o"
-			srv_tgtobj="linux-low.o linux-osdata.o linux-mips-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-mips-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_xmlfiles="mips-linux.xml"
 			srv_xmlfiles="${srv_xmlfiles} mips-dsp-linux.xml"
@@ -216,7 +216,7 @@
 			srv_regobj="${srv_regobj} powerpc-isa205-64l.o"
 			srv_regobj="${srv_regobj} powerpc-isa205-altivec64l.o"
 			srv_regobj="${srv_regobj} powerpc-isa205-vsx64l.o"
-			srv_tgtobj="linux-low.o linux-osdata.o linux-ppc-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-ppc-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_xmlfiles="rs6000/powerpc-32l.xml"
 			srv_xmlfiles="${srv_xmlfiles} rs6000/powerpc-altivec32l.xml"
@@ -268,7 +268,7 @@
 			srv_regobj="${srv_regobj} s390x-te-linux64.o"
 			srv_regobj="${srv_regobj} s390x-vx-linux64.o"
 			srv_regobj="${srv_regobj} s390x-tevx-linux64.o"
-			srv_tgtobj="linux-low.o linux-osdata.o linux-s390-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-s390-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_xmlfiles="s390-linux32.xml"
 			srv_xmlfiles="${srv_xmlfiles} s390-linux32v1.xml"
@@ -297,14 +297,14 @@
 			srv_linux_thread_db=yes
 			;;
   sh*-*-linux*)		srv_regobj=reg-sh.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-sh-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-sh-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_usrregs=yes
 			srv_linux_regsets=yes
 			srv_linux_thread_db=yes
 			;;
   sparc*-*-linux*)	srv_regobj=reg-sparc64.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-sparc-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-sparc-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_regsets=yes
 			srv_linux_thread_db=yes
@@ -321,14 +321,14 @@
 			srv_xmlfiles="${srv_xmlfiles} tic6x-core.xml"
 			srv_xmlfiles="${srv_xmlfiles} tic6x-gp.xml"
 			srv_xmlfiles="${srv_xmlfiles} tic6x-c6xp.xml"
-  			srv_tgtobj="linux-low.o linux-osdata.o linux-tic6x-low.o linux-procfs.o"
+  			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-tic6x-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_regsets=yes
 			srv_linux_usrregs=yes
 			srv_linux_thread_db=yes
 			;;
   x86_64-*-linux*)	srv_regobj="$srv_amd64_linux_regobj $srv_i386_linux_regobj"
-			srv_tgtobj="linux-low.o linux-osdata.o linux-x86-low.o i386-low.o i387-fp.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-x86-low.o i386-low.o i387-fp.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o linux-btrace.o"
 			srv_xmlfiles="$srv_i386_linux_xmlfiles $srv_amd64_linux_xmlfiles"
 			srv_linux_usrregs=yes # This is for i386 progs.
@@ -348,13 +348,13 @@
 			;;
 
   xtensa*-*-linux*)	srv_regobj=reg-xtensa.o
-			srv_tgtobj="linux-low.o linux-osdata.o linux-xtensa-low.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-osdata.o linux-xtensa-low.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_regsets=yes
 			;;
   tilegx-*-linux*)	srv_regobj=reg-tilegx.o
 			srv_regobj="${srv_regobj} reg-tilegx32.o"
-			srv_tgtobj="linux-low.o linux-tile-low.o linux-osdata.o linux-procfs.o"
+			srv_tgtobj="linux-low.o linux-namespaces.o linux-tile-low.o linux-osdata.o linux-procfs.o"
 			srv_tgtobj="${srv_tgtobj} linux-ptrace.o"
 			srv_linux_regsets=yes
 			srv_linux_thread_db=yes
Index: gdb-7.6.1/gdb/nat/linux-namespaces.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ gdb-7.6.1/gdb/nat/linux-namespaces.c	2018-05-18 10:55:28.424983208 +0200
@@ -0,0 +1,1093 @@
+/* Linux namespaces(7) support.
+
+   Copyright (C) 2015 Free Software Foundation, Inc.
+
+   This file is part of GDB.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include "server.h"
+//#include "common-defs.h"
+#include "../nat/linux-namespaces.h"
+//#include "filestuff.h"
+#include <limits.h>
+#define debug_printf(x...) do { } while (0)
+#define internal_warning(file, line, x...) warning(x)
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <sched.h>
+
+/* See nat/linux-namespaces.h.  */
+int debug_linux_namespaces;
+
+/* Handle systems without setns.  */
+
+#ifndef HAVE_SETNS
+static int
+setns (int fd, int nstype)
+{
+#ifdef __NR_setns
+  return syscall (__NR_setns, fd, nstype);
+#else
+  errno = ENOSYS;
+  return -1;
+#endif
+}
+#endif
+
+/* A Linux namespace.  */
+
+struct linux_ns
+{
+  /* Filename of this namespace's entries in /proc/PID/ns.  */
+  const char *filename;
+
+  /* Nonzero if this object has been initialized.  */
+  int initialized;
+
+  /* Nonzero if this namespace is supported on this system.  */
+  int supported;
+
+  /* ID of the namespace the calling process is in, used to
+     see if other processes share the namespace.  The code in
+     this file assumes that the calling process never changes
+     namespace.  */
+  ino_t id;
+};
+
+/* Return the absolute filename of process PID's /proc/PID/ns
+   entry for namespace NS.  The returned value persists until
+   this function is next called.  */
+
+static const char *
+linux_ns_filename (struct linux_ns *ns, int pid)
+{
+  static char filename[PATH_MAX];
+
+  gdb_assert (pid > 0);
+  xsnprintf (filename, sizeof (filename), "/proc/%d/ns/%s", pid,
+	     ns->filename);
+
+  return filename;
+}
+
+/* Return a representation of the caller's TYPE namespace, or
+   NULL if TYPE namespaces are not supported on this system.  */
+
+static struct linux_ns *
+linux_ns_get_namespace (enum linux_ns_type type)
+{
+  static struct linux_ns namespaces[NUM_LINUX_NS_TYPES] =
+    {
+      { "ipc" },
+      { "mnt" },
+      { "net" },
+      { "pid" },
+      { "user" },
+      { "uts" },
+    };
+  struct linux_ns *ns;
+
+  gdb_assert (type >= 0 && type < NUM_LINUX_NS_TYPES);
+  ns = &namespaces[type];
+
+  if (!ns->initialized)
+    {
+      struct stat sb;
+
+      if (stat (linux_ns_filename (ns, getpid ()), &sb) == 0)
+	{
+	  ns->id = sb.st_ino;
+
+	  ns->supported = 1;
+	}
+
+      ns->initialized = 1;
+    }
+
+  return ns->supported ? ns : NULL;
+}
+
+/* See nat/linux-namespaces.h.  */
+
+int
+linux_ns_same (pid_t pid, enum linux_ns_type type)
+{
+  struct linux_ns *ns = linux_ns_get_namespace (type);
+  const char *filename;
+  struct stat sb;
+
+  /* If the kernel does not support TYPE namespaces then there's
+     effectively only one TYPE namespace that all processes on
+     the system share.  */
+  if (ns == NULL)
+    return 1;
+
+  /* Stat PID's TYPE namespace entry to get the namespace ID.  This
+     might fail if the process died, or if we don't have the right
+     permissions (though we should be attached by this time so this
+     seems unlikely).  In any event, we can't make any decisions and
+     must throw.  */
+  filename = linux_ns_filename (ns, pid);
+  if (stat (filename, &sb) != 0)
+    perror_with_name (filename);
+
+  return sb.st_ino == ns->id;
+}
+
+/* We need to use setns(2) to handle filesystem access in mount
+   namespaces other than our own, but this isn't permitted for
+   multithreaded processes.  GDB is multithreaded when compiled
+   with Guile support, and may become multithreaded if compiled
+   with Python support.  We deal with this by spawning a single-
+   threaded helper process to access mount namespaces other than
+   our own.
+
+   The helper process is started the first time a call to setns
+   is required.  The main process (GDB or gdbserver) communicates
+   with the helper via sockets, passing file descriptors where
+   necessary using SCM_RIGHTS.  Once started the helper process
+   runs until the main process terminates; when this happens the
+   helper will receive socket errors, notice that its parent died,
+   and exit accordingly (see mnsh_maybe_mourn_peer).
+
+   The protocol is that the main process sends a request in a
+   single message, and the helper replies to every message it
+   receives with a single-message response.  If the helper
+   receives a message it does not understand it will reply with
+   a MNSH_MSG_ERROR message.  The main process checks all
+   responses it receives with gdb_assert, so if the main process
+   receives something unexpected (which includes MNSH_MSG_ERROR)
+   the main process will call internal_error.
+
+   For avoidance of doubt, if the helper process receives a
+   message it doesn't handle it will reply with MNSH_MSG_ERROR.
+   If the main process receives MNSH_MSG_ERROR at any time then
+   it will call internal_error.  If internal_error causes the
+   main process to exit, the helper will notice this and also
+   exit.  The helper will not exit until the main process
+   terminates, so if the user continues through internal_error
+   the helper will still be there awaiting requests from the
+   main process.
+
+   Messages in both directions have the following payload:
+
+   - TYPE (enum mnsh_msg_type, always sent) - the message type.
+   - INT1 and
+   - INT2 (int, always sent, though not always used) - two
+           values whose meaning is message-type-dependent.
+	   See enum mnsh_msg_type documentation below.
+   - FD (int, optional, sent using SCM_RIGHTS) - an open file
+         descriptor.
+   - BUF (unstructured data, optional) - some data with message-
+          type-dependent meaning.
+
+   Note that the helper process is the child of a call to fork,
+   so all code in the helper must be async-signal-safe.  */
+
+/* Mount namespace helper message types.  */
+
+enum mnsh_msg_type
+  {
+    /* A communication error occurred.  Receipt of this message
+       by either end will cause an assertion failure in the main
+       process.  */
+    MNSH_MSG_ERROR,
+
+    /* Requests, sent from the main process to the helper.  */
+
+    /* A request that the helper call setns.  Arguments should
+       be passed in FD and INT1.  Helper should respond with a
+       MNSH_RET_INT.  */
+    MNSH_REQ_SETNS,
+
+    /* A request that the helper call open.  Arguments should
+       be passed in BUF, INT1 and INT2.  The filename (in BUF)
+       should include a terminating NUL character.  The helper
+       should respond with a MNSH_RET_FD.  */
+    MNSH_REQ_OPEN,
+
+    /* A request that the helper call unlink.  The single
+       argument (the filename) should be passed in BUF, and
+       should include a terminating NUL character.  The helper
+       should respond with a MNSH_RET_INT.  */
+    MNSH_REQ_UNLINK,
+
+    /* A request that the helper call readlink.  The single
+       argument (the filename) should be passed in BUF, and
+       should include a terminating NUL character.  The helper
+       should respond with a MNSH_RET_INTSTR.  */
+    MNSH_REQ_READLINK,
+
+    /* Responses, sent to the main process from the helper.  */
+
+    /* Return an integer in INT1 and errno in INT2.  */
+    MNSH_RET_INT,
+
+    /* Return a file descriptor in FD if one was opened or an
+       integer in INT1 otherwise.  Return errno in INT2.  */
+    MNSH_RET_FD,
+
+    /* Return an integer in INT1, errno in INT2, and optionally
+       some data in BUF.  */
+    MNSH_RET_INTSTR,
+  };
+
+/* Print a string representation of a message using debug_printf.
+   This function is not async-signal-safe so should never be
+   called from the helper.  */
+
+static void
+mnsh_debug_print_message (enum mnsh_msg_type type,
+			  int fd, int int1, int int2,
+			  const void *buf, int bufsiz)
+{
+  gdb_byte *c = (gdb_byte *) buf;
+  gdb_byte *cl = c + bufsiz;
+
+  switch (type)
+    {
+    case MNSH_MSG_ERROR:
+      debug_printf ("ERROR");
+      break;
+
+    case MNSH_REQ_SETNS:
+      debug_printf ("SETNS");
+      break;
+
+    case MNSH_REQ_OPEN:
+      debug_printf ("OPEN");
+      break;
+
+    case MNSH_REQ_UNLINK:
+      debug_printf ("UNLINK");
+      break;
+
+    case MNSH_REQ_READLINK:
+      debug_printf ("READLINK");
+      break;
+
+    case MNSH_RET_INT:
+      debug_printf ("INT");
+      break;
+
+    case MNSH_RET_FD:
+      debug_printf ("FD");
+      break;
+
+    case MNSH_RET_INTSTR:
+      debug_printf ("INTSTR");
+      break;
+
+    default:
+      debug_printf ("unknown-packet-%d", type);
+    }
+
+  debug_printf (" %d %d %d \"", fd, int1, int2);
+
+  for (; c < cl; c++)
+    debug_printf (*c >= ' ' && *c <= '~' ? "%c" : "\\%o", *c);
+
+  debug_printf ("\"");
+}
+
+/* Forward declaration.  */
+
+static void mnsh_maybe_mourn_peer (void);
+
+/* Send a message.  The argument SOCK is the file descriptor of the
+   sending socket, the other arguments are the payload to send.
+   Return the number of bytes sent on success.  Return -1 on failure
+   and set errno appropriately.  This function is called by both the
+   main process and the helper so must be async-signal-safe.  */
+
+static ssize_t
+mnsh_send_message (int sock, enum mnsh_msg_type type,
+		   int fd, int int1, int int2,
+		   const void *buf, int bufsiz)
+{
+  struct msghdr msg;
+  struct iovec iov[4];
+  char fdbuf[CMSG_SPACE (sizeof (fd))];
+  ssize_t size;
+
+  /* Build the basic TYPE, INT1, INT2 message.  */
+  memset (&msg, 0, sizeof (msg));
+  msg.msg_iov = iov;
+
+  iov[0].iov_base = &type;
+  iov[0].iov_len = sizeof (type);
+  iov[1].iov_base = &int1;
+  iov[1].iov_len = sizeof (int1);
+  iov[2].iov_base = &int2;
+  iov[2].iov_len = sizeof (int2);
+
+  msg.msg_iovlen = 3;
+
+  /* Append BUF if supplied.  */
+  if (buf != NULL && bufsiz > 0)
+    {
+      iov[3].iov_base = alloca (bufsiz);
+      memcpy (iov[3].iov_base, buf, bufsiz);
+      iov[3].iov_len = bufsiz;
+
+      msg.msg_iovlen ++;
+    }
+
+  /* Attach FD if supplied.  */
+  if (fd >= 0)
+    {
+      struct cmsghdr *cmsg;
+
+      msg.msg_control = fdbuf;
+      msg.msg_controllen = sizeof (fdbuf);
+
+      cmsg = CMSG_FIRSTHDR (&msg);
+      cmsg->cmsg_level = SOL_SOCKET;
+      cmsg->cmsg_type = SCM_RIGHTS;
+      cmsg->cmsg_len = CMSG_LEN (sizeof (int));
+
+      memcpy (CMSG_DATA (cmsg), &fd, sizeof (int));
+
+      msg.msg_controllen = cmsg->cmsg_len;
+    }
+
+  /* Send the message.  */
+  size = sendmsg (sock, &msg, 0);
+
+  if (size < 0)
+    mnsh_maybe_mourn_peer ();
+
+  if (debug_linux_namespaces)
+    {
+      debug_printf ("mnsh: send: ");
+      mnsh_debug_print_message (type, fd, int1, int2, buf, bufsiz);
+      debug_printf (" -> %ld\n", size);
+    }
+
+  return size;
+}
+
+/* Receive a message.  The argument SOCK is the file descriptor of
+   the receiving socket, the other arguments point to storage for
+   the received payload.  Returns the number of bytes stored into
+   BUF on success, which may be zero in the event no BUF was sent.
+   Return -1 on failure and set errno appropriately.  This function
+   is called from both the main process and the helper and must be
+   async-signal-safe.  */
+
+static ssize_t
+mnsh_recv_message (int sock, enum mnsh_msg_type *type,
+		   int *fd, int *int1, int *int2,
+		   void *buf, int bufsiz)
+{
+  struct msghdr msg;
+  struct iovec iov[4];
+  char fdbuf[CMSG_SPACE (sizeof (*fd))];
+  struct cmsghdr *cmsg;
+  ssize_t size, fixed_size;
+  int i;
+
+  /* Build the message to receive data into.  */
+  memset (&msg, 0, sizeof (msg));
+  msg.msg_iov = iov;
+
+  iov[0].iov_base = type;
+  iov[0].iov_len = sizeof (*type);
+  iov[1].iov_base = int1;
+  iov[1].iov_len = sizeof (*int1);
+  iov[2].iov_base = int2;
+  iov[2].iov_len = sizeof (*int2);
+  iov[3].iov_base = buf;
+  iov[3].iov_len = bufsiz;
+
+  msg.msg_iovlen = 4;
+
+  for (fixed_size = i = 0; i < msg.msg_iovlen - 1; i++)
+    fixed_size += iov[i].iov_len;
+
+  msg.msg_control = fdbuf;
+  msg.msg_controllen = sizeof (fdbuf);
+
+  /* Receive the message.  */
+  size = recvmsg (sock, &msg, MSG_CMSG_CLOEXEC);
+  if (size < 0)
+    {
+      if (debug_linux_namespaces)
+	debug_printf ("namespace-helper: recv failed (%ld)\n", size);
+
+      mnsh_maybe_mourn_peer ();
+
+      return size;
+    }
+
+  /* Check for truncation.  */
+  if (size < fixed_size || (msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC)))
+    {
+      if (debug_linux_namespaces)
+	debug_printf ("namespace-helper: recv truncated (%ld 0x%x)\n",
+		      size, msg.msg_flags);
+
+      mnsh_maybe_mourn_peer ();
+
+      errno = EBADMSG;
+      return -1;
+    }
+
+  /* Unpack the file descriptor if supplied.  */
+  cmsg = CMSG_FIRSTHDR (&msg);
+  if (cmsg != NULL
+      && cmsg->cmsg_len == CMSG_LEN (sizeof (int))
+      && cmsg->cmsg_level == SOL_SOCKET
+      && cmsg->cmsg_type == SCM_RIGHTS)
+    memcpy (fd, CMSG_DATA (cmsg), sizeof (int));
+  else
+    *fd = -1;
+
+  if (debug_linux_namespaces)
+    {
+      debug_printf ("mnsh: recv: ");
+      mnsh_debug_print_message (*type, *fd, *int1, *int2, buf,
+				size - fixed_size);
+      debug_printf ("\n");
+    }
+
+  /* Return the number of bytes of data in BUF.  */
+  return size - fixed_size;
+}
+
+/* Shortcuts for returning results from the helper.  */
+
+#define mnsh_return_int(sock, result, error) \
+  mnsh_send_message (sock, MNSH_RET_INT, -1, result, error, NULL, 0)
+
+#define mnsh_return_fd(sock, fd, error) \
+  mnsh_send_message (sock, MNSH_RET_FD, \
+		     (fd) < 0 ? -1 : (fd), \
+		     (fd) < 0 ? (fd) : 0, \
+		     error, NULL, 0)
+
+#define mnsh_return_intstr(sock, result, buf, bufsiz, error) \
+  mnsh_send_message (sock, MNSH_RET_INTSTR, -1, result, error, \
+		     buf, bufsiz)
+
+/* Handle a MNSH_REQ_SETNS message.  Must be async-signal-safe.  */
+
+static ssize_t
+mnsh_handle_setns (int sock, int fd, int nstype)
+{
+  int result = setns (fd, nstype);
+
+  return mnsh_return_int (sock, result, errno);
+}
+
+/* See filestuff.h.  */
+
+int
+gdb_open_cloexec (const char *filename, int flags, unsigned long mode)
+{
+  int fd = open (filename, flags | O_CLOEXEC, mode);
+
+//  if (fd >= 0)
+//    maybe_mark_cloexec (fd);
+
+  return fd;
+}
+
+/* Handle a MNSH_REQ_OPEN message.  Must be async-signal-safe.  */
+
+static ssize_t
+mnsh_handle_open (int sock, const char *filename,
+		  int flags, mode_t mode)
+{
+  int fd = gdb_open_cloexec (filename, flags, mode);
+  ssize_t result = mnsh_return_fd (sock, fd, errno);
+
+  if (fd >= 0)
+    close (fd);
+
+  return result;
+}
+
+/* Handle a MNSH_REQ_UNLINK message.  Must be async-signal-safe.  */
+
+static ssize_t
+mnsh_handle_unlink (int sock, const char *filename)
+{
+  int result = unlink (filename);
+
+  return mnsh_return_int (sock, result, errno);
+}
+
+/* Handle a MNSH_REQ_READLINK message.  Must be async-signal-safe.  */
+
+static ssize_t
+mnsh_handle_readlink (int sock, const char *filename)
+{
+  char buf[PATH_MAX];
+  int len = readlink (filename, buf, sizeof (buf));
+
+  return mnsh_return_intstr (sock, len,
+			     buf, len < 0 ? 0 : len,
+			     errno);
+}
+
+/* The helper process.  Never returns.  Must be async-signal-safe.  */
+
+static void mnsh_main (int sock) ATTRIBUTE_NORETURN;
+
+static void
+mnsh_main (int sock)
+{
+  while (1)
+    {
+      enum mnsh_msg_type type;
+      int fd, int1, int2;
+      char buf[PATH_MAX];
+      ssize_t size, response = -1;
+
+      size = mnsh_recv_message (sock, &type,
+				&fd, &int1, &int2,
+				buf, sizeof (buf));
+
+      if (size >= 0 && size < sizeof (buf))
+	{
+	  switch (type)
+	    {
+	    case MNSH_REQ_SETNS:
+	      if (fd > 0)
+		response = mnsh_handle_setns (sock, fd, int1);
+	      break;
+
+	    case MNSH_REQ_OPEN:
+	      if (size > 0 && buf[size - 1] == '\0')
+		response = mnsh_handle_open (sock, buf, int1, int2);
+	      break;
+
+	    case MNSH_REQ_UNLINK:
+	      if (size > 0 && buf[size - 1] == '\0')
+		response = mnsh_handle_unlink (sock, buf);
+	      break;
+
+	    case MNSH_REQ_READLINK:
+	      if (size > 0 && buf[size - 1] == '\0')
+		response = mnsh_handle_readlink (sock, buf);
+	      break;
+
+	    default:
+	      break; /* Handled below.  */
+	    }
+	}
+
+      /* Close any file descriptors we were passed.  */
+      if (fd >= 0)
+	close (fd);
+
+      /* Can't handle this message, bounce it back.  */
+      if (response < 0)
+	{
+	  if (size < 0)
+	    size = 0;
+
+	  mnsh_send_message (sock, MNSH_MSG_ERROR,
+			     -1, int1, int2, buf, size);
+	}
+    }
+}
+
+/* The mount namespace helper process.  */
+
+struct linux_mnsh
+{
+  /* PID of helper.  */
+  pid_t pid;
+
+  /* Socket for communication.  */
+  int sock;
+
+  /* ID of the mount namespace the helper is currently in.  */
+  ino_t nsid;
+};
+
+/* In the helper process this is set to the PID of the process that
+   created the helper (i.e. GDB or gdbserver).  In the main process
+   this is set to zero.  Used by mnsh_maybe_mourn_peer.  */
+static int mnsh_creator_pid = 0;
+
+/* See filestuff.h.  */
+
+int
+gdb_socketpair_cloexec (int domain, int style, int protocol,
+                        int filedes[2])
+{
+#ifdef HAVE_SOCKETPAIR
+  int result = socketpair (domain, style | SOCK_CLOEXEC, protocol, filedes);
+
+  if (result != -1)
+    {
+//      socket_mark_cloexec (filedes[0]);
+//      socket_mark_cloexec (filedes[1]);
+    }
+
+  return result;
+#else
+  gdb_assert_not_reached (_("socketpair not available on this host"));
+#endif
+}
+
+/* Return an object representing the mount namespace helper process.
+   If no mount namespace helper process has been started then start
+   one.  Return NULL if no mount namespace helper process could be
+   started.  */
+
+static struct linux_mnsh *
+linux_mntns_get_helper (void)
+{
+  static struct linux_mnsh *helper = NULL;
+
+  if (helper == NULL)
+    {
+      static struct linux_mnsh h;
+      struct linux_ns *ns;
+      pid_t helper_creator = getpid ();
+      int sv[2];
+
+      ns = linux_ns_get_namespace (LINUX_NS_MNT);
+      if (ns == NULL)
+	return NULL;
+
+      if (gdb_socketpair_cloexec (AF_UNIX, SOCK_STREAM, 0, sv) < 0)
+	return NULL;
+
+      h.pid = fork ();
+      if (h.pid < 0)
+	{
+	  int saved_errno = errno;
+
+	  close (sv[0]);
+	  close (sv[1]);
+
+	  errno = saved_errno;
+	  return NULL;
+	}
+
+      if (h.pid == 0)
+	{
+	  /* Child process.  */
+	  close (sv[0]);
+
+	  mnsh_creator_pid = helper_creator;
+
+	  /* Debug printing isn't async-signal-safe.  */
+	  debug_linux_namespaces = 0;
+
+	  mnsh_main (sv[1]);
+	}
+
+      /* Parent process.  */
+      close (sv[1]);
+
+      helper = &h;
+      helper->sock = sv[0];
+      helper->nsid = ns->id;
+
+      if (debug_linux_namespaces)
+	debug_printf ("Started mount namespace helper process %d\n",
+		      helper->pid);
+    }
+
+  return helper;
+}
+
+/* Check whether the other process died and act accordingly.  Called
+   whenever a socket error occurs, from both the main process and the
+   helper.  Must be async-signal-safe when called from the helper.  */
+
+static void
+mnsh_maybe_mourn_peer (void)
+{
+  if (mnsh_creator_pid != 0)
+    {
+      /* We're in the helper.  Check if our current parent is the
+	 process that started us.  If it isn't, then our original
+	 parent died and we've been reparented.  Exit immediately
+	 if that's the case.  */
+      if (getppid () != mnsh_creator_pid)
+	_exit (0);
+    }
+  else
+    {
+      /* We're in the main process.  */
+
+      struct linux_mnsh *helper = linux_mntns_get_helper ();
+      int status;
+      pid_t pid;
+
+      if (helper->pid < 0)
+	{
+	  /* We already mourned it.  */
+	  return;
+	}
+
+      pid = waitpid (helper->pid, &status, WNOHANG);
+      if (pid == 0)
+	{
+	  /* The helper is still alive.  */
+	  return;
+	}
+      else if (pid == -1)
+	{
+	  if (errno == ECHILD)
+	    warning (_("mount namespace helper vanished?"));
+	  else
+	    internal_warning (__FILE__, __LINE__,
+			      _("unhandled error %d"), errno);
+	}
+      else if (pid == helper->pid)
+	{
+	  if (WIFEXITED (status))
+	    warning (_("mount namespace helper exited with status %d"),
+		     WEXITSTATUS (status));
+	  else if (WIFSIGNALED (status))
+	    warning (_("mount namespace helper killed by signal %d"),
+		     WTERMSIG (status));
+	  else
+	    internal_warning (__FILE__, __LINE__,
+			      _("unhandled status %d"), status);
+	}
+      else
+	internal_warning (__FILE__, __LINE__,
+			  _("unknown pid %d"), pid);
+
+      /* Something unrecoverable happened.  */
+      helper->pid = -1;
+    }
+}
+
+/* Shortcuts for sending messages to the helper.  */
+
+#define mnsh_send_setns(helper, fd, nstype) \
+  mnsh_send_message (helper->sock, MNSH_REQ_SETNS, fd, nstype, 0, \
+		     NULL, 0)
+
+#define mnsh_send_open(helper, filename, flags, mode) \
+  mnsh_send_message (helper->sock, MNSH_REQ_OPEN, -1, flags, mode, \
+    		     filename, strlen (filename) + 1)
+
+#define mnsh_send_unlink(helper, filename) \
+  mnsh_send_message (helper->sock, MNSH_REQ_UNLINK, -1, 0, 0, \
+    		     filename, strlen (filename) + 1)
+
+#define mnsh_send_readlink(helper, filename) \
+  mnsh_send_message (helper->sock, MNSH_REQ_READLINK, -1, 0, 0, \
+    		     filename, strlen (filename) + 1)
+
+/* Receive a message from the helper.  Issue an assertion failure if
+   the message isn't a correctly-formatted MNSH_RET_INT.  Set RESULT
+   and ERROR and return 0 on success.  Set errno and return -1 on
+   failure.  */
+
+static int
+mnsh_recv_int (struct linux_mnsh *helper, int *result, int *error)
+{
+  enum mnsh_msg_type type;
+  char buf[PATH_MAX];
+  ssize_t size;
+  int fd;
+
+  size = mnsh_recv_message (helper->sock, &type, &fd,
+			    result, error,
+			    buf, sizeof (buf));
+  if (size < 0)
+    return -1;
+
+  gdb_assert (type == MNSH_RET_INT);
+  gdb_assert (fd == -1);
+  gdb_assert (size == 0);
+
+  return 0;
+}
+
+/* Receive a message from the helper.  Issue an assertion failure if
+   the message isn't a correctly-formatted MNSH_RET_FD.  Set FD and
+   ERROR and return 0 on success.  Set errno and return -1 on
+   failure.  */
+
+static int
+mnsh_recv_fd (struct linux_mnsh *helper, int *fd, int *error)
+{
+  enum mnsh_msg_type type;
+  char buf[PATH_MAX];
+  ssize_t size;
+  int result;
+
+  size = mnsh_recv_message (helper->sock, &type, fd,
+			    &result, error,
+			    buf, sizeof (buf));
+  if (size < 0)
+    return -1;
+
+  gdb_assert (type == MNSH_RET_FD);
+  gdb_assert (size == 0);
+
+  if (*fd < 0)
+    {
+      gdb_assert (result < 0);
+      *fd = result;
+    }
+
+  return 0;
+}
+
+/* Receive a message from the helper.  Issue an assertion failure if
+   the message isn't a correctly-formatted MNSH_RET_INTSTR.  Set
+   RESULT and ERROR and optionally store data in BUF, then return
+   the number of bytes stored in BUF on success (this may be zero).
+   Set errno and return -1 on error.  */
+
+static ssize_t
+mnsh_recv_intstr (struct linux_mnsh *helper,
+		  int *result, int *error,
+		  void *buf, int bufsiz)
+{
+  enum mnsh_msg_type type;
+  ssize_t size;
+  int fd;
+
+  size = mnsh_recv_message (helper->sock, &type, &fd,
+			    result, error,
+			    buf, bufsiz);
+
+  if (size < 0)
+    return -1;
+
+  gdb_assert (type == MNSH_RET_INTSTR);
+  gdb_assert (fd == -1);
+
+  return size;
+}
+
+/* Return values for linux_mntns_access_fs.  */
+
+enum mnsh_fs_code
+  {
+    /* Something went wrong, errno is set.  */
+    MNSH_FS_ERROR = -1,
+
+    /* The main process is in the correct mount namespace.
+       The caller should access the filesystem directly.  */
+    MNSH_FS_DIRECT,
+
+    /* The helper is in the correct mount namespace.
+       The caller should access the filesystem via the helper.  */
+    MNSH_FS_HELPER
+  };
+
+/* Return a value indicating how the caller should access the
+   mount namespace of process PID.  */
+
+static enum mnsh_fs_code
+linux_mntns_access_fs (pid_t pid)
+{
+//  struct cleanup *old_chain;
+  struct linux_ns *ns;
+  struct stat sb;
+  struct linux_mnsh *helper;
+  ssize_t size;
+  int fd, saved_errno;
+
+  if (pid == getpid ())
+    return MNSH_FS_DIRECT;
+
+  ns = linux_ns_get_namespace (LINUX_NS_MNT);
+  if (ns == NULL)
+    return MNSH_FS_DIRECT;
+
+//  old_chain = make_cleanup (null_cleanup, NULL);
+
+  fd = gdb_open_cloexec (linux_ns_filename (ns, pid), O_RDONLY, 0);
+  if (fd < 0)
+    goto error_nofd;
+
+//  old_chain = make_cleanup_close (fd);
+
+  if (fstat (fd, &sb) != 0)
+    goto error;
+
+  if (sb.st_ino == ns->id)
+    {
+//      do_cleanups (old_chain);
+close (fd);
+
+      return MNSH_FS_DIRECT;
+    }
+
+  helper = linux_mntns_get_helper ();
+  if (helper == NULL)
+    goto error;
+
+  if (sb.st_ino != helper->nsid)
+    {
+      int result, error;
+
+      size = mnsh_send_setns (helper, fd, 0);
+      if (size < 0)
+	goto error;
+
+      if (mnsh_recv_int (helper, &result, &error) != 0)
+	goto error;
+
+      if (result != 0)
+	{
+	  /* ENOSYS indicates that an entire function is unsupported
+	     (it's not appropriate for our versions of open/unlink/
+	     readlink to sometimes return with ENOSYS depending on how
+	     they're called) so we convert ENOSYS to ENOTSUP if setns
+	     fails.  */
+	  if (error == ENOSYS)
+	    error = ENOTSUP;
+
+	  errno = error;
+	  goto error;
+	}
+
+      helper->nsid = sb.st_ino;
+    }
+
+//  do_cleanups (old_chain);
+close (fd);
+
+  return MNSH_FS_HELPER;
+
+error:
+  saved_errno = errno;
+
+//  do_cleanups (old_chain);
+close (fd);
+
+  errno = saved_errno;
+error_nofd:
+  return MNSH_FS_ERROR;
+}
+
+/* See nat/linux-namespaces.h.  */
+
+int
+linux_mntns_open_cloexec (pid_t pid, const char *filename,
+			  int flags, mode_t mode)
+{
+  enum mnsh_fs_code access = linux_mntns_access_fs (pid);
+  struct linux_mnsh *helper;
+  int fd, error;
+  ssize_t size;
+
+  if (access == MNSH_FS_ERROR)
+    return -1;
+
+  if (access == MNSH_FS_DIRECT)
+    return gdb_open_cloexec (filename, flags, mode);
+
+  gdb_assert (access == MNSH_FS_HELPER);
+
+  helper = linux_mntns_get_helper ();
+
+  size = mnsh_send_open (helper, filename, flags, mode);
+  if (size < 0)
+    return -1;
+
+  if (mnsh_recv_fd (helper, &fd, &error) != 0)
+    return -1;
+
+  if (fd < 0)
+    errno = error;
+
+  return fd;
+}
+
+/* See nat/linux-namespaces.h.  */
+
+int
+linux_mntns_unlink (pid_t pid, const char *filename)
+{
+  enum mnsh_fs_code access = linux_mntns_access_fs (pid);
+  struct linux_mnsh *helper;
+  int ret, error;
+  ssize_t size;
+
+  if (access == MNSH_FS_ERROR)
+    return -1;
+
+  if (access == MNSH_FS_DIRECT)
+    return unlink (filename);
+
+  gdb_assert (access == MNSH_FS_HELPER);
+
+  helper = linux_mntns_get_helper ();
+
+  size = mnsh_send_unlink (helper, filename);
+  if (size < 0)
+    return -1;
+
+  if (mnsh_recv_int (helper, &ret, &error) != 0)
+    return -1;
+
+  if (ret != 0)
+    errno = error;
+
+  return ret;
+}
+
+/* See nat/linux-namespaces.h.  */
+
+ssize_t
+linux_mntns_readlink (pid_t pid, const char *filename,
+		      char *buf, size_t bufsiz)
+{
+  enum mnsh_fs_code access = linux_mntns_access_fs (pid);
+  struct linux_mnsh *helper;
+  int ret, error;
+  ssize_t size;
+
+  if (access == MNSH_FS_ERROR)
+    return -1;
+
+  if (access == MNSH_FS_DIRECT)
+    return readlink (filename, buf, bufsiz);
+
+  gdb_assert (access == MNSH_FS_HELPER);
+
+  helper = linux_mntns_get_helper ();
+
+  size = mnsh_send_readlink (helper, filename);
+  if (size < 0)
+    return -1;
+
+  size = mnsh_recv_intstr (helper, &ret, &error, buf, bufsiz);
+
+  if (size < 0)
+    {
+      ret = -1;
+      errno = error;
+    }
+  else
+    gdb_assert (size == ret);
+
+  return ret;
+}
Index: gdb-7.6.1/gdb/nat/linux-namespaces.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ gdb-7.6.1/gdb/nat/linux-namespaces.h	2018-05-18 10:55:28.424983208 +0200
@@ -0,0 +1,78 @@
+/* Linux namespaces(7) support.
+
+   Copyright (C) 2015 Free Software Foundation, Inc.
+
+   This file is part of GDB.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#ifndef LINUX_NAMESPACES_H
+#define LINUX_NAMESPACES_H
+
+#include <sys/types.h>
+
+/* Set to nonzero to enable debugging of Linux namespaces code.  */
+
+extern int debug_linux_namespaces;
+
+/* Enumeration of Linux namespace types.  */
+
+enum linux_ns_type
+  {
+    /* IPC namespace: System V IPC, POSIX message queues.  */
+    LINUX_NS_IPC,
+
+    /* Mount namespace: mount points.  */
+    LINUX_NS_MNT,
+
+    /* Network namespace: network devices, stacks, ports, etc.  */
+    LINUX_NS_NET,
+
+    /* PID namespace: process IDs.  */
+    LINUX_NS_PID,
+
+    /* User namespace: user and group IDs.  */
+    LINUX_NS_USER,
+
+    /* UTS namespace: hostname and NIS domain name.  */
+    LINUX_NS_UTS,
+
+    /* Number of Linux namespaces.  */
+    NUM_LINUX_NS_TYPES
+  };
+
+/* Return nonzero if process PID has the same TYPE namespace as the
+   calling process, or if the kernel does not support TYPE namespaces
+   (in which case there is only one TYPE namespace).  Return zero if
+   the kernel supports TYPE namespaces and the two processes have
+   different TYPE namespaces.  */
+
+extern int linux_ns_same (pid_t pid, enum linux_ns_type type);
+
+/* Like gdb_open_cloexec, but in the mount namespace of process
+   PID.  */
+
+extern int linux_mntns_open_cloexec (pid_t pid, const char *filename,
+				     int flags, mode_t mode);
+
+/* Like unlink(2), but in the mount namespace of process PID.  */
+
+extern int linux_mntns_unlink (pid_t pid, const char *filename);
+
+/* Like readlink(2), but in the mount namespace of process PID.  */
+
+extern ssize_t linux_mntns_readlink (pid_t pid, const char *filename,
+				     char *buf, size_t bufsiz);
+
+#endif /* LINUX_NAMESPACES_H */
Index: gdb-7.6.1/gdb/config.in
===================================================================
--- gdb-7.6.1.orig/gdb/config.in	2018-05-18 10:55:26.838970359 +0200
+++ gdb-7.6.1/gdb/config.in	2018-05-18 11:00:28.000000000 +0200
@@ -369,6 +369,9 @@
 /* Define to 1 if you have the `setlocale' function. */
 #undef HAVE_SETLOCALE
 
+/* Define to 1 if you have the `setns' function. */
+#undef HAVE_SETNS
+
 /* Define to 1 if you have the `setpgid' function. */
 #undef HAVE_SETPGID
 
Index: gdb-7.6.1/gdb/configure
===================================================================
--- gdb-7.6.1.orig/gdb/configure	2018-05-18 10:55:26.840970375 +0200
+++ gdb-7.6.1/gdb/configure	2018-05-18 11:00:30.074427061 +0200
@@ -10667,7 +10667,7 @@
 		sbrk setpgid setpgrp setsid \
 		sigaction sigprocmask sigsetmask socketpair syscall \
 		ttrace wborder wresize setlocale iconvlist libiconvlist btowc \
-		setrlimit getrlimit posix_madvise waitpid lstat
+		setrlimit getrlimit posix_madvise waitpid lstat setns
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
Index: gdb-7.6.1/gdb/configure.ac
===================================================================
--- gdb-7.6.1.orig/gdb/configure.ac	2018-05-18 10:55:26.828970278 +0200
+++ gdb-7.6.1/gdb/configure.ac	2018-05-18 11:00:02.912207003 +0200
@@ -1365,7 +1365,7 @@
 		sbrk setpgid setpgrp setsid \
 		sigaction sigprocmask sigsetmask socketpair syscall \
 		ttrace wborder wresize setlocale iconvlist libiconvlist btowc \
-		setrlimit getrlimit posix_madvise waitpid lstat])
+		setrlimit getrlimit posix_madvise waitpid lstat setns])
 AM_LANGINFO_CODESET
 
 # Check the return and argument types of ptrace.  No canned test for