bus: when connecting to a container's kdbus instance, enter namespace first

[elogind.git] / src / machine / machinectl.c
diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c

index 4b8351c98a95735fe9cd2f18df21bc71c3731379..f5485b3d4209c4ba24b6ab264814a63b664f13ea 100644 (file)
--- a/src/machine/machinectl.c
+++ b/src/machine/machinectl.c
@@ -226,7 +226,7 @@ static void print_machine_status_info(sd_bus *bus, MachineStatusInfo *i) {
  }
  
  static int show_info(const char *verb, sd_bus *bus, const char *path, bool *new_line) {
-        MachineStatusInfo info = {};
+
          static const struct bus_properties_map map[]  = {
                  { "Name",          "s",  NULL,          offsetof(MachineStatusInfo, name) },
                  { "Class",         "s",  NULL,          offsetof(MachineStatusInfo, class) },
@@ -238,6 +238,8 @@ static int show_info(const char *verb, sd_bus *bus, const char *path, bool *new_
                  { "Id",            "ay", bus_map_id128, offsetof(MachineStatusInfo, id) },
                  {}
          };
+
+        MachineStatusInfo info = {};
          int r;
  
          assert(path);
@@ -396,9 +398,8 @@ static int terminate_machine(sd_bus *bus, char **args, unsigned n) {
  }
  
  static int openpt_in_namespace(pid_t pid, int flags) {
+        _cleanup_close_pipe_ int pair[2] = { -1, -1 };
          _cleanup_close_ int nsfd = -1, rootfd = -1;
-        _cleanup_free_ char *ns = NULL, *root = NULL;
-        _cleanup_close_pipe_ int sock[2] = { -1, -1 };
          union {
                  struct cmsghdr cmsghdr;
                  uint8_t buf[CMSG_SPACE(sizeof(int))];
@@ -412,23 +413,11 @@ static int openpt_in_namespace(pid_t pid, int flags) {
          pid_t child;
          siginfo_t si;
  
-        r = asprintf(&ns, "/proc/%lu/ns/mnt", (unsigned long) pid);
+        r = namespace_open(pid, &nsfd, &rootfd);
          if (r < 0)
-                return -ENOMEM;
-
-        nsfd = open(ns, O_RDONLY|O_NOCTTY|O_CLOEXEC);
-        if (nsfd < 0)
-                return -errno;
-
-        r = asprintf(&root, "/proc/%lu/root", (unsigned long) pid);
-        if (r < 0)
-                return -ENOMEM;
-
-        rootfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY);
-        if (rootfd < 0)
-                return -errno;
+                return r;
  
-        if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sock) < 0)
+        if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
                  return -errno;
  
          child = fork();
@@ -436,19 +425,13 @@ static int openpt_in_namespace(pid_t pid, int flags) {
                  return -errno;
  
          if (child == 0) {
-                close_nointr_nofail(sock[0]);
-                sock[0] = -1;
+                close_nointr_nofail(pair[0]);
+                pair[0] = -1;
  
-                r = setns(nsfd, CLONE_NEWNS);
+                r = namespace_enter(nsfd, rootfd);
                  if (r < 0)
                          _exit(EXIT_FAILURE);
  
-                if (fchdir(rootfd) < 0)
-                        _exit(EXIT_FAILURE);
-
-                if (chroot(".") < 0)
-                        _exit(EXIT_FAILURE);
-
                  master = posix_openpt(flags);
                  if (master < 0)
                          _exit(EXIT_FAILURE);
@@ -461,18 +444,16 @@ static int openpt_in_namespace(pid_t pid, int flags) {
  
                  mh.msg_controllen = cmsg->cmsg_len;
  
-                r = sendmsg(sock[1], &mh, MSG_NOSIGNAL);
-                close_nointr_nofail(master);
-                if (r < 0)
+                if (sendmsg(pair[1], &mh, MSG_NOSIGNAL) < 0)
                          _exit(EXIT_FAILURE);
  
                  _exit(EXIT_SUCCESS);
          }
  
-        close_nointr_nofail(sock[1]);
-        sock[1] = -1;
+        close_nointr_nofail(pair[1]);
+        pair[1] = -1;
  
-        if (recvmsg(sock[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)
+        if (recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) < 0)
                  return -errno;
  
          for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg))
@@ -603,6 +584,8 @@ static int login_machine(sd_bus *bus, char **args, unsigned n) {
                  return r;
          }
  
+        container_bus = sd_bus_unref(container_bus);
+
          assert_se(sigemptyset(&mask) == 0);
          sigset_add_many(&mask, SIGWINCH, SIGTERM, SIGINT, -1);
          assert_se(sigprocmask(SIG_BLOCK, &mask, NULL) == 0);
@@ -639,11 +622,11 @@ static int help(void) {
                 "  -s --signal=SIGNAL     Which signal to send\n\n"
                 "Commands:\n"
                 "  list                   List running VMs and containers\n"
-               "  status [NAME...]       Show VM/container status\n"
-               "  show [NAME...]         Show properties of one or more VMs/containers\n"
-               "  terminate [NAME...]    Terminate one or more VMs/containers\n"
-               "  kill [NAME...]         Send signal to processes of a VM/container\n"
-               "  login [NAME]           Get a login prompt on a container\n",
+               "  status NAME...         Show VM/container status\n"
+               "  show NAME...           Show properties of one or more VMs/containers\n"
+               "  terminate NAME...      Terminate one or more VMs/containers\n"
+               "  kill NAME...           Send signal to processes of a VM/container\n"
+               "  login NAME             Get a login prompt on a container\n",
                 program_invocation_short_name);
  
          return 0;