#include "udev-util.h"
#include "blkid-util.h"
#include "gpt.h"
+#include "siphash24.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
/* Store away the fd in the socket, so that it stays open as
* long as we run the child */
k = sendmsg(kmsg_socket, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
- close_nointr_nofail(fd);
+ safe_close(fd);
if (k < 0) {
log_error("Failed to send FIFO fd: %m");
return 0;
}
+#define HASH_KEY SD_ID128_MAKE(c3,c4,f9,19,b5,57,b2,1c,e6,cf,14,27,03,9c,ee,a2)
+
+static int get_mac(struct ether_addr *mac) {
+ int r;
+
+ uint8_t result[8];
+ size_t l, sz;
+ uint8_t *v;
+
+ l = strlen(arg_machine);
+ sz = sizeof(sd_id128_t) + l;
+ v = alloca(sz);
+
+ /* fetch some persistent data unique to the host */
+ r = sd_id128_get_machine((sd_id128_t*) v);
+ if (r < 0)
+ return r;
+
+ /* combine with some data unique (on this host) to this
+ * container instance */
+ memcpy(v + sizeof(sd_id128_t), arg_machine, l);
+
+ /* Let's hash the host machine ID plus the container name. We
+ * use a fixed, but originally randomly created hash key here. */
+ siphash24(result, v, sz, HASH_KEY.bytes);
+
+ assert_cc(ETH_ALEN <= sizeof(result));
+ memcpy(mac->ether_addr_octet, result, ETH_ALEN);
+
+ /* see eth_random_addr in the kernel */
+ mac->ether_addr_octet[0] &= 0xfe; /* clear multicast bit */
+ mac->ether_addr_octet[0] |= 0x02; /* set local assignment bit (IEEE802) */
+
+ return 0;
+}
+
static int setup_veth(pid_t pid, char iface_name[IFNAMSIZ]) {
_cleanup_rtnl_message_unref_ sd_rtnl_message *m = NULL;
_cleanup_rtnl_unref_ sd_rtnl *rtnl = NULL;
+ struct ether_addr mac;
int r;
if (!arg_private_network)
memcpy(iface_name, "vb-", 3);
else
memcpy(iface_name, "ve-", 3);
-
strncpy(iface_name+3, arg_machine, IFNAMSIZ - 3);
+ r = get_mac(&mac);
+ if (r < 0) {
+ log_error("Failed to generate predictable MAC address for host0");
+ return r;
+ }
+
r = sd_rtnl_open(&rtnl, 0);
if (r < 0) {
log_error("Failed to connect to netlink: %s", strerror(-r));
return r;
}
+ r = sd_rtnl_message_append_ether_addr(m, IFLA_ADDRESS, &mac);
+ if (r < 0) {
+ log_error("Failed to add netlink MAC address: %s", strerror(-r));
+ return r;
+ }
+
r = sd_rtnl_message_append_u32(m, IFLA_NET_NS_PID, pid);
if (r < 0) {
log_error("Failed to add netlink namespace field: %s", strerror(-r));
return r;
}
+ r = sd_rtnl_message_link_set_flags(m, IFF_UP, IFF_UP);
+ if (r < 0) {
+ log_error("Failed to set IFF_UP flag: %s", strerror(-r));
+ return r;
+ }
+
r = sd_rtnl_message_append_string(m, IFLA_IFNAME, veth_name);
if (r < 0) {
log_error("Failed to add netlink interface name field: %s", strerror(-r));
if (image_fd && *image_fd >= 0) {
ioctl(*image_fd, LOOP_CLR_FD);
- close_nointr_nofail(*image_fd);
- *image_fd = -1;
+ *image_fd = safe_close(*image_fd);
}
control = open("/dev/loop-control", O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK);
_exit(EXIT_FAILURE);
if (pipe_fds[0] > 2)
- close_nointr_nofail(pipe_fds[0]);
+ safe_close(pipe_fds[0]);
if (pipe_fds[1] > 2)
- close_nointr_nofail(pipe_fds[1]);
+ safe_close(pipe_fds[1]);
nullfd = open("/dev/null", O_RDWR);
if (nullfd < 0)
_exit(EXIT_FAILURE);
if (nullfd > 2)
- close_nointr_nofail(nullfd);
+ safe_close(nullfd);
reset_all_signal_handlers();
close_all_fds(NULL, 0);
_exit(EXIT_FAILURE);
}
- close_nointr_nofail(pipe_fds[1]);
- pipe_fds[1] = -1;
+ pipe_fds[1] = safe_close(pipe_fds[1]);
*rpid = pid;
}
static int change_uid_gid(char **_home) {
-
- _cleanup_strv_free_ char **passwd = NULL;
char line[LINE_MAX], *w, *x, *state, *u, *g, *h;
_cleanup_free_ uid_t *uids = NULL;
_cleanup_free_ char *home = NULL;
}
r = mkdir_safe(home, 0755, uid, gid);
- if (r < 0) {
+ if (r < 0 && r != -EEXIST) {
log_error("Failed to make home directory: %s", strerror(-r));
return r;
}
_cleanup_free_ char *kdbus_domain = NULL, *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL;
bool root_device_rw = true, home_device_rw = true, srv_device_rw = true;
_cleanup_close_ int master = -1, kdbus_fd = -1, image_fd = -1;
- _cleanup_close_pipe_ int kmsg_socket_pair[2] = { -1, -1 };
+ _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 };
_cleanup_fdset_free_ FDSet *fds = NULL;
int r = EXIT_FAILURE, k, n_fd_passed, loop_nr = -1;
const char *console = NULL;
if (envp[n_env])
n_env ++;
- close_nointr_nofail(master);
- master = -1;
+ master = safe_close(master);
close_nointr(STDIN_FILENO);
close_nointr(STDOUT_FILENO);
close_nointr(STDERR_FILENO);
- close_nointr_nofail(kmsg_socket_pair[0]);
- kmsg_socket_pair[0] = -1;
+ kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
reset_all_signal_handlers();
k = open_terminal(console, O_RDWR);
if (k != STDIN_FILENO) {
if (k >= 0) {
- close_nointr_nofail(k);
+ safe_close(k);
k = -EINVAL;
}
if (setup_kmsg(arg_directory, kmsg_socket_pair[1]) < 0)
goto child_fail;
- close_nointr_nofail(kmsg_socket_pair[1]);
- kmsg_socket_pair[1] = -1;
+ kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
if (setup_boot_id(arg_directory) < 0)
goto child_fail;
* it can cgroupify us to that we lack access
* to certain devices and resources. */
eventfd_write(child_ready_fd, 1);
- close_nointr_nofail(child_ready_fd);
- child_ready_fd = -1;
+ child_ready_fd = safe_close(child_ready_fd);
if (chdir(arg_directory) < 0) {
log_error("chdir(%s) failed: %m", arg_directory);
/* Wait until the parent is ready with the setup, too... */
eventfd_read(parent_ready_fd, &x);
- close_nointr_nofail(parent_ready_fd);
- parent_ready_fd = -1;
+ parent_ready_fd = safe_close(parent_ready_fd);
if (arg_boot) {
char **a;
~ianmdlvl / elogind.git / blobdiff