chiark / gitweb /
Handle Unix domain socket connections from outside our namespace v2
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 20 Apr 2014 01:58:03 +0000 (21:58 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 20 Apr 2014 03:26:57 +0000 (23:26 -0400)
This is a second attempt at 9754d56, reverted in 2f20a8e, because
I lost a 'break;' when moving chunks around.

src/core/socket.c

index 7c18a2b..536904f 100644 (file)
@@ -663,16 +663,22 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
                 int k;
 
                 k = getpeercred(fd, &ucred);
-                if (k < 0)
+                if (k >= 0) {
+                        if (asprintf(&r,
+                                     "%u-"PID_FMT"-"UID_FMT,
+                                     nr, ucred.pid, ucred.uid) < 0)
+                                return -ENOMEM;
+                } else if (k == -ENODATA) {
+                        /* This handles the case where somebody is
+                         * connecting from another pid/uid namespace
+                         * (e.g. from outside of our container). */
+                        if (asprintf(&r,
+                                     "%u-unknown",
+                                     nr) < 0)
+                                return -ENOMEM;
+                } else
                         return k;
 
-                if (asprintf(&r,
-                             "%u-%lu-%lu",
-                             nr,
-                             (unsigned long) ucred.pid,
-                             (unsigned long) ucred.uid) < 0)
-                        return -ENOMEM;
-
                 break;
         }