nspawn: finish user namespace support

author Lennart Poettering <lennart@poettering.net>

Thu, 21 May 2015 14:30:58 +0000 (16:30 +0200)

committer Sven Eden <yamakuzure@gmx.net>

Tue, 14 Mar 2017 08:57:27 +0000 (09:57 +0100)
author Lennart Poettering <lennart@poettering.net>
Thu, 21 May 2015 14:30:58 +0000 (16:30 +0200)
committer Sven Eden <yamakuzure@gmx.net>
Tue, 14 Mar 2017 08:57:27 +0000 (09:57 +0100)
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c

index 11e09474070effee2a78e66ab5f43e705a317b71..ab6fc171b01f5e797c63e470e43228f035014657 100644 (file)
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -41,13 +41,16 @@ static const BaseFilesystem table[] = {
          { "lib",      0, "usr/lib\0",                  NULL },
          { "root",  0755, NULL,                         NULL },
          { "sbin",     0, "usr/sbin\0",                 NULL },
+        { "usr",   0755, NULL,                         NULL },
+        { "var",   0755, NULL,                         NULL },
+        { "etc",   0755, NULL,                         NULL },
  #if defined(__i386__) || defined(__x86_64__)
          { "lib64",    0, "usr/lib/x86_64-linux-gnu\0"
                           "usr/lib64\0",                "ld-linux-x86-64.so.2" },
  #endif
  };
  
-int base_filesystem_create(const char *root) {
+int base_filesystem_create(const char *root, uid_t uid, gid_t gid) {
          _cleanup_close_ int fd = -1;
          unsigned i;
          int r = 0;
@@ -90,6 +93,12 @@ int base_filesystem_create(const char *root) {
                          r = symlinkat(target, fd, table[i].dir);
                          if (r < 0 && errno != EEXIST)
                                  return log_error_errno(errno, "Failed to create symlink at %s/%s: %m", root, table[i].dir);
+
+                        if (uid != UID_INVALID || gid != UID_INVALID) {
+                                if (fchownat(fd, table[i].dir, uid, gid, AT_SYMLINK_NOFOLLOW) < 0)
+                                        return log_error_errno(errno, "Failed to chown symlink at %s/%s: %m", root, table[i].dir);
+                        }
+
                          continue;
                  }
  
@@ -97,6 +106,11 @@ int base_filesystem_create(const char *root) {
                          r = mkdirat(fd, table[i].dir, table[i].mode);
                  if (r < 0 && errno != EEXIST)
                          return log_error_errno(errno, "Failed to create directory at %s/%s: %m", root, table[i].dir);
+
+                if (uid != UID_INVALID || gid != UID_INVALID) {
+                        if (fchownat(fd, table[i].dir, uid, gid, AT_SYMLINK_NOFOLLOW) < 0)
+                                return log_error_errno(errno, "Failed to chown directory at %s/%s: %m", root, table[i].dir);
+                }
          }
  
          return 0;
diff --git a/src/shared/base-filesystem.h b/src/shared/base-filesystem.h

index 03201f7083fe33b51f55b3981d82b1fd567001f9..39a496090f297341ddb02a73a503994821cd2772 100644 (file)
--- a/src/shared/base-filesystem.h
+++ b/src/shared/base-filesystem.h
@@ -21,4 +21,6 @@
    along with systemd; If not, see <http://www.gnu.org/licenses/>.
  ***/
  
-int base_filesystem_create(const char *root);
+#include <sys/types.h>
+
+int base_filesystem_create(const char *root, uid_t uid, gid_t gid);
diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c

index cb15da8a5d0bb5f415866c60ef6a130680b9e4c7..25ad918b85d16946b478a4e0b93df86a0ce0502e 100644 (file)
--- a/src/shared/dev-setup.c
+++ b/src/shared/dev-setup.c
@@ -23,13 +23,12 @@
  #include <stdlib.h>
  #include <unistd.h>
  
-#include "dev-setup.h"
  #include "util.h"
  #include "label.h"
+#include "path-util.h"
+#include "dev-setup.h"
  
-int dev_setup(const char *prefix) {
-        const char *j, *k;
-
+int dev_setup(const char *prefix, uid_t uid, gid_t gid) {
          static const char symlinks[] =
                  "-/proc/kcore\0"     "/dev/core\0"
                  "/proc/self/fd\0"    "/dev/fd\0"
@@ -37,7 +36,13 @@ int dev_setup(const char *prefix) {
                  "/proc/self/fd/1\0"  "/dev/stdout\0"
                  "/proc/self/fd/2\0"  "/dev/stderr\0";
  
+        const char *j, *k;
+        int r;
+
          NULSTR_FOREACH_PAIR(j, k, symlinks) {
+                _cleanup_free_ char *link_name = NULL;
+                const char *n;
+
                  if (j[0] == '-') {
                          j++;
  
@@ -46,15 +51,21 @@ int dev_setup(const char *prefix) {
                  }
  
                  if (prefix) {
-                        _cleanup_free_ char *link_name = NULL;
-
-                        link_name = strjoin(prefix, "/", k, NULL);
+                        link_name = prefix_root(prefix, k);
                          if (!link_name)
                                  return -ENOMEM;
  
-                        symlink_label(j, link_name);
+                        n = link_name;
                  } else
-                        symlink_label(j, k);
+                        n = k;
+
+                r = symlink_label(j, n);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to symlink %s to %s: %m", j, n);
+
+                if (uid != UID_INVALID || gid != GID_INVALID)
+                        if (lchown(n, uid, gid) < 0)
+                                log_debug_errno(errno, "Failed to chown %s: %m", n);
          }
  
          return 0;
diff --git a/src/shared/dev-setup.h b/src/shared/dev-setup.h

index d41b6eefbae897c378e4efe02911d0d3e8c91d71..ab2748db7f349e8fb3d6afcf73646e6c096be52b 100644 (file)
--- a/src/shared/dev-setup.h
+++ b/src/shared/dev-setup.h
@@ -21,4 +21,6 @@
    along with systemd; If not, see <http://www.gnu.org/licenses/>.
  ***/
  
-int dev_setup(const char *pathprefix);
+#include <sys/types.h>
+
+int dev_setup(const char *prefix, uid_t uid, gid_t gid);
diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c

index ae3839de162c9f4d254c04ce5fe9d274442460ed..b12189cd10c7a195f98de5e0eaea9d4599f119fe 100644 (file)
--- a/src/shared/switch-root.c
+++ b/src/shared/switch-root.c
@@ -105,7 +105,7 @@ int switch_root(const char *new_root, const char *oldroot, bool detach_oldroot,
           * to look like. They might even boot, if they are RO and
           * don't have the FS layout. Just ignore the error and
           * switch_root() nevertheless. */
-        (void) base_filesystem_create(new_root);
+        (void) base_filesystem_create(new_root, UID_INVALID, GID_INVALID);
  
          if (chdir(new_root) < 0)
                  return log_error_errno(errno, "Failed to change directory to %s: %m", new_root);
author	Lennart Poettering <lennart@poettering.net>
	Thu, 21 May 2015 14:30:58 +0000 (16:30 +0200)
committer	Sven Eden <yamakuzure@gmx.net>
	Tue, 14 Mar 2017 08:57:27 +0000 (09:57 +0100)
src/shared/base-filesystem.c		patch \| blob \| history
src/shared/base-filesystem.h		patch \| blob \| history
src/shared/dev-setup.c		patch \| blob \| history
src/shared/dev-setup.h		patch \| blob \| history
src/shared/switch-root.c		patch \| blob \| history