From d38f6e34a618e2d100b06888e0810f776eb83510 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 19 Apr 2014 21:58:03 -0400
Subject: [PATCH] Handle Unix domain socket connections from outside our
 namespace v2

This is a second attempt at 9754d56, reverted in 2f20a8e, because
I lost a 'break;' when moving chunks around.
---
 src/core/socket.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/core/socket.c b/src/core/socket.c
index 7c18a2b75..536904f30 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -663,16 +663,22 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
                 int k;
 
                 k = getpeercred(fd, &ucred);
-                if (k < 0)
+                if (k >= 0) {
+                        if (asprintf(&r,
+                                     "%u-"PID_FMT"-"UID_FMT,
+                                     nr, ucred.pid, ucred.uid) < 0)
+                                return -ENOMEM;
+                } else if (k == -ENODATA) {
+                        /* This handles the case where somebody is
+                         * connecting from another pid/uid namespace
+                         * (e.g. from outside of our container). */
+                        if (asprintf(&r,
+                                     "%u-unknown",
+                                     nr) < 0)
+                                return -ENOMEM;
+                } else
                         return k;
 
-                if (asprintf(&r,
-                             "%u-%lu-%lu",
-                             nr,
-                             (unsigned long) ucred.pid,
-                             (unsigned long) ucred.uid) < 0)
-                        return -ENOMEM;
-
                 break;
         }
 
-- 
2.30.2