1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include "bus-container.h"
26 #include "bus-internal.h"
27 #include "bus-socket.h"
29 #include "process-util.h"
32 int bus_container_connect_socket(sd_bus *b) {
33 _cleanup_close_pair_ int pair[2] = { -1, -1 };
34 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1;
41 assert(b->input_fd < 0);
42 assert(b->output_fd < 0);
43 assert(b->nspid > 0 || b->machine);
46 r = container_get_leader(b->machine, &b->nspid);
51 r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
55 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
59 b->output_fd = b->input_fd;
63 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0)
73 pair[0] = safe_close(pair[0]);
75 r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd);
79 /* We just changed PID namespace, however it will only
80 * take effect on the children we now fork. Hence,
81 * let's fork another time, and connect from this
82 * grandchild, so that SO_PEERCRED of our connection
83 * comes from a process from within the container, and
84 * not outside of it */
90 if (grandchild == 0) {
92 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
94 /* Try to send error up */
96 (void) write(pair[1], &error_buf, sizeof(error_buf));
103 r = wait_for_terminate(grandchild, &si);
107 if (si.si_code != CLD_EXITED)
113 pair[1] = safe_close(pair[1]);
115 r = wait_for_terminate(child, &si);
119 n = read(pair[0], &error_buf, sizeof(error_buf));
124 if (n != sizeof(error_buf))
130 if (error_buf == EINPROGRESS)
137 if (si.si_code != CLD_EXITED)
140 if (si.si_status != EXIT_SUCCESS)
143 return bus_socket_start_auth(b);
146 int bus_container_connect_kernel(sd_bus *b) {
147 _cleanup_close_pair_ int pair[2] = { -1, -1 };
148 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1;
150 struct cmsghdr cmsghdr;
151 uint8_t buf[CMSG_SPACE(sizeof(int))];
155 .iov_base = &error_buf,
156 .iov_len = sizeof(error_buf),
159 .msg_control = &control,
160 .msg_controllen = sizeof(control),
164 struct cmsghdr *cmsg;
171 assert(b->input_fd < 0);
172 assert(b->output_fd < 0);
173 assert(b->nspid > 0 || b->machine);
176 r = container_get_leader(b->machine, &b->nspid);
181 r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
185 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0)
195 pair[0] = safe_close(pair[0]);
197 r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd);
201 /* We just changed PID namespace, however it will only
202 * take effect on the children we now fork. Hence,
203 * let's fork another time, and connect from this
204 * grandchild, so that kdbus only sees the credentials
205 * of this process which comes from within the
206 * container, and not outside of it */
212 if (grandchild == 0) {
213 fd = open(b->kernel, O_RDWR|O_NOCTTY|O_CLOEXEC);
215 /* Try to send error up */
217 (void) write(pair[1], &error_buf, sizeof(error_buf));
221 r = send_one_fd(pair[1], fd, 0);
228 r = wait_for_terminate(grandchild, &si);
232 if (si.si_code != CLD_EXITED)
238 pair[1] = safe_close(pair[1]);
240 r = wait_for_terminate(child, &si);
244 n = recvmsg(pair[0], &mh, MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
248 CMSG_FOREACH(cmsg, &mh) {
249 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
255 fds = (int*) CMSG_DATA(cmsg);
256 n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
259 close_many(fds, n_fds);
267 /* If there's an fd passed, we are good. */
269 b->input_fd = b->output_fd = fd;
270 return bus_kernel_take_fd(b);
273 /* If there's an error passed, use it */
274 if (n == sizeof(error_buf) && error_buf > 0)
277 /* Otherwise, we have no clue */