chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
tree-wide: Always use recvmsg with MSG_CMSG_CLOEXEC
[elogind.git]
/
src
/
import
/
import-common.c
diff --git
a/src/import/import-common.c
b/src/import/import-common.c
index b490c435d2bff0ff60db1e11797e7d4ae311a2a4..2acf380f99bb6898f1489fdf2ec1b70659b062ed 100644
(file)
--- a/
src/import/import-common.c
+++ b/
src/import/import-common.c
@@
-121,7
+121,7
@@
int import_make_local_copy(const char *final, const char *image_root, const char
if (!image_root)
image_root = "/var/lib/machines";
if (!image_root)
image_root = "/var/lib/machines";
- p = str
append
a(image_root, "/", local);
+ p = str
join
a(image_root, "/", local);
if (force_local) {
(void) btrfs_subvol_remove(p);
if (force_local) {
(void) btrfs_subvol_remove(p);
@@
-309,7
+309,7
@@
int import_verify(
return -EBADMSG;
}
return -EBADMSG;
}
- line = str
append
a(main_job->checksum, " *", fn, "\n");
+ line = str
join
a(main_job->checksum, " *", fn, "\n");
p = memmem(checksum_job->payload,
checksum_job->payload_size,
p = memmem(checksum_job->payload,
checksum_job->payload_size,
@@
-471,7
+471,8
@@
int import_fork_tar(const char *path, pid_t *ret) {
(1ULL << CAP_FOWNER) |
(1ULL << CAP_FSETID) |
(1ULL << CAP_MKNOD) |
(1ULL << CAP_FOWNER) |
(1ULL << CAP_FSETID) |
(1ULL << CAP_MKNOD) |
- (1ULL << CAP_SETFCAP);
+ (1ULL << CAP_SETFCAP) |
+ (1ULL << CAP_DAC_OVERRIDE);
/* Child */
/* Child */
@@
-507,11
+508,12
@@
int import_fork_tar(const char *path, pid_t *ret) {
fd_cloexec(STDOUT_FILENO, false);
fd_cloexec(STDERR_FILENO, false);
fd_cloexec(STDOUT_FILENO, false);
fd_cloexec(STDERR_FILENO, false);
+ if (unshare(CLONE_NEWNET) < 0)
+ log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
+
r = capability_bounding_set_drop(~retain, true);
r = capability_bounding_set_drop(~retain, true);
- if (r < 0) {
- log_error_errno(errno, "Failed to drop capabilities, ignoring: %m");
- _exit(EXIT_FAILURE);
- }
+ if (r < 0)
+ log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", NULL);
log_error_errno(errno, "Failed to execute tar: %m");
execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", NULL);
log_error_errno(errno, "Failed to execute tar: %m");