X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fnspawn%2Fnspawn.c;h=eb9605c356afaba27d2cb2c6bb2627dd90d5be11;hb=fecffe5d0a1bd66d80e5a8728ff8a89673be0df7;hp=66c2228ca287299d95b0e074dcd8f51d6233520c;hpb=bd5a54582ae4e7cdc390d05ea8f73dc7d02ed147;p=elogind.git diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 66c2228ca..eb9605c35 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -39,9 +39,9 @@ #include #include #include -#include #include #include +#include #include #include @@ -411,12 +411,39 @@ static int mount_binds(const char *dest, char **l, unsigned long flags) { STRV_FOREACH_PAIR(x, y, l) { _cleanup_free_ char *where = NULL; + struct stat source_st, dest_st; + + if (stat(*x, &source_st) < 0) { + log_error("failed to stat %s: %m", *x); + return -errno; + } where = strjoin(dest, "/", *y, NULL); if (!where) return log_oom(); - mkdir_p_label(where, 0755); + if (stat(where, &dest_st) == 0) { + if ((source_st.st_mode & S_IFMT) != (dest_st.st_mode & S_IFMT)) { + log_error("The file types of %s and %s do not match. Refusing bind mount", + *x, where); + return -EINVAL; + } + } else { + /* Create the mount point, but be conservative -- refuse to create block + * and char devices. */ + if (S_ISDIR(source_st.st_mode)) + mkdir_p_label(where, 0755); + else if (S_ISFIFO(source_st.st_mode)) + mkfifo(where, 0644); + else if (S_ISSOCK(source_st.st_mode)) + mknod(where, 0644 | S_IFSOCK, 0); + else if (S_ISREG(source_st.st_mode)) + touch(where); + else { + log_error("Refusing to create mountpoint for file: %s", *x); + return -ENOTSUP; + } + } if (mount(*x, where, "bind", MS_BIND, NULL) < 0) { log_error("mount(%s) failed: %m", where); @@ -1162,22 +1189,22 @@ static int register_machine(void) { r = sd_bus_call_method( bus, - "org.freedesktop.login1", - "/org/freedesktop/login1", - "org.freedesktop.login1.Manager", + "org.freedesktop.machine1", + "/org/freedesktop/machine1", + "org.freedesktop.machine1.Manager", "CreateMachine", &error, NULL, - "sayssuss", + "sayssusa(sv)", arg_machine, SD_BUS_APPEND_ID128(arg_uuid), "nspawn", "container", (uint32_t) 0, - strempty(arg_slice), - strempty(arg_directory)); + strempty(arg_directory), + 1, "Slice", "s", strempty(arg_slice)); if (r < 0) { - log_error("Failed to register machine: %s", error.message); + log_error("Failed to register machine: %s", error.message ? error.message : strerror(-r)); return r; } @@ -1602,7 +1629,7 @@ int main(int argc, char *argv[]) { } if ((asprintf((char **)(envp + n_env++), "LISTEN_FDS=%u", n_fd_passed) < 0) || - (asprintf((char **)(envp + n_env++), "LISTEN_PID=%lu", (unsigned long) 1) < 0)) { + (asprintf((char **)(envp + n_env++), "LISTEN_PID=1") < 0)) { log_oom(); goto child_fail; }