chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bus-proxy: rename synthetic_reply_return_strv() to synthetic_reply_method_return_strv()
[elogind.git] / src / import / import-common.c
diff --git a/src/import/import-common.c b/src/import/import-common.c
index b490c435d2bff0ff60db1e11797e7d4ae311a2a4..2acf380f99bb6898f1489fdf2ec1b70659b062ed 100644 (file)
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -121,7 +121,7 @@ int import_make_local_copy(const char *final, const char *image_root, const char
         if (!image_root)
                 image_root = "/var/lib/machines";
 
-        p = strappenda(image_root, "/", local);
+        p = strjoina(image_root, "/", local);
 
         if (force_local) {
                 (void) btrfs_subvol_remove(p);
@@ -309,7 +309,7 @@ int import_verify(
                 return -EBADMSG;
         }
 
-        line = strappenda(main_job->checksum, " *", fn, "\n");
+        line = strjoina(main_job->checksum, " *", fn, "\n");
 
         p = memmem(checksum_job->payload,
                    checksum_job->payload_size,
@@ -471,7 +471,8 @@ int import_fork_tar(const char *path, pid_t *ret) {
                         (1ULL << CAP_FOWNER) |
                         (1ULL << CAP_FSETID) |
                         (1ULL << CAP_MKNOD) |
-                        (1ULL << CAP_SETFCAP);
+                        (1ULL << CAP_SETFCAP) |
+                        (1ULL << CAP_DAC_OVERRIDE);
 
                 /* Child */
 
@@ -507,11 +508,12 @@ int import_fork_tar(const char *path, pid_t *ret) {
                 fd_cloexec(STDOUT_FILENO, false);
                 fd_cloexec(STDERR_FILENO, false);
 
+                if (unshare(CLONE_NEWNET) < 0)
+                        log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
+
                 r = capability_bounding_set_drop(~retain, true);
-                if (r < 0) {
-                        log_error_errno(errno, "Failed to drop capabilities, ignoring: %m");
-                        _exit(EXIT_FAILURE);
-                }
+                if (r < 0)
+                        log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
 
                 execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", NULL);
                 log_error_errno(errno, "Failed to execute tar: %m");
Unnamed repository; edit this file 'description' to name the repository.