id128: when taking user input for a 128bit ID, validate syntax

[elogind.git] / src / nspawn / nspawn.c

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index b59b2673cd63545116509e9bd5f4fe3cdc7878c3..0a46313636bd0183739fb6607dd20bb6345c2131 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -173,7 +173,7 @@ static int parse_argv(int argc, char *argv[]) {
         assert(argc >= 0);
         assert(argv);
 
-        while ((c = getopt_long(argc, argv, "+hD:u:C:bj", options, NULL)) >= 0) {
+        while ((c = getopt_long(argc, argv, "+hD:u:C:bM:j", options, NULL)) >= 0) {
 
                 switch (c) {
 
@@ -222,6 +222,11 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_UUID:
+                        if (!id128_is_valid(optarg)) {
+                                log_error("Invalid UUID: %s", optarg);
+                                return -EINVAL;
+                        }
+
                         arg_uuid = optarg;
                         break;
 
@@ -923,7 +928,8 @@ static int setup_cgroup(const char *path) {
 }
 
 static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, const char *directory) {
-        char buf[DECIMAL_STR_MAX(pid_t)], path[PATH_MAX];
+        _cleanup_free_ char *path = NULL;
+        char buf[DECIMAL_STR_MAX(pid_t)];
         int r = 0, k;
 
         assert(cgroup);
@@ -933,10 +939,10 @@ static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, cons
 #ifdef HAVE_XATTR
         assert_se(snprintf(buf, sizeof(buf), "%lu", (unsigned long) pid) < (int) sizeof(buf));
 
-        r = snprintf(path, sizeof(path), "/sys/fs/cgroup/systemd/%s", cgroup);
-        if (r >= (int) sizeof(path)) {
-                log_error("cgroup name too long");
-                return -EINVAL;
+        r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, cgroup, NULL, &path);
+        if (r < 0) {
+                log_error("Failed to get path: %s", strerror(-r));
+                return r;
         }
 
         r = setxattr(path, "trusted.init_pid", buf, strlen(buf), XATTR_CREATE);
@@ -954,7 +960,7 @@ static int save_attributes(const char *cgroup, pid_t pid, const char *uuid, cons
 
         k = setxattr(path, "trusted.root_directory", directory, strlen(directory), XATTR_CREATE);
         if (k < 0) {
-                log_warning("Failed to set %s attribute on %s: %m", "trusted.machine_id", path);
+                log_warning("Failed to set %s attribute on %s: %m", "trusted.root_directory", path);
                 if (r == 0)
                         r = k;
         }
@@ -1211,7 +1217,7 @@ finish:
 int main(int argc, char *argv[]) {
         pid_t pid = 0;
         int r = EXIT_FAILURE, k;
-        _cleanup_free_ char *machine_root = NULL, *newcg = NULL;
+        _cleanup_free_ char *machine_root = NULL, *name = NULL, *escaped = NULL, *newcg = NULL;
         _cleanup_close_ int master = -1;
         int n_fd_passed;
         const char *console = NULL;
@@ -1297,9 +1303,21 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        newcg = strjoin(machine_root, "/", arg_machine, NULL);
+        name = strappend(arg_machine, ".nspawn");
+        if (!name) {
+                log_oom();
+                goto finish;
+        }
+
+        escaped = cg_escape(name);
+        if (!escaped) {
+                log_oom();
+                goto finish;
+        }
+
+        newcg = strjoin(machine_root, "/", escaped, NULL);
         if (!newcg) {
-                log_error("Failed to allocate cgroup path.");
+                log_oom();
                 goto finish;
         }
 
@@ -1457,8 +1475,7 @@ int main(int argc, char *argv[]) {
                         if (setup_cgroup(newcg) < 0)
                                 goto child_fail;
 
-                        close_nointr_nofail(pipefd2[1]);
-                        close_nointr_nofail(pipefd2[0]);
+                        close_pipe(pipefd2);
 
                         /* Mark everything as slave, so that we still
                          * receive mounts from the real root, but don't