shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Code

Merge pull request #26249 from DaanDeMeyer/nspawn-uid-fix

Browse Source 
nspawn: Make sure we create bind mount points as the correct UID/GID
This commit is contained in:
Lennart Poettering 2023-01-31 12:21:09 +01:00 committed by GitHub
commit a444091840
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/nspawn/nspawn-mount.c
View File

@ -794,7 +794,7 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u
m->source, where);
} else { /* Path doesn't exist yet? */
r = mkdir_parents_label(where, 0755);
r = mkdir_parents_safe_label(dest, where, 0755, uid_shift, uid_shift, MKDIR_IGNORE_EXISTING);
if (r < 0)
return log_error_errno(r, "Failed to make parents of %s: %m", where);
@ -808,6 +808,9 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u
r = touch(where);
if (r < 0)
return log_error_errno(r, "Failed to create mount point %s: %m", where);
if (chown(where, uid_shift, uid_shift) < 0)
return log_error_errno(errno, "Failed to chown %s: %m", where);
}
r = mount_nofollow_verbose(LOG_ERR, m->source, where, NULL, mount_flags, mount_opts);

4
src/shared/mkdir-label.c
View File

@ -33,6 +33,10 @@ int mkdirat_parents_label(int dir_fd, const char *path, mode_t mode) {
return mkdirat_parents_internal(dir_fd, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_label);
}
int mkdir_parents_safe_label(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags) {
return mkdir_parents_internal(prefix, path, mode, uid, gid, flags, mkdirat_label);
}
int mkdir_p_label(const char *path, mode_t mode) {
return mkdir_p_internal(NULL, path, mode, UID_INVALID, UID_INVALID, 0, mkdirat_label);
}

3
src/shared/mkdir-label.h
View File

@ -20,4 +20,7 @@ int mkdirat_parents_label(int dir_fd, const char *path, mode_t mod);
static inline int mkdir_parents_label(const char *path, mode_t mod) {
return mkdirat_parents_label(AT_FDCWD, path, mod);
}
int mkdir_parents_safe_label(const char *prefix, const char *path, mode_t mode, uid_t uid, gid_t gid, MkdirFlags flags);
int mkdir_p_label(const char *path, mode_t mode);