mirror of
https://github.com/systemd/systemd.git
synced 2024-10-31 07:51:21 +03:00
nspawn: make sure to chown() implicit source dirs for --bind= to container root UID
This makes sure that a switch like --bind=:/foo does the right thing if user namespacing is one: the backing dir should be owned by the container's root UID not the host's. Thus, whenever the source path is left empty and we automatically generate a source dir as temporary directory, ensure it's owned by the right UID. Fixes: #20869
This commit is contained in:
parent
d36a343c52
commit
07bca16fc8
@ -726,6 +726,11 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u
|
||||
return r;
|
||||
}
|
||||
|
||||
/* If this is a bind mount from a temporary sources change ownership of the source to the container's
|
||||
* root UID. Otherwise it would always show up as "nobody" if user namespacing is used. */
|
||||
if (m->rm_rf_tmpdir && chown(m->source, uid_shift, uid_shift) < 0)
|
||||
return log_error_errno(errno, "Failed to chown %s: %m", m->source);
|
||||
|
||||
if (stat(m->source, &source_st) < 0)
|
||||
return log_error_errno(errno, "Failed to stat %s: %m", m->source);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user