1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00

nspawn: make sure to chown() implicit source dirs for --bind= to container root UID

This makes sure that a switch like --bind=:/foo does the right thing if
user namespacing is one: the backing dir should be owned by the
container's root UID not the host's. Thus, whenever the source path is
left empty and we automatically generate a source dir as temporary
directory, ensure it's owned by the right UID.

Fixes: #20869
This commit is contained in:
Lennart Poettering 2021-10-28 15:10:42 +02:00
parent d36a343c52
commit 07bca16fc8

View File

@ -726,6 +726,11 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u
return r;
}
/* If this is a bind mount from a temporary sources change ownership of the source to the container's
* root UID. Otherwise it would always show up as "nobody" if user namespacing is used. */
if (m->rm_rf_tmpdir && chown(m->source, uid_shift, uid_shift) < 0)
return log_error_errno(errno, "Failed to chown %s: %m", m->source);
if (stat(m->source, &source_st) < 0)
return log_error_errno(errno, "Failed to stat %s: %m", m->source);