shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Code

nspawn: fix user namespace support

Browse Source 
We didn#t actually pass ownership of /run to the UID in the container
since some releases, let's fix that.
This commit is contained in:
Lennart Poettering 2015-09-30 12:48:17 +02:00
parent db3b1dedb2
commit 403af78c80
3 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/nspawn/nspawn-mount.c
View File

@ -217,7 +217,8 @@ static int tmpfs_patch_options(
} }
int mount_all(const char *dest, int mount_all(const char *dest,
bool userns, uid_t uid_shift, uid_t uid_range, bool use_userns, bool in_userns,
uid_t uid_shift, uid_t uid_range,
const char *selinux_apifs_context) { const char *selinux_apifs_context) {
typedef struct MountPoint { typedef struct MountPoint {
@ -252,7 +253,7 @@ int mount_all(const char *dest,
_cleanup_free_ char *where = NULL, *options = NULL; _cleanup_free_ char *where = NULL, *options = NULL;
const char *o; const char *o;
if (userns != mount_table[k].userns) if (in_userns != mount_table[k].userns)
continue; continue;
where = prefix_root(dest, mount_table[k].where); where = prefix_root(dest, mount_table[k].where);
@ -278,7 +279,7 @@ int mount_all(const char *dest,
o = mount_table[k].options; o = mount_table[k].options;
if (streq_ptr(mount_table[k].type, "tmpfs")) { if (streq_ptr(mount_table[k].type, "tmpfs")) {
r = tmpfs_patch_options(o, userns, uid_shift, uid_range, selinux_apifs_context, &options); r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, selinux_apifs_context, &options);
if (r < 0) if (r < 0)
return log_oom(); return log_oom();
if (r > 0) if (r > 0)

2
src/nspawn/nspawn-mount.h
View File

@ -57,7 +57,7 @@ int tmpfs_mount_parse(CustomMount **l, unsigned *n, const char *s);
int custom_mount_compare(const void *a, const void *b); int custom_mount_compare(const void *a, const void *b);
int mount_all(const char *dest, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context); int mount_all(const char *dest, bool use_userns, bool in_userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
int mount_cgroups(const char *dest, bool unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context); int mount_cgroups(const char *dest, bool unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context);
int mount_systemd_cgroup_writable(const char *dest, bool unified_requested); int mount_systemd_cgroup_writable(const char *dest, bool unified_requested);

4
src/nspawn/nspawn.c
View File

@ -2450,7 +2450,7 @@ static int inner_child(
} }
} }
r = mount_all(NULL, true, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context); r = mount_all(NULL, arg_userns, true, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
if (r < 0) if (r < 0)
return r; return r;
@ -2701,7 +2701,7 @@ static int outer_child(
return log_error_errno(r, "Failed to make tree read-only: %m"); return log_error_errno(r, "Failed to make tree read-only: %m");
} }
r = mount_all(directory, false, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context); r = mount_all(directory, arg_userns, false, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
if (r < 0) if (r < 0)
return r; return r;