mirror of
https://github.com/systemd/systemd.git
synced 2025-01-06 17:18:12 +03:00
vpick: ensure extension ABI matches the root's
Extensions can only run on the same ABI as the root image, so if an ABI is specified, ensure the extensions match it
This commit is contained in:
Luca Boccassi
parent
56b16cb583
commit
dbb5891f8c
@ -2994,7 +2994,8 @@ static int pick_versions(
|
||||
const ExecContext *context,
|
||||
const ExecParameters *params,
|
||||
char **ret_root_image,
|
||||
char **ret_root_directory) {
|
||||
char **ret_root_directory,
|
||||
Abi *ret_root_abi) {
|
||||
|
||||
int r;
|
||||
|
||||
@ -3002,6 +3003,7 @@ static int pick_versions(
|
||||
assert(params);
|
||||
assert(ret_root_image);
|
||||
assert(ret_root_directory);
|
||||
assert(ret_root_abi);
|
||||
|
||||
if (context->root_image) {
|
||||
_cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
|
||||
@ -3020,6 +3022,7 @@ static int pick_versions(
|
||||
|
||||
*ret_root_image = TAKE_PTR(result.path);
|
||||
*ret_root_directory = NULL;
|
||||
*ret_root_abi = result.abi;
|
||||
return r;
|
||||
}
|
||||
|
||||
@ -3040,10 +3043,12 @@ static int pick_versions(
|
||||
|
||||
*ret_root_image = NULL;
|
||||
*ret_root_directory = TAKE_PTR(result.path);
|
||||
*ret_root_abi = result.abi;
|
||||
return r;
|
||||
}
|
||||
|
||||
*ret_root_image = *ret_root_directory = NULL;
|
||||
*ret_root_abi = _ABI_INVALID;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -3066,6 +3071,7 @@ static int apply_mount_namespace(
|
||||
bool setup_os_release_symlink;
|
||||
BindMount *bind_mounts = NULL;
|
||||
size_t n_bind_mounts = 0;
|
||||
Abi root_abi = _ABI_INVALID;
|
||||
int r;
|
||||
|
||||
assert(context);
|
||||
@ -3077,7 +3083,8 @@ static int apply_mount_namespace(
|
||||
context,
|
||||
params,
|
||||
&root_image,
|
||||
&root_dir);
|
||||
&root_dir,
|
||||
&root_abi);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -3194,6 +3201,7 @@ static int apply_mount_namespace(
|
||||
.root_image = root_image,
|
||||
.root_image_options = context->root_image_options,
|
||||
.root_image_policy = context->root_image_policy ?: &image_policy_service,
|
||||
.root_abi = root_abi,
|
||||
|
||||
.read_write_paths = read_write_paths,
|
||||
.read_only_paths = needs_sandboxing ? context->read_only_paths : NULL,
|
||||
|
||||
@ -473,6 +473,7 @@ static int append_mount_images(MountList *ml, const MountImage *mount_images, si
|
||||
static int append_extensions(
|
||||
MountList *ml,
|
||||
const char *root,
|
||||
Abi root_abi,
|
||||
const char *private_namespace_dir,
|
||||
char **hierarchies,
|
||||
const MountImage *mount_images,
|
||||
@ -511,11 +512,14 @@ static int append_extensions(
|
||||
_cleanup_(pick_result_done) PickResult result = PICK_RESULT_NULL;
|
||||
_cleanup_free_ char *mount_point = NULL;
|
||||
const MountImage *m = mount_images + i;
|
||||
/* Ensure we pick extensions with the same ABI as the root */
|
||||
PickFilter filter = pick_filter_image_raw;
|
||||
filter.abi = root_abi;
|
||||
|
||||
r = path_pick(/* toplevel_path= */ NULL,
|
||||
/* toplevel_fd= */ AT_FDCWD,
|
||||
m->source,
|
||||
&pick_filter_image_raw,
|
||||
&filter,
|
||||
PICK_ABI|PICK_TRIES,
|
||||
&result);
|
||||
if (r < 0)
|
||||
@ -566,6 +570,9 @@ static int append_extensions(
|
||||
_cleanup_free_ char *mount_point = NULL;
|
||||
const char *e = *extension_directory;
|
||||
bool ignore_enoent = false;
|
||||
/* Ensure we pick extensions with the same ABI as the root */
|
||||
PickFilter filter = pick_filter_image_dir;
|
||||
filter.abi = root_abi;
|
||||
|
||||
/* Pick up the counter where the ExtensionImages left it. */
|
||||
if (asprintf(&mount_point, "%s/unit-extensions/%zu", private_namespace_dir, n_mount_images++) < 0)
|
||||
@ -583,7 +590,7 @@ static int append_extensions(
|
||||
r = path_pick(/* toplevel_path= */ NULL,
|
||||
/* toplevel_fd= */ AT_FDCWD,
|
||||
e,
|
||||
&pick_filter_image_dir,
|
||||
&filter,
|
||||
PICK_ABI|PICK_TRIES,
|
||||
&result);
|
||||
if (r < 0)
|
||||
@ -2396,7 +2403,7 @@ int setup_namespace(const NamespaceParameters *p, char **error_path) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = append_extensions(&ml, root, p->private_namespace_dir, hierarchies, p->extension_images, p->n_extension_images, p->extension_directories);
|
||||
r = append_extensions(&ml, root, p->root_abi, p->private_namespace_dir, hierarchies, p->extension_images, p->n_extension_images, p->extension_directories);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -97,6 +97,7 @@ struct NamespaceParameters {
|
||||
const char *root_image;
|
||||
const MountOptions *root_image_options;
|
||||
const ImagePolicy *root_image_policy;
|
||||
Abi root_abi;
|
||||
|
||||
char **read_write_paths;
|
||||
char **read_only_paths;
|
||||
|
||||
@ -615,10 +615,14 @@ static int extract_image_and_extensions(
|
||||
const char *path = *p;
|
||||
|
||||
if (path_is_absolute(*p)) {
|
||||
/* Ensure we pick extensions with the same ABI as the root */
|
||||
PickFilter filter = pick_filter_image_any;
|
||||
filter.abi = result.abi;
|
||||
|
||||
r = path_pick(/* toplevel_path= */ NULL,
|
||||
/* toplevel_fd= */ AT_FDCWD,
|
||||
*p,
|
||||
&pick_filter_image_any,
|
||||
&filter,
|
||||
PICK_ABI|PICK_TRIES|PICK_RESOLVE,
|
||||
&ext_result);
|
||||
if (r < 0)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user