summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-08-24 21:09:16 +0200
committerLennart Poettering <lennart@poettering.net>2015-08-24 22:46:45 +0200
commita79366e22a43ed81017e2d8c2426431d369f3cfa (patch)
tree3df7908754952c6ce57d4b06b02061f6db420b14
parentfee6d013d859bc66f5c993530898fece53fab06d (diff)
machined: userns is only supported for container-class machines
We do not support userns for VM machines or for the host itself.
-rw-r--r--src/machine/machined-dbus.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 29649899ed..0d52c693e4 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -882,6 +882,9 @@ static int method_map_from_machine_user(sd_bus_message *message, void *userdata,
if (!machine)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+ if (machine->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
p = procfs_file_alloca(machine->leader, "uid_map");
f = fopen(p, "re");
if (!f)
@@ -934,6 +937,9 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
_cleanup_fclose_ FILE *f = NULL;
char p[strlen("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
+ if (machine->class != MACHINE_CONTAINER)
+ continue;
+
xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
f = fopen(p, "re");
if (!f) {
@@ -994,6 +1000,9 @@ static int method_map_from_machine_group(sd_bus_message *message, void *groupdat
if (!machine)
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
+ if (machine->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
p = procfs_file_alloca(machine->leader, "gid_map");
f = fopen(p, "re");
if (!f)
@@ -1046,6 +1055,9 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
_cleanup_fclose_ FILE *f = NULL;
char p[strlen("/proc//gid_map") + DECIMAL_STR_MAX(pid_t) + 1];
+ if (machine->class != MACHINE_CONTAINER)
+ continue;
+
xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
f = fopen(p, "re");
if (!f) {