machined: refuse bind mounts on containers that have user namespaces applied

As the kernel won't map the UIDs this is simply not safe, and hence we
should generate a clean error and refuse it.

We can restore this feature later should a "shiftfs" become available in
the kernel.

2 files changed, 15 insertions, 13 deletions

diff --git a/man/machinectl.xml b/man/machinectl.xml
index b96aea1a48..7a159aecdc 100644
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@@ -518,19 +518,14 @@
       <varlistentry>
         <term><command>bind</command> <replaceable>NAME</replaceable> <replaceable>PATH</replaceable> [<replaceable>PATH</replaceable>]</term>
 
-        <listitem><para>Bind mounts a directory from the host into the
-        specified container. The first directory argument is the
-        source directory on the host, the second directory argument
-        is the destination directory in the container. When the
-        latter is omitted, the destination path in the container is
-        the same as the source path on the host. When combined with
-        the <option>--read-only</option> switch, a ready-only bind
-        mount is created. When combined with the
-        <option>--mkdir</option> switch, the destination path is first
-        created before the mount is applied. Note that this option is
-        currently only supported for
-        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
-        containers.</para></listitem>
+        <listitem><para>Bind mounts a directory from the host into the specified container. The first directory
+        argument is the source directory on the host, the second directory argument is the destination directory in the
+        container. When the latter is omitted, the destination path in the container is the same as the source path on
+        the host. When combined with the <option>--read-only</option> switch, a ready-only bind mount is created. When
+        combined with the <option>--mkdir</option> switch, the destination path is first created before the mount is
+        applied. Note that this option is currently only supported for
+        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> containers,
+        and only if user namespacing (<option>--private-users</option>) is not used.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index 29fc68b90f..36568b65ef 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -841,6 +841,7 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
         int read_only, make_directory;
         pid_t child;
         siginfo_t si;
+        uid_t uid;
         int r;
 
         assert(message);
@@ -875,6 +876,12 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
         if (r == 0)
                 return 1; /* Will call us back */
 
+        r = machine_get_uid_shift(m, &uid);
+        if (r < 0)
+                return r;
+        if (uid != 0)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Can't bind mount on container with user namespacing applied.");
+
         /* One day, when bind mounting /proc/self/fd/n works across
          * namespace boundaries we should rework this logic to make
          * use of it... */