diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-04-19 21:58:03 -0400 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-04-19 23:26:57 -0400 |
| commit | d38f6e34a618e2d100b06888e0810f776eb83510 (patch) | |
| tree | bd8f8cbb34bd109f3ba200dddf4f9fb181b71f4e /src/core/socket.c | |
| parent | a555350d47c4b70d716a63424933b34902c98300 (diff) | |
Handle Unix domain socket connections from outside our namespace v2
This is a second attempt at 9754d56, reverted in 2f20a8e, because
I lost a 'break;' when moving chunks around.
Diffstat (limited to 'src/core/socket.c')
| -rw-r--r-- | src/core/socket.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/core/socket.c b/src/core/socket.c index 7c18a2b75c..536904f309 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -663,16 +663,22 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { int k; k = getpeercred(fd, &ucred); - if (k < 0) + if (k >= 0) { + if (asprintf(&r, + "%u-"PID_FMT"-"UID_FMT, + nr, ucred.pid, ucred.uid) < 0) + return -ENOMEM; + } else if (k == -ENODATA) { + /* This handles the case where somebody is + * connecting from another pid/uid namespace + * (e.g. from outside of our container). */ + if (asprintf(&r, + "%u-unknown", + nr) < 0) + return -ENOMEM; + } else return k; - if (asprintf(&r, - "%u-%lu-%lu", - nr, - (unsigned long) ucred.pid, - (unsigned long) ucred.uid) < 0) - return -ENOMEM; - break; } |