diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-01-22 18:19:58 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-22 18:19:58 +0100 |
commit | 7315edd36a144e746dbcc43cef2206441969ca34 (patch) | |
tree | cf65f59208c81d2b77d864e0a0c576794e123182 /src/import | |
parent | 2c140ded48fc31e3c80a92a1f755a2b1ab6e1a30 (diff) |
import: lock tar into its own private network namespace
That way it cannot get access to the network
Diffstat (limited to 'src/import')
-rw-r--r-- | src/import/import-common.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/import/import-common.c b/src/import/import-common.c index b490c435d2..f4643133e9 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -507,11 +507,12 @@ int import_fork_tar(const char *path, pid_t *ret) { fd_cloexec(STDOUT_FILENO, false); fd_cloexec(STDERR_FILENO, false); + if (unshare(CLONE_NEWNET) < 0) + log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); + r = capability_bounding_set_drop(~retain, true); - if (r < 0) { - log_error_errno(errno, "Failed to drop capabilities, ignoring: %m"); - _exit(EXIT_FAILURE); - } + if (r < 0) + log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); execlp("tar", "tar", "--numeric-owner", "-C", path, "-px", NULL); log_error_errno(errno, "Failed to execute tar: %m"); |