diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-12-24 19:31:44 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-12-24 19:31:44 +0100 |
| commit | 751bc6ac79320bc16e63e8c1bbb713c30a3b7bc9 (patch) | |
| tree | 513508ade203dc372d6aabbfcb8bf5e6cc490dc6 /src/libsystemd-bus | |
| parent | 4e6a9570b698b335c6f59ec3556dfb3e95817d75 (diff) | |
bus: properly shift cgroup data returned from kdbus by the container's root before parsing
Diffstat (limited to 'src/libsystemd-bus')
| -rw-r--r-- | src/libsystemd-bus/bus-control.c | 13 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-creds.c | 50 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-creds.h | 2 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-internal.h | 2 | ||||
| -rw-r--r-- | src/libsystemd-bus/bus-kernel.c | 10 | ||||
| -rw-r--r-- | src/libsystemd-bus/sd-bus.c | 1 |
6 files changed, 73 insertions, 5 deletions
diff --git a/src/libsystemd-bus/bus-control.c b/src/libsystemd-bus/bus-control.c index 55986f349b..511ca20ee3 100644 --- a/src/libsystemd-bus/bus-control.c +++ b/src/libsystemd-bus/bus-control.c @@ -33,6 +33,7 @@ #include "bus-control.h" #include "bus-bloom.h" #include "bus-util.h" +#include "cgroup-util.h" _public_ int sd_bus_get_unique_name(sd_bus *bus, const char **unique) { int r; @@ -489,6 +490,18 @@ static int bus_get_owner_kdbus( goto fail; } + if (!bus->cgroup_root) { + r = cg_get_root_path(&bus->cgroup_root); + if (r < 0) + goto fail; + } + + c->cgroup_root = strdup(bus->cgroup_root); + if (!c->cgroup_root) { + r = -ENOMEM; + goto fail; + } + c->mask |= m; } break; diff --git a/src/libsystemd-bus/bus-creds.c b/src/libsystemd-bus/bus-creds.c index ffd72a7a3d..b2cf687377 100644 --- a/src/libsystemd-bus/bus-creds.c +++ b/src/libsystemd-bus/bus-creds.c @@ -91,6 +91,7 @@ _public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) { free(c->capability); free(c->label); free(c->unique_name); + free(c->cgroup_root); free(c); } } else { @@ -283,7 +284,13 @@ _public_ int sd_bus_creds_get_unit(sd_bus_creds *c, const char **ret) { assert(c->cgroup); if (!c->unit) { - r = cg_path_get_unit(c->cgroup, (char**) &c->unit); + const char *shifted; + + r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted); + if (r < 0) + return r; + + r = cg_path_get_unit(shifted, (char**) &c->unit); if (r < 0) return r; } @@ -304,7 +311,13 @@ _public_ int sd_bus_creds_get_user_unit(sd_bus_creds *c, const char **ret) { assert(c->cgroup); if (!c->user_unit) { - r = cg_path_get_user_unit(c->cgroup, (char**) &c->user_unit); + const char *shifted; + + r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted); + if (r < 0) + return r; + + r = cg_path_get_user_unit(shifted, (char**) &c->user_unit); if (r < 0) return r; } @@ -325,7 +338,13 @@ _public_ int sd_bus_creds_get_slice(sd_bus_creds *c, const char **ret) { assert(c->cgroup); if (!c->slice) { - r = cg_path_get_slice(c->cgroup, (char**) &c->slice); + const char *shifted; + + r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted); + if (r < 0) + return r; + + r = cg_path_get_slice(shifted, (char**) &c->slice); if (r < 0) return r; } @@ -346,7 +365,13 @@ _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) { assert(c->cgroup); if (!c->session) { - r = cg_path_get_session(c->cgroup, (char**) &c->session); + const char *shifted; + + r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted); + if (r < 0) + return r; + + r = cg_path_get_session(shifted, (char**) &c->session); if (r < 0) return r; } @@ -356,6 +381,9 @@ _public_ int sd_bus_creds_get_session(sd_bus_creds *c, const char **ret) { } _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) { + const char *shifted; + int r; + assert_return(c, -EINVAL); assert_return(uid, -EINVAL); @@ -364,7 +392,11 @@ _public_ int sd_bus_creds_get_owner_uid(sd_bus_creds *c, uid_t *uid) { assert(c->cgroup); - return cg_path_get_owner_uid(c->cgroup, uid); + r = cg_shift_path(c->cgroup, c->cgroup_root, &shifted); + if (r < 0) + return r; + + return cg_path_get_owner_uid(shifted, uid); } _public_ int sd_bus_creds_get_cmdline(sd_bus_creds *c, char ***cmdline) { @@ -711,6 +743,10 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) { if (r < 0) return r; + r = cg_get_root_path(&c->cgroup_root); + if (r < 0) + return r; + c->mask |= missing & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID); } @@ -816,6 +852,10 @@ int bus_creds_extend_by_pid(sd_bus_creds *c, uint64_t mask, sd_bus_creds **ret) if (!n->cgroup) return -ENOMEM; + n->cgroup_root = strdup(c->cgroup_root); + if (!n->cgroup_root) + return -ENOMEM; + n->mask |= mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_OWNER_UID); } diff --git a/src/libsystemd-bus/bus-creds.h b/src/libsystemd-bus/bus-creds.h index 089a64bfca..d8b4aca2a0 100644 --- a/src/libsystemd-bus/bus-creds.h +++ b/src/libsystemd-bus/bus-creds.h @@ -62,6 +62,8 @@ struct sd_bus_creds { char *unique_name; char **well_known_names; + + char *cgroup_root; }; sd_bus_creds* bus_creds_new(void); diff --git a/src/libsystemd-bus/bus-internal.h b/src/libsystemd-bus/bus-internal.h index 673f30eb91..e4ef6e64ec 100644 --- a/src/libsystemd-bus/bus-internal.h +++ b/src/libsystemd-bus/bus-internal.h @@ -264,6 +264,8 @@ struct sd_bus { struct kdbus_creds fake_creds; char *fake_label; + + char *cgroup_root; }; #define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC)) diff --git a/src/libsystemd-bus/bus-kernel.c b/src/libsystemd-bus/bus-kernel.c index 19d97b7e00..8a5b210fe4 100644 --- a/src/libsystemd-bus/bus-kernel.c +++ b/src/libsystemd-bus/bus-kernel.c @@ -35,6 +35,7 @@ #include "bus-kernel.h" #include "bus-bloom.h" #include "bus-util.h" +#include "cgroup-util.h" #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t)) @@ -845,6 +846,15 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { case KDBUS_ITEM_CGROUP: m->creds.cgroup = d->str; m->creds.mask |= (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID) & bus->creds_mask; + + if (!bus->cgroup_root) { + r = cg_get_root_path(&bus->cgroup_root); + if (r < 0) + goto fail; + } + + m->creds.cgroup_root = bus->cgroup_root; + break; case KDBUS_ITEM_AUDIT: diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c index 910a5f8136..77690a07b1 100644 --- a/src/libsystemd-bus/sd-bus.c +++ b/src/libsystemd-bus/sd-bus.c @@ -142,6 +142,7 @@ static void bus_free(sd_bus *b) { free(b->kernel); free(b->machine); free(b->fake_label); + free(b->cgroup_root); free(b->exec_path); strv_free(b->exec_argv); |