diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-04-25 12:48:05 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2016-04-25 12:50:13 +0200 |
| commit | 4aeb20f5aaec25ef969989b64d37377913b2a1ef (patch) | |
| tree | 27044cdb74a1204974cbafba58628dc4a8ef1984 /src/nspawn | |
| parent | 88cd066e11aef5dd73b563c1753ad8bf4dfd9f62 (diff) | |
nspawn: when readjusting UID/GID ownership of OS trees, skip read-only subtrees
This should allow tools like rkt to pre-mount read-only subtrees in the OS
tree, without breaking the patching code.
Note that the code will still fail, if the top-level directory is already
read-only.
Diffstat (limited to 'src/nspawn')
| -rw-r--r-- | src/nspawn/nspawn-patch-uid.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/nspawn/nspawn-patch-uid.c b/src/nspawn/nspawn-patch-uid.c index 429c45a3a7..c7382d412d 100644 --- a/src/nspawn/nspawn-patch-uid.c +++ b/src/nspawn/nspawn-patch-uid.c @@ -303,7 +303,7 @@ static int is_procfs_sysfs_or_suchlike(int fd) { F_TYPE_EQUAL(sfs.f_type, SYSFS_MAGIC); } -static int recurse_fd(int fd, bool donate_fd, const struct stat *st, uid_t shift) { +static int recurse_fd(int fd, bool donate_fd, const struct stat *st, uid_t shift, bool is_toplevel) { bool changed = false; int r; @@ -321,6 +321,18 @@ static int recurse_fd(int fd, bool donate_fd, const struct stat *st, uid_t shift } r = patch_fd(fd, NULL, st, shift); + if (r == -EROFS) { + _cleanup_free_ char *name = NULL; + + if (!is_toplevel) { + /* When we hit a ready-only subtree we simply skip it, but log about it. */ + (void) fd_get_path(fd, &name); + log_debug("Skippping read-only file or directory %s.", strna(name)); + r = 0; + } + + goto finish; + } if (r < 0) goto finish; @@ -369,7 +381,7 @@ static int recurse_fd(int fd, bool donate_fd, const struct stat *st, uid_t shift } - r = recurse_fd(subdir_fd, true, &fst, shift); + r = recurse_fd(subdir_fd, true, &fst, shift, false); if (r < 0) goto finish; if (r > 0) @@ -433,7 +445,7 @@ static int fd_patch_uid_internal(int fd, bool donate_fd, uid_t shift, uid_t rang if (((uint32_t) (st.st_uid ^ shift) >> 16) == 0) return 0; - return recurse_fd(fd, donate_fd, &st, shift); + return recurse_fd(fd, donate_fd, &st, shift, true); finish: if (donate_fd) |