Merge pull request #5098 from evverx/fix-nspawn-notifications

nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root
author: Djalal Harouni <tixxdz@opendz.org> 2017-01-18 14:36:07 +0100
committer: GitHub <noreply@github.com> 2017-01-18 14:36:07 +0100
commit: 0819dd72df6fc552ea5ca4ea948e4a3c1d2fe78f (patch)
tree: 4e91e7cd5e5032caa9c90a7d8271378d65db1697 /src/nspawn
parent: 5b3637b44a28d3fb2ba8b272905c64d9dbae4d26 (diff)
parent: 9bcef20646b6313e42f8ccd1b1b554553bb364c9 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78ae2f4a0f..532be148a6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2363,6 +2363,12 @@ static int setup_sd_notify_child(void) {
                 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
         }
 
+        r = userns_lchown(NSPAWN_NOTIFY_SOCKET_PATH, 0, 0);
+        if (r < 0) {
+                safe_close(fd);
+                return log_error_errno(r, "Failed to chown " NSPAWN_NOTIFY_SOCKET_PATH ": %m");
+        }
+
         r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
         if (r < 0) {
                 safe_close(fd);
author	Djalal Harouni <tixxdz@opendz.org>	2017-01-18 14:36:07 +0100
committer	GitHub <noreply@github.com>	2017-01-18 14:36:07 +0100
commit	0819dd72df6fc552ea5ca4ea948e4a3c1d2fe78f (patch)
tree	4e91e7cd5e5032caa9c90a7d8271378d65db1697 /src/nspawn
parent	5b3637b44a28d3fb2ba8b272905c64d9dbae4d26 (diff)
parent	9bcef20646b6313e42f8ccd1b1b554553bb364c9 (diff)