nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root

Fixes #4944
author: Evgeny Vereshchagin <evvers@ya.ru> 2017-01-17 01:19:34 +0000
committer: Evgeny Vereshchagin <evvers@ya.ru> 2017-01-17 08:40:05 +0000
commit: adc7d9f0da58589a85d278b2b0e92b8cd55cb99a (patch)
tree: 21a7ec29cb05874a741a7634ac669b5aab9cd5dc /src/nspawn
parent: 542ca7c9d2e4eea93771c4f829972d42fea7602b (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78ae2f4a0f..532be148a6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2363,6 +2363,12 @@ static int setup_sd_notify_child(void) {
                 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
         }
 
+        r = userns_lchown(NSPAWN_NOTIFY_SOCKET_PATH, 0, 0);
+        if (r < 0) {
+                safe_close(fd);
+                return log_error_errno(r, "Failed to chown " NSPAWN_NOTIFY_SOCKET_PATH ": %m");
+        }
+
         r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
         if (r < 0) {
                 safe_close(fd);
author	Evgeny Vereshchagin <evvers@ya.ru>	2017-01-17 01:19:34 +0000
committer	Evgeny Vereshchagin <evvers@ya.ru>	2017-01-17 08:40:05 +0000
commit	adc7d9f0da58589a85d278b2b0e92b8cd55cb99a (patch)
tree	21a7ec29cb05874a741a7634ac669b5aab9cd5dc /src/nspawn
parent	542ca7c9d2e4eea93771c4f829972d42fea7602b (diff)