summaryrefslogtreecommitdiff
path: root/src/shared
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-03-11 02:41:13 +0100
committerLennart Poettering <lennart@poettering.net>2014-03-11 02:41:13 +0100
commit0cb9fbcd44517ec90b2a678876194607beab5dec (patch)
treebf2b481258bacb117061e2796ee4e29bf5b4ff04 /src/shared
parentd96c1ecf7bf9dae6b0cb728e41d09999ecce0b4a (diff)
nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process
When the container runs a different native architecture than the host we shouldn't attempt to load the container's NSS modules with the host's libc. Instead, resolve UID/GID by invoking /usr/bin/getent in the container. The tool should be fairly universally available and allows us to do resolving of the UID/GID with the container's libc in a parsable format. https://bugs.freedesktop.org/show_bug.cgi?id=75733
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/mkdir.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c
index 4a2cd5e662..b35551eb02 100644
--- a/src/shared/mkdir.c
+++ b/src/shared/mkdir.c
@@ -41,7 +41,9 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkd
if (lstat(path, &st) < 0)
return -errno;
- if ((st.st_mode & 0777) != mode ||
+ if ((st.st_mode & 0007) > (mode & 0007) ||
+ (st.st_mode & 0070) > (mode & 0070) ||
+ (st.st_mode & 0700) > (mode & 0700) ||
(uid != (uid_t) -1 && st.st_uid != uid) ||
(gid != (gid_t) -1 && st.st_gid != gid) ||
!S_ISDIR(st.st_mode)) {