diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-03-11 02:41:13 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-03-11 02:41:13 +0100 |
commit | 0cb9fbcd44517ec90b2a678876194607beab5dec (patch) | |
tree | bf2b481258bacb117061e2796ee4e29bf5b4ff04 /src/shared | |
parent | d96c1ecf7bf9dae6b0cb728e41d09999ecce0b4a (diff) |
nspawn: when resoliving UIDs/GIDs for "-u", do so in forked off /usr/bin/getent instead of in-process
When the container runs a different native architecture than the host we
shouldn't attempt to load the container's NSS modules with the host's
libc. Instead, resolve UID/GID by invoking /usr/bin/getent in the
container. The tool should be fairly universally available and allows us
to do resolving of the UID/GID with the container's libc in a parsable
format.
https://bugs.freedesktop.org/show_bug.cgi?id=75733
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/mkdir.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c index 4a2cd5e662..b35551eb02 100644 --- a/src/shared/mkdir.c +++ b/src/shared/mkdir.c @@ -41,7 +41,9 @@ int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkd if (lstat(path, &st) < 0) return -errno; - if ((st.st_mode & 0777) != mode || + if ((st.st_mode & 0007) > (mode & 0007) || + (st.st_mode & 0070) > (mode & 0070) || + (st.st_mode & 0700) > (mode & 0700) || (uid != (uid_t) -1 && st.st_uid != uid) || (gid != (gid_t) -1 && st.st_gid != gid) || !S_ISDIR(st.st_mode)) { |