diff options
| author | Alessandro Puccetti <alessandro@kinvolk.io> | 2016-07-06 09:48:58 +0200 | 
|---|---|---|
| committer | Alessandro Puccetti <alessandro@kinvolk.io> | 2016-07-19 17:22:02 +0200 | 
| commit | c4b41707462a74eb7008e8d12a0b4d0a0c09bff4 (patch) | |
| tree | ff6991bfe6b79f53d501c061792cc428a8a38910 /src | |
| parent | 14eb41b2a45f0ab56b06054c7bc40c3613b23e82 (diff) | |
namespace: unify limit behavior on non-directory paths
Despite the name, `Read{Write,Only}Directories=` already allows for
regular file paths to be masked. This commit adds the same behavior
to `InaccessibleDirectories=` and makes it explicit in the doc.
This patch introduces `/run/systemd/inaccessible/{reg,dir,chr,blk,fifo,sock}`
{dile,device}nodes and mounts on the appropriate one the paths specified
in `InacessibleDirectories=`.
Based on Luca's patch from https://github.com/systemd/systemd/pull/3327
Diffstat (limited to 'src')
| -rw-r--r-- | src/basic/mount-util.c | 18 | ||||
| -rw-r--r-- | src/basic/mount-util.h | 2 | ||||
| -rw-r--r-- | src/core/dbus-execute.c | 12 | ||||
| -rw-r--r-- | src/core/mount-setup.c | 14 | ||||
| -rw-r--r-- | src/core/namespace.c | 31 | 
5 files changed, 60 insertions, 17 deletions
| diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c index 90b7a885a8..63dff3dd5c 100644 --- a/src/basic/mount-util.c +++ b/src/basic/mount-util.c @@ -532,3 +532,21 @@ int repeat_unmount(const char *path, int flags) {                  done = true;          }  } + +const char* mode_to_inaccessible_node(mode_t mode) { +        switch(mode & S_IFMT) { +                case S_IFREG: +                        return "/run/systemd/inaccessible/reg"; +                case S_IFDIR: +                        return "/run/systemd/inaccessible/dir"; +                case S_IFCHR: +                        return "/run/systemd/inaccessible/chr"; +                case S_IFBLK: +                        return "/run/systemd/inaccessible/blk"; +                case S_IFIFO: +                        return "/run/systemd/inaccessible/fifo"; +                case S_IFSOCK: +                        return "/run/systemd/inaccessible/sock"; +        } +        return NULL; +} diff --git a/src/basic/mount-util.h b/src/basic/mount-util.h index bdb525d6b0..f46989ebb3 100644 --- a/src/basic/mount-util.h +++ b/src/basic/mount-util.h @@ -49,4 +49,6 @@ union file_handle_union {          char padding[sizeof(struct file_handle) + MAX_HANDLE_SZ];  }; +const char* mode_to_inaccessible_node(mode_t mode); +  #define FILE_HANDLE_INIT { .handle.handle_bytes = MAX_HANDLE_SZ } diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c index 644b9561b5..4588ecad09 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -1346,12 +1346,12 @@ int bus_exec_context_set_transient_property(                  if (mode != UNIT_CHECK) {                          _cleanup_free_ char *joined = NULL; -                        if (streq(name, "ReadWriteDirectories")) -                                dirs = &c->read_write_dirs; -                        else if (streq(name, "ReadOnlyDirectories")) -                                dirs = &c->read_only_dirs; -                        else /* "InaccessibleDirectories" */ -                                dirs = &c->inaccessible_dirs; +                        if (STR_IN_SET(name, "ReadWriteDirectories", "ReadWritePaths")) +                                dirs = &c->read_write_paths; +                        else if (STR_IN_SET(name, "ReadOnlyDirectories", "ReadOnlyPaths")) +                                dirs = &c->read_only_paths; +                        else /* "InaccessiblePaths" */ +                                dirs = &c->inaccessible_paths;                          if (strv_length(l) == 0) {                                  *dirs = strv_free(*dirs); diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index f9c9b4a91f..5d8ab0ec70 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -28,6 +28,7 @@  #include "cgroup-util.h"  #include "dev-setup.h"  #include "efivars.h" +#include "fs-util.h"  #include "label.h"  #include "log.h"  #include "macro.h" @@ -403,9 +404,16 @@ int mount_setup(bool loaded_policy) {           * really needs to stay for good, otherwise software that           * copied sd-daemon.c into their sources will misdetect           * systemd. */ -        mkdir_label("/run/systemd", 0755); -        mkdir_label("/run/systemd/system", 0755); -        mkdir_label("/run/systemd/inaccessible", 0000); +        (void) mkdir_label("/run/systemd", 0755); +        (void) mkdir_label("/run/systemd/system", 0755); +        (void) mkdir_label("/run/systemd/inaccessible", 0000); +        /* Set up inaccessible items */ +        (void) mknod("/run/systemd/inaccessible/reg", S_IFREG | 0000, 0); +        (void) mkdir_label("/run/systemd/inaccessible/dir", 0000); +        (void) mknod("/run/systemd/inaccessible/chr", S_IFCHR | 0000, makedev(0, 0)); +        (void) mknod("/run/systemd/inaccessible/blk", S_IFBLK | 0000, makedev(0, 0)); +        (void) mkfifo("/run/systemd/inaccessible/fifo", 0000); +        (void) mknod("/run/systemd/inaccessible/sock", S_IFSOCK | 0000, 0);          return 0;  } diff --git a/src/core/namespace.c b/src/core/namespace.c index 203d122810..e465e825a1 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -278,6 +278,7 @@ static int apply_mount(          const char *what;          int r; +        struct stat target;          assert(m); @@ -287,12 +288,22 @@ static int apply_mount(                  /* First, get rid of everything that is below if there                   * is anything... Then, overmount it with an -                 * inaccessible directory. */ +                 * inaccessible path. */                  umount_recursive(m->path, 0); -                what = "/run/systemd/inaccessible"; -                break; +                r = lstat(m->path, &target); +                if (r != 0) { +                        if (m->ignore && errno == ENOENT) +                                return 0; +                        return -errno; +                } +                what = mode_to_inaccessible_node(target.st_mode); +                if (what == NULL) { +                        log_debug("File type not supported. Note that symlinks are not allowed"); +                        return -ELOOP; +                } +                break;          case READONLY:          case READWRITE:                  /* Nothing to mount here, we just later toggle the @@ -317,12 +328,16 @@ static int apply_mount(          assert(what);          r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL); -        if (r >= 0) +        if (r >= 0) {                  log_debug("Successfully mounted %s to %s", what, m->path); -        else if (m->ignore && errno == ENOENT) -                return 0; - -        return r; +                return r; +        } +        else { +                if (m->ignore && errno == ENOENT) +                        return 0; +                log_debug("Failed mounting %s to %s: %s", what, m->path, strerror(errno)); +                return -errno; +        }  }  static int make_read_only(BindMount *m) { | 
