summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-04-19 21:58:03 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-04-19 23:26:57 -0400
commitd38f6e34a618e2d100b06888e0810f776eb83510 (patch)
treebd8f8cbb34bd109f3ba200dddf4f9fb181b71f4e /src
parenta555350d47c4b70d716a63424933b34902c98300 (diff)
Handle Unix domain socket connections from outside our namespace v2
This is a second attempt at 9754d56, reverted in 2f20a8e, because I lost a 'break;' when moving chunks around.
Diffstat (limited to 'src')
-rw-r--r--src/core/socket.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/src/core/socket.c b/src/core/socket.c
index 7c18a2b75c..536904f309 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -663,16 +663,22 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
int k;
k = getpeercred(fd, &ucred);
- if (k < 0)
+ if (k >= 0) {
+ if (asprintf(&r,
+ "%u-"PID_FMT"-"UID_FMT,
+ nr, ucred.pid, ucred.uid) < 0)
+ return -ENOMEM;
+ } else if (k == -ENODATA) {
+ /* This handles the case where somebody is
+ * connecting from another pid/uid namespace
+ * (e.g. from outside of our container). */
+ if (asprintf(&r,
+ "%u-unknown",
+ nr) < 0)
+ return -ENOMEM;
+ } else
return k;
- if (asprintf(&r,
- "%u-%lu-%lu",
- nr,
- (unsigned long) ucred.pid,
- (unsigned long) ucred.uid) < 0)
- return -ENOMEM;
-
break;
}