diff options
-rw-r--r-- | src/nspawn/nspawn-mount.c | 27 | ||||
-rw-r--r-- | src/nspawn/nspawn-mount.h | 2 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 4 |
3 files changed, 11 insertions, 22 deletions
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 1814ea6ca5..dfd5e665c1 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -182,17 +182,13 @@ int tmpfs_mount_parse(CustomMount **l, unsigned *n, const char *s) { static int tmpfs_patch_options( const char *options, - bool userns, - uid_t uid_shift, uid_t uid_range, - bool patch_ids, + uid_t uid_shift, const char *selinux_apifs_context, char **ret) { char *buf = NULL; - if ((userns && uid_shift != 0) || patch_ids) { - assert(uid_shift != UID_INVALID); - + if (uid_shift != UID_INVALID) { if (options) (void) asprintf(&buf, "%s,uid=" UID_FMT ",gid=" UID_FMT, options, uid_shift, uid_shift); else @@ -361,9 +357,9 @@ static int mkdir_userns_p(const char *prefix, const char *path, mode_t mode, boo } int mount_all(const char *dest, - bool use_userns, bool in_userns, + bool in_userns, bool use_netns, - uid_t uid_shift, uid_t uid_range, + uid_t uid_shift, const char *selinux_apifs_context) { typedef struct MountPoint { @@ -432,10 +428,7 @@ int mount_all(const char *dest, o = mount_table[k].options; if (streq_ptr(mount_table[k].type, "tmpfs")) { - if (in_userns) - r = tmpfs_patch_options(o, use_userns, 0, uid_range, true, selinux_apifs_context, &options); - else - r = tmpfs_patch_options(o, use_userns, uid_shift, uid_range, false, selinux_apifs_context, &options); + r = tmpfs_patch_options(o, in_userns ? 0 : uid_shift, selinux_apifs_context, &options); if (r < 0) return log_oom(); if (r > 0) @@ -569,7 +562,7 @@ static int mount_tmpfs( if (r < 0 && r != -EEXIST) return log_error_errno(r, "Creating mount point for tmpfs %s failed: %m", where); - r = tmpfs_patch_options(m->options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(m->options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); options = r > 0 ? buf : m->options; @@ -790,7 +783,7 @@ static int mount_legacy_cgns_supported( * uid/gid as seen from e.g. /proc/1/mountinfo. So we simply * pass uid 0 and not uid_shift to tmpfs_patch_options(). */ - r = tmpfs_patch_options("mode=755", userns, 0, uid_range, true, selinux_apifs_context, &options); + r = tmpfs_patch_options("mode=755", 0, selinux_apifs_context, &options); if (r < 0) return log_oom(); @@ -883,7 +876,7 @@ static int mount_legacy_cgns_unsupported( if (r == 0) { _cleanup_free_ char *options = NULL; - r = tmpfs_patch_options("mode=755", userns, uid_shift, uid_range, false, selinux_apifs_context, &options); + r = tmpfs_patch_options("mode=755", uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &options); if (r < 0) return log_oom(); @@ -1066,7 +1059,7 @@ int setup_volatile_state( return log_error_errno(errno, "Failed to create %s: %m", directory); options = "mode=755"; - r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); if (r > 0) @@ -1099,7 +1092,7 @@ int setup_volatile( return log_error_errno(errno, "Failed to create temporary directory: %m"); options = "mode=755"; - r = tmpfs_patch_options(options, userns, uid_shift, uid_range, false, selinux_apifs_context, &buf); + r = tmpfs_patch_options(options, uid_shift == 0 ? UID_INVALID : uid_shift, selinux_apifs_context, &buf); if (r < 0) return log_oom(); if (r > 0) diff --git a/src/nspawn/nspawn-mount.h b/src/nspawn/nspawn-mount.h index 7307a838a5..ea2c011986 100644 --- a/src/nspawn/nspawn-mount.h +++ b/src/nspawn/nspawn-mount.h @@ -57,7 +57,7 @@ int tmpfs_mount_parse(CustomMount **l, unsigned *n, const char *s); int custom_mount_compare(const void *a, const void *b); -int mount_all(const char *dest, bool use_userns, bool in_userns, bool use_netns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context); +int mount_all(const char *dest, bool in_userns, bool use_netns, uid_t uid_shift, const char *selinux_apifs_context); int mount_sysfs(const char *dest); int mount_cgroups(const char *dest, CGroupUnified unified_requested, bool userns, uid_t uid_shift, uid_t uid_range, const char *selinux_apifs_context, bool use_cgns); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 51078feccd..48ae112fe2 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -2685,11 +2685,9 @@ static int inner_child( return log_error_errno(r, "Couldn't become new root: %m"); r = mount_all(NULL, - arg_userns_mode != USER_NAMESPACE_NO, true, arg_private_network, arg_uid_shift, - arg_uid_range, arg_selinux_apifs_context); if (r < 0) @@ -3056,11 +3054,9 @@ static int outer_child( } r = mount_all(directory, - arg_userns_mode != USER_NAMESPACE_NO, false, arg_private_network, arg_uid_shift, - arg_uid_range, arg_selinux_apifs_context); if (r < 0) return r; |