diff options
Diffstat (limited to 'src/systemd-nspawn')
| l--------- | src/systemd-nspawn/GNUmakefile | 1 | ||||
| -rw-r--r-- | src/systemd-nspawn/Makefile | 12 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-expose-ports.c | 3 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-mount.h | 1 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-network.c | 1 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-register.c | 2 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-seccomp.h | 2 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-setuid.c | 71 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn-stub-pid1.c | 4 | ||||
| -rw-r--r-- | src/systemd-nspawn/nspawn.c | 1 |
10 files changed, 24 insertions, 74 deletions
diff --git a/src/systemd-nspawn/GNUmakefile b/src/systemd-nspawn/GNUmakefile new file mode 120000 index 0000000000..54fdd42278 --- /dev/null +++ b/src/systemd-nspawn/GNUmakefile @@ -0,0 +1 @@ +../../GNUmakefile
\ No newline at end of file diff --git a/src/systemd-nspawn/Makefile b/src/systemd-nspawn/Makefile index c0fc3bd98e..e43f5a2493 100644 --- a/src/systemd-nspawn/Makefile +++ b/src/systemd-nspawn/Makefile @@ -45,11 +45,7 @@ systemd_nspawn_SOURCES = \ src/nspawn/nspawn-stub-pid1.c \ src/nspawn/nspawn-stub-pid1.h \ src/nspawn/nspawn-patch-uid.c \ - src/nspawn/nspawn-patch-uid.h \ - src/core/mount-setup.c \ - src/core/mount-setup.h \ - src/core/loopback-setup.c \ - src/core/loopback-setup.h + src/nspawn/nspawn-patch-uid.h nodist_systemd_nspawn_SOURCES = \ src/nspawn/nspawn-gperf.c @@ -64,6 +60,9 @@ systemd_nspawn_CFLAGS = \ $(SELINUX_CFLAGS) systemd_nspawn_LDADD = \ + libcore.la \ + libsystemd-blkid.la \ + libsystemd-internal.la \ libsystemd-shared.la \ $(ACL_LIBS) \ $(BLKID_LIBS) \ @@ -90,4 +89,7 @@ test_patch_uid_LDADD = \ manual_tests += \ test-patch-uid +dist_tmpfiles_DATA = \ + tmpfiles.d/systemd-nspawn.conf + include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/systemd-nspawn/nspawn-expose-ports.c b/src/systemd-nspawn/nspawn-expose-ports.c index 1ecebe8e30..b5c4942907 100644 --- a/src/systemd-nspawn/nspawn-expose-ports.c +++ b/src/systemd-nspawn/nspawn-expose-ports.c @@ -17,8 +17,6 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ -#include "sd-netlink/local-addresses.h" -#include "sd-netlink/netlink-util.h" #include "systemd-basic/alloc-util.h" #include "systemd-basic/fd-util.h" #include "systemd-basic/in-addr-util.h" @@ -27,6 +25,7 @@ #include "systemd-basic/string-util.h" #include "systemd-basic/util.h" #include "systemd-firewall/firewall-util.h" +#include "systemd-shared/local-addresses.h" #include "systemd-staging/sd-netlink.h" #include "nspawn-expose-ports.h" diff --git a/src/systemd-nspawn/nspawn-mount.h b/src/systemd-nspawn/nspawn-mount.h index 0d58439df3..8601dfdad3 100644 --- a/src/systemd-nspawn/nspawn-mount.h +++ b/src/systemd-nspawn/nspawn-mount.h @@ -20,6 +20,7 @@ ***/ #include <stdbool.h> +#include <sys/types.h> #include "systemd-basic/cgroup-util.h" diff --git a/src/systemd-nspawn/nspawn-network.c b/src/systemd-nspawn/nspawn-network.c index 2e0760ec86..2fae23376c 100644 --- a/src/systemd-nspawn/nspawn-network.c +++ b/src/systemd-nspawn/nspawn-network.c @@ -24,7 +24,6 @@ #include <libudev.h> #include <systemd/sd-id128.h> -#include "sd-netlink/netlink-util.h" #include "systemd-basic/alloc-util.h" #include "systemd-basic/ether-addr-util.h" #include "systemd-basic/lockfile-util.h" diff --git a/src/systemd-nspawn/nspawn-register.c b/src/systemd-nspawn/nspawn-register.c index de3ee23f09..1e45b8e58f 100644 --- a/src/systemd-nspawn/nspawn-register.c +++ b/src/systemd-nspawn/nspawn-register.c @@ -19,7 +19,7 @@ #include <systemd/sd-bus.h> -#include "sd-bus/bus-error.h" +#include "sd-bus/bus-error.h" /* for bus_error_message */ #include "sd-bus/bus-util.h" #include "systemd-basic/stat-util.h" #include "systemd-basic/strv.h" diff --git a/src/systemd-nspawn/nspawn-seccomp.h b/src/systemd-nspawn/nspawn-seccomp.h index 5bde16faf9..a01e110c70 100644 --- a/src/systemd-nspawn/nspawn-seccomp.h +++ b/src/systemd-nspawn/nspawn-seccomp.h @@ -19,6 +19,6 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ -#include <sys/types.h> +#include <stdint.h> int setup_seccomp(uint64_t cap_list_retain); diff --git a/src/systemd-nspawn/nspawn-setuid.c b/src/systemd-nspawn/nspawn-setuid.c index 129d3acc5f..7d0d47c5b1 100644 --- a/src/systemd-nspawn/nspawn-setuid.c +++ b/src/systemd-nspawn/nspawn-setuid.c @@ -18,6 +18,8 @@ ***/ #include <grp.h> +#include <pwd.h> +#include <stdio.h> #include <sys/types.h> #include <unistd.h> @@ -88,7 +90,8 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) { } int change_uid_gid(const char *user, char **_home) { - char line[LINE_MAX], *x, *u, *g, *h; + char line[LINE_MAX], *x; + struct passwd *pw; const char *word, *state; _cleanup_free_ uid_t *uids = NULL; _cleanup_free_ char *home = NULL; @@ -124,8 +127,9 @@ int change_uid_gid(const char *user, char **_home) { return log_oom(); fd = -1; - if (!fgets(line, sizeof(line), f)) { - if (!ferror(f)) { + errno = 0; + if (!(pw = fgetpwent(f))) { + if (!errno) { log_error("Failed to resolve user %s.", user); return -ESRCH; } @@ -133,66 +137,11 @@ int change_uid_gid(const char *user, char **_home) { return log_error_errno(errno, "Failed to read from getent: %m"); } - truncate_nl(line); - wait_for_terminate_and_warn("getent passwd", pid, true); - x = strchr(line, ':'); - if (!x) { - log_error("/etc/passwd entry has invalid user field."); - return -EIO; - } - - u = strchr(x+1, ':'); - if (!u) { - log_error("/etc/passwd entry has invalid password field."); - return -EIO; - } - - u++; - g = strchr(u, ':'); - if (!g) { - log_error("/etc/passwd entry has invalid UID field."); - return -EIO; - } - - *g = 0; - g++; - x = strchr(g, ':'); - if (!x) { - log_error("/etc/passwd entry has invalid GID field."); - return -EIO; - } - - *x = 0; - h = strchr(x+1, ':'); - if (!h) { - log_error("/etc/passwd entry has invalid GECOS field."); - return -EIO; - } - - h++; - x = strchr(h, ':'); - if (!x) { - log_error("/etc/passwd entry has invalid home directory field."); - return -EIO; - } - - *x = 0; - - r = parse_uid(u, &uid); - if (r < 0) { - log_error("Failed to parse UID of user."); - return -EIO; - } - - r = parse_gid(g, &gid); - if (r < 0) { - log_error("Failed to parse GID of user."); - return -EIO; - } - - home = strdup(h); + uid = pw->pw_uid; + gid = pw->pw_gid; + home = strdup(pw->pw_dir); if (!home) return log_oom(); diff --git a/src/systemd-nspawn/nspawn-stub-pid1.c b/src/systemd-nspawn/nspawn-stub-pid1.c index 36d7bfc7c4..208c6f30aa 100644 --- a/src/systemd-nspawn/nspawn-stub-pid1.c +++ b/src/systemd-nspawn/nspawn-stub-pid1.c @@ -42,8 +42,8 @@ int stub_pid1(void) { pid_t pid; int r; - /* Implements a stub PID 1, that reaps all processes and processes a couple of standard signals. This is useful - * for allowing arbitrary processes run in a container, and still have all zombies reaped. */ + /* Implements a stub PID 1, that reaps all processes and handles a couple of standard signals. This is useful + * for allowing arbitrary processes to run in a container, and still have all zombies reaped. */ assert_se(sigfillset(&fullmask) >= 0); assert_se(sigprocmask(SIG_BLOCK, &fullmask, &oldmask) >= 0); diff --git a/src/systemd-nspawn/nspawn.c b/src/systemd-nspawn/nspawn.c index 5a3624fad1..9514152b5b 100644 --- a/src/systemd-nspawn/nspawn.c +++ b/src/systemd-nspawn/nspawn.c @@ -46,7 +46,6 @@ #include "core/loopback-setup.h" #include "sd-id128/id128-util.h" -#include "sd-netlink/netlink-util.h" #include "systemd-basic/alloc-util.h" #include "systemd-basic/barrier.h" #include "systemd-basic/btrfs-util.h" |