From a79366e22a43ed81017e2d8c2426431d369f3cfa Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 24 Aug 2015 21:09:16 +0200
Subject: machined: userns is only supported for container-class machines

We do not support userns for VM machines or for the host itself.
---
 src/machine/machined-dbus.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src')

diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 29649899ed..0d52c693e4 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -882,6 +882,9 @@ static int method_map_from_machine_user(sd_bus_message *message, void *userdata,
         if (!machine)
                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
 
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
         p = procfs_file_alloca(machine->leader, "uid_map");
         f = fopen(p, "re");
         if (!f)
@@ -934,6 +937,9 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
                 _cleanup_fclose_ FILE *f = NULL;
                 char p[strlen("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
 
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
                 xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
                 f = fopen(p, "re");
                 if (!f) {
@@ -994,6 +1000,9 @@ static int method_map_from_machine_group(sd_bus_message *message, void *groupdat
         if (!machine)
                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
 
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
         p = procfs_file_alloca(machine->leader, "gid_map");
         f = fopen(p, "re");
         if (!f)
@@ -1046,6 +1055,9 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
                 _cleanup_fclose_ FILE *f = NULL;
                 char p[strlen("/proc//gid_map") + DECIMAL_STR_MAX(pid_t) + 1];
 
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
                 xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
                 f = fopen(p, "re");
                 if (!f) {
-- 
cgit v1.2.3-54-g00ecf