[systemd-commits] src/nspawn src/shared

Lennart Poettering lennart at kemper.freedesktop.org
Thu May 14 13:54:16 PDT 2015 

 src/nspawn/nspawn.c |   19 +++++++++++++++++++
 src/shared/util.c   |    9 +++++++++
 src/shared/util.h   |    1 +
 3 files changed, 29 insertions(+)

New commits:
commit ce5b3ad4508fa6d561fcccff0852afaace1d82ac
Author: Stefan Junker <code at stefanjunker.de>
Date:   Thu May 14 22:51:05 2015 +0200

    nspawn: allow access to device nodes listed in --bind= and --bind-ro= switches
    
    https://bugs.freedesktop.org/show_bug.cgi?id=90385

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index fbf2344..8aa7b45 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2210,6 +2210,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
         } else {
                 _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
                 char **i;
+                unsigned j;
 
                 r = sd_bus_message_new_method_call(
                                 bus,
@@ -2276,6 +2277,24 @@ static int register_machine(pid_t pid, int local_ifindex) {
                 if (r < 0)
                         return bus_log_create_error(r);
 
+                for (j = 0; j < arg_n_custom_mounts; j++) {
+                        CustomMount *cm = &arg_custom_mounts[j];
+
+                        if (cm->type != CUSTOM_MOUNT_BIND)
+                                continue;
+
+                        r = is_device_node(cm->source);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to stat %s: %m", cm->source);
+
+                        if (r) {
+                                r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1,
+                                        cm->source, cm->read_only ? "r" : "rw");
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to append message arguments: %m");
+                        }
+                }
+
                 if (arg_kill_signal != 0) {
                         r = sd_bus_message_append(m, "(sv)", "KillSignal", "i", arg_kill_signal);
                         if (r < 0)
diff --git a/src/shared/util.c b/src/shared/util.c
index 72711e1..dda88bd 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5435,6 +5435,15 @@ int is_dir(const char* path, bool follow) {
         return !!S_ISDIR(st.st_mode);
 }
 
+int is_device_node(const char *path) {
+        struct stat info;
+
+        if (lstat(path, &info) < 0)
+                return -errno;
+
+        return !!(S_ISBLK(info.st_mode) || S_ISCHR(info.st_mode));
+}
+
 int unquote_first_word(const char **p, char **ret, UnquoteFlags flags) {
         _cleanup_free_ char *s = NULL;
         size_t allocated = 0, sz = 0;
diff --git a/src/shared/util.h b/src/shared/util.h
index 0c81e3d..22f505c 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -852,6 +852,7 @@ int take_password_lock(const char *root);
 
 int is_symlink(const char *path);
 int is_dir(const char *path, bool follow);
+int is_device_node(const char *path);
 
 typedef enum UnquoteFlags {
         UNQUOTE_RELAX     = 1,

More information about the systemd-commits mailing list