[systemd-commits] 3 commits - src/core src/journal src/nspawn src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Wed May 20 05:51:56 PDT 2015
src/core/namespace.c | 16 ----------------
src/journal/journald-audit.c | 11 ++++++++---
src/nspawn/nspawn.c | 20 +++-----------------
src/shared/util.c | 43 +++++++++++++++++++++++++++++++++----------
src/shared/util.h | 4 ++++
5 files changed, 48 insertions(+), 46 deletions(-)
New commits:
commit b4da6d6bec4d303f90d957b2cf7d4eed678b1791
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed May 20 14:41:39 2015 +0200
util: introduce reset_uid_gid() for resetting all uids and gids to 0
diff --git a/src/shared/util.c b/src/shared/util.c
index c3b08bb..5f5cfcb 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -4686,16 +4686,7 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) {
return -errno;
}
- if (setresgid(0, 0, 0) < 0)
- return -errno;
-
- if (setgroups(0, NULL) < 0)
- return -errno;
-
- if (setresuid(0, 0, 0) < 0)
- return -errno;
-
- return 0;
+ return reset_uid_gid();
}
int getpeercred(int fd, struct ucred *ucred) {
@@ -6247,3 +6238,17 @@ int mount_move_root(const char *path) {
return 0;
}
+
+int reset_uid_gid(void) {
+
+ if (setgroups(0, NULL) < 0)
+ return -errno;
+
+ if (setresgid(0, 0, 0) < 0)
+ return -errno;
+
+ if (setresuid(0, 0, 0) < 0)
+ return -errno;
+
+ return 0;
+}
diff --git a/src/shared/util.h b/src/shared/util.h
index f0382f0..24a2672 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -908,3 +908,5 @@ char *shell_maybe_quote(const char *s);
int parse_mode(const char *s, mode_t *ret);
int mount_move_root(const char *path);
+
+int reset_uid_gid(void);
commit 417a7fdc418ec76cc4c321c9a07ec15c72b3ac7d
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed May 20 14:37:21 2015 +0200
journald: handle more gracefully when bind() fails on audit sockets
diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index 64395e1..83c3332 100644
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -534,9 +534,14 @@ int server_open_audit(Server *s) {
return 0;
}
- r = bind(s->audit_fd, &sa.sa, sizeof(sa.nl));
- if (r < 0)
- return log_error_errno(errno, "Failed to join audit multicast group: %m");
+ if (bind(s->audit_fd, &sa.sa, sizeof(sa.nl)) < 0) {
+ log_warning_errno(errno,
+ "Failed to join audit multicast group. "
+ "The kernel is probably too old or multicast reading is not supported. "
+ "Ignoring: %m");
+ s->audit_fd = safe_close(s->audit_fd);
+ return 0;
+ }
} else
fd_nonblock(s->audit_fd, 1);
commit 6458ec20b574edf7170fda61c51ccd3c6e73937f
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue May 19 20:32:44 2015 +0200
core,nspawn: unify code that moves the root dir
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 5b78279..c0c64fd 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -125,22 +125,6 @@ static void drop_duplicates(BindMount *m, unsigned *n) {
*n = t - m;
}
-static int mount_move_root(const char *path) {
- if (chdir(path) < 0)
- return -errno;
-
- if (mount(path, "/", NULL, MS_MOVE, NULL) < 0)
- return -errno;
-
- if (chroot(".") < 0)
- return -errno;
-
- if (chdir("/") < 0)
- return -errno;
-
- return 0;
-}
-
static int mount_dev(BindMount *m) {
static const char devnodes[] =
"/dev/null\0"
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index a38f47d..1f919c0 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4391,23 +4391,9 @@ int main(int argc, char *argv[]) {
if (mount_cgroup(arg_directory) < 0)
_exit(EXIT_FAILURE);
- if (chdir(arg_directory) < 0) {
- log_error_errno(errno, "chdir(%s) failed: %m", arg_directory);
- _exit(EXIT_FAILURE);
- }
-
- if (mount(arg_directory, "/", NULL, MS_MOVE, NULL) < 0) {
- log_error_errno(errno, "mount(MS_MOVE) failed: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (chroot(".") < 0) {
- log_error_errno(errno, "chroot() failed: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (chdir("/") < 0) {
- log_error_errno(errno, "chdir() failed: %m");
+ r = mount_move_root(arg_directory);
+ if (r < 0) {
+ log_error_errno(r, "Failed to move root directory: %m");
_exit(EXIT_FAILURE);
}
diff --git a/src/shared/util.c b/src/shared/util.c
index e18645f..c3b08bb 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6229,3 +6229,21 @@ int parse_mode(const char *s, mode_t *ret) {
*ret = (mode_t) l;
return 0;
}
+
+int mount_move_root(const char *path) {
+ assert(path);
+
+ if (chdir(path) < 0)
+ return -errno;
+
+ if (mount(path, "/", NULL, MS_MOVE, NULL) < 0)
+ return -errno;
+
+ if (chroot(".") < 0)
+ return -errno;
+
+ if (chdir("/") < 0)
+ return -errno;
+
+ return 0;
+}
diff --git a/src/shared/util.h b/src/shared/util.h
index 0e806cf..f0382f0 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -906,3 +906,5 @@ int rename_noreplace(int olddirfd, const char *oldpath, int newdirfd, const char
char *shell_maybe_quote(const char *s);
int parse_mode(const char *s, mode_t *ret);
+
+int mount_move_root(const char *path);
More information about the systemd-commits
mailing list