[systemd-devel] [PATCH] [PATCH v2] PrivateDevices: fix /dev mount when a service is chrooted
Lennart Poettering
lennart at poettering.net
Fri Apr 24 10:24:26 PDT 2015
On Fri, 20.02.15 13:59, Alban Crequy (alban.crequy at gmail.com) wrote:
Sorry for the late review, so much is still queued up!
> From: Alban Crequy <alban at endocode.com>
>
> When a service is chrooted with the option RootDirectory=/opt/..., then
> the option PrivateDevices=true must mount the private /dev in
> $RootDirectory/dev instead of /dev.
We should probably fix this comprehensively, and make everything that
setup_namespace() does aware of the chroot root directory. Moreover,
if we do full namespacing we should rearrange the whole namespace for
towards new root, and not just rely chroot() anymore.
Hence, please add a new parameter for the root directory to
setup_namespace(), and then prepend it to every path that we use
there, not just the one for /dev.
Then, in exec_child() please *either* invoke setup_namespace() *or*
chroot(). That syscall should then only be called if we do no
namespacing at all, if you follow what I mean.
With this change RootDirectory= will be a normal chroot() when used
alone, but will gain super namespace powers if it is combined with
PrivateTmp=, PrivateDev= and the others...
>
> char *tmp = NULL, *var = NULL;
> + char *private_dev_dir = NULL;
>
> /* The runtime struct only contains the parent
> * of the private /tmp, which is
> @@ -1585,6 +1586,12 @@ static int exec_child(
> var = strjoina(runtime->var_tmp_dir, "/tmp");
> }
>
> + if (params->apply_chroot && context->root_directory) {
> + size_t sz = strlen("/dev") + strlen(context->root_directory) + 1;
> + private_dev_dir = alloca0(sz);
> + snprintf(private_dev_dir, sz, "%s/dev",
> context->root_directory);
Concatenating strings like this is best done with strjoina()...
Hope this makes sense,
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list