nspawn-setuid.c revision b5efdb8af40ea759a1ea584c1bc44ecc81dd00ce
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2015 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <grp.h>
#include <unistd.h>
#include "alloc-util.h"
#include "fd-util.h"
#include "mkdir.h"
#include "nspawn-setuid.h"
#include "process-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "user-util.h"
#include "util.h"
int pipe_fds[2];
if (pid < 0)
else if (pid == 0) {
int nullfd;
if (pipe_fds[0] > 2)
safe_close(pipe_fds[0]);
if (nullfd < 0)
if (nullfd > 2)
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
close_all_fds(NULL, 0);
}
return pipe_fds[0];
}
unsigned n_uids = 0;
int r;
/* Reset everything fully to 0, just in case */
r = reset_uid_gid();
if (r < 0)
return log_error_errno(r, "Failed to become root: %m");
return 0;
}
/* First, get user credentials */
if (fd < 0)
return fd;
if (!f)
return log_oom();
fd = -1;
if (!ferror(f)) {
return -ESRCH;
}
return -errno;
}
if (!x) {
return -EIO;
}
if (!u) {
return -EIO;
}
u++;
g = strchr(u, ':');
if (!g) {
return -EIO;
}
*g = 0;
g++;
x = strchr(g, ':');
if (!x) {
return -EIO;
}
*x = 0;
if (!h) {
return -EIO;
}
h++;
x = strchr(h, ':');
if (!x) {
return -EIO;
}
*x = 0;
if (r < 0) {
log_error("Failed to parse UID of user.");
return -EIO;
}
if (r < 0) {
log_error("Failed to parse GID of user.");
return -EIO;
}
if (!home)
return log_oom();
/* Second, get group memberships */
if (fd < 0)
return fd;
fclose(f);
if (!f)
return log_oom();
fd = -1;
if (!ferror(f)) {
return -ESRCH;
}
return -errno;
}
/* Skip over the username and subsequent separator whitespace */
x = line;
x += strcspn(x, WHITESPACE);
x += strspn(x, WHITESPACE);
char c[l+1];
c[l] = 0;
return log_oom();
if (r < 0) {
log_error("Failed to parse group data from getent.");
return -EIO;
}
}
if (r < 0)
return log_error_errno(r, "Failed to make home root directory: %m");
if (r < 0 && r != -EEXIST)
return log_error_errno(r, "Failed to make home directory: %m");
if (_home) {
}
return 0;
}