git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Thu, 16 Nov 2017 18:09:32 +0000 (19:09 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 17 Nov 2017 10:12:33 +0000 (11:12 +0100)
commit	3603efdea5f87e28604c4cdb02d298e392b7e3a5
tree	bf11b95dd1bd1f338b6613cb3fac909bcd24330d	tree \| snapshot
parent	14f8ccc755e396bbcc7500f2f6157c4ba28305ef	commit \| diff

nspawn: make recursive chown()ing logic safe for being aborted in the middle

We currently use the ownership of the top-level directory as a hint
whether we need to descent into the whole tree to chown() it recursively
or not. This is problematic with the previous chown()ing algorithm, as
when descending into the tree we'd first chown() and then descend
further down, which meant that the top-level directory would be chowned
first, and an aborted recursive chowning would appear on the next
invocation as successful, even though it was not. Let's reshuffle things
a bit, to make the re-chown()ing safe regarding interruptions:

a) We chown() the dir we are looking at last, and descent into all its
   children first. That way we know that if the top-level dir is
   properly owned everything inside of it is properly owned too.

b) Before starting a chown()ing operation, we mark the top-level
   directory as owned by a special "busy" UID range, which we can use to
   recognize whether a tree was fully chowned: if it is marked as busy,
   it's definitely not fully chowned, as the busy ownership will only be
   fixed as final step of the chowning.

Fixes: #6292

src/nspawn/meson.build		diff \| blob \| blame \| history
src/nspawn/nspawn-def.h	[new file with mode: 0644]	blob
src/nspawn/nspawn-patch-uid.c		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history