[thirdparty/systemd.git] / src / shared / dev-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <stdlib.h>
#include <unistd.h>

#include "alloc-util.h"
#include "dev-setup.h"
#include "label.h"
#include "log.h"
#include "nulstr-util.h"
#include "path-util.h"
#include "umask-util.h"
#include "user-util.h"

int dev_setup(const char *prefix, uid_t uid, gid_t gid) {
        static const char symlinks[] =
                "-/proc/kcore\0"     "/dev/core\0"
                "/proc/self/fd\0"    "/dev/fd\0"
                "/proc/self/fd/0\0"  "/dev/stdin\0"
                "/proc/self/fd/1\0"  "/dev/stdout\0"
                "/proc/self/fd/2\0"  "/dev/stderr\0";

        const char *j, *k;
        int r;

        NULSTR_FOREACH_PAIR(j, k, symlinks) {
                _cleanup_free_ char *link_name = NULL;
                const char *n;

                if (j[0] == '-') {
                        j++;

                        if (access(j, F_OK) < 0)
                                continue;
                }

                if (prefix) {
                        link_name = path_join(prefix, k);
                        if (!link_name)
                                return -ENOMEM;

                        n = link_name;
                } else
                        n = k;

                r = symlink_label(j, n);
                if (r < 0)
                        log_debug_errno(r, "Failed to symlink %s to %s: %m", j, n);

                if (uid != UID_INVALID || gid != GID_INVALID)
                        if (lchown(n, uid, gid) < 0)
                                log_debug_errno(errno, "Failed to chown %s: %m", n);
        }

        return 0;
}

int make_inaccessible_nodes(
                const char *parent_dir,
                uid_t uid,
                gid_t gid) {

        static const struct {
                const char *name;
                mode_t mode;
        } table[] = {
                { "inaccessible",      S_IFDIR  | 0755 },
                { "inaccessible/reg",  S_IFREG  | 0000 },
                { "inaccessible/dir",  S_IFDIR  | 0000 },
                { "inaccessible/fifo", S_IFIFO  | 0000 },
                { "inaccessible/sock", S_IFSOCK | 0000 },

                /* The following two are likely to fail if we lack the privs for it (for example in an userns
                 * environment, if CAP_SYS_MKNOD is missing, or if a device node policy prohibits creation of
                 * device nodes with a major/minor of 0). But that's entirely fine. Consumers of these files
                 * should implement falling back to use a different node then, for example
                 * <root>/inaccessible/sock, which is close enough in behaviour and semantics for most uses.
                 */
                { "inaccessible/chr",  S_IFCHR  | 0000 },
                { "inaccessible/blk",  S_IFBLK  | 0000 },
        };

        _cleanup_umask_ mode_t u;
        int r;

        if (!parent_dir)
                parent_dir = "/run/systemd";

        u = umask(0000);

        /* Set up inaccessible (and empty) file nodes of all types. This are used to as mount sources for over-mounting
         * ("masking") file nodes that shall become inaccessible and empty for specific containers or services. We try
         * to lock down these nodes as much as we can, but otherwise try to match them as closely as possible with the
         * underlying file, i.e. in the best case we offer the same node type as the underlying node. */

        for (size_t i = 0; i < ELEMENTSOF(table); i++) {
                _cleanup_free_ char *path = NULL;

                path = path_join(parent_dir, table[i].name);
                if (!path)
                        return log_oom();

                if (S_ISDIR(table[i].mode))
                        r = mkdir_label(path, table[i].mode & 07777);
                else
                        r = mknod_label(path, table[i].mode, makedev(0, 0));
                if (r < 0) {
                        log_debug_errno(r, "Failed to create '%s', ignoring: %m", path);
                        continue;
                }

                if (uid != UID_INVALID || gid != GID_INVALID) {
                        if (lchown(path, uid, gid) < 0)
                                log_debug_errno(errno, "Failed to chown '%s': %m", path);
                }
        }

        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
5ba2dc25 KS	2
5ba2dc25 KS	3	#include <errno.h>
5ba2dc25	4	#include <stdlib.h>
5ba2dc25 KS	5	#include <unistd.h>
5ba2dc25 KS	6
b5efdb8a	7	#include "alloc-util.h"
ee104e11	8	#include "dev-setup.h"
5ba2dc25	9	#include "label.h"
a8fbdf54	10	#include "log.h"
d8b4d14d	11	#include "nulstr-util.h"
03cfe0d5	12	#include "path-util.h"
30874dda	13	#include "umask-util.h"
ee104e11	14	#include "user-util.h"
5ba2dc25	15
03cfe0d5	16	int dev_setup(const char *prefix, uid_t uid, gid_t gid) {
5ba2dc25	17	static const char symlinks[] =
696fee7d	18	"-/proc/kcore\0" "/dev/core\0"
5ba2dc25 KS	19	"/proc/self/fd\0" "/dev/fd\0"
	20	"/proc/self/fd/0\0" "/dev/stdin\0"
	21	"/proc/self/fd/1\0" "/dev/stdout\0"
	22	"/proc/self/fd/2\0" "/dev/stderr\0";
	23
03cfe0d5 LP	24	const char j, k;
	25	int r;
	26
8f0e73f2	27	NULSTR_FOREACH_PAIR(j, k, symlinks) {
03cfe0d5 LP	28	_cleanup_free_ char *link_name = NULL;
	29	const char *n;
	30
696fee7d ZJS	31	if (j[0] == '-') {
	32	j++;
	33
2b85f4e1	34	if (access(j, F_OK) < 0)
696fee7d ZJS	35	continue;
696fee7d ZJS	36	}
8f0e73f2	37
01ed0e23	38	if (prefix) {
c6134d3e	39	link_name = path_join(prefix, k);
7f112f50 LP	40	if (!link_name)
7f112f50 LP	41	return -ENOMEM;
8f0e73f2	42
03cfe0d5	43	n = link_name;
01ed0e23	44	} else
03cfe0d5 LP	45	n = k;
	46
	47	r = symlink_label(j, n);
	48	if (r < 0)
	49	log_debug_errno(r, "Failed to symlink %s to %s: %m", j, n);
	50
	51	if (uid != UID_INVALID \|\| gid != GID_INVALID)
	52	if (lchown(n, uid, gid) < 0)
	53	log_debug_errno(errno, "Failed to chown %s: %m", n);
8f0e73f2	54	}
7f112f50 LP	55
7f112f50 LP	56	return 0;
5ba2dc25	57	}
30874dda	58
48b747fa	59	int make_inaccessible_nodes(
9fac5029	60	const char *parent_dir,
48b747fa LP	61	uid_t uid,
	62	gid_t gid) {
	63
30874dda LP	64	static const struct {
	65	const char *name;
	66	mode_t mode;
	67	} table[] = {
9fac5029 LP	68	{ "inaccessible", S_IFDIR \| 0755 },
	69	{ "inaccessible/reg", S_IFREG \| 0000 },
	70	{ "inaccessible/dir", S_IFDIR \| 0000 },
	71	{ "inaccessible/fifo", S_IFIFO \| 0000 },
	72	{ "inaccessible/sock", S_IFSOCK \| 0000 },
30874dda LP	73
30874dda LP	74	/* The following two are likely to fail if we lack the privs for it (for example in an userns
2aed63f4 ZJS	75	* environment, if CAP_SYS_MKNOD is missing, or if a device node policy prohibits creation of
	76	* device nodes with a major/minor of 0). But that's entirely fine. Consumers of these files
	77	* should implement falling back to use a different node then, for example
	78	* <root>/inaccessible/sock, which is close enough in behaviour and semantics for most uses.
	79	*/
9fac5029 LP	80	{ "inaccessible/chr", S_IFCHR \| 0000 },
9fac5029 LP	81	{ "inaccessible/blk", S_IFBLK \| 0000 },
30874dda LP	82	};
	83
	84	_cleanup_umask_ mode_t u;
30874dda LP	85	int r;
30874dda LP	86
9fac5029 LP	87	if (!parent_dir)
9fac5029 LP	88	parent_dir = "/run/systemd";
48b747fa	89
30874dda LP	90	u = umask(0000);
	91
	92	/* Set up inaccessible (and empty) file nodes of all types. This are used to as mount sources for over-mounting
	93	* ("masking") file nodes that shall become inaccessible and empty for specific containers or services. We try
	94	* to lock down these nodes as much as we can, but otherwise try to match them as closely as possible with the
	95	* underlying file, i.e. in the best case we offer the same node type as the underlying node. */
	96
9fac5029	97	for (size_t i = 0; i < ELEMENTSOF(table); i++) {
30874dda LP	98	_cleanup_free_ char *path = NULL;
30874dda LP	99
9fac5029	100	path = path_join(parent_dir, table[i].name);
30874dda LP	101	if (!path)
	102	return log_oom();
	103
	104	if (S_ISDIR(table[i].mode))
8d9cbd80	105	r = mkdir_label(path, table[i].mode & 07777);
30874dda	106	else
8d9cbd80	107	r = mknod_label(path, table[i].mode, makedev(0, 0));
30874dda	108	if (r < 0) {
9fac5029	109	log_debug_errno(r, "Failed to create '%s', ignoring: %m", path);
30874dda LP	110	continue;
	111	}
	112
	113	if (uid != UID_INVALID \|\| gid != GID_INVALID) {
	114	if (lchown(path, uid, gid) < 0)
	115	log_debug_errno(errno, "Failed to chown '%s': %m", path);
	116	}
	117	}
	118
	119	return 0;
	120	}