]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-container.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: remove Lennart's copyright lines
[thirdparty/systemd.git] / src / libsystemd / sd-bus / bus-container.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 ***/
4
5 #include <fcntl.h>
6 #include <unistd.h>
7
8 #include "bus-container.h"
9 #include "bus-internal.h"
10 #include "bus-socket.h"
11 #include "fd-util.h"
12 #include "process-util.h"
13 #include "util.h"
14
15 int bus_container_connect_socket(sd_bus *b) {
16 _cleanup_close_pair_ int pair[2] = { -1, -1 };
17 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1;
18 int r, error_buf = 0;
19 pid_t child;
20 ssize_t n;
21
22 assert(b);
23 assert(b->input_fd < 0);
24 assert(b->output_fd < 0);
25 assert(b->nspid > 0 || b->machine);
26
27 if (b->nspid <= 0) {
28 r = container_get_leader(b->machine, &b->nspid);
29 if (r < 0)
30 return r;
31 }
32
33 r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
34 if (r < 0)
35 return r;
36
37 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
38 if (b->input_fd < 0)
39 return -errno;
40
41 b->input_fd = fd_move_above_stdio(b->input_fd);
42
43 b->output_fd = b->input_fd;
44
45 bus_socket_setup(b);
46
47 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0)
48 return -errno;
49
50 r = safe_fork("(sd-buscntr)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child);
51 if (r < 0)
52 return r;
53 if (r == 0) {
54 pid_t grandchild;
55
56 pair[0] = safe_close(pair[0]);
57
58 r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd);
59 if (r < 0)
60 _exit(EXIT_FAILURE);
61
62 /* We just changed PID namespace, however it will only
63 * take effect on the children we now fork. Hence,
64 * let's fork another time, and connect from this
65 * grandchild, so that SO_PEERCRED of our connection
66 * comes from a process from within the container, and
67 * not outside of it */
68
69 r = safe_fork("(sd-buscntr2)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &grandchild);
70 if (r < 0)
71 _exit(EXIT_FAILURE);
72 if (r == 0) {
73
74 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
75 if (r < 0) {
76 /* Try to send error up */
77 error_buf = errno;
78 (void) write(pair[1], &error_buf, sizeof(error_buf));
79 _exit(EXIT_FAILURE);
80 }
81
82 _exit(EXIT_SUCCESS);
83 }
84
85 r = wait_for_terminate_and_check("(sd-buscntr2)", grandchild, 0);
86 if (r < 0)
87 _exit(EXIT_FAILURE);
88
89 _exit(r);
90 }
91
92 pair[1] = safe_close(pair[1]);
93
94 r = wait_for_terminate_and_check("(sd-buscntr)", child, 0);
95 if (r < 0)
96 return r;
97 if (r != EXIT_SUCCESS)
98 return -EPROTO;
99
100 n = read(pair[0], &error_buf, sizeof(error_buf));
101 if (n < 0)
102 return -errno;
103
104 if (n > 0) {
105 if (n != sizeof(error_buf))
106 return -EIO;
107
108 if (error_buf < 0)
109 return -EIO;
110
111 if (error_buf == EINPROGRESS)
112 return 1;
113
114 if (error_buf > 0)
115 return -error_buf;
116 }
117
118 return bus_socket_start_auth(b);
119 }
Unnamed repository; edit this file 'description' to name the repository.