jail: Allow accessing loop devices

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)
diff --git a/src/libpakfire/include/pakfire/jail.h b/src/libpakfire/include/pakfire/jail.h

index 8cd45a02e9d9729241b639426699eb51a71f2942..0fe26a98be5234250f80904024dedacbaa8a9835 100644 (file)
--- a/src/libpakfire/include/pakfire/jail.h
+++ b/src/libpakfire/include/pakfire/jail.h
@@ -52,8 +52,9 @@ typedef int (*pakfire_jail_communicate_out)
         (struct pakfire* pakfire, void* data, int priority, const char* line, const size_t length);
  
  enum pakfire_jail_exec_flags {
-       PAKFIRE_JAIL_HAS_NETWORKING = (1 << 0),
-       PAKFIRE_JAIL_NOENT_OK       = (1 << 1),
+       PAKFIRE_JAIL_HAS_NETWORKING   = (1 << 0),
+       PAKFIRE_JAIL_NOENT_OK         = (1 << 1),
+       PAKFIRE_JAIL_HAS_LOOP_DEVICES = (1 << 2),
  };
  
  int pakfire_jail_exec(
diff --git a/src/libpakfire/include/pakfire/mount.h b/src/libpakfire/include/pakfire/mount.h

index aee963c8fe97a0bb63e53459c05aec41e0d1a16b..39e8750b3546ba81f7b9bbfa7c234dd132479a4c 100644 (file)
--- a/src/libpakfire/include/pakfire/mount.h
+++ b/src/libpakfire/include/pakfire/mount.h
@@ -29,7 +29,11 @@ int pakfire_bind(struct pakfire* pakfire, const char* src, const char* dst, int
  
  int pakfire_mount_list(struct pakfire* pakfire);
  
-int pakfire_mount_all(struct pakfire* pakfire);
+enum pakfire_mount_flags {
+       PAKFIRE_MOUNT_LOOP_DEVICES = (1 << 0),
+};
+
+int pakfire_mount_all(struct pakfire* pakfire, int flags);
  
  #endif /* PAKFIRE_PRIVATE */
  
diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c

index 9c74f7381831251b0c9c19893ffc1bb35c8f2531..ed669d4994d94158bc03b0f30bc7db2fe31e04ce 100644 (file)
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -1162,10 +1162,15 @@ static int pakfire_jail_mount_networking(struct pakfire_jail* jail) {
  */
  static int pakfire_jail_mount(struct pakfire_jail* jail, struct pakfire_jail_exec* ctx) {
         struct pakfire_jail_mountpoint* mp = NULL;
+       int flags = 0;
         int r;
  
+       // Enable loop devices
+       if (pakfire_jail_exec_has_flag(ctx, PAKFIRE_JAIL_HAS_LOOP_DEVICES))
+               flags |= PAKFIRE_MOUNT_LOOP_DEVICES;
+
         // Mount all default stuff
-       r = pakfire_mount_all(jail->pakfire);
+       r = pakfire_mount_all(jail->pakfire, flags);
         if (r)
                 return r;
  
diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c

index c08a1214eab6710ba13132d4691b327aa0b6a039..9dd4af17d4953a6e12bc1ec8c71895c792fab28c 100644 (file)
--- a/src/libpakfire/mount.c
+++ b/src/libpakfire/mount.c
@@ -104,16 +104,29 @@ static const struct pakfire_devnode {
         int major;
         int minor;
         mode_t mode;
+       int flags;
  } devnodes[] = {
-       { "/dev/null",      1,  3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, },
-       { "/dev/zero",      1,  5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, },
-       { "/dev/full",      1,  7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, },
-       { "/dev/random",    1,  8, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, },
-       { "/dev/urandom",   1,  9, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, },
-       { "/dev/kmsg",      1, 11, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, },
-       { "/dev/tty",       5,  0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, },
-       { "/dev/console",   5,  1, S_IFCHR|S_IRUSR|S_IWUSR, },
-       { "/dev/rtc0",    252,  0, S_IFCHR|S_IRUSR|S_IWUSR, },
+       { "/dev/null",      1,  3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
+       { "/dev/zero",      1,  5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
+       { "/dev/full",      1,  7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
+       { "/dev/random",    1,  8, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
+       { "/dev/urandom",   1,  9, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
+       { "/dev/kmsg",      1, 11, S_IFCHR|S_IRUSR|S_IRGRP|S_IROTH, 0 },
+       { "/dev/tty",       5,  0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH, 0 },
+       { "/dev/console",   5,  1, S_IFCHR|S_IRUSR|S_IWUSR, 0 },
+       { "/dev/rtc0",    252,  0, S_IFCHR|S_IRUSR|S_IWUSR, 0 },
+
+       // Loop Devices
+       { "/dev/loop-control", 10, 237, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop0",         7,   0, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop1",         7,   1, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop2",         7,   2, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop3",         7,   3, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop4",         7,   4, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop5",         7,   5, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop6",         7,   6, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+       { "/dev/loop7",         7,   7, S_IFCHR|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP, PAKFIRE_MOUNT_LOOP_DEVICES },
+
         { NULL },
  };
  
@@ -235,13 +248,17 @@ int pakfire_mount_list(struct pakfire* pakfire) {
                 __pakfire_mount_print, NULL);
  }
  
-static int pakfire_populate_dev(struct pakfire* pakfire) {
+static int pakfire_populate_dev(struct pakfire* pakfire, int flags) {
         char path[PATH_MAX];
  
         // Create device nodes
         for (const struct pakfire_devnode* devnode = devnodes; devnode->path; devnode++) {
                 DEBUG(pakfire, "Creating device node %s\n", devnode->path);
  
+               // Check if flags match
+               if (devnode->flags && !(flags & devnode->flags))
+                       continue;
+
                 int r = pakfire_path(pakfire, path, "%s", devnode->path);
                 if (r)
                         return r;
@@ -334,7 +351,7 @@ static int pakfire_mount_interpreter(struct pakfire* pakfire) {
         return r;
  }
  
-int pakfire_mount_all(struct pakfire* pakfire) {
+int pakfire_mount_all(struct pakfire* pakfire, int flags) {
         char target[PATH_MAX];
         int r;
  
@@ -363,7 +380,7 @@ int pakfire_mount_all(struct pakfire* pakfire) {
         }
  
         // Populate /dev
-       r = pakfire_populate_dev(pakfire);
+       r = pakfire_populate_dev(pakfire, flags);
         if (r)
                 return r;
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 20 Jun 2023 14:43:10 +0000 (14:43 +0000)
src/libpakfire/include/pakfire/jail.h		patch \| blob \| blame \| history
src/libpakfire/include/pakfire/mount.h		patch \| blob \| blame \| history
src/libpakfire/jail.c		patch \| blob \| blame \| history
src/libpakfire/mount.c		patch \| blob \| blame \| history