From c9d509638dacf6491874093b9225fee4bdd5e70e Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 29 Jun 2025 13:32:13 +0000 Subject: [PATCH] jail: Directly pass the context Signed-off-by: Michael Tremer --- src/pakfire/archive.c | 2 +- src/pakfire/build.c | 2 +- src/pakfire/jail.c | 39 +++++++++++++++------------------------ src/pakfire/jail.h | 11 ++++++----- src/pakfire/parser.c | 2 +- src/pakfire/scriptlet.c | 3 ++- src/pakfire/transaction.c | 6 +++--- src/python/root.c | 2 +- tests/libpakfire/cgroup.c | 2 +- tests/libpakfire/jail.c | 28 ++++++++++++++-------------- 10 files changed, 45 insertions(+), 52 deletions(-) diff --git a/src/pakfire/archive.c b/src/pakfire/archive.c index f328a685..33609410 100644 --- a/src/pakfire/archive.c +++ b/src/pakfire/archive.c @@ -1959,7 +1959,7 @@ static int pakfire_archive_handle_systemd_sysusers(pakfire_archive* archive, }; // Create a new jail - r = pakfire_jail_create(&jail, archive->root); + r = pakfire_jail_create(&jail, archive->ctx, archive->root); if (r) goto ERROR; diff --git a/src/pakfire/build.c b/src/pakfire/build.c index dd9bc246..4f026416 100644 --- a/src/pakfire/build.c +++ b/src/pakfire/build.c @@ -1903,7 +1903,7 @@ static int pakfire_build_setup_jail(pakfire_build* build) { int r; // Create a new jail - r = pakfire_jail_create(&build->jail, build->root); + r = pakfire_jail_create(&build->jail, build->ctx, build->root); if (r) { ERROR(build->ctx, "Could not create jail for build %s: %m\n", build->_id); return r; diff --git a/src/pakfire/jail.c b/src/pakfire/jail.c index d9f211c1..328d8bc2 100644 --- a/src/pakfire/jail.c +++ b/src/pakfire/jail.c @@ -203,7 +203,7 @@ static const char* pakfire_jail_uuid(pakfire_jail* jail) { return jail->__uuid; } -int pakfire_jail_create(pakfire_jail** jail, pakfire_root* root) { +int pakfire_jail_create(pakfire_jail** jail, pakfire_ctx* ctx, pakfire_root* root) { pakfire_jail* self = NULL; int r; @@ -213,7 +213,7 @@ int pakfire_jail_create(pakfire_jail** jail, pakfire_root* root) { return -errno; // Reference context - self->ctx = pakfire_root_get_ctx(root); + self->ctx = pakfire_ctx_ref(ctx); // Reference to the root self->root = pakfire_root_ref(root); @@ -2163,13 +2163,13 @@ ERROR: A convenience function that creates a new jail, runs the given command and destroys the jail again. */ -int pakfire_jail_run(pakfire_root* root, const char* argv[], pakfire_env* env, +int pakfire_jail_run(pakfire_ctx* ctx, pakfire_root* root, const char* argv[], pakfire_env* env, int flags, char** output, size_t* output_length) { pakfire_jail* jail = NULL; int r; // Create a new jail - r = pakfire_jail_create(&jail, root); + r = pakfire_jail_create(&jail, ctx, root); if (r) goto ERROR; @@ -2183,13 +2183,13 @@ ERROR: return r; } -int pakfire_jail_run_script(pakfire_root* root, const char* script, const size_t length, +int pakfire_jail_run_script(pakfire_ctx* ctx, pakfire_root* root, const char* script, const size_t length, const char* argv[], pakfire_env* env, int flags) { pakfire_jail* jail = NULL; int r; // Create a new jail - r = pakfire_jail_create(&jail, root); + r = pakfire_jail_create(&jail, ctx, root); if (r) goto ERROR; @@ -2254,50 +2254,41 @@ ERROR: return r; } -static int pakfire_jail_run_if_possible(pakfire_root* root, const char** argv) { +static int pakfire_jail_run_if_possible(pakfire_ctx* ctx, pakfire_root* root, const char** argv) { char path[PATH_MAX]; int r; - // Fetch the context - pakfire_ctx* ctx = pakfire_root_get_ctx(root); - r = pakfire_root_path(root, path, "%s", *argv); - if (r) - goto ERROR; + if (r < 0) + return r; // Check if the file is executable r = access(path, X_OK); if (r) { DEBUG(ctx, "%s is not executable. Skipping...\n", *argv); - goto ERROR; + return r; } - r = pakfire_jail_run(root, argv, NULL, 0, NULL, NULL); - -ERROR: - if (ctx) - pakfire_ctx_unref(ctx); - - return r; + return pakfire_jail_run(ctx, root, argv, NULL, 0, NULL, NULL); } -int pakfire_jail_ldconfig(pakfire_root* root) { +int pakfire_jail_ldconfig(pakfire_ctx* ctx, pakfire_root* root) { const char* argv[] = { "/sbin/ldconfig", NULL, }; - return pakfire_jail_run_if_possible(root, argv); + return pakfire_jail_run_if_possible(ctx, root, argv); } -int pakfire_jail_run_systemd_tmpfiles(pakfire_root* root) { +int pakfire_jail_run_systemd_tmpfiles(pakfire_ctx* ctx, pakfire_root* root) { const char* argv[] = { "/usr/bin/systemd-tmpfiles", "--create", NULL, }; - return pakfire_jail_run_if_possible(root, argv); + return pakfire_jail_run_if_possible(ctx, root, argv); } ssize_t pakfire_jail_send_buffer(pakfire_ctx* ctx, diff --git a/src/pakfire/jail.h b/src/pakfire/jail.h index db4cadbb..7c99909e 100644 --- a/src/pakfire/jail.h +++ b/src/pakfire/jail.h @@ -23,6 +23,7 @@ #include #include +#include #include #include @@ -40,7 +41,7 @@ enum pakfire_jail_output_stream { typedef int (*pakfire_jail_output_callback)(pakfire_ctx* ctx, void* data, const enum pakfire_jail_output_stream stream, const char* line, size_t length); -int pakfire_jail_create(pakfire_jail** jail, pakfire_root* root); +int pakfire_jail_create(pakfire_jail** jail, pakfire_ctx* ctx, pakfire_root* root); pakfire_jail* pakfire_jail_ref(pakfire_jail* jail); pakfire_jail* pakfire_jail_unref(pakfire_jail* jail); @@ -82,9 +83,9 @@ int pakfire_jail_communicate( pakfire_jail_output_callback output_callback, void* output_data); // Convenience functions -int pakfire_jail_run(pakfire_root* root, +int pakfire_jail_run(pakfire_ctx* ctx, pakfire_root* root, const char* argv[], pakfire_env* env, int flags, char** output, size_t* output_length); -int pakfire_jail_run_script(pakfire_root* root, +int pakfire_jail_run_script(pakfire_ctx* ctx, pakfire_root* root, const char* script, const size_t length, const char* argv[], pakfire_env* env, int flags); int pakfire_jail_execute_script(pakfire_jail* jail, @@ -93,8 +94,8 @@ int pakfire_jail_execute_script(pakfire_jail* jail, pakfire_jail_output_callback output_callback, void* output_data); int pakfire_jail_shell(pakfire_jail* jail, pakfire_env* env); -int pakfire_jail_ldconfig(pakfire_root* root); -int pakfire_jail_run_systemd_tmpfiles(pakfire_root* root); +int pakfire_jail_ldconfig(pakfire_ctx* ctx, pakfire_root* root); +int pakfire_jail_run_systemd_tmpfiles(pakfire_ctx* ctx, pakfire_root* root); // Streaming functions struct pakfire_input_buffer { diff --git a/src/pakfire/parser.c b/src/pakfire/parser.c index 44be951b..29a040fd 100644 --- a/src/pakfire/parser.c +++ b/src/pakfire/parser.c @@ -540,7 +540,7 @@ static int pakfire_parser_expand_commands(pakfire_parser* parser, char** buffer) size_t length = 0; // Execute the command inside the Pakfire environment - r = pakfire_jail_run(parser->root, argv, NULL, 0, &output, &length); + r = pakfire_jail_run(parser->ctx, parser->root, argv, NULL, 0, &output, &length); if (r) { // Just log this and continue DEBUG(parser->ctx, "Command '%s' failed with return code %d\n", command, r); diff --git a/src/pakfire/scriptlet.c b/src/pakfire/scriptlet.c index 15d74bb2..05a4cd42 100644 --- a/src/pakfire/scriptlet.c +++ b/src/pakfire/scriptlet.c @@ -181,7 +181,8 @@ static int pakfire_scriptlet_is_shell_script(pakfire_scriptlet* scriptlet) { int pakfire_scriptlet_execute(pakfire_scriptlet* scriptlet, pakfire_root* root) { // Detect what kind of script this is and run it if (pakfire_scriptlet_is_shell_script(scriptlet)) - return pakfire_jail_run_script(root, scriptlet->data, scriptlet->size, NULL, NULL, 0); + return pakfire_jail_run_script(scriptlet->ctx, root, + scriptlet->data, scriptlet->size, NULL, NULL, 0); ERROR(scriptlet->ctx, "Scriptlet is of an unknown kind\n"); return -ENOTSUP; diff --git a/src/pakfire/transaction.c b/src/pakfire/transaction.c index 71ace00d..5492b252 100644 --- a/src/pakfire/transaction.c +++ b/src/pakfire/transaction.c @@ -1349,7 +1349,7 @@ static int pakfire_transaction_extract(pakfire_transaction* transaction, // Update the runtime linker cache if (pakfire_filelist_contains(filelist, "*/lib*.so.?")) - pakfire_jail_ldconfig(transaction->root); + pakfire_jail_ldconfig(transaction->ctx, transaction->root); if (filelist) pakfire_filelist_unref(filelist); @@ -1384,7 +1384,7 @@ static int pakfire_transaction_erase(pakfire_transaction* transaction, goto ERROR; // Update the runtime linker cache after all files have been removed - pakfire_jail_ldconfig(transaction->root); + pakfire_jail_ldconfig(transaction->ctx, transaction->root); ERROR: pakfire_progress_pop_status(transaction->progress); @@ -1480,7 +1480,7 @@ static int pakfire_transaction_apply_systemd_tmpfiles( pakfire_transaction* transaction, pakfire_package* pkg) { // Apply any tmpfiles (ignore any errors) if (pakfire_package_matches_dep(pkg, PAKFIRE_PKG_REQUIRES, "pakfire(systemd-tmpfiles)")) - pakfire_jail_run_systemd_tmpfiles(transaction->root); + pakfire_jail_run_systemd_tmpfiles(transaction->ctx, transaction->root); return 0; } diff --git a/src/python/root.c b/src/python/root.c index 21290a17..7074bc1a 100644 --- a/src/python/root.c +++ b/src/python/root.c @@ -682,7 +682,7 @@ static PyObject* Root_execute(RootObject* self, PyObject* args, PyObject* kwargs input_callback = pakfire_jail_send_buffer; // Create a new jail - r = pakfire_jail_create(&jail, self->root); + r = pakfire_jail_create(&jail, self->ctx->ctx, self->root); if (r < 0) { errno = -r; PyErr_SetFromErrno(PyExc_OSError); diff --git a/tests/libpakfire/cgroup.c b/tests/libpakfire/cgroup.c index 156543a1..b4f8d12f 100644 --- a/tests/libpakfire/cgroup.c +++ b/tests/libpakfire/cgroup.c @@ -117,7 +117,7 @@ static int test_stats(const struct test* t) { ASSERT_SUCCESS(pakfire_cgroup_create(&cgroup, t->ctx, NULL, "pakfire-test", 0)); // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Connect jail to the cgroup ASSERT_SUCCESS(pakfire_jail_set_cgroup(jail, cgroup)); diff --git a/tests/libpakfire/jail.c b/tests/libpakfire/jail.c index 77218b7f..0098790f 100644 --- a/tests/libpakfire/jail.c +++ b/tests/libpakfire/jail.c @@ -45,7 +45,7 @@ static int test_create(const struct test* t) { pakfire_jail* jail = NULL; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Destroy it ASSERT_NULL(pakfire_jail_unref(jail)); @@ -65,7 +65,7 @@ static int test_exit_code(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Check if we receive the correct exit code ASSERT_EQUALS(pakfire_jail_execute_command(jail, argv, NULL, 0), 123); @@ -89,7 +89,7 @@ static int test_segv(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Check if we receive the correct exit code ASSERT(pakfire_jail_execute_command(jail, argv, NULL, 0) == 139); @@ -111,7 +111,7 @@ static int test_exec(const struct test* t) { size_t length = 0; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Try to execute something ASSERT_SUCCESS(pakfire_jail_execute_capture_output(jail, cmd_hello_world, NULL, 0, &output, &length)); @@ -142,7 +142,7 @@ static int test_launch_into_cgroup(const struct test* t) { ASSERT_SUCCESS(pakfire_cgroup_create(&cgroup, t->ctx, NULL, "pakfire-test", 0)); // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Connect jail to the cgroup ASSERT_SUCCESS(pakfire_jail_set_cgroup(jail, cgroup)); @@ -174,7 +174,7 @@ static int test_nice(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Set invalid nice levels ASSERT_ERROR(pakfire_jail_nice(jail, 100), EINVAL); @@ -209,7 +209,7 @@ static int test_memory_limit(const struct test* t) { ASSERT_SUCCESS(pakfire_cgroup_create(&cgroup, t->ctx, NULL, "pakfire-test", 0)); // Create jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Connect jail to the cgroup ASSERT_SUCCESS(pakfire_jail_set_cgroup(jail, cgroup)); @@ -246,7 +246,7 @@ static int test_pid_limit(const struct test* t) { ASSERT_SUCCESS(pakfire_cgroup_create(&cgroup, t->ctx, NULL, "pakfire-test", 0)); // Create jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Connect jail to the cgroup ASSERT_SUCCESS(pakfire_jail_set_cgroup(jail, cgroup)); @@ -276,7 +276,7 @@ static int test_file_ownership(const struct test* t) { char* output = NULL; // Execute a simple command - ASSERT_SUCCESS(pakfire_jail_run(t->root, cmd_stat_ownership, NULL, 0, &output, NULL)); + ASSERT_SUCCESS(pakfire_jail_run(t->ctx, t->root, cmd_stat_ownership, NULL, 0, &output, NULL)); // Check if the file has been mapped to root/root ASSERT_STRING_EQUALS(output, "uid=0 gid=0\n"); @@ -303,7 +303,7 @@ static int test_bind(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Bind-mount nonsense ASSERT_ERROR(pakfire_jail_bind(jail, NULL, target, 0), EINVAL); @@ -365,7 +365,7 @@ static int test_communicate(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Check if the mount actually works ASSERT_SUCCESS(pakfire_jail_communicate(jail, argv, NULL, 0, @@ -396,7 +396,7 @@ static int test_send_signal(const struct test* t) { int r = EXIT_FAILURE; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Sending SIGTERM to ourselves ASSERT(test_send_one_signal(t, jail, "15") == 0); @@ -426,7 +426,7 @@ static int test_timeout(const struct test* t) { }; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Set a timeout of one second ASSERT_SUCCESS(pakfire_jail_set_timeout(jail, 1)); @@ -460,7 +460,7 @@ static int test_callback(const struct test* t) { int i = 123; // Create a new jail - ASSERT_SUCCESS(pakfire_jail_create(&jail, t->root)); + ASSERT_SUCCESS(pakfire_jail_create(&jail, t->ctx, t->root)); // Check if we receive the correct exit code ASSERT(pakfire_jail_execute(jail, __callback, &i, 0) == 123); -- 2.47.3