From fec79a3382c512f9e503a0f5cf7a319978fdb2e8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 5 May 2023 10:23:39 +0000
Subject: [PATCH] jail: Set up the loopback interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 Makefile.am           |  4 +++
 configure.ac          |  2 ++
 src/libpakfire/jail.c | 80 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 86 insertions(+)

diff --git a/Makefile.am b/Makefile.am
index 8a72f7309..5e6dd36fa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -309,6 +309,8 @@ libpakfire_la_CFLAGS = \
 	$(JSON_C_CFLAGS) \
 	$(MAGIC_CFLAGS) \
 	$(MOUNT_CFLAGS) \
+	$(NL3_CFLAGS) \
+	$(NL3_ROUTE_CFLAGS) \
 	$(OPENSSL_CFLAGS) \
 	$(PCRE2_CFLAGS) \
 	$(SECCOMP_CFLAGS) \
@@ -340,6 +342,8 @@ libpakfire_la_LIBADD = \
 	$(LZMA_LIBS) \
 	$(MAGIC_LIBS) \
 	$(MOUNT_LIBS) \
+	$(NL3_LIBS) \
+	$(NL3_ROUTE_LIBS) \
 	$(OPENSSL_LIBS) \
 	$(PCRE2_LIBS) \
 	$(SECCOMP_LIBS) \
diff --git a/configure.ac b/configure.ac
index 6700004cc..467fbad56 100644
--- a/configure.ac
+++ b/configure.ac
@@ -263,6 +263,8 @@ PKG_CHECK_MODULES([JSON_C], [json-c >= 0.15])
 PKG_CHECK_MODULES([LZMA], [liblzma])
 PKG_CHECK_MODULES([MAGIC], [libmagic])
 PKG_CHECK_MODULES([MOUNT], [mount])
+PKG_CHECK_MODULES([NL3], [libnl-3.0])
+PKG_CHECK_MODULES([NL3_ROUTE], [libnl-route-3.0])
 PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.1.1])
 PKG_CHECK_MODULES([PCRE2], [libpcre2-8])
 PKG_CHECK_MODULES([SECCOMP], [libseccomp])
diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index d59a3574e..9c74f7381 100644
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -39,6 +39,10 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+// libnl3
+#include <net/if.h>
+#include <netlink/route/link.h>
+
 // libseccomp
 #include <seccomp.h>
 
@@ -1189,6 +1193,75 @@ static int pakfire_jail_mount(struct pakfire_jail* jail, struct pakfire_jail_exe
 	return 0;
 }
 
+// Networking
+
+static int pakfire_jail_setup_loopback(struct pakfire_jail* jail) {
+	struct nl_sock* nl = NULL;
+	struct nl_cache* cache = NULL;
+	struct rtnl_link* link = NULL;
+	struct rtnl_link* change = NULL;
+	int r;
+
+	DEBUG(jail->pakfire, "Setting up loopback...\n");
+
+	// Allocate a netlink socket
+	nl = nl_socket_alloc();
+	if (!nl) {
+		ERROR(jail->pakfire, "Could not allocate a netlink socket: %m\n");
+		r = 1;
+		goto ERROR;
+	}
+
+	// Connect the socket
+	r = nl_connect(nl, NETLINK_ROUTE);
+	if (r) {
+		ERROR(jail->pakfire, "Could not connect netlink socket: %s\n", nl_geterror(r));
+		goto ERROR;
+	}
+
+	// Allocate the netlink cache
+	r = rtnl_link_alloc_cache(nl, AF_UNSPEC, &cache);
+	if (r < 0) {
+		ERROR(jail->pakfire, "Unable to allocate netlink cache: %s\n", nl_geterror(r));
+		goto ERROR;
+	}
+
+	// Fetch loopback interface
+	link = rtnl_link_get_by_name(cache, "lo");
+	if (!link) {
+		ERROR(jail->pakfire, "Could not find lo interface. Ignoring.\n");
+		r = 0;
+		goto ERROR;
+	}
+
+	// Allocate a new link
+	change = rtnl_link_alloc();
+	if (!change) {
+		ERROR(jail->pakfire, "Could not allocate change link\n");
+		r = 1;
+		goto ERROR;
+	}
+
+	// Set the link to UP
+	rtnl_link_set_flags(change, IFF_UP);
+
+	// Apply any changes
+	r = rtnl_link_change(nl, link, change, 0);
+	if (r) {
+		ERROR(jail->pakfire, "Unable to activate loopback: %s\n", nl_geterror(r));
+		goto ERROR;
+	}
+
+	// Success
+	r = 0;
+
+ERROR:
+	if (nl)
+		nl_socket_free(nl);
+
+	return r;
+}
+
 // UID/GID Mapping
 
 static int pakfire_jail_setup_uid_mapping(struct pakfire_jail* jail, pid_t pid) {
@@ -1457,6 +1530,13 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe
 		}
 	}
 
+	// Setup networking
+	if (!pakfire_jail_exec_has_flag(ctx, PAKFIRE_JAIL_HAS_NETWORKING)) {
+		r = pakfire_jail_setup_loopback(jail);
+		if (r)
+			return 1;
+	}
+
 	// Set nice level
 	if (jail->nice) {
 		DEBUG(jail->pakfire, "Setting nice level to %d\n", jail->nice);
-- 
2.39.5