From 2a6b4d872dbb6c6065417a3bd00f3b709969fe26 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 24 Apr 2024 12:43:04 +0200 Subject: [PATCH] core/taint: make short_uid_range() not take a path As requested in review. --- src/core/taint.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/core/taint.c b/src/core/taint.c index c9f154b0b55..969b37f2091 100644 --- a/src/core/taint.c +++ b/src/core/taint.c @@ -15,20 +15,18 @@ #include "taint.h" #include "uid-range.h" -static int short_uid_range(const char *path) { +static int short_uid_gid_range(UIDRangeUsernsMode mode) { _cleanup_(uid_range_freep) UIDRange *p = NULL; int r; - assert(path); - - /* Taint systemd if we the UID range assigned to this environment doesn't at least cover 0…65534, + /* Taint systemd if we the UID/GID range assigned to this environment doesn't at least cover 0…65534, * i.e. from root to nobody. */ - r = uid_range_load_userns(path, UID_RANGE_USERNS_INSIDE, &p); + r = uid_range_load_userns(/* path= */ NULL, mode, &p); if (ERRNO_IS_NEG_NOT_SUPPORTED(r)) return false; if (r < 0) - return log_debug_errno(r, "Failed to load %s: %m", path); + return log_debug_errno(r, "Failed to load uid_map or gid_map: %m"); return !uid_range_covers(p, 0, 65535); } @@ -76,9 +74,9 @@ char* taint_string(void) { !streq(overflowgid, "65534")) stage[n++] = "overflowgid-not-65534"; - if (short_uid_range("/proc/self/uid_map") > 0) + if (short_uid_gid_range(UID_RANGE_USERNS_INSIDE) > 0) stage[n++] = "short-uid-range"; - if (short_uid_range("/proc/self/gid_map") > 0) + if (short_uid_gid_range(GID_RANGE_USERNS_INSIDE) > 0) stage[n++] = "short-gid-range"; assert(n < ELEMENTSOF(stage) - 1); /* One extra for NULL terminator */ -- 2.47.3