]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-container.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2013 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include "bus-container.h"
25 #include "bus-internal.h"
26 #include "bus-socket.h"
28 #include "process-util.h"
31 int bus_container_connect_socket(sd_bus
*b
) {
32 _cleanup_close_pair_
int pair
[2] = { -1, -1 };
33 _cleanup_close_
int pidnsfd
= -1, mntnsfd
= -1, usernsfd
= -1, rootfd
= -1;
40 assert(b
->input_fd
< 0);
41 assert(b
->output_fd
< 0);
42 assert(b
->nspid
> 0 || b
->machine
);
45 r
= container_get_leader(b
->machine
, &b
->nspid
);
50 r
= namespace_open(b
->nspid
, &pidnsfd
, &mntnsfd
, NULL
, &usernsfd
, &rootfd
);
54 b
->input_fd
= socket(b
->sockaddr
.sa
.sa_family
, SOCK_STREAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
58 b
->output_fd
= b
->input_fd
;
62 if (socketpair(AF_UNIX
, SOCK_SEQPACKET
, 0, pair
) < 0)
72 pair
[0] = safe_close(pair
[0]);
74 r
= namespace_enter(pidnsfd
, mntnsfd
, -1, usernsfd
, rootfd
);
78 /* We just changed PID namespace, however it will only
79 * take effect on the children we now fork. Hence,
80 * let's fork another time, and connect from this
81 * grandchild, so that SO_PEERCRED of our connection
82 * comes from a process from within the container, and
83 * not outside of it */
89 if (grandchild
== 0) {
91 r
= connect(b
->input_fd
, &b
->sockaddr
.sa
, b
->sockaddr_size
);
93 /* Try to send error up */
95 (void) write(pair
[1], &error_buf
, sizeof(error_buf
));
102 r
= wait_for_terminate(grandchild
, &si
);
106 if (si
.si_code
!= CLD_EXITED
)
112 pair
[1] = safe_close(pair
[1]);
114 r
= wait_for_terminate(child
, &si
);
118 n
= read(pair
[0], &error_buf
, sizeof(error_buf
));
123 if (n
!= sizeof(error_buf
))
129 if (error_buf
== EINPROGRESS
)
136 if (si
.si_code
!= CLD_EXITED
)
139 if (si
.si_status
!= EXIT_SUCCESS
)
142 return bus_socket_start_auth(b
);