]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-container.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: drop license boilerplate
[thirdparty/systemd.git] / src / libsystemd / sd-bus / bus-container.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2013 Lennart Poettering
6 ***/
7
8 #include <fcntl.h>
9 #include <unistd.h>
10
11 #include "bus-container.h"
12 #include "bus-internal.h"
13 #include "bus-socket.h"
14 #include "fd-util.h"
15 #include "process-util.h"
16 #include "util.h"
17
18 int bus_container_connect_socket(sd_bus *b) {
19 _cleanup_close_pair_ int pair[2] = { -1, -1 };
20 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1;
21 int r, error_buf = 0;
22 pid_t child;
23 ssize_t n;
24
25 assert(b);
26 assert(b->input_fd < 0);
27 assert(b->output_fd < 0);
28 assert(b->nspid > 0 || b->machine);
29
30 if (b->nspid <= 0) {
31 r = container_get_leader(b->machine, &b->nspid);
32 if (r < 0)
33 return r;
34 }
35
36 r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
37 if (r < 0)
38 return r;
39
40 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
41 if (b->input_fd < 0)
42 return -errno;
43
44 b->input_fd = fd_move_above_stdio(b->input_fd);
45
46 b->output_fd = b->input_fd;
47
48 bus_socket_setup(b);
49
50 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0)
51 return -errno;
52
53 r = safe_fork("(sd-buscntr)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child);
54 if (r < 0)
55 return r;
56 if (r == 0) {
57 pid_t grandchild;
58
59 pair[0] = safe_close(pair[0]);
60
61 r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd);
62 if (r < 0)
63 _exit(EXIT_FAILURE);
64
65 /* We just changed PID namespace, however it will only
66 * take effect on the children we now fork. Hence,
67 * let's fork another time, and connect from this
68 * grandchild, so that SO_PEERCRED of our connection
69 * comes from a process from within the container, and
70 * not outside of it */
71
72 r = safe_fork("(sd-buscntr2)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &grandchild);
73 if (r < 0)
74 _exit(EXIT_FAILURE);
75 if (r == 0) {
76
77 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
78 if (r < 0) {
79 /* Try to send error up */
80 error_buf = errno;
81 (void) write(pair[1], &error_buf, sizeof(error_buf));
82 _exit(EXIT_FAILURE);
83 }
84
85 _exit(EXIT_SUCCESS);
86 }
87
88 r = wait_for_terminate_and_check("(sd-buscntr2)", grandchild, 0);
89 if (r < 0)
90 _exit(EXIT_FAILURE);
91
92 _exit(r);
93 }
94
95 pair[1] = safe_close(pair[1]);
96
97 r = wait_for_terminate_and_check("(sd-buscntr)", child, 0);
98 if (r < 0)
99 return r;
100 if (r != EXIT_SUCCESS)
101 return -EPROTO;
102
103 n = read(pair[0], &error_buf, sizeof(error_buf));
104 if (n < 0)
105 return -errno;
106
107 if (n > 0) {
108 if (n != sizeof(error_buf))
109 return -EIO;
110
111 if (error_buf < 0)
112 return -EIO;
113
114 if (error_buf == EINPROGRESS)
115 return 1;
116
117 if (error_buf > 0)
118 return -error_buf;
119 }
120
121 return bus_socket_start_auth(b);
122 }
Unnamed repository; edit this file 'description' to name the repository.