]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-container.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #6365 from keszybz/fast-tests
[thirdparty/systemd.git] / src / libsystemd / sd-bus / bus-container.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2013 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <fcntl.h>
21 #include <unistd.h>
22
23 #include "bus-container.h"
24 #include "bus-internal.h"
25 #include "bus-socket.h"
26 #include "fd-util.h"
27 #include "process-util.h"
28 #include "util.h"
29
30 int bus_container_connect_socket(sd_bus *b) {
31 _cleanup_close_pair_ int pair[2] = { -1, -1 };
32 _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, usernsfd = -1, rootfd = -1;
33 pid_t child;
34 siginfo_t si;
35 int r, error_buf = 0;
36 ssize_t n;
37
38 assert(b);
39 assert(b->input_fd < 0);
40 assert(b->output_fd < 0);
41 assert(b->nspid > 0 || b->machine);
42
43 if (b->nspid <= 0) {
44 r = container_get_leader(b->machine, &b->nspid);
45 if (r < 0)
46 return r;
47 }
48
49 r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd);
50 if (r < 0)
51 return r;
52
53 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
54 if (b->input_fd < 0)
55 return -errno;
56
57 b->output_fd = b->input_fd;
58
59 bus_socket_setup(b);
60
61 if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0)
62 return -errno;
63
64 child = fork();
65 if (child < 0)
66 return -errno;
67
68 if (child == 0) {
69 pid_t grandchild;
70
71 pair[0] = safe_close(pair[0]);
72
73 r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd);
74 if (r < 0)
75 _exit(EXIT_FAILURE);
76
77 /* We just changed PID namespace, however it will only
78 * take effect on the children we now fork. Hence,
79 * let's fork another time, and connect from this
80 * grandchild, so that SO_PEERCRED of our connection
81 * comes from a process from within the container, and
82 * not outside of it */
83
84 grandchild = fork();
85 if (grandchild < 0)
86 _exit(EXIT_FAILURE);
87
88 if (grandchild == 0) {
89
90 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
91 if (r < 0) {
92 /* Try to send error up */
93 error_buf = errno;
94 (void) write(pair[1], &error_buf, sizeof(error_buf));
95 _exit(EXIT_FAILURE);
96 }
97
98 _exit(EXIT_SUCCESS);
99 }
100
101 r = wait_for_terminate(grandchild, &si);
102 if (r < 0)
103 _exit(EXIT_FAILURE);
104
105 if (si.si_code != CLD_EXITED)
106 _exit(EXIT_FAILURE);
107
108 _exit(si.si_status);
109 }
110
111 pair[1] = safe_close(pair[1]);
112
113 r = wait_for_terminate(child, &si);
114 if (r < 0)
115 return r;
116
117 n = read(pair[0], &error_buf, sizeof(error_buf));
118 if (n < 0)
119 return -errno;
120
121 if (n > 0) {
122 if (n != sizeof(error_buf))
123 return -EIO;
124
125 if (error_buf < 0)
126 return -EIO;
127
128 if (error_buf == EINPROGRESS)
129 return 1;
130
131 if (error_buf > 0)
132 return -error_buf;
133 }
134
135 if (si.si_code != CLD_EXITED)
136 return -EIO;
137
138 if (si.si_status != EXIT_SUCCESS)
139 return -EIO;
140
141 return bus_socket_start_auth(b);
142 }
Unnamed repository; edit this file 'description' to name the repository.