From: DaanDeMeyer Date: Fri, 26 Dec 2025 20:58:04 +0000 (+0100) Subject: pull-tar: Insist on foreign UID when copying X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b4278d12ec55cc3f96764bc8197e1055fbb6d3f;p=thirdparty%2Fsystemd.git pull-tar: Insist on foreign UID when copying If we're doing foreign UID range copying, we're going to be joining a private user namespace before doing the copy. copy_tree() insists on keeping all UIDs/GIDs the same when copying. Hence, all the UIDs/GIDs of the files we're copying should be in the private UID range, which means they need to be owned by the foreign UID range and we always need to call mountfsd_mount_directory_fd(). So there's no point in having a fallback path if the source directory is not foreign UID range owned, we'd simply fail to copy it later. Hence, insist on the source directory being foreign UID range owned. --- diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c index 25b07b1192f..5171f8e2dfb 100644 --- a/src/import/pull-tar.c +++ b/src/import/pull-tar.c @@ -288,12 +288,15 @@ static int tar_pull_make_local_copy(TarPull *p) { if (fstat(directory_fd, &st) < 0) return log_error_errno(errno, "Failed to stat '%s': %m", p->final_path); - if (uid_is_foreign(st.st_uid)) { - r = mountfsd_mount_directory_fd(directory_fd, p->userns_fd, DISSECT_IMAGE_FOREIGN_UID, &p->tree_fd); - if (r < 0) - return r; - } else - p->tree_fd = TAKE_FD(directory_fd); + if (!uid_is_foreign(st.st_uid)) + return log_error_errno( + SYNTHETIC_ERRNO(EINVAL), + "Image tree '%s' is not owned by the foreign UID range, refusing.", + p->final_path); + + r = mountfsd_mount_directory_fd(directory_fd, p->userns_fd, DISSECT_IMAGE_FOREIGN_UID, &p->tree_fd); + if (r < 0) + return r; } _cleanup_close_ int directory_fd = -EBADF;