From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 17 Jan 2017 01:19:34 +0000 (+0000)
Subject: nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root
X-Git-Tag: v233~226^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=adc7d9f0da58589a85d278b2b0e92b8cd55cb99a;p=thirdparty%2Fsystemd.git

nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root

Fixes #4944
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78ae2f4a0fe..532be148a6a 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2363,6 +2363,12 @@ static int setup_sd_notify_child(void) {
                 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
         }
 
+        r = userns_lchown(NSPAWN_NOTIFY_SOCKET_PATH, 0, 0);
+        if (r < 0) {
+                safe_close(fd);
+                return log_error_errno(r, "Failed to chown " NSPAWN_NOTIFY_SOCKET_PATH ": %m");
+        }
+
         r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
         if (r < 0) {
                 safe_close(fd);