From 9fa1afb6b92b485473699298a3ed3ec4121a344f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 19 Mar 2023 20:13:12 +0000 Subject: [PATCH] jail: Move flags to individual exec commands Signed-off-by: Michael Tremer --- src/_pakfire/pakfire.c | 5 +-- src/libpakfire/archive.c | 4 +- src/libpakfire/build.c | 2 +- src/libpakfire/include/pakfire/jail.h | 14 ++++--- src/libpakfire/jail.c | 59 ++++++++++++--------------- 5 files changed, 40 insertions(+), 44 deletions(-) diff --git a/src/_pakfire/pakfire.c b/src/_pakfire/pakfire.c index ee74847b..92cd5842 100644 --- a/src/_pakfire/pakfire.c +++ b/src/_pakfire/pakfire.c @@ -916,7 +916,6 @@ static PyObject* Pakfire_execute(PakfireObject* self, PyObject* args, PyObject* struct pakfire_jail* jail = NULL; const char** argv = NULL; - int flags = 0; int r; PyObject* ret = NULL; @@ -975,7 +974,7 @@ static PyObject* Pakfire_execute(PakfireObject* self, PyObject* args, PyObject* } // Create jail - r = pakfire_jail_create(&jail, self->pakfire, flags); + r = pakfire_jail_create(&jail, self->pakfire); if (r) { PyErr_SetFromErrno(PyExc_OSError); goto ERROR; @@ -1056,7 +1055,7 @@ static PyObject* Pakfire_execute(PakfireObject* self, PyObject* args, PyObject* // Execute command r = pakfire_jail_exec(jail, argv, - NULL, Pakfire_execute_output_callback, callback); + NULL, Pakfire_execute_output_callback, callback, 0); Py_END_ALLOW_THREADS diff --git a/src/libpakfire/archive.c b/src/libpakfire/archive.c index c3a028ad..aafbb83e 100644 --- a/src/libpakfire/archive.c +++ b/src/libpakfire/archive.c @@ -1205,11 +1205,11 @@ static int __pakfire_archive_handle_systemd_sysusers(struct pakfire* pakfire, const char* argv[] = { "/usr/bin/systemd-sysusers", replace, "-", NULL }; // Create a new jail - r = pakfire_jail_create(&jail, pakfire, 0); + r = pakfire_jail_create(&jail, pakfire); if (r) goto ERROR; - r = pakfire_jail_exec(jail, argv, pakfire_archive_stream_payload, NULL, a); + r = pakfire_jail_exec(jail, argv, pakfire_archive_stream_payload, NULL, a, 0); switch (r) { // If the command does not exist, we silently ignore this error case 127: diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c index deae2609..267c9df0 100644 --- a/src/libpakfire/build.c +++ b/src/libpakfire/build.c @@ -1432,7 +1432,7 @@ static int pakfire_build_setup_jail(struct pakfire_build* build) { int r; // Create a new jail - r = pakfire_jail_create(&build->jail, build->pakfire, 0); + r = pakfire_jail_create(&build->jail, build->pakfire); if (r) { ERROR(build->pakfire, "Could not create jail for build %s: %m\n", build->_id); return r; diff --git a/src/libpakfire/include/pakfire/jail.h b/src/libpakfire/include/pakfire/jail.h index d691086c..8cd45a02 100644 --- a/src/libpakfire/include/pakfire/jail.h +++ b/src/libpakfire/include/pakfire/jail.h @@ -25,11 +25,7 @@ struct pakfire_jail; -enum pakfire_jail_flags { - PAKFIRE_JAIL_NONE = 0, -}; - -int pakfire_jail_create(struct pakfire_jail** jail, struct pakfire* pakfire, int flags); +int pakfire_jail_create(struct pakfire_jail** jail, struct pakfire* pakfire); struct pakfire_jail* pakfire_jail_ref(struct pakfire_jail* jail); struct pakfire_jail* pakfire_jail_unref(struct pakfire_jail* jail); @@ -55,12 +51,18 @@ typedef int (*pakfire_jail_communicate_in) typedef int (*pakfire_jail_communicate_out) (struct pakfire* pakfire, void* data, int priority, const char* line, const size_t length); +enum pakfire_jail_exec_flags { + PAKFIRE_JAIL_HAS_NETWORKING = (1 << 0), + PAKFIRE_JAIL_NOENT_OK = (1 << 1), +}; + int pakfire_jail_exec( struct pakfire_jail* jail, const char* argv[], pakfire_jail_communicate_in callback_in, pakfire_jail_communicate_out callback_out, - void* data); + void* data, + int flags); #ifdef PAKFIRE_PRIVATE diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c index dc417a45..d59a3574 100644 --- a/src/libpakfire/jail.c +++ b/src/libpakfire/jail.c @@ -90,9 +90,6 @@ struct pakfire_jail { uuid_t uuid; char __uuid[UUID_STR_LEN]; - // Flags - int flags; - // Resource Limits int nice; @@ -115,10 +112,6 @@ struct pakfire_log_buffer { size_t used; }; -enum pakfire_jail_exec_flags { - PAKFIRE_JAIL_HAS_NETWORKING = (1 << 0), -}; - struct pakfire_jail_exec { int flags; @@ -249,8 +242,7 @@ static int pakfire_jail_setup_interactive_env(struct pakfire_jail* jail) { return 0; } -PAKFIRE_EXPORT int pakfire_jail_create(struct pakfire_jail** jail, - struct pakfire* pakfire, int flags) { +PAKFIRE_EXPORT int pakfire_jail_create(struct pakfire_jail** jail, struct pakfire* pakfire) { int r; const char* arch = pakfire_get_arch(pakfire); @@ -266,9 +258,6 @@ PAKFIRE_EXPORT int pakfire_jail_create(struct pakfire_jail** jail, // Initialize reference counter j->nrefs = 1; - // Store flags - j->flags = flags; - // Generate a random UUID uuid_generate_random(j->uuid); @@ -1545,17 +1534,23 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe // exec() command r = execvpe(argv[0], (char**)argv, jail->env); - if (r < 0) - ERROR(jail->pakfire, "Could not execve(%s): %m\n", argv[0]); + if (r < 0) { + // Translate errno into regular exit code + switch (errno) { + case ENOENT: + // Ignore if the command doesn't exist + if (ctx->flags & PAKFIRE_JAIL_NOENT_OK) + r = 0; + else + r = 127; - // Translate errno into regular exit code - switch (errno) { - case ENOENT: - r = 127; - break; + break; - default: - r = 1; + default: + r = 1; + } + + ERROR(jail->pakfire, "Could not execve(%s): %m\n", argv[0]); } // We should not get here @@ -1567,7 +1562,7 @@ static int __pakfire_jail_exec(struct pakfire_jail* jail, const char* argv[], const int interactive, pakfire_jail_communicate_in communicate_in, pakfire_jail_communicate_out communicate_out, - void* data) { + void* data, int flags) { int exit = -1; int r; @@ -1583,7 +1578,7 @@ static int __pakfire_jail_exec(struct pakfire_jail* jail, const char* argv[], // Initialize context for this call struct pakfire_jail_exec ctx = { - .flags = 0, + .flags = flags, .pipes = { .stdin = { 0, 0 }, @@ -1771,12 +1766,12 @@ PAKFIRE_EXPORT int pakfire_jail_exec( const char* argv[], pakfire_jail_communicate_in callback_in, pakfire_jail_communicate_out callback_out, - void* data) { - return __pakfire_jail_exec(jail, argv, 0, callback_in, callback_out, data); + void* data, int flags) { + return __pakfire_jail_exec(jail, argv, 0, callback_in, callback_out, data, flags); } static int pakfire_jail_exec_interactive( - struct pakfire_jail* jail, const char* argv[]) { + struct pakfire_jail* jail, const char* argv[], int flags) { int r; // Setup interactive stuff @@ -1784,7 +1779,7 @@ static int pakfire_jail_exec_interactive( if (r) return r; - return __pakfire_jail_exec(jail, argv, 1, NULL, NULL, NULL); + return __pakfire_jail_exec(jail, argv, 1, NULL, NULL, NULL, flags); } int pakfire_jail_exec_script(struct pakfire_jail* jail, @@ -1852,7 +1847,7 @@ int pakfire_jail_exec_script(struct pakfire_jail* jail, argv[i] = args[i-1]; // Run the script - r = pakfire_jail_exec(jail, argv, callback_in, callback_out, data); + r = pakfire_jail_exec(jail, argv, callback_in, callback_out, data, 0); ERROR: if (argv) @@ -1876,12 +1871,12 @@ int pakfire_jail_run(struct pakfire* pakfire, const char* argv[], int flags, cha int r; // Create a new jail - r = pakfire_jail_create(&jail, pakfire, flags); + r = pakfire_jail_create(&jail, pakfire); if (r) goto ERROR; // Execute the command - r = pakfire_jail_exec(jail, argv, NULL, pakfire_jail_capture_stdout, output); + r = pakfire_jail_exec(jail, argv, NULL, pakfire_jail_capture_stdout, output, 0); ERROR: if (jail) @@ -1896,7 +1891,7 @@ int pakfire_jail_run_script(struct pakfire* pakfire, int r; // Create a new jail - r = pakfire_jail_create(&jail, pakfire, flags); + r = pakfire_jail_create(&jail, pakfire); if (r) goto ERROR; @@ -1916,7 +1911,7 @@ int pakfire_jail_shell(struct pakfire_jail* jail) { }; // Execute /bin/bash - return pakfire_jail_exec_interactive(jail, argv); + return pakfire_jail_exec_interactive(jail, argv, 0); } static int pakfire_jail_run_if_possible(struct pakfire* pakfire, const char** argv) { -- 2.47.2