]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fee6d01)
machined: userns is only supported for container-class machines
authorLennart Poettering <lennart@poettering.net>
Mon, 24 Aug 2015 19:09:16 +0000 (21:09 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 24 Aug 2015 20:46:45 +0000 (22:46 +0200)
We do not support userns for VM machines or for the host itself.

src/machine/machined-dbus.c patch | blob | blame | history

diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 29649899ed1b2e66f9948bec779bc0bb3df20c27..0d52c693e4b61b86ac677830898ee499267c0728 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -882,6 +882,9 @@ static int method_map_from_machine_user(sd_bus_message *message, void *userdata,
         if (!machine)
                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
 
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
         p = procfs_file_alloca(machine->leader, "uid_map");
         f = fopen(p, "re");
         if (!f)
@@ -934,6 +937,9 @@ static int method_map_to_machine_user(sd_bus_message *message, void *userdata, s
                 _cleanup_fclose_ FILE *f = NULL;
                 char p[strlen("/proc//uid_map") + DECIMAL_STR_MAX(pid_t) + 1];
 
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
                 xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
                 f = fopen(p, "re");
                 if (!f) {
@@ -994,6 +1000,9 @@ static int method_map_from_machine_group(sd_bus_message *message, void *groupdat
         if (!machine)
                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name);
 
+        if (machine->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Not supported for non-container machines.");
+
         p = procfs_file_alloca(machine->leader, "gid_map");
         f = fopen(p, "re");
         if (!f)
@@ -1046,6 +1055,9 @@ static int method_map_to_machine_group(sd_bus_message *message, void *groupdata,
                 _cleanup_fclose_ FILE *f = NULL;
                 char p[strlen("/proc//gid_map") + DECIMAL_STR_MAX(pid_t) + 1];
 
+                if (machine->class != MACHINE_CONTAINER)
+                        continue;
+
                 xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
                 f = fopen(p, "re");
                 if (!f) {
Unnamed repository; edit this file 'description' to name the repository.