From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 2 Aug 2022 15:30:28 +0000 (+0000)
Subject: jail: Try bind-mounting device nodes when we cannot use mknod()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8f1003a333da21867cd42565807ad2633e6692a5;p=people%2Fstevee%2Fpakfire.git

jail: Try bind-mounting device nodes when we cannot use mknod()

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/include/pakfire/util.h b/src/libpakfire/include/pakfire/util.h
index fc99f820..4044bd2d 100644
--- a/src/libpakfire/include/pakfire/util.h
+++ b/src/libpakfire/include/pakfire/util.h
@@ -83,6 +83,7 @@ int __pakfire_path_join(char* dest, size_t length,
 	const char* first, const char* second);
 const char* pakfire_path_relpath(const char* root, const char* path);
 
+int pakfire_touch(const char* path, mode_t mode);
 int pakfire_mkparentdir(const char* path, mode_t mode);
 int pakfire_mkdir(const char* path, mode_t mode);
 FILE* pakfire_mktemp(char* path);
diff --git a/src/libpakfire/mount.c b/src/libpakfire/mount.c
index ae87aa66..bff245f9 100644
--- a/src/libpakfire/mount.c
+++ b/src/libpakfire/mount.c
@@ -239,10 +239,33 @@ static int pakfire_populate_dev(struct pakfire* pakfire) {
 		dev_t dev = makedev(devnode->major, devnode->minor);
 
 		r = mknod(path, devnode->mode, dev);
+
+		// Continue if mknod was successful
+		if (r == 0)
+			continue;
+
+		// If we could not create the device node because of permission issues,
+		// it might be likely that we are running in a user namespace where creating
+		// device nodes is not permitted. Try bind-mounting them.
+		if (errno == EPERM)
+			goto MOUNT;
+
+		// Otherwise log an error and end
+		ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
+		return r;
+
+MOUNT:
+		// Create an empty file
+		r = pakfire_touch(path, 0444);
 		if (r) {
-			ERROR(pakfire, "Could not create %s: %m\n", devnode->path);
+			ERROR(pakfire, "Could not create %s: %m\n", path);
 			return r;
 		}
+
+		// Create a bind-mount over the file
+		r = pakfire_mount(pakfire, path, devnode->path, "bind", MS_BIND, NULL);
+		if (r)
+			return r;
 	}
 
 	// Create symlinks
diff --git a/src/libpakfire/util.c b/src/libpakfire/util.c
index 83f0b860..baf4c302 100644
--- a/src/libpakfire/util.c
+++ b/src/libpakfire/util.c
@@ -930,6 +930,14 @@ int __pakfire_unhexlify(unsigned char* dst, const size_t l, const char* src) {
 	return 0;
 }
 
+int pakfire_touch(const char* path, mode_t mode) {
+	FILE* f = fopen(path, "w");
+	if (!f)
+		return 1;
+
+	return fclose(f);
+}
+
 int pakfire_mkparentdir(const char* path, mode_t mode) {
 	int r;