From: Daan De Meyer Date: Sat, 28 Jan 2023 14:12:08 +0000 (+0100) Subject: nspawn: Make sure we create bind mount points as the correct UID/GID X-Git-Tag: v253-rc2~37^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F26249%2Fhead;p=thirdparty%2Fsystemd.git nspawn: Make sure we create bind mount points as the correct UID/GID When using --private-users, we have to create bind mount points as the user that will become root in the user namespace, so let's take that into account. --- diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c index 9de20126f4a..ee00362b546 100644 --- a/src/nspawn/nspawn-mount.c +++ b/src/nspawn/nspawn-mount.c @@ -794,7 +794,7 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u m->source, where); } else { /* Path doesn't exist yet? */ - r = mkdir_parents_label(where, 0755); + r = mkdir_parents_safe_label(dest, where, 0755, uid_shift, uid_shift, MKDIR_IGNORE_EXISTING); if (r < 0) return log_error_errno(r, "Failed to make parents of %s: %m", where); @@ -808,6 +808,9 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u r = touch(where); if (r < 0) return log_error_errno(r, "Failed to create mount point %s: %m", where); + + if (chown(where, uid_shift, uid_shift) < 0) + return log_error_errno(errno, "Failed to chown %s: %m", where); } r = mount_nofollow_verbose(LOG_ERR, m->source, where, NULL, mount_flags, mount_opts);