mirror of
https://github.com/systemd/systemd
synced 2026-03-24 15:55:00 +01:00
Compare commits
7 Commits
ba037640bf
...
20367ade71
| Author | SHA1 | Date | |
|---|---|---|---|
|
20367ade71 | ||
|
|
73c40aa1f6 | ||
|
|
ed0f6758c8 | ||
|
|
8c007f68ff | ||
|
|
3532691d72 | ||
|
|
e48e098db1 | ||
|
|
f42ac24772 |
@ -13,6 +13,7 @@
|
||||
#include "fd-util.h"
|
||||
#include "log.h"
|
||||
#include "namespace-util.h"
|
||||
#include "pidref.h"
|
||||
#include "process-util.h"
|
||||
#include "runtime-scope.h"
|
||||
#include "strv.h"
|
||||
@ -78,12 +79,10 @@ int verb_unit_shell(int argc, char *argv[], void *userdata) {
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
pid_t child;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
r = namespace_fork(
|
||||
"(unit-shell-ns)",
|
||||
"(unit-shell)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
pidns_fd,
|
||||
mntns_fd,
|
||||
@ -117,8 +116,8 @@ int verb_unit_shell(int argc, char *argv[], void *userdata) {
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
return wait_for_terminate_and_check(
|
||||
return pidref_wait_for_terminate_and_check(
|
||||
"(unit-shell)",
|
||||
child,
|
||||
&child,
|
||||
WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
|
||||
}
|
||||
|
||||
@ -1484,11 +1484,6 @@ pid_t clone_with_nested_stack(int (*fn)(void *), int flags, void *userdata) {
|
||||
return pid;
|
||||
}
|
||||
|
||||
static void restore_sigsetp(sigset_t **ssp) {
|
||||
if (*ssp)
|
||||
(void) sigprocmask(SIG_SETMASK, *ssp, NULL);
|
||||
}
|
||||
|
||||
static int fork_flags_to_signal(ForkFlags flags) {
|
||||
return (flags & FORK_DEATHSIG_SIGTERM) ? SIGTERM :
|
||||
(flags & FORK_DEATHSIG_SIGINT) ? SIGINT :
|
||||
@ -1505,7 +1500,7 @@ int pidref_safe_fork_full(
|
||||
|
||||
pid_t original_pid, pid;
|
||||
sigset_t saved_ss, ss;
|
||||
_unused_ _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL;
|
||||
_unused_ _cleanup_(block_signals_reset) sigset_t *saved_ssp = NULL;
|
||||
bool block_signals = false, block_all = false, intermediary = false;
|
||||
_cleanup_close_pair_ int pidref_transport_fds[2] = EBADF_PAIR;
|
||||
int prio, r;
|
||||
@ -1889,7 +1884,7 @@ int safe_fork_full(
|
||||
return r;
|
||||
}
|
||||
|
||||
int namespace_fork(
|
||||
int namespace_fork_full(
|
||||
const char *outer_name,
|
||||
const char *inner_name,
|
||||
int except_fds[],
|
||||
@ -1900,53 +1895,108 @@ int namespace_fork(
|
||||
int netns_fd,
|
||||
int userns_fd,
|
||||
int root_fd,
|
||||
pid_t *ret_pid) {
|
||||
PidRef *ret) {
|
||||
|
||||
int r;
|
||||
_cleanup_(pidref_done_sigkill_wait) PidRef pidref_outer = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||
int r, prio = FLAGS_SET(flags, FORK_LOG) ? LOG_ERR : LOG_DEBUG;
|
||||
|
||||
/* This is much like safe_fork(), but forks twice, and joins the specified namespaces in the middle
|
||||
* process. This ensures that we are fully a member of the destination namespace, with pidns an all, so that
|
||||
* /proc/self/fd works correctly. */
|
||||
* /proc/self/fd works correctly.
|
||||
*
|
||||
* TODO: once we can rely on PIDFD_INFO_EXIT, do not keep the middle process around and instead
|
||||
* return the pidfd of the inner process for direct tracking. */
|
||||
|
||||
/* Insist on PDEATHSIG being enabled, as the pid returned is the one of the middle man, and otherwise
|
||||
* killing of it won't be propagated to the inner child. */
|
||||
assert((flags & (FORK_DEATHSIG_SIGKILL|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT)) != 0);
|
||||
assert((flags & (FORK_DETACH|FORK_FREEZE)) == 0);
|
||||
assert(!FLAGS_SET(flags, FORK_ALLOW_DLOPEN)); /* never allow loading shared library from another ns */
|
||||
|
||||
r = safe_fork_full(outer_name,
|
||||
NULL,
|
||||
except_fds, n_except_fds,
|
||||
(flags|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGKILL) & ~(FORK_REOPEN_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE), ret_pid);
|
||||
/* We want read() to block as a synchronization point */
|
||||
assert_cc(sizeof(int) <= PIPE_BUF);
|
||||
if (pipe2(errno_pipe_fd, O_CLOEXEC) < 0)
|
||||
return log_full_errno(prio, errno, "Failed to create pipe: %m");
|
||||
|
||||
r = pidref_safe_fork_full(
|
||||
outer_name,
|
||||
/* stdio_fds = */ NULL, /* except_fds = */ NULL, /* n_except_fds = */ 0,
|
||||
(flags|FORK_DEATHSIG_SIGKILL) & ~(FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_REOPEN_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE|FORK_NEW_USERNS|FORK_NEW_NETNS|FORK_NEW_PIDNS|FORK_CLOSE_ALL_FDS|FORK_PACK_FDS|FORK_CLOEXEC_OFF|FORK_RLIMIT_NOFILE_SAFE),
|
||||
&pidref_outer);
|
||||
if (r == -EPROTO && FLAGS_SET(flags, FORK_WAIT)) {
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
|
||||
int k = read_errno(errno_pipe_fd[0]);
|
||||
if (k < 0 && k != -EIO)
|
||||
return k;
|
||||
}
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
pid_t pid;
|
||||
_cleanup_(pidref_done) PidRef pidref_inner = PIDREF_NULL;
|
||||
|
||||
/* Child */
|
||||
|
||||
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
|
||||
|
||||
r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd);
|
||||
if (r < 0) {
|
||||
log_full_errno(FLAGS_SET(flags, FORK_LOG) ? LOG_ERR : LOG_DEBUG, r, "Failed to join namespace: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
log_full_errno(prio, r, "Failed to join namespace: %m");
|
||||
report_errno_and_exit(errno_pipe_fd[1], r);
|
||||
}
|
||||
|
||||
/* We mask a few flags here that either make no sense for the grandchild, or that we don't have to do again */
|
||||
r = safe_fork_full(inner_name,
|
||||
r = pidref_safe_fork_full(
|
||||
inner_name,
|
||||
NULL,
|
||||
except_fds, n_except_fds,
|
||||
flags & ~(FORK_WAIT|FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO), &pid);
|
||||
flags & ~(FORK_WAIT|FORK_RESET_SIGNALS|FORK_REARRANGE_STDIO|FORK_FLUSH_STDIO|FORK_STDOUT_TO_STDERR),
|
||||
&pidref_inner);
|
||||
if (r < 0)
|
||||
_exit(EXIT_FAILURE);
|
||||
report_errno_and_exit(errno_pipe_fd[1], r);
|
||||
if (r == 0) {
|
||||
/* Child */
|
||||
if (ret_pid)
|
||||
*ret_pid = pid;
|
||||
|
||||
if (!FLAGS_SET(flags, FORK_CLOSE_ALL_FDS)) {
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
pidref_done(&pidref_outer);
|
||||
} else {
|
||||
errno_pipe_fd[1] = -EBADF;
|
||||
pidref_outer = PIDREF_NULL;
|
||||
}
|
||||
|
||||
if (ret)
|
||||
*ret = TAKE_PIDREF(pidref_inner);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r = wait_for_terminate_and_check(inner_name, pid, FLAGS_SET(flags, FORK_LOG) ? WAIT_LOG : 0);
|
||||
log_close();
|
||||
log_set_open_when_needed(true);
|
||||
|
||||
(void) close_all_fds(&pidref_inner.fd, 1);
|
||||
|
||||
r = pidref_wait_for_terminate_and_check(
|
||||
inner_name,
|
||||
&pidref_inner,
|
||||
FLAGS_SET(flags, FORK_LOG) ? WAIT_LOG : 0);
|
||||
if (r < 0)
|
||||
_exit(EXIT_FAILURE);
|
||||
|
||||
_exit(r);
|
||||
}
|
||||
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
|
||||
r = read_errno(errno_pipe_fd[0]);
|
||||
if (r < 0)
|
||||
return r; /* the child logs about failures on its own, no need to duplicate here */
|
||||
|
||||
if (ret)
|
||||
*ret = TAKE_PIDREF(pidref_outer);
|
||||
else
|
||||
pidref_done(&pidref_outer); /* disarm sigkill_wait */
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -2346,16 +2396,15 @@ int read_errno(int errno_fd) {
|
||||
log_debug_errno(n, "Failed to read errno: %m");
|
||||
return -EIO;
|
||||
}
|
||||
if (n == sizeof(r)) {
|
||||
if (n == 0) /* the process exited without reporting an error, assuming success */
|
||||
return 0;
|
||||
if (n != sizeof(r))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received unexpected amount of bytes (%zi) while reading errno.", n);
|
||||
|
||||
if (r == 0)
|
||||
return 0;
|
||||
if (r < 0) /* child process reported an error, return it */
|
||||
return log_debug_errno(r, "Child process failed with errno: %m");
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received an errno, but it's a positive value.");
|
||||
}
|
||||
if (n != 0)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received unexpected amount of bytes while reading errno.");
|
||||
|
||||
/* the process exited without reporting an error, assuming success */
|
||||
return 0;
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received positive errno from child, refusing: %d", r);
|
||||
}
|
||||
|
||||
@ -216,7 +216,7 @@ static inline int safe_fork(const char *name, ForkFlags flags, pid_t *ret_pid) {
|
||||
return safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
|
||||
}
|
||||
|
||||
int namespace_fork(
|
||||
int namespace_fork_full(
|
||||
const char *outer_name,
|
||||
const char *inner_name,
|
||||
int except_fds[],
|
||||
@ -227,7 +227,23 @@ int namespace_fork(
|
||||
int netns_fd,
|
||||
int userns_fd,
|
||||
int root_fd,
|
||||
pid_t *ret_pid);
|
||||
PidRef *ret);
|
||||
|
||||
static inline int namespace_fork(
|
||||
const char *outer_name,
|
||||
const char *inner_name,
|
||||
ForkFlags flags,
|
||||
int pidns_fd,
|
||||
int mntns_fd,
|
||||
int netns_fd,
|
||||
int userns_fd,
|
||||
int root_fd,
|
||||
PidRef *ret) {
|
||||
|
||||
return namespace_fork_full(outer_name, inner_name, NULL, 0, flags,
|
||||
pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd,
|
||||
ret);
|
||||
}
|
||||
|
||||
int set_oom_score_adjust(int value);
|
||||
int get_oom_score_adjust(int *ret);
|
||||
|
||||
@ -1665,15 +1665,13 @@ int openpt_allocate_in_namespace(
|
||||
r = namespace_fork(
|
||||
"(sd-openptns)",
|
||||
"(sd-openpt)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_WAIT,
|
||||
pidnsfd,
|
||||
mntnsfd,
|
||||
/* netns_fd= */ -EBADF,
|
||||
usernsfd,
|
||||
rootfd,
|
||||
/* ret_pid= */ NULL);
|
||||
/* ret= */ NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
|
||||
@ -3911,7 +3911,7 @@ int refresh_extensions_in_namespace(
|
||||
if (r == 0) {
|
||||
/* Child (host namespace) */
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
_cleanup_(sigkill_waitp) pid_t grandchild_pid = 0;
|
||||
_cleanup_(pidref_done_sigkill_wait) PidRef grandchild = PIDREF_NULL;
|
||||
|
||||
(void) mkdir_p_label(overlay_prefix, 0555);
|
||||
|
||||
@ -3928,9 +3928,7 @@ int refresh_extensions_in_namespace(
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
r = safe_fork("(sd-ns-refresh-exts-grandchild)",
|
||||
FORK_LOG|FORK_DEATHSIG_SIGKILL,
|
||||
&grandchild_pid);
|
||||
r = pidref_safe_fork("(sd-ns-refresh-exts-grandchild)", FORK_LOG|FORK_DEATHSIG_SIGKILL, &grandchild);
|
||||
if (r < 0)
|
||||
_exit(EXIT_FAILURE);
|
||||
if (r == 0) {
|
||||
@ -3964,11 +3962,14 @@ int refresh_extensions_in_namespace(
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-ns-refresh-exts-grandchild)", TAKE_PID(grandchild_pid), 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-ns-refresh-exts-grandchild)", &grandchild, 0);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to wait for target namespace process to finish: %m");
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
pidref_done(&grandchild);
|
||||
|
||||
if (r != EXIT_SUCCESS) {
|
||||
log_debug("Target namespace fork did not succeed");
|
||||
_exit(EXIT_FAILURE);
|
||||
|
||||
@ -224,14 +224,6 @@ static int receive_ucred(int transport_fd, struct ucred *ret_ucred) {
|
||||
}
|
||||
|
||||
int coredump_send_to_container(CoredumpContext *context) {
|
||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, netnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
pid_t child;
|
||||
struct ucred ucred = {
|
||||
.pid = context->pidref.pid,
|
||||
.uid = context->uid,
|
||||
.gid = context->gid,
|
||||
};
|
||||
int r;
|
||||
|
||||
assert(context);
|
||||
@ -255,6 +247,15 @@ int coredump_send_to_container(CoredumpContext *context) {
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, netnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
struct ucred ucred = {
|
||||
.pid = context->pidref.pid,
|
||||
.uid = context->uid,
|
||||
.gid = context->gid,
|
||||
};
|
||||
|
||||
r = RET_NERRNO(socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pair));
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to create socket pair: %m");
|
||||
@ -267,7 +268,7 @@ int coredump_send_to_container(CoredumpContext *context) {
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to open namespaces of PID " PID_FMT ": %m", leader_pid.pid);
|
||||
|
||||
r = namespace_fork("(sd-coredumpns)", "(sd-coredump)", NULL, 0,
|
||||
r = namespace_fork("(sd-coredumpns)", "(sd-coredump)",
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||
pidnsfd, mntnsfd, netnsfd, usernsfd, rootfd, &child);
|
||||
if (r < 0)
|
||||
@ -325,7 +326,7 @@ int coredump_send_to_container(CoredumpContext *context) {
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to send metadata to container: %m");
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-coredumpns)", child, 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-coredumpns)", &child, 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to wait for child to terminate: %m");
|
||||
if (r != EXIT_SUCCESS)
|
||||
|
||||
@ -494,15 +494,13 @@ static int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpConte
|
||||
|
||||
r = namespace_fork("(sd-mount-tree-ns)",
|
||||
"(sd-mount-tree)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT,
|
||||
/* pidns_fd= */ -EBADF,
|
||||
mntns_fd,
|
||||
/* netns_fd= */ -EBADF,
|
||||
/* userns_fd= */ -EBADF,
|
||||
root_fd,
|
||||
NULL);
|
||||
/* ret= */ NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0) {
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "bus-container.h"
|
||||
@ -10,14 +9,15 @@
|
||||
#include "format-util.h"
|
||||
#include "log.h"
|
||||
#include "namespace-util.h"
|
||||
#include "pidref.h"
|
||||
#include "process-util.h"
|
||||
#include "string-util.h"
|
||||
|
||||
int bus_container_connect_socket(sd_bus *b) {
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
int r, error_buf = 0;
|
||||
pid_t child;
|
||||
ssize_t n;
|
||||
|
||||
assert(b);
|
||||
@ -53,7 +53,7 @@ int bus_container_connect_socket(sd_bus *b) {
|
||||
if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)
|
||||
return log_debug_errno(errno, "Failed to create a socket pair: %m");
|
||||
|
||||
r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m");
|
||||
@ -73,7 +73,7 @@ int bus_container_connect_socket(sd_bus *b) {
|
||||
|
||||
pair[1] = safe_close(pair[1]);
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-buscntrns)", child, 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-buscntrns)", &child, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
bool nonzero_exit_status = r != EXIT_SUCCESS;
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
#include "id128-util.h"
|
||||
#include "io-util.h"
|
||||
#include "namespace-util.h"
|
||||
#include "pidref.h"
|
||||
#include "process-util.h"
|
||||
#include "sha256.h"
|
||||
#include "siphash24.h"
|
||||
@ -274,8 +275,9 @@ sd_id128_t id128_digest(const void *data, size_t size) {
|
||||
|
||||
int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, rootfd = -EBADF;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
pid_t pid, child;
|
||||
pid_t pid;
|
||||
sd_id128_t id;
|
||||
ssize_t k;
|
||||
int r;
|
||||
@ -296,7 +298,7 @@ int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
||||
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
|
||||
return -errno;
|
||||
|
||||
r = namespace_fork("(sd-bootidns)", "(sd-bootid)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
r = namespace_fork("(sd-bootidns)", "(sd-bootid)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
pidnsfd, mntnsfd, -1, -1, rootfd, &child);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -316,7 +318,7 @@ int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
||||
|
||||
pair[1] = safe_close(pair[1]);
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-bootidns)", child, 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-bootidns)", &child, 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r != EXIT_SUCCESS)
|
||||
|
||||
@ -1141,9 +1141,9 @@ int machine_copy_from_to_operation(
|
||||
Operation **ret) {
|
||||
|
||||
_cleanup_close_ int host_fd = -EBADF, target_mntns_fd = -EBADF, source_mntns_fd = -EBADF;
|
||||
_cleanup_(pidref_done_sigkill_wait) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||
_cleanup_free_ char *host_basename = NULL, *container_basename = NULL;
|
||||
_cleanup_(sigkill_waitp) pid_t child = 0;
|
||||
uid_t uid_shift;
|
||||
int r;
|
||||
|
||||
@ -1183,8 +1183,6 @@ int machine_copy_from_to_operation(
|
||||
|
||||
r = namespace_fork("(sd-copyns)",
|
||||
"(sd-copy)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
/* pidns_fd= */ -EBADF,
|
||||
target_mntns_fd,
|
||||
@ -1244,13 +1242,14 @@ int machine_copy_from_to_operation(
|
||||
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
|
||||
// TODO: port to PidRef and donate child rather than destroying it
|
||||
Operation *operation;
|
||||
r = operation_new(manager, machine, child, errno_pipe_fd[0], &operation);
|
||||
r = operation_new(manager, machine, child.pid, errno_pipe_fd[0], &operation);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
TAKE_FD(errno_pipe_fd[0]);
|
||||
TAKE_PID(child);
|
||||
pidref_done(&child);
|
||||
|
||||
*ret = operation;
|
||||
return 0;
|
||||
@ -1532,8 +1531,8 @@ int machine_open_root_directory(Machine *machine) {
|
||||
|
||||
case MACHINE_CONTAINER: {
|
||||
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR, fd_pass_socket[2] = EBADF_PAIR;
|
||||
pid_t child;
|
||||
|
||||
r = pidref_namespace_open(&machine->leader,
|
||||
/* ret_pidns_fd= */ NULL,
|
||||
@ -1553,8 +1552,6 @@ int machine_open_root_directory(Machine *machine) {
|
||||
r = namespace_fork(
|
||||
"(sd-openrootns)",
|
||||
"(sd-openroot)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
/* pidns_fd= */ -EBADF,
|
||||
mntns_fd,
|
||||
@ -1589,7 +1586,7 @@ int machine_open_root_directory(Machine *machine) {
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
fd_pass_socket[1] = safe_close(fd_pass_socket[1]);
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-openrootns)", child, /* flags= */ 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-openrootns)", &child, /* flags= */ 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||
|
||||
|
||||
@ -226,9 +226,9 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
||||
}
|
||||
|
||||
case MACHINE_CONTAINER: {
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
_cleanup_close_ int netns_fd = -EBADF;
|
||||
pid_t child;
|
||||
int r;
|
||||
|
||||
r = pidref_in_same_namespace(/* pid1= */ NULL, &machine->leader, NAMESPACE_NET);
|
||||
@ -251,8 +251,6 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
||||
|
||||
r = namespace_fork("(sd-addrns)",
|
||||
"(sd-addr)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
/* pidns_fd= */ -EBADF,
|
||||
/* mntns_fd= */ -EBADF,
|
||||
@ -281,8 +279,6 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
||||
}
|
||||
}
|
||||
|
||||
pair[1] = safe_close(pair[1]);
|
||||
|
||||
_exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
@ -313,7 +309,7 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
||||
return log_debug_errno(r, "Failed to add local address: %m");
|
||||
}
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-addrns)", child, /* flags= */ 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-addrns)", &child, /* flags= */ 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||
if (r != EXIT_SUCCESS)
|
||||
@ -348,9 +344,9 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
||||
|
||||
case MACHINE_CONTAINER: {
|
||||
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF, pidns_fd = -EBADF;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
pid_t child;
|
||||
|
||||
r = pidref_namespace_open(&machine->leader,
|
||||
&pidns_fd,
|
||||
@ -366,8 +362,6 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
||||
|
||||
r = namespace_fork("(sd-osrelns)",
|
||||
"(sd-osrel)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||
pidns_fd,
|
||||
mntns_fd,
|
||||
@ -409,7 +403,7 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to load OS release information: %m");
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-osrelns)", child, /* flags= */ 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-osrelns)", &child, /* flags= */ 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||
if (r == EXIT_NOT_FOUND)
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
|
||||
#include <sched.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/socket.h>
|
||||
@ -968,7 +967,7 @@ static int mount_in_namespace_legacy(
|
||||
bool mount_slave_created = false, mount_slave_mounted = false,
|
||||
mount_tmp_created = false, mount_tmp_mounted = false,
|
||||
mount_outside_created = false, mount_outside_mounted = false;
|
||||
pid_t child;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
int r;
|
||||
|
||||
assert(chased_src_path);
|
||||
@ -1092,8 +1091,6 @@ static int mount_in_namespace_legacy(
|
||||
r = namespace_fork(
|
||||
"(sd-bindmnt)",
|
||||
"(sd-bindmnt-inner)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||
pidns_fd,
|
||||
mntns_fd,
|
||||
@ -1139,7 +1136,7 @@ static int mount_in_namespace_legacy(
|
||||
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-bindmnt)", &child, 0);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to wait for child: %m");
|
||||
goto finish;
|
||||
@ -1242,7 +1239,7 @@ static int mount_in_namespace(
|
||||
_cleanup_(dissected_image_unrefp) DissectedImage *img = NULL;
|
||||
_cleanup_close_ int new_mount_fd = -EBADF;
|
||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||
pid_t child;
|
||||
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||
|
||||
if (flags & MOUNT_IN_NAMESPACE_IS_IMAGE) {
|
||||
r = verity_dissect_and_mount(
|
||||
@ -1286,8 +1283,6 @@ static int mount_in_namespace(
|
||||
|
||||
r = namespace_fork("(sd-bindmnt)",
|
||||
"(sd-bindmnt-inner)",
|
||||
/* except_fds= */ NULL,
|
||||
/* n_except_fds= */ 0,
|
||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||
pidns_fd,
|
||||
mntns_fd,
|
||||
@ -1335,7 +1330,7 @@ static int mount_in_namespace(
|
||||
|
||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||
|
||||
r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
|
||||
r = pidref_wait_for_terminate_and_check("(sd-bindmnt)", &child, 0);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||
if (r != EXIT_SUCCESS) {
|
||||
|
||||
@ -1572,6 +1572,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||
" --chain Chain another command\n"
|
||||
" --uid-min=ID Filter by minimum UID/GID (default 0)\n"
|
||||
" --uid-max=ID Filter by maximum UID/GID (default 4294967294)\n"
|
||||
" --uuid=UUID Filter by UUID\n"
|
||||
" -z --fuzzy Do a fuzzy name search\n"
|
||||
" --disposition=VALUE Filter by disposition\n"
|
||||
" -I Equivalent to --disposition=intrinsic\n"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user