mirror of
https://github.com/systemd/systemd
synced 2026-03-24 15:55:00 +01:00
Compare commits
7 Commits
ba037640bf
...
20367ade71
| Author | SHA1 | Date | |
|---|---|---|---|
|
20367ade71 | ||
|
|
73c40aa1f6 | ||
|
|
ed0f6758c8 | ||
|
|
8c007f68ff | ||
|
|
3532691d72 | ||
|
|
e48e098db1 | ||
|
|
f42ac24772 |
@ -13,6 +13,7 @@
|
|||||||
#include "fd-util.h"
|
#include "fd-util.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "namespace-util.h"
|
#include "namespace-util.h"
|
||||||
|
#include "pidref.h"
|
||||||
#include "process-util.h"
|
#include "process-util.h"
|
||||||
#include "runtime-scope.h"
|
#include "runtime-scope.h"
|
||||||
#include "strv.h"
|
#include "strv.h"
|
||||||
@ -78,12 +79,10 @@ int verb_unit_shell(int argc, char *argv[], void *userdata) {
|
|||||||
return log_oom();
|
return log_oom();
|
||||||
}
|
}
|
||||||
|
|
||||||
pid_t child;
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
r = namespace_fork(
|
r = namespace_fork(
|
||||||
"(unit-shell-ns)",
|
"(unit-shell-ns)",
|
||||||
"(unit-shell)",
|
"(unit-shell)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
pidns_fd,
|
pidns_fd,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
@ -117,8 +116,8 @@ int verb_unit_shell(int argc, char *argv[], void *userdata) {
|
|||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return wait_for_terminate_and_check(
|
return pidref_wait_for_terminate_and_check(
|
||||||
"(unit-shell)",
|
"(unit-shell)",
|
||||||
child,
|
&child,
|
||||||
WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
|
WAIT_LOG_ABNORMAL|WAIT_LOG_NON_ZERO_EXIT_STATUS);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1484,11 +1484,6 @@ pid_t clone_with_nested_stack(int (*fn)(void *), int flags, void *userdata) {
|
|||||||
return pid;
|
return pid;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void restore_sigsetp(sigset_t **ssp) {
|
|
||||||
if (*ssp)
|
|
||||||
(void) sigprocmask(SIG_SETMASK, *ssp, NULL);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int fork_flags_to_signal(ForkFlags flags) {
|
static int fork_flags_to_signal(ForkFlags flags) {
|
||||||
return (flags & FORK_DEATHSIG_SIGTERM) ? SIGTERM :
|
return (flags & FORK_DEATHSIG_SIGTERM) ? SIGTERM :
|
||||||
(flags & FORK_DEATHSIG_SIGINT) ? SIGINT :
|
(flags & FORK_DEATHSIG_SIGINT) ? SIGINT :
|
||||||
@ -1505,7 +1500,7 @@ int pidref_safe_fork_full(
|
|||||||
|
|
||||||
pid_t original_pid, pid;
|
pid_t original_pid, pid;
|
||||||
sigset_t saved_ss, ss;
|
sigset_t saved_ss, ss;
|
||||||
_unused_ _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL;
|
_unused_ _cleanup_(block_signals_reset) sigset_t *saved_ssp = NULL;
|
||||||
bool block_signals = false, block_all = false, intermediary = false;
|
bool block_signals = false, block_all = false, intermediary = false;
|
||||||
_cleanup_close_pair_ int pidref_transport_fds[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int pidref_transport_fds[2] = EBADF_PAIR;
|
||||||
int prio, r;
|
int prio, r;
|
||||||
@ -1889,7 +1884,7 @@ int safe_fork_full(
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
int namespace_fork(
|
int namespace_fork_full(
|
||||||
const char *outer_name,
|
const char *outer_name,
|
||||||
const char *inner_name,
|
const char *inner_name,
|
||||||
int except_fds[],
|
int except_fds[],
|
||||||
@ -1900,53 +1895,108 @@ int namespace_fork(
|
|||||||
int netns_fd,
|
int netns_fd,
|
||||||
int userns_fd,
|
int userns_fd,
|
||||||
int root_fd,
|
int root_fd,
|
||||||
pid_t *ret_pid) {
|
PidRef *ret) {
|
||||||
|
|
||||||
int r;
|
_cleanup_(pidref_done_sigkill_wait) PidRef pidref_outer = PIDREF_NULL;
|
||||||
|
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||||
|
int r, prio = FLAGS_SET(flags, FORK_LOG) ? LOG_ERR : LOG_DEBUG;
|
||||||
|
|
||||||
/* This is much like safe_fork(), but forks twice, and joins the specified namespaces in the middle
|
/* This is much like safe_fork(), but forks twice, and joins the specified namespaces in the middle
|
||||||
* process. This ensures that we are fully a member of the destination namespace, with pidns an all, so that
|
* process. This ensures that we are fully a member of the destination namespace, with pidns an all, so that
|
||||||
* /proc/self/fd works correctly. */
|
* /proc/self/fd works correctly.
|
||||||
|
*
|
||||||
|
* TODO: once we can rely on PIDFD_INFO_EXIT, do not keep the middle process around and instead
|
||||||
|
* return the pidfd of the inner process for direct tracking. */
|
||||||
|
|
||||||
|
/* Insist on PDEATHSIG being enabled, as the pid returned is the one of the middle man, and otherwise
|
||||||
|
* killing of it won't be propagated to the inner child. */
|
||||||
|
assert((flags & (FORK_DEATHSIG_SIGKILL|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT)) != 0);
|
||||||
|
assert((flags & (FORK_DETACH|FORK_FREEZE)) == 0);
|
||||||
assert(!FLAGS_SET(flags, FORK_ALLOW_DLOPEN)); /* never allow loading shared library from another ns */
|
assert(!FLAGS_SET(flags, FORK_ALLOW_DLOPEN)); /* never allow loading shared library from another ns */
|
||||||
|
|
||||||
r = safe_fork_full(outer_name,
|
/* We want read() to block as a synchronization point */
|
||||||
NULL,
|
assert_cc(sizeof(int) <= PIPE_BUF);
|
||||||
except_fds, n_except_fds,
|
if (pipe2(errno_pipe_fd, O_CLOEXEC) < 0)
|
||||||
(flags|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGKILL) & ~(FORK_REOPEN_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE), ret_pid);
|
return log_full_errno(prio, errno, "Failed to create pipe: %m");
|
||||||
|
|
||||||
|
r = pidref_safe_fork_full(
|
||||||
|
outer_name,
|
||||||
|
/* stdio_fds = */ NULL, /* except_fds = */ NULL, /* n_except_fds = */ 0,
|
||||||
|
(flags|FORK_DEATHSIG_SIGKILL) & ~(FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_REOPEN_LOG|FORK_NEW_MOUNTNS|FORK_MOUNTNS_SLAVE|FORK_NEW_USERNS|FORK_NEW_NETNS|FORK_NEW_PIDNS|FORK_CLOSE_ALL_FDS|FORK_PACK_FDS|FORK_CLOEXEC_OFF|FORK_RLIMIT_NOFILE_SAFE),
|
||||||
|
&pidref_outer);
|
||||||
|
if (r == -EPROTO && FLAGS_SET(flags, FORK_WAIT)) {
|
||||||
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
|
||||||
|
int k = read_errno(errno_pipe_fd[0]);
|
||||||
|
if (k < 0 && k != -EIO)
|
||||||
|
return k;
|
||||||
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
pid_t pid;
|
_cleanup_(pidref_done) PidRef pidref_inner = PIDREF_NULL;
|
||||||
|
|
||||||
/* Child */
|
/* Child */
|
||||||
|
|
||||||
|
errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
|
||||||
|
|
||||||
r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd);
|
r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_full_errno(FLAGS_SET(flags, FORK_LOG) ? LOG_ERR : LOG_DEBUG, r, "Failed to join namespace: %m");
|
log_full_errno(prio, r, "Failed to join namespace: %m");
|
||||||
_exit(EXIT_FAILURE);
|
report_errno_and_exit(errno_pipe_fd[1], r);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We mask a few flags here that either make no sense for the grandchild, or that we don't have to do again */
|
/* We mask a few flags here that either make no sense for the grandchild, or that we don't have to do again */
|
||||||
r = safe_fork_full(inner_name,
|
r = pidref_safe_fork_full(
|
||||||
NULL,
|
inner_name,
|
||||||
except_fds, n_except_fds,
|
NULL,
|
||||||
flags & ~(FORK_WAIT|FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO), &pid);
|
except_fds, n_except_fds,
|
||||||
|
flags & ~(FORK_WAIT|FORK_RESET_SIGNALS|FORK_REARRANGE_STDIO|FORK_FLUSH_STDIO|FORK_STDOUT_TO_STDERR),
|
||||||
|
&pidref_inner);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
_exit(EXIT_FAILURE);
|
report_errno_and_exit(errno_pipe_fd[1], r);
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
/* Child */
|
/* Child */
|
||||||
if (ret_pid)
|
|
||||||
*ret_pid = pid;
|
if (!FLAGS_SET(flags, FORK_CLOSE_ALL_FDS)) {
|
||||||
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
pidref_done(&pidref_outer);
|
||||||
|
} else {
|
||||||
|
errno_pipe_fd[1] = -EBADF;
|
||||||
|
pidref_outer = PIDREF_NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ret)
|
||||||
|
*ret = TAKE_PIDREF(pidref_inner);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = wait_for_terminate_and_check(inner_name, pid, FLAGS_SET(flags, FORK_LOG) ? WAIT_LOG : 0);
|
log_close();
|
||||||
|
log_set_open_when_needed(true);
|
||||||
|
|
||||||
|
(void) close_all_fds(&pidref_inner.fd, 1);
|
||||||
|
|
||||||
|
r = pidref_wait_for_terminate_and_check(
|
||||||
|
inner_name,
|
||||||
|
&pidref_inner,
|
||||||
|
FLAGS_SET(flags, FORK_LOG) ? WAIT_LOG : 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
|
|
||||||
_exit(r);
|
_exit(r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
|
||||||
|
r = read_errno(errno_pipe_fd[0]);
|
||||||
|
if (r < 0)
|
||||||
|
return r; /* the child logs about failures on its own, no need to duplicate here */
|
||||||
|
|
||||||
|
if (ret)
|
||||||
|
*ret = TAKE_PIDREF(pidref_outer);
|
||||||
|
else
|
||||||
|
pidref_done(&pidref_outer); /* disarm sigkill_wait */
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2346,16 +2396,15 @@ int read_errno(int errno_fd) {
|
|||||||
log_debug_errno(n, "Failed to read errno: %m");
|
log_debug_errno(n, "Failed to read errno: %m");
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
if (n == sizeof(r)) {
|
if (n == 0) /* the process exited without reporting an error, assuming success */
|
||||||
if (r == 0)
|
return 0;
|
||||||
return 0;
|
if (n != sizeof(r))
|
||||||
if (r < 0) /* child process reported an error, return it */
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received unexpected amount of bytes (%zi) while reading errno.", n);
|
||||||
return log_debug_errno(r, "Child process failed with errno: %m");
|
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received an errno, but it's a positive value.");
|
|
||||||
}
|
|
||||||
if (n != 0)
|
|
||||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received unexpected amount of bytes while reading errno.");
|
|
||||||
|
|
||||||
/* the process exited without reporting an error, assuming success */
|
if (r == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
if (r < 0) /* child process reported an error, return it */
|
||||||
|
return log_debug_errno(r, "Child process failed with errno: %m");
|
||||||
|
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Received positive errno from child, refusing: %d", r);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -216,7 +216,7 @@ static inline int safe_fork(const char *name, ForkFlags flags, pid_t *ret_pid) {
|
|||||||
return safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
|
return safe_fork_full(name, NULL, NULL, 0, flags, ret_pid);
|
||||||
}
|
}
|
||||||
|
|
||||||
int namespace_fork(
|
int namespace_fork_full(
|
||||||
const char *outer_name,
|
const char *outer_name,
|
||||||
const char *inner_name,
|
const char *inner_name,
|
||||||
int except_fds[],
|
int except_fds[],
|
||||||
@ -227,7 +227,23 @@ int namespace_fork(
|
|||||||
int netns_fd,
|
int netns_fd,
|
||||||
int userns_fd,
|
int userns_fd,
|
||||||
int root_fd,
|
int root_fd,
|
||||||
pid_t *ret_pid);
|
PidRef *ret);
|
||||||
|
|
||||||
|
static inline int namespace_fork(
|
||||||
|
const char *outer_name,
|
||||||
|
const char *inner_name,
|
||||||
|
ForkFlags flags,
|
||||||
|
int pidns_fd,
|
||||||
|
int mntns_fd,
|
||||||
|
int netns_fd,
|
||||||
|
int userns_fd,
|
||||||
|
int root_fd,
|
||||||
|
PidRef *ret) {
|
||||||
|
|
||||||
|
return namespace_fork_full(outer_name, inner_name, NULL, 0, flags,
|
||||||
|
pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd,
|
||||||
|
ret);
|
||||||
|
}
|
||||||
|
|
||||||
int set_oom_score_adjust(int value);
|
int set_oom_score_adjust(int value);
|
||||||
int get_oom_score_adjust(int *ret);
|
int get_oom_score_adjust(int *ret);
|
||||||
|
|||||||
@ -1665,15 +1665,13 @@ int openpt_allocate_in_namespace(
|
|||||||
r = namespace_fork(
|
r = namespace_fork(
|
||||||
"(sd-openptns)",
|
"(sd-openptns)",
|
||||||
"(sd-openpt)",
|
"(sd-openpt)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_WAIT,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_WAIT,
|
||||||
pidnsfd,
|
pidnsfd,
|
||||||
mntnsfd,
|
mntnsfd,
|
||||||
/* netns_fd= */ -EBADF,
|
/* netns_fd= */ -EBADF,
|
||||||
usernsfd,
|
usernsfd,
|
||||||
rootfd,
|
rootfd,
|
||||||
/* ret_pid= */ NULL);
|
/* ret= */ NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
|
|||||||
@ -3911,7 +3911,7 @@ int refresh_extensions_in_namespace(
|
|||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
/* Child (host namespace) */
|
/* Child (host namespace) */
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
_cleanup_(sigkill_waitp) pid_t grandchild_pid = 0;
|
_cleanup_(pidref_done_sigkill_wait) PidRef grandchild = PIDREF_NULL;
|
||||||
|
|
||||||
(void) mkdir_p_label(overlay_prefix, 0555);
|
(void) mkdir_p_label(overlay_prefix, 0555);
|
||||||
|
|
||||||
@ -3928,9 +3928,7 @@ int refresh_extensions_in_namespace(
|
|||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
r = safe_fork("(sd-ns-refresh-exts-grandchild)",
|
r = pidref_safe_fork("(sd-ns-refresh-exts-grandchild)", FORK_LOG|FORK_DEATHSIG_SIGKILL, &grandchild);
|
||||||
FORK_LOG|FORK_DEATHSIG_SIGKILL,
|
|
||||||
&grandchild_pid);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
@ -3964,11 +3962,14 @@ int refresh_extensions_in_namespace(
|
|||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-ns-refresh-exts-grandchild)", TAKE_PID(grandchild_pid), 0);
|
r = pidref_wait_for_terminate_and_check("(sd-ns-refresh-exts-grandchild)", &grandchild, 0);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_debug_errno(r, "Failed to wait for target namespace process to finish: %m");
|
log_debug_errno(r, "Failed to wait for target namespace process to finish: %m");
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pidref_done(&grandchild);
|
||||||
|
|
||||||
if (r != EXIT_SUCCESS) {
|
if (r != EXIT_SUCCESS) {
|
||||||
log_debug("Target namespace fork did not succeed");
|
log_debug("Target namespace fork did not succeed");
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
|
|||||||
@ -224,14 +224,6 @@ static int receive_ucred(int transport_fd, struct ucred *ret_ucred) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int coredump_send_to_container(CoredumpContext *context) {
|
int coredump_send_to_container(CoredumpContext *context) {
|
||||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, netnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
|
||||||
pid_t child;
|
|
||||||
struct ucred ucred = {
|
|
||||||
.pid = context->pidref.pid,
|
|
||||||
.uid = context->uid,
|
|
||||||
.gid = context->gid,
|
|
||||||
};
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(context);
|
assert(context);
|
||||||
@ -255,6 +247,15 @@ int coredump_send_to_container(CoredumpContext *context) {
|
|||||||
if (r <= 0)
|
if (r <= 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, netnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
|
struct ucred ucred = {
|
||||||
|
.pid = context->pidref.pid,
|
||||||
|
.uid = context->uid,
|
||||||
|
.gid = context->gid,
|
||||||
|
};
|
||||||
|
|
||||||
r = RET_NERRNO(socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pair));
|
r = RET_NERRNO(socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pair));
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to create socket pair: %m");
|
return log_debug_errno(r, "Failed to create socket pair: %m");
|
||||||
@ -267,7 +268,7 @@ int coredump_send_to_container(CoredumpContext *context) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to open namespaces of PID " PID_FMT ": %m", leader_pid.pid);
|
return log_debug_errno(r, "Failed to open namespaces of PID " PID_FMT ": %m", leader_pid.pid);
|
||||||
|
|
||||||
r = namespace_fork("(sd-coredumpns)", "(sd-coredump)", NULL, 0,
|
r = namespace_fork("(sd-coredumpns)", "(sd-coredump)",
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||||
pidnsfd, mntnsfd, netnsfd, usernsfd, rootfd, &child);
|
pidnsfd, mntnsfd, netnsfd, usernsfd, rootfd, &child);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -325,7 +326,7 @@ int coredump_send_to_container(CoredumpContext *context) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to send metadata to container: %m");
|
return log_debug_errno(r, "Failed to send metadata to container: %m");
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-coredumpns)", child, 0);
|
r = pidref_wait_for_terminate_and_check("(sd-coredumpns)", &child, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to wait for child to terminate: %m");
|
return log_debug_errno(r, "Failed to wait for child to terminate: %m");
|
||||||
if (r != EXIT_SUCCESS)
|
if (r != EXIT_SUCCESS)
|
||||||
|
|||||||
@ -494,15 +494,13 @@ static int acquire_pid_mount_tree_fd(const CoredumpConfig *config, CoredumpConte
|
|||||||
|
|
||||||
r = namespace_fork("(sd-mount-tree-ns)",
|
r = namespace_fork("(sd-mount-tree-ns)",
|
||||||
"(sd-mount-tree)",
|
"(sd-mount-tree)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL|FORK_LOG|FORK_WAIT,
|
||||||
/* pidns_fd= */ -EBADF,
|
/* pidns_fd= */ -EBADF,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
/* netns_fd= */ -EBADF,
|
/* netns_fd= */ -EBADF,
|
||||||
/* userns_fd= */ -EBADF,
|
/* userns_fd= */ -EBADF,
|
||||||
root_fd,
|
root_fd,
|
||||||
NULL);
|
/* ret= */ NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "bus-container.h"
|
#include "bus-container.h"
|
||||||
@ -10,14 +9,15 @@
|
|||||||
#include "format-util.h"
|
#include "format-util.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "namespace-util.h"
|
#include "namespace-util.h"
|
||||||
|
#include "pidref.h"
|
||||||
#include "process-util.h"
|
#include "process-util.h"
|
||||||
#include "string-util.h"
|
#include "string-util.h"
|
||||||
|
|
||||||
int bus_container_connect_socket(sd_bus *b) {
|
int bus_container_connect_socket(sd_bus *b) {
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
|
||||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, usernsfd = -EBADF, rootfd = -EBADF;
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
int r, error_buf = 0;
|
int r, error_buf = 0;
|
||||||
pid_t child;
|
|
||||||
ssize_t n;
|
ssize_t n;
|
||||||
|
|
||||||
assert(b);
|
assert(b);
|
||||||
@ -53,7 +53,7 @@ int bus_container_connect_socket(sd_bus *b) {
|
|||||||
if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)
|
if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0)
|
||||||
return log_debug_errno(errno, "Failed to create a socket pair: %m");
|
return log_debug_errno(errno, "Failed to create a socket pair: %m");
|
||||||
|
|
||||||
r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child);
|
pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m");
|
return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m");
|
||||||
@ -73,7 +73,7 @@ int bus_container_connect_socket(sd_bus *b) {
|
|||||||
|
|
||||||
pair[1] = safe_close(pair[1]);
|
pair[1] = safe_close(pair[1]);
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-buscntrns)", child, 0);
|
r = pidref_wait_for_terminate_and_check("(sd-buscntrns)", &child, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
bool nonzero_exit_status = r != EXIT_SUCCESS;
|
bool nonzero_exit_status = r != EXIT_SUCCESS;
|
||||||
|
|||||||
@ -11,6 +11,7 @@
|
|||||||
#include "id128-util.h"
|
#include "id128-util.h"
|
||||||
#include "io-util.h"
|
#include "io-util.h"
|
||||||
#include "namespace-util.h"
|
#include "namespace-util.h"
|
||||||
|
#include "pidref.h"
|
||||||
#include "process-util.h"
|
#include "process-util.h"
|
||||||
#include "sha256.h"
|
#include "sha256.h"
|
||||||
#include "siphash24.h"
|
#include "siphash24.h"
|
||||||
@ -274,8 +275,9 @@ sd_id128_t id128_digest(const void *data, size_t size) {
|
|||||||
|
|
||||||
int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
||||||
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, rootfd = -EBADF;
|
_cleanup_close_ int pidnsfd = -EBADF, mntnsfd = -EBADF, rootfd = -EBADF;
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
pid_t pid, child;
|
pid_t pid;
|
||||||
sd_id128_t id;
|
sd_id128_t id;
|
||||||
ssize_t k;
|
ssize_t k;
|
||||||
int r;
|
int r;
|
||||||
@ -296,7 +298,7 @@ int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
|||||||
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
|
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
||||||
r = namespace_fork("(sd-bootidns)", "(sd-bootid)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
r = namespace_fork("(sd-bootidns)", "(sd-bootid)", FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
pidnsfd, mntnsfd, -1, -1, rootfd, &child);
|
pidnsfd, mntnsfd, -1, -1, rootfd, &child);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
@ -316,7 +318,7 @@ int id128_get_boot_for_machine(const char *machine, sd_id128_t *ret) {
|
|||||||
|
|
||||||
pair[1] = safe_close(pair[1]);
|
pair[1] = safe_close(pair[1]);
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-bootidns)", child, 0);
|
r = pidref_wait_for_terminate_and_check("(sd-bootidns)", &child, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
if (r != EXIT_SUCCESS)
|
if (r != EXIT_SUCCESS)
|
||||||
|
|||||||
@ -1141,9 +1141,9 @@ int machine_copy_from_to_operation(
|
|||||||
Operation **ret) {
|
Operation **ret) {
|
||||||
|
|
||||||
_cleanup_close_ int host_fd = -EBADF, target_mntns_fd = -EBADF, source_mntns_fd = -EBADF;
|
_cleanup_close_ int host_fd = -EBADF, target_mntns_fd = -EBADF, source_mntns_fd = -EBADF;
|
||||||
|
_cleanup_(pidref_done_sigkill_wait) PidRef child = PIDREF_NULL;
|
||||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||||
_cleanup_free_ char *host_basename = NULL, *container_basename = NULL;
|
_cleanup_free_ char *host_basename = NULL, *container_basename = NULL;
|
||||||
_cleanup_(sigkill_waitp) pid_t child = 0;
|
|
||||||
uid_t uid_shift;
|
uid_t uid_shift;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
@ -1183,8 +1183,6 @@ int machine_copy_from_to_operation(
|
|||||||
|
|
||||||
r = namespace_fork("(sd-copyns)",
|
r = namespace_fork("(sd-copyns)",
|
||||||
"(sd-copy)",
|
"(sd-copy)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
/* pidns_fd= */ -EBADF,
|
/* pidns_fd= */ -EBADF,
|
||||||
target_mntns_fd,
|
target_mntns_fd,
|
||||||
@ -1244,13 +1242,14 @@ int machine_copy_from_to_operation(
|
|||||||
|
|
||||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
|
||||||
|
// TODO: port to PidRef and donate child rather than destroying it
|
||||||
Operation *operation;
|
Operation *operation;
|
||||||
r = operation_new(manager, machine, child, errno_pipe_fd[0], &operation);
|
r = operation_new(manager, machine, child.pid, errno_pipe_fd[0], &operation);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
TAKE_FD(errno_pipe_fd[0]);
|
TAKE_FD(errno_pipe_fd[0]);
|
||||||
TAKE_PID(child);
|
pidref_done(&child);
|
||||||
|
|
||||||
*ret = operation;
|
*ret = operation;
|
||||||
return 0;
|
return 0;
|
||||||
@ -1532,8 +1531,8 @@ int machine_open_root_directory(Machine *machine) {
|
|||||||
|
|
||||||
case MACHINE_CONTAINER: {
|
case MACHINE_CONTAINER: {
|
||||||
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF;
|
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF;
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR, fd_pass_socket[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR, fd_pass_socket[2] = EBADF_PAIR;
|
||||||
pid_t child;
|
|
||||||
|
|
||||||
r = pidref_namespace_open(&machine->leader,
|
r = pidref_namespace_open(&machine->leader,
|
||||||
/* ret_pidns_fd= */ NULL,
|
/* ret_pidns_fd= */ NULL,
|
||||||
@ -1553,8 +1552,6 @@ int machine_open_root_directory(Machine *machine) {
|
|||||||
r = namespace_fork(
|
r = namespace_fork(
|
||||||
"(sd-openrootns)",
|
"(sd-openrootns)",
|
||||||
"(sd-openroot)",
|
"(sd-openroot)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
/* pidns_fd= */ -EBADF,
|
/* pidns_fd= */ -EBADF,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
@ -1589,7 +1586,7 @@ int machine_open_root_directory(Machine *machine) {
|
|||||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
fd_pass_socket[1] = safe_close(fd_pass_socket[1]);
|
fd_pass_socket[1] = safe_close(fd_pass_socket[1]);
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-openrootns)", child, /* flags= */ 0);
|
r = pidref_wait_for_terminate_and_check("(sd-openrootns)", &child, /* flags= */ 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||||
|
|
||||||
|
|||||||
@ -226,9 +226,9 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
|||||||
}
|
}
|
||||||
|
|
||||||
case MACHINE_CONTAINER: {
|
case MACHINE_CONTAINER: {
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
_cleanup_close_ int netns_fd = -EBADF;
|
_cleanup_close_ int netns_fd = -EBADF;
|
||||||
pid_t child;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
r = pidref_in_same_namespace(/* pid1= */ NULL, &machine->leader, NAMESPACE_NET);
|
r = pidref_in_same_namespace(/* pid1= */ NULL, &machine->leader, NAMESPACE_NET);
|
||||||
@ -251,8 +251,6 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
|||||||
|
|
||||||
r = namespace_fork("(sd-addrns)",
|
r = namespace_fork("(sd-addrns)",
|
||||||
"(sd-addr)",
|
"(sd-addr)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
/* pidns_fd= */ -EBADF,
|
/* pidns_fd= */ -EBADF,
|
||||||
/* mntns_fd= */ -EBADF,
|
/* mntns_fd= */ -EBADF,
|
||||||
@ -281,8 +279,6 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pair[1] = safe_close(pair[1]);
|
|
||||||
|
|
||||||
_exit(EXIT_SUCCESS);
|
_exit(EXIT_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -313,7 +309,7 @@ int machine_get_addresses(Machine *machine, struct local_address **ret_addresses
|
|||||||
return log_debug_errno(r, "Failed to add local address: %m");
|
return log_debug_errno(r, "Failed to add local address: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-addrns)", child, /* flags= */ 0);
|
r = pidref_wait_for_terminate_and_check("(sd-addrns)", &child, /* flags= */ 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||||
if (r != EXIT_SUCCESS)
|
if (r != EXIT_SUCCESS)
|
||||||
@ -348,9 +344,9 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
|||||||
|
|
||||||
case MACHINE_CONTAINER: {
|
case MACHINE_CONTAINER: {
|
||||||
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF, pidns_fd = -EBADF;
|
_cleanup_close_ int mntns_fd = -EBADF, root_fd = -EBADF, pidns_fd = -EBADF;
|
||||||
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int pair[2] = EBADF_PAIR;
|
||||||
_cleanup_fclose_ FILE *f = NULL;
|
_cleanup_fclose_ FILE *f = NULL;
|
||||||
pid_t child;
|
|
||||||
|
|
||||||
r = pidref_namespace_open(&machine->leader,
|
r = pidref_namespace_open(&machine->leader,
|
||||||
&pidns_fd,
|
&pidns_fd,
|
||||||
@ -366,8 +362,6 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
|||||||
|
|
||||||
r = namespace_fork("(sd-osrelns)",
|
r = namespace_fork("(sd-osrelns)",
|
||||||
"(sd-osrel)",
|
"(sd-osrel)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGKILL,
|
||||||
pidns_fd,
|
pidns_fd,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
@ -409,7 +403,7 @@ int machine_get_os_release(Machine *machine, char ***ret_os_release) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to load OS release information: %m");
|
return log_debug_errno(r, "Failed to load OS release information: %m");
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-osrelns)", child, /* flags= */ 0);
|
r = pidref_wait_for_terminate_and_check("(sd-osrelns)", &child, /* flags= */ 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||||
if (r == EXIT_NOT_FOUND)
|
if (r == EXIT_NOT_FOUND)
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
|
|
||||||
#include <sched.h>
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <sys/mount.h>
|
#include <sys/mount.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
@ -968,7 +967,7 @@ static int mount_in_namespace_legacy(
|
|||||||
bool mount_slave_created = false, mount_slave_mounted = false,
|
bool mount_slave_created = false, mount_slave_mounted = false,
|
||||||
mount_tmp_created = false, mount_tmp_mounted = false,
|
mount_tmp_created = false, mount_tmp_mounted = false,
|
||||||
mount_outside_created = false, mount_outside_mounted = false;
|
mount_outside_created = false, mount_outside_mounted = false;
|
||||||
pid_t child;
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(chased_src_path);
|
assert(chased_src_path);
|
||||||
@ -1092,8 +1091,6 @@ static int mount_in_namespace_legacy(
|
|||||||
r = namespace_fork(
|
r = namespace_fork(
|
||||||
"(sd-bindmnt)",
|
"(sd-bindmnt)",
|
||||||
"(sd-bindmnt-inner)",
|
"(sd-bindmnt-inner)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||||
pidns_fd,
|
pidns_fd,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
@ -1139,7 +1136,7 @@ static int mount_in_namespace_legacy(
|
|||||||
|
|
||||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
|
r = pidref_wait_for_terminate_and_check("(sd-bindmnt)", &child, 0);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_debug_errno(r, "Failed to wait for child: %m");
|
log_debug_errno(r, "Failed to wait for child: %m");
|
||||||
goto finish;
|
goto finish;
|
||||||
@ -1242,7 +1239,7 @@ static int mount_in_namespace(
|
|||||||
_cleanup_(dissected_image_unrefp) DissectedImage *img = NULL;
|
_cleanup_(dissected_image_unrefp) DissectedImage *img = NULL;
|
||||||
_cleanup_close_ int new_mount_fd = -EBADF;
|
_cleanup_close_ int new_mount_fd = -EBADF;
|
||||||
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
_cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
|
||||||
pid_t child;
|
_cleanup_(pidref_done) PidRef child = PIDREF_NULL;
|
||||||
|
|
||||||
if (flags & MOUNT_IN_NAMESPACE_IS_IMAGE) {
|
if (flags & MOUNT_IN_NAMESPACE_IS_IMAGE) {
|
||||||
r = verity_dissect_and_mount(
|
r = verity_dissect_and_mount(
|
||||||
@ -1286,8 +1283,6 @@ static int mount_in_namespace(
|
|||||||
|
|
||||||
r = namespace_fork("(sd-bindmnt)",
|
r = namespace_fork("(sd-bindmnt)",
|
||||||
"(sd-bindmnt-inner)",
|
"(sd-bindmnt-inner)",
|
||||||
/* except_fds= */ NULL,
|
|
||||||
/* n_except_fds= */ 0,
|
|
||||||
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM,
|
||||||
pidns_fd,
|
pidns_fd,
|
||||||
mntns_fd,
|
mntns_fd,
|
||||||
@ -1335,7 +1330,7 @@ static int mount_in_namespace(
|
|||||||
|
|
||||||
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
|
||||||
|
|
||||||
r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
|
r = pidref_wait_for_terminate_and_check("(sd-bindmnt)", &child, 0);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to wait for child: %m");
|
return log_debug_errno(r, "Failed to wait for child: %m");
|
||||||
if (r != EXIT_SUCCESS) {
|
if (r != EXIT_SUCCESS) {
|
||||||
|
|||||||
@ -1572,6 +1572,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||||||
" --chain Chain another command\n"
|
" --chain Chain another command\n"
|
||||||
" --uid-min=ID Filter by minimum UID/GID (default 0)\n"
|
" --uid-min=ID Filter by minimum UID/GID (default 0)\n"
|
||||||
" --uid-max=ID Filter by maximum UID/GID (default 4294967294)\n"
|
" --uid-max=ID Filter by maximum UID/GID (default 4294967294)\n"
|
||||||
|
" --uuid=UUID Filter by UUID\n"
|
||||||
" -z --fuzzy Do a fuzzy name search\n"
|
" -z --fuzzy Do a fuzzy name search\n"
|
||||||
" --disposition=VALUE Filter by disposition\n"
|
" --disposition=VALUE Filter by disposition\n"
|
||||||
" -I Equivalent to --disposition=intrinsic\n"
|
" -I Equivalent to --disposition=intrinsic\n"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user