From: Lennart Poettering Date: Mon, 12 Nov 2018 22:42:24 +0000 (+0100) Subject: tree-wide: port over other candidates for namespace_fork() X-Git-Tag: archive/raspbian/239-13+rpi1^2~20 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=69c75b7ca7cd55bce66777250ce9e8c8d83c2d94;p=systemd.git tree-wide: port over other candidates for namespace_fork() Let's always use the same, correct, way to join a namespace. (cherry picked from commit 1edcb6a91ce459aed9abdf63b2724745a7cf8f45) Gbp-Pq: Name tree-wide-port-over-other-candidates-for-namespace_fork.patch --- diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c index f4af0e65..6218e838 100644 --- a/src/basic/terminal-util.c +++ b/src/basic/terminal-util.c @@ -1094,7 +1094,8 @@ int openpt_in_namespace(pid_t pid, int flags) { if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0) return -errno; - r = safe_fork("(sd-openpt)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + r = namespace_fork("(sd-openptns)", "(sd-openpt)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child); if (r < 0) return r; if (r == 0) { @@ -1102,10 +1103,6 @@ int openpt_in_namespace(pid_t pid, int flags) { pair[0] = safe_close(pair[0]); - r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd); - if (r < 0) - _exit(EXIT_FAILURE); - master = posix_openpt(flags|O_NOCTTY|O_CLOEXEC); if (master < 0) _exit(EXIT_FAILURE); @@ -1121,7 +1118,7 @@ int openpt_in_namespace(pid_t pid, int flags) { pair[1] = safe_close(pair[1]); - r = wait_for_terminate_and_check("(sd-openpt)", child, 0); + r = wait_for_terminate_and_check("(sd-openptns)", child, 0); if (r < 0) return r; if (r != EXIT_SUCCESS) @@ -1143,7 +1140,8 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) { if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0) return -errno; - r = safe_fork("(sd-terminal)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + r = namespace_fork("(sd-terminalns)", "(sd-terminal)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child); if (r < 0) return r; if (r == 0) { @@ -1151,10 +1149,6 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) { pair[0] = safe_close(pair[0]); - r = namespace_enter(pidnsfd, mntnsfd, -1, usernsfd, rootfd); - if (r < 0) - _exit(EXIT_FAILURE); - master = open_terminal(name, mode|O_NOCTTY|O_CLOEXEC); if (master < 0) _exit(EXIT_FAILURE); @@ -1167,7 +1161,7 @@ int open_terminal_in_namespace(pid_t pid, const char *name, int mode) { pair[1] = safe_close(pair[1]); - r = wait_for_terminate_and_check("(sd-terminal)", child, 0); + r = wait_for_terminate_and_check("(sd-terminalns)", child, 0); if (r < 0) return r; if (r != EXIT_SUCCESS) diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 9035e50a..74f96e49 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -207,7 +207,8 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0) return -errno; - r = safe_fork("(sd-addr)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + r = namespace_fork("(sd-addrns)", "(sd-addr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + -1, -1, netns_fd, -1, -1, &child); if (r < 0) return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); if (r == 0) { @@ -217,10 +218,6 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd pair[0] = safe_close(pair[0]); - r = namespace_enter(-1, -1, netns_fd, -1, -1); - if (r < 0) - _exit(EXIT_FAILURE); - n = local_addresses(NULL, 0, AF_UNSPEC, &addresses); if (n < 0) _exit(EXIT_FAILURE); @@ -294,7 +291,7 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd return r; } - r = wait_for_terminate_and_check("(sd-addr)", child, 0); + r = wait_for_terminate_and_check("(sd-addrns)", child, 0); if (r < 0) return sd_bus_error_set_errnof(error, r, "Failed to wait for child: %m"); if (r != EXIT_SUCCESS) @@ -1239,7 +1236,8 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0) return -errno; - r = safe_fork("(sd-openroot)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + r = namespace_fork("(sd-openrootns)", "(sd-openroot)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + -1, mntns_fd, -1, -1, root_fd, &child); if (r < 0) return sd_bus_error_set_errnof(error, r, "Failed to fork(): %m"); if (r == 0) { @@ -1247,10 +1245,6 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda pair[0] = safe_close(pair[0]); - r = namespace_enter(-1, mntns_fd, -1, -1, root_fd); - if (r < 0) - _exit(EXIT_FAILURE); - dfd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY); if (dfd < 0) _exit(EXIT_FAILURE); @@ -1265,7 +1259,7 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda pair[1] = safe_close(pair[1]); - r = wait_for_terminate_and_check("(sd-openroot)", child, 0); + r = wait_for_terminate_and_check("(sd-openrootns)", child, 0); if (r < 0) return sd_bus_error_set_errnof(error, r, "Failed to wait for child: %m"); if (r != EXIT_SUCCESS) diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index 33afbe2f..ffde7d34 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1321,7 +1321,8 @@ static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) { if (socketpair(AF_UNIX, SOCK_DGRAM, 0, pair) < 0) return -errno; - r = safe_fork("(sd-bootid)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + r = namespace_fork("(sd-bootidns)", "(sd-bootid)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + pidnsfd, mntnsfd, -1, -1, rootfd, &child); if (r < 0) return r; if (r == 0) { @@ -1329,10 +1330,6 @@ static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) { pair[0] = safe_close(pair[0]); - r = namespace_enter(pidnsfd, mntnsfd, -1, -1, rootfd); - if (r < 0) - _exit(EXIT_FAILURE); - fd = open("/proc/sys/kernel/random/boot_id", O_RDONLY|O_CLOEXEC|O_NOCTTY); if (fd < 0) _exit(EXIT_FAILURE); @@ -1351,7 +1348,7 @@ static int get_boot_id_for_machine(const char *machine, sd_id128_t *boot_id) { pair[1] = safe_close(pair[1]); - r = wait_for_terminate_and_check("(sd-bootid)", child, 0); + r = wait_for_terminate_and_check("(sd-bootidns)", child, 0); if (r < 0) return r; if (r != EXIT_SUCCESS)