diff options
| author | Daniel Mack <zonque@gmail.com> | 2014-08-22 19:02:03 +0200 |
|---|---|---|
| committer | Daniel Mack <daniel@zonque.org> | 2014-09-08 14:15:02 +0200 |
| commit | e44da745d19b9e02e67e32ea82c3bad86175120c (patch) | |
| tree | 7b7192f12d3607faea9c985020eb85fb569b1c28 /src/core/execute.c | |
| parent | 060e088e94852cbe166592429c330e3997c21c4c (diff) | |
service: hook up custom endpoint logic
If BusPolicy= was passed, the parser function will have created
an ExecContext->bus_endpoint object, along with policy information.
In that case, create a kdbus endpoint, and pass its path name to the
namespace logic, to it will be mounted over the actual 'bus' node.
At endpoint creation time, no policy is updloaded. That is done after
fork(), through a separate call. This is necessary because we don't
know the real uid of the process earlier than that.
Diffstat (limited to 'src/core/execute.c')
| -rw-r--r-- | src/core/execute.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 96cabe6d9..2b16b36c1 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -83,6 +83,7 @@ #include "af-list.h" #include "mkdir.h" #include "apparmor-util.h" +#include "bus-kernel.h" #ifdef HAVE_SECCOMP #include "seccomp-util.h" @@ -1236,7 +1237,7 @@ static int exec_child(ExecCommand *command, _cleanup_strv_free_ char **our_env = NULL, **pam_env = NULL, **final_env = NULL, **final_argv = NULL; const char *username = NULL, *home = NULL, *shell = NULL; unsigned n_dont_close = 0; - int dont_close[n_fds + 3]; + int dont_close[n_fds + 4]; uid_t uid = (uid_t) -1; gid_t gid = (gid_t) -1; int i, err; @@ -1279,6 +1280,8 @@ static int exec_child(ExecCommand *command, memcpy(dont_close + n_dont_close, fds, sizeof(int) * n_fds); n_dont_close += n_fds; } + if (params->bus_endpoint_fd >= 0) + dont_close[n_dont_close++] = params->bus_endpoint_fd; if (runtime) { if (runtime->netns_storage_socket[0] >= 0) dont_close[n_dont_close++] = runtime->netns_storage_socket[0]; @@ -1428,6 +1431,18 @@ static int exec_child(ExecCommand *command, } } +#ifdef ENABLE_KDBUS + if (params->bus_endpoint_fd >= 0 && context->bus_endpoint) { + uid_t ep_uid = (uid == (uid_t) -1) ? 0 : uid; + + err = bus_kernel_set_endpoint_policy(params->bus_endpoint_fd, ep_uid, context->bus_endpoint); + if (err < 0) { + *error = EXIT_BUS_ENDPOINT; + return err; + } + } +#endif + #ifdef HAVE_PAM if (params->cgroup_path && context->user && context->pam_name) { err = cg_set_task_access(SYSTEMD_CGROUP_CONTROLLER, params->cgroup_path, 0644, uid, gid); @@ -1498,6 +1513,7 @@ static int exec_child(ExecCommand *command, !strv_isempty(context->inaccessible_dirs) || context->mount_flags != 0 || (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) || + params->bus_endpoint_path || context->private_devices || context->protect_system != PROTECT_SYSTEM_NO || context->protect_home != PROTECT_HOME_NO) { @@ -1523,7 +1539,7 @@ static int exec_child(ExecCommand *command, context->inaccessible_dirs, tmp, var, - NULL, + params->bus_endpoint_path, context->private_devices, context->protect_home, context->protect_system, @@ -1564,7 +1580,9 @@ static int exec_child(ExecCommand *command, /* We repeat the fd closing here, to make sure that * nothing is leaked from the PAM modules. Note that * we are more aggressive this time since socket_fd - * and the netns fds we don#t need anymore. */ + * and the netns fds we don't need anymore. The custom + * endpoint fd was needed to upload the policy and can + * now be closed as well. */ err = close_all_fds(fds, n_fds); if (err >= 0) err = shift_fds(fds, n_fds); |