logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM

In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs (or any filesystem for that matter) on top of /run/user/$UID. Previously, logind just failed in such a situation. Now, logind will resort to chown+chmod of the directory instead. This allows logind still to work in those environments, although without the guarantees it provides (i.e. users not being able to DOS /run or other users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
author: Christian Seiler <christian@iwakd.de> 2015-01-27 18:58:40 +0100
committer: Lennart Poettering <lennart@poettering.net> 2015-01-27 18:58:40 +0100
commit: 11c6476a08af7a8a9ae6a2d0f8370587f7b31663 (patch)
tree: 141141196d3c4670d6c05bed548800ab5919df22 /src/login/logind-user.c
parent: 4d858e7d9f39038713f760d7acc64acf7bba2aa7 (diff)
1 files changed, 19 insertions, 3 deletions
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index d1f91d6a2..928afd35e 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -335,8 +335,20 @@ static int user_mkdir_runtime_path(User *u) {
 
                 r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t);
                 if (r < 0) {
-                        r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p);
-                        goto fail;
+                        if (errno != EPERM) {
+                                r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p);
+                                goto fail;
+                        }
+
+                        /* Lacking permissions, maybe
+                         * CAP_SYS_ADMIN-less container? In this case,
+                         * just use a normal directory. */
+
+                        r = chmod_and_chown(p, 0700, u->uid, u->gid);
+                        if (r < 0) {
+                                log_error_errno(r, "Failed to change runtime directory ownership and mode: %m");
+                                goto fail;
+                        }
                 }
         }
 
@@ -514,7 +526,11 @@ static int user_remove_runtime_path(User *u) {
         if (r < 0)
                 log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path);
 
-        if (umount2(u->runtime_path, MNT_DETACH) < 0)
+        /* Ignore cases where the directory isn't mounted, as that's
+         * quite possible, if we lacked the permissions to mount
+         * something */
+        r = umount2(u->runtime_path, MNT_DETACH);
+        if (r < 0 && errno != EINVAL && errno != ENOENT)
                 log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", u->runtime_path);
 
         r = rm_rf(u->runtime_path, false, true, false);
author	Christian Seiler <christian@iwakd.de>	2015-01-27 18:58:40 +0100
committer	Lennart Poettering <lennart@poettering.net>	2015-01-27 18:58:40 +0100
commit	11c6476a08af7a8a9ae6a2d0f8370587f7b31663 (patch)
tree	141141196d3c4670d6c05bed548800ab5919df22 /src/login/logind-user.c
parent	4d858e7d9f39038713f760d7acc64acf7bba2aa7 (diff)