From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by passt.top (Postfix, from userid 1000) id 0CCA55A0282; Mon, 22 May 2023 10:52:05 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH v2 1/3] util, conf: Add and use ns_is_init() helper Date: Mon, 22 May 2023 10:52:03 +0200 Message-Id: <20230522085205.2803560-2-sbrivio@redhat.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230522085205.2803560-1-sbrivio@redhat.com> References: <20230522085205.2803560-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: WRNZW2XYLC2ZQMOHMITO3YMDBZVM2EPU X-Message-ID-Hash: WRNZW2XYLC2ZQMOHMITO3YMDBZVM2EPU X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: We'll need this in isolate_initial(). While at it, don't rely on BUFSIZ: the earlier issue we had with musl reminded me it's not a magic "everything will fit" value. Size the read buffer to what we actually need from uid_map, and check for the final newline too, because uid_map is organised in lines. Signed-off-by: Stefano Brivio --- conf.c | 16 +--------------- util.c | 25 +++++++++++++++++++++++++ util.h | 2 ++ 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/conf.c b/conf.c index 447b000..984c3ce 100644 --- a/conf.c +++ b/conf.c @@ -1096,10 +1096,6 @@ static int conf_runas(char *opt, unsigned int *uid, unsigned int *gid) */ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) { - const char root_uid_map[] = " 0 0 4294967295"; - char buf[BUFSIZ]; - int fd; - /* If user has specified --runas, that takes precedence... */ if (runas) { if (conf_runas(runas, uid, gid)) @@ -1116,18 +1112,8 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) return; /* ...or at least not root in the init namespace... */ - if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { - die("Can't determine if we're in init namespace: %s", - strerror(errno)); - } - - if (read(fd, buf, BUFSIZ) != sizeof(root_uid_map) || - strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) { - close(fd); + if (!ns_is_init()) return; - } - - close(fd); /* ...otherwise use nobody:nobody */ warn("Don't run as root. Changing to nobody..."); diff --git a/util.c b/util.c index c3e3471..3c5d51f 100644 --- a/util.c +++ b/util.c @@ -390,6 +390,31 @@ int ns_enter(const struct ctx *c) return 0; } +/** + * ns_is_init() - Is the caller running in the "init" user namespace? + * + * Return: true if caller is in init, false otherwise, won't return on failure + */ +bool ns_is_init(void) +{ + const char root_uid_map[] = " 0 0 4294967295\n"; + char buf[sizeof(root_uid_map)]; + bool ret = true; + int fd; + + if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { + die("Can't determine if we're in init namespace: %s", + strerror(errno)); + } + + if (read(fd, buf, sizeof(root_uid_map)) != sizeof(root_uid_map) - 1 || + strncmp(buf, root_uid_map, sizeof(root_uid_map))) + ret = false; + + close(fd); + return ret; +} + /** * pid_file() - Write PID to file, if requested to do so, and close it * @fd: Open PID file descriptor, closed on exit, -1 to skip writing it diff --git a/util.h b/util.h index ba3e3da..26892aa 100644 --- a/util.h +++ b/util.h @@ -8,6 +8,7 @@ #include #include +#include #include "log.h" @@ -216,6 +217,7 @@ char *line_read(char *buf, size_t len, int fd); void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, uint8_t *map, uint8_t *exclude); int ns_enter(const struct ctx *c); +bool ns_is_init(void); void write_pidfile(int fd, pid_t pid); int __daemon(int pidfile_fd, int devnull_fd); int fls(unsigned long x); -- 2.39.2