On Mon, May 22, 2023 at 10:52:03AM +0200, Stefano Brivio wrote: > We'll need this in isolate_initial(). While at it, don't rely on > BUFSIZ: the earlier issue we had with musl reminded me it's not a > magic "everything will fit" value. Size the read buffer to what we > actually need from uid_map, and check for the final newline too, > because uid_map is organised in lines. > > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > conf.c | 16 +--------------- > util.c | 25 +++++++++++++++++++++++++ > util.h | 2 ++ > 3 files changed, 28 insertions(+), 15 deletions(-) > > diff --git a/conf.c b/conf.c > index 447b000..984c3ce 100644 > --- a/conf.c > +++ b/conf.c > @@ -1096,10 +1096,6 @@ static int conf_runas(char *opt, unsigned int *uid, unsigned int *gid) > */ > static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) > { > - const char root_uid_map[] = " 0 0 4294967295"; > - char buf[BUFSIZ]; > - int fd; > - > /* If user has specified --runas, that takes precedence... */ > if (runas) { > if (conf_runas(runas, uid, gid)) > @@ -1116,18 +1112,8 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) > return; > > /* ...or at least not root in the init namespace... */ > - if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { > - die("Can't determine if we're in init namespace: %s", > - strerror(errno)); > - } > - > - if (read(fd, buf, BUFSIZ) != sizeof(root_uid_map) || > - strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) { > - close(fd); > + if (!ns_is_init()) > return; > - } > - > - close(fd); > > /* ...otherwise use nobody:nobody */ > warn("Don't run as root. Changing to nobody..."); > diff --git a/util.c b/util.c > index c3e3471..3c5d51f 100644 > --- a/util.c > +++ b/util.c > @@ -390,6 +390,31 @@ int ns_enter(const struct ctx *c) > return 0; > } > > +/** > + * ns_is_init() - Is the caller running in the "init" user namespace? > + * > + * Return: true if caller is in init, false otherwise, won't return on failure > + */ > +bool ns_is_init(void) > +{ > + const char root_uid_map[] = " 0 0 4294967295\n"; > + char buf[sizeof(root_uid_map)]; > + bool ret = true; > + int fd; > + > + if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { > + die("Can't determine if we're in init namespace: %s", > + strerror(errno)); > + } > + > + if (read(fd, buf, sizeof(root_uid_map)) != sizeof(root_uid_map) - 1 || > + strncmp(buf, root_uid_map, sizeof(root_uid_map))) Personally I'd use memcmp() when the size is known like this, but this strncmp() should do the same thing. > + ret = false; > + > + close(fd); > + return ret; > +} > + > /** > * pid_file() - Write PID to file, if requested to do so, and close it > * @fd: Open PID file descriptor, closed on exit, -1 to skip writing it > diff --git a/util.h b/util.h > index ba3e3da..26892aa 100644 > --- a/util.h > +++ b/util.h > @@ -8,6 +8,7 @@ > > #include > #include > +#include > > #include "log.h" > > @@ -216,6 +217,7 @@ char *line_read(char *buf, size_t len, int fd); > void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, > uint8_t *map, uint8_t *exclude); > int ns_enter(const struct ctx *c); > +bool ns_is_init(void); > void write_pidfile(int fd, pid_t pid); > int __daemon(int pidfile_fd, int devnull_fd); > int fls(unsigned long x); -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson