From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 64AB25A027F for ; Mon, 22 May 2023 11:04:04 +0200 (CEST) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4QPs2B1SqPz4x3g; Mon, 22 May 2023 19:04:02 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1684746242; bh=w1gCoWVwjZ3fVsjzX3VMV52PXY0A8BkF/t+QEhiuqOA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RJHkRuO4wV4T0JTm9/YsiKtXdNBMGT5Klmf+cM8HlrxwVegg4E0Gqg2pThr2WYP7B 5VPQAsVKyQRk6dCni3bcBdxE0S5ZI6S1bJ7IADMEaCFDzESebtiGL2itUTrQpuE+DR rRLXA1MZtTOtc/h/C+LII8BvVO89f+efbYKFFDD4= Date: Mon, 22 May 2023 19:03:50 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v2 1/3] util, conf: Add and use ns_is_init() helper Message-ID: References: <20230522085205.2803560-1-sbrivio@redhat.com> <20230522085205.2803560-2-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oYvV5CtH4igUnB2v" Content-Disposition: inline In-Reply-To: <20230522085205.2803560-2-sbrivio@redhat.com> Message-ID-Hash: ORRIS4PBHK4U72EB7Q7LUOMMM4S5XFTR X-Message-ID-Hash: ORRIS4PBHK4U72EB7Q7LUOMMM4S5XFTR X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --oYvV5CtH4igUnB2v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 22, 2023 at 10:52:03AM +0200, Stefano Brivio wrote: > We'll need this in isolate_initial(). While at it, don't rely on > BUFSIZ: the earlier issue we had with musl reminded me it's not a > magic "everything will fit" value. Size the read buffer to what we > actually need from uid_map, and check for the final newline too, > because uid_map is organised in lines. >=20 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > conf.c | 16 +--------------- > util.c | 25 +++++++++++++++++++++++++ > util.h | 2 ++ > 3 files changed, 28 insertions(+), 15 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index 447b000..984c3ce 100644 > --- a/conf.c > +++ b/conf.c > @@ -1096,10 +1096,6 @@ static int conf_runas(char *opt, unsigned int *uid= , unsigned int *gid) > */ > static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) > { > - const char root_uid_map[] =3D " 0 0 4294967295"; > - char buf[BUFSIZ]; > - int fd; > - > /* If user has specified --runas, that takes precedence... */ > if (runas) { > if (conf_runas(runas, uid, gid)) > @@ -1116,18 +1112,8 @@ static void conf_ugid(char *runas, uid_t *uid, gid= _t *gid) > return; > =20 > /* ...or at least not root in the init namespace... */ > - if ((fd =3D open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { > - die("Can't determine if we're in init namespace: %s", > - strerror(errno)); > - } > - > - if (read(fd, buf, BUFSIZ) !=3D sizeof(root_uid_map) || > - strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) { > - close(fd); > + if (!ns_is_init()) > return; > - } > - > - close(fd); > =20 > /* ...otherwise use nobody:nobody */ > warn("Don't run as root. Changing to nobody..."); > diff --git a/util.c b/util.c > index c3e3471..3c5d51f 100644 > --- a/util.c > +++ b/util.c > @@ -390,6 +390,31 @@ int ns_enter(const struct ctx *c) > return 0; > } > =20 > +/** > + * ns_is_init() - Is the caller running in the "init" user namespace? > + * > + * Return: true if caller is in init, false otherwise, won't return on f= ailure > + */ > +bool ns_is_init(void) > +{ > + const char root_uid_map[] =3D " 0 0 4294967295\n"; > + char buf[sizeof(root_uid_map)]; > + bool ret =3D true; > + int fd; > + > + if ((fd =3D open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { > + die("Can't determine if we're in init namespace: %s", > + strerror(errno)); > + } > + > + if (read(fd, buf, sizeof(root_uid_map)) !=3D sizeof(root_uid_map) - 1 || > + strncmp(buf, root_uid_map, sizeof(root_uid_map))) Personally I'd use memcmp() when the size is known like this, but this strncmp() should do the same thing. > + ret =3D false; > + > + close(fd); > + return ret; > +} > + > /** > * pid_file() - Write PID to file, if requested to do so, and close it > * @fd: Open PID file descriptor, closed on exit, -1 to skip writing it > diff --git a/util.h b/util.h > index ba3e3da..26892aa 100644 > --- a/util.h > +++ b/util.h > @@ -8,6 +8,7 @@ > =20 > #include > #include > +#include > =20 > #include "log.h" > =20 > @@ -216,6 +217,7 @@ char *line_read(char *buf, size_t len, int fd); > void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, in= t ns, > uint8_t *map, uint8_t *exclude); > int ns_enter(const struct ctx *c); > +bool ns_is_init(void); > void write_pidfile(int fd, pid_t pid); > int __daemon(int pidfile_fd, int devnull_fd); > int fls(unsigned long x); --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --oYvV5CtH4igUnB2v Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmRrL/AACgkQzQJF27ox 2Gf7WA/+LCe9otQhMod47iwn2nkDMF4S7R1m2p/MbR2ArEZQGQqyLZcNFtc14Znl DpFTyoCK68d1OXO1NDPl4B8pFvPljOtdInmc7bjAjYVm+44zo+Z6j80y0CPqYgfS qya8WcU3RQXIpfHaGmQN7oI6xvZMg2niLLrA8fqHd9MBNG68qpwbUjXNuUZadOaa 29thVRn5rG8qyXtkUotV08oI8VALcslLhsFFSJBb2aR5n2wQjKxMeN1Mrz8Hfhs/ VibpvUl7Fd0yhQQsgdPMX5kdOM4IcNVgMoJF/NJ+jLgiNTG+Wn+oa7C6IDt8AMqE 0XH7S7Pc15nXmw1UIQPE3QZ1MnadFbtGPPBgsMdLajHhzJry9xqFzaluqWdxB5lw ubgKeY4abebZ0rmcCWMORdr11PkFIMnOWAZoPMylUeChDHfJcLwFP36qiheEJ8+X RnEmiq2GV/aDIaj07vClfFCx/PA53+Zja8ssFCWrvXIBR0AEzPhWijuYvcVrfgDw gc88Z+QgD8GCwayjo2aFvw86+jPDcyhy7WvxPz5UEZsC798M66u6uuU+rWYwMwZd /6p+/tPf1qK3Y9CGmSBDFmfKhERpgU5ponxAqoIigzzJastaFrd8m2EkADIL1fgq ddgq185AiwUv1cUrtwI/VFIFfSxVzie2aDUorPRi9rxFtv2zayE= =W7CN -----END PGP SIGNATURE----- --oYvV5CtH4igUnB2v--