|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
From e7662d18a14588740c245d10027e2c42a0a21c0e Mon Sep 17 00:00:00 2001
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
Date: Sun, 19 Feb 2023 02:42:52 +0900
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
Subject: [PATCH] core/manager: falling back to execute generators without
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
sandboxing
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
When running in a container, like podman, docker or so, creating new mount
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
namespace may be disabled.
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
Fixes #26474.
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
Fixes RHBZ#2165004 (https://bugzilla.redhat.com/show_bug.cgi?id=2165004).
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
---
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
src/core/manager.c | 15 ++++++++++++++-
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
1 file changed, 14 insertions(+), 1 deletion(-)
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
diff --git a/src/core/manager.c b/src/core/manager.c
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
index 7b394794b0d4..380a4e30d7af 100644
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
--- a/src/core/manager.c
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+++ b/src/core/manager.c
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
@@ -3829,12 +3829,25 @@ static int manager_run_generators(Manager *m) {
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
}
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
r = safe_fork("(sd-gens)",
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
- FORK_RESET_SIGNALS | FORK_LOG | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP,
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ FORK_RESET_SIGNALS | FORK_WAIT | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE | FORK_PRIVATE_TMP,
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
NULL);
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
if (r == 0) {
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
r = manager_execute_generators(m, paths, /* remount_ro= */ true);
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
_exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE);
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
}
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ if (r < 0) {
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ if (!ERRNO_IS_PRIVILEGE(r)) {
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m");
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ goto finish;
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ }
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ /* Failed to fork with new mount namespace? Maybe, running in a container environment with
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ * seccomp or without capability. */
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ log_debug_errno(r,
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ "Failed to fork off sandboxing environment for executing generators. "
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ "Falling back to execute generators without sandboxing: %m");
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ r = manager_execute_generators(m, paths, /* remount_ro= */ false);
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
+ }
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
finish:
|
|
Zbigniew Jędrzejewski-Szmek |
0104b2 |
lookup_paths_trim_generator(&m->lookup_paths);
|