summaryrefslogtreecommitdiffstats
path: root/src/shared
diff options
context:
space:
mode:
authorDaan De Meyer <daan.j.demeyer@gmail.com>2023-01-23 14:47:00 +0100
committerDaan De Meyer <daan.j.demeyer@gmail.com>2023-01-23 16:33:03 +0100
commitff1b55ffdf7ba7294e9e9d00393acbac426295c9 (patch)
tree834f334619427f5ddda6a3deb4cd85348afc38c3 /src/shared
parentRevert "repart: Make sure all files in the image are owned by root" (diff)
downloadsystemd-ff1b55ffdf7ba7294e9e9d00393acbac426295c9.tar.xz
systemd-ff1b55ffdf7ba7294e9e9d00393acbac426295c9.zip
Revert "repart: Ensure files end up owned by root in generated filesystems"
This reverts commit e59678b2cf42e4206ddabc959d3cf9a5a865ecdc. We also modify the repart integration tests to make them pass with the changes in this commit. In short, we have to make sure every file is owned by the user executing repart. We use tee instead of cat since it makes that easier. This also has the benefit of improving debugability as seeing the config file contents on stdout makes it easier to know which test is failing.
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/mkfs-util.c51
1 files changed, 2 insertions, 49 deletions
diff --git a/src/shared/mkfs-util.c b/src/shared/mkfs-util.c
index 11ae92290d..d64ef0d47a 100644
--- a/src/shared/mkfs-util.c
+++ b/src/shared/mkfs-util.c
@@ -98,41 +98,11 @@ static int mangle_fat_label(const char *s, char **ret) {
return 0;
}
-static int setup_userns(uid_t uid, gid_t gid) {
- int r;
-
- /* mkfs programs tend to keep ownership intact when bootstrapping themselves from a root directory.
- * However, we'd like for the files to be owned by root instead, so we fork off a user namespace and
- * inside of it, map the uid/gid of the root directory to root in the user namespace. mkfs programs
- * will pick up on this and the files will be owned by root in the generated filesystem. */
-
- r = write_string_filef("/proc/self/uid_map", WRITE_STRING_FILE_DISABLE_BUFFER,
- UID_FMT " " UID_FMT " " UID_FMT, 0u, uid, 1u);
- if (r < 0)
- return log_error_errno(r,
- "Failed to write mapping for "UID_FMT" to /proc/self/uid_map: %m",
- uid);
-
- r = write_string_file("/proc/self/setgroups", "deny", WRITE_STRING_FILE_DISABLE_BUFFER);
- if (r < 0)
- return log_error_errno(r, "Failed to write 'deny' to /proc/self/setgroups: %m");
-
- r = write_string_filef("/proc/self/gid_map", WRITE_STRING_FILE_DISABLE_BUFFER,
- GID_FMT " " GID_FMT " " GID_FMT, 0u, gid, 1u);
- if (r < 0)
- return log_error_errno(r,
- "Failed to write mapping for "GID_FMT" to /proc/self/gid_map: %m",
- gid);
-
- return 0;
-}
-
static int do_mcopy(const char *node, const char *root) {
_cleanup_free_ char *mcopy = NULL;
_cleanup_strv_free_ char **argv = NULL;
_cleanup_close_ int rfd = -EBADF;
_cleanup_free_ DirectoryEntries *de = NULL;
- struct stat st;
int r;
assert(node);
@@ -182,17 +152,10 @@ static int do_mcopy(const char *node, const char *root) {
if (strv_extend(&argv, "::") < 0)
return log_oom();
- if (fstat(rfd, &st) < 0)
- return log_error_errno(errno, "Failed to stat '%s': %m", root);
-
- r = safe_fork("(mcopy)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_NEW_USERNS|FORK_CLOSE_ALL_FDS, NULL);
+ r = safe_fork("(mcopy)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, NULL);
if (r < 0)
return r;
if (r == 0) {
- r = setup_userns(st.st_uid, st.st_gid);
- if (r < 0)
- _exit(EXIT_FAILURE);
-
/* Avoid failures caused by mismatch in expectations between mkfs.vfat and mcopy by disabling
* the stricter mcopy checks using MTOOLS_SKIP_CHECK. */
execve(mcopy, argv, STRV_MAKE("MTOOLS_SKIP_CHECK=1"));
@@ -308,7 +271,6 @@ int make_filesystem(
_cleanup_strv_free_ char **argv = NULL;
_cleanup_(unlink_and_freep) char *protofile = NULL;
char vol_id[CONST_MAX(SD_ID128_UUID_STRING_MAX, 8U + 1U)] = {};
- struct stat st;
int r;
assert(node);
@@ -527,21 +489,12 @@ int make_filesystem(
if (extra_mkfs_args && strv_extend_strv(&argv, extra_mkfs_args, false) < 0)
return log_oom();
- if (root && stat(root, &st) < 0)
- return log_error_errno(errno, "Failed to stat %s: %m", root);
-
- r = safe_fork("(mkfs)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS|(root ? FORK_NEW_USERNS : 0), NULL);
+ r = safe_fork("(mkfs)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|FORK_STDOUT_TO_STDERR|FORK_CLOSE_ALL_FDS, NULL);
if (r < 0)
return r;
if (r == 0) {
/* Child */
- if (root) {
- r = setup_userns(st.st_uid, st.st_gid);
- if (r < 0)
- _exit(EXIT_FAILURE);
- }
-
execvp(mkfs, argv);
log_error_errno(errno, "Failed to execute %s: %m", mkfs);