projects / platform / upstream / nsjail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4152f3e)
mount: try creating starting tmpfs's in /run/user/<uid> first
authorRobert Swiecki <robert@swiecki.net>
Thu, 19 Oct 2017 20:39:37 +0000 (22:39 +0200)
committerRobert Swiecki <robert@swiecki.net>
Thu, 19 Oct 2017 20:39:37 +0000 (22:39 +0200)
cmdline.c patch | blob | history
mount.c patch | blob | history
nsjail.h patch | blob | history

diff --git a/cmdline.c b/cmdline.c
index ae2c780a1e123657767df450f05570f0bdffb0f6..d789a353964d45ff6e8f67b043cc66fcfb88aeef 100644 (file)
--- a/cmdline.c
+++ b/cmdline.c
@@ -368,6 +368,7 @@ bool cmdlineParse(int argc, char* argv[], struct nsjconf_t* nsjconf)
                .iface_vs_gw = "0.0.0.0",
                .kafel_file = NULL,
                .kafel_string = NULL,
+               .orig_uid = getuid(),
                .num_cpus = sysconf(_SC_NPROCESSORS_ONLN),
        };
 
diff --git a/mount.c b/mount.c
index 7cce75d2945333dd3be017d7ee2ea7cce8aaf396..1269f7516e900e7959bc0b0ea8144f439a778967 100644 (file)
--- a/mount.c
+++ b/mount.c
@@ -266,9 +266,9 @@ static bool mountMkdirAndTest(const char* dir)
        return true;
 }
 
-static bool mountGetDir(char* dir, const char* name)
+static bool mountGetDir(struct nsjconf_t* nsjconf, char* dir, const char* name)
 {
-       snprintf(dir, PATH_MAX, "/dev/shm/nsjail.%s", name);
+       snprintf(dir, PATH_MAX, "/run/user/%u/nsjail.%s", nsjconf->orig_uid, name);
        if (mountMkdirAndTest(dir)) {
                return true;
        }
@@ -278,11 +278,15 @@ static bool mountGetDir(char* dir, const char* name)
        }
        const char* tmp = getenv("TMPDIR");
        if (tmp) {
-               snprintf(dir, PATH_MAX, "%s/nsjail.%s", name, tmp);
+               snprintf(dir, PATH_MAX, "%s/nsjail.%s", tmp, name);
                if (mountMkdirAndTest(dir)) {
                        return true;
                }
        }
+       snprintf(dir, PATH_MAX, "/dev/shm/nsjail.%s", name);
+       if (mountMkdirAndTest(dir)) {
+               return true;
+       }
        snprintf(dir, PATH_MAX, "/tmp/nsjail.%s.%" PRIx64, name, utilRnd64());
        if (mountMkdirAndTest(dir)) {
                return true;
@@ -321,7 +325,7 @@ static bool mountInitNsInternal(struct nsjconf_t* nsjconf)
        }
 
        char destdir[PATH_MAX];
-       if (mountGetDir(destdir, "root") == false) {
+       if (mountGetDir(nsjconf, destdir, "root") == false) {
                LOG_E("Couldn't obtain root mount directories");
                return false;
        }
@@ -337,7 +341,7 @@ static bool mountInitNsInternal(struct nsjconf_t* nsjconf)
        }
 
        char tmpdir[PATH_MAX];
-       if (mountGetDir(tmpdir, "tmp") == false) {
+       if (mountGetDir(nsjconf, tmpdir, "tmp") == false) {
                LOG_E("Couldn't obtain temporary mount directories");
                return false;
        }
diff --git a/nsjail.h b/nsjail.h
index 910bc1df147ad67eacd2f7238847dd3c03dd037c..2eb745926b2b46c54651d3d3e1deb65a777ae396 100644 (file)
--- a/nsjail.h
+++ b/nsjail.h
@@ -160,8 +160,8 @@ struct nsjconf_t {
        size_t cgroup_pids_max;
        FILE* kafel_file;
        char* kafel_string;
-       uid_t orig_euid;
        long num_cpus;
+       uid_t orig_uid;
        TAILQ_HEAD(udmaplist, idmap_t)
        uids;
        TAILQ_HEAD(gdmaplist, idmap_t)
Domain: System / System Framework;