diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-02-10 19:44:09 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2017-02-17 10:22:28 +0100 |
| commit | 3401419bb8215612cf8db33d930a64a54b19dcb3 (patch) | |
| tree | 46bf341034214d5c25d4c211e61831e6b5d488b2 /src/machine/machined-dbus.c | |
| parent | f73e6ee687213d8f78a93a9519901d0fe314c228 (diff) | |
| download | systemd-3401419bb8215612cf8db33d930a64a54b19dcb3.tar.gz | |
machined: expose "UID shift" concept for containers
UID/GID mapping with userns can be arbitrarily complex. Let's break this
down to a single admin-friendly parameter: let's expose the UID/GID
shift of a container via a new bus call for each container, and let's
show this as part of "machinectl status" if it is not 0.
This should work for pretty much all real-life full OS container setups
(i.e. the stuff machined is suppose to be useful for). For everything
else we generate a clean error, clarifying that we can't expose the
mapping.
Diffstat (limited to 'src/machine/machined-dbus.c')
| -rw-r--r-- | src/machine/machined-dbus.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index fd9e5b56fc..c9b92d2765 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -729,6 +729,26 @@ static int method_open_machine_root_directory(sd_bus_message *message, void *use return bus_machine_method_open_root_directory(message, machine, error); } +static int method_get_machine_uid_shift(sd_bus_message *message, void *userdata, sd_bus_error *error) { + Manager *m = userdata; + Machine *machine; + const char *name; + int r; + + assert(message); + assert(m); + + r = sd_bus_message_read(message, "s", &name); + if (r < 0) + return r; + + machine = hashmap_get(m->machines, name); + if (!machine) + return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_MACHINE, "No machine '%s' known", name); + + return bus_machine_method_get_uid_shift(message, machine, error); +} + static int method_remove_image(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_(image_unrefp) Image* i = NULL; const char *name; @@ -1416,6 +1436,7 @@ const sd_bus_vtable manager_vtable[] = { SD_BUS_METHOD("CopyFromMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("CopyToMachine", "sss", NULL, method_copy_machine, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("OpenMachineRootDirectory", "s", "h", method_open_machine_root_directory, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("GetMachineUIDShift", "s", "u", method_get_machine_uid_shift, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("RemoveImage", "s", NULL, method_remove_image, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("RenameImage", "ss", NULL, method_rename_image, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("CloneImage", "ssb", NULL, method_clone_image, SD_BUS_VTABLE_UNPRIVILEGED), |