Handle Unix domain socket connections from outside our namespace v2

This is a second attempt at 9754d56, reverted in 2f20a8e, because I lost a 'break;' when moving chunks around.
2014-04-19 21:58:03 -04:00 · 2014-04-19 21:58:03 -04:00 · d38f6e34a6
parent a555350d47
commit d38f6e34a6
1 changed files with 14 additions and 8 deletions
--- a/src/core/socket.c
+++ b/src/core/socket.c
@ -663,16 +663,22 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) {
                int k;

                k = getpeercred(fd, &ucred);
-                if (k < 0)
+                if (k >= 0) {
+                        if (asprintf(&r,
+                                     "%u-"PID_FMT"-"UID_FMT,
+                                     nr, ucred.pid, ucred.uid) < 0)
+                                return -ENOMEM;
+                } else if (k == -ENODATA) {
+                        /* This handles the case where somebody is
+                         * connecting from another pid/uid namespace
+                         * (e.g. from outside of our container). */
+                        if (asprintf(&r,
+                                     "%u-unknown",
+                                     nr) < 0)
+                                return -ENOMEM;
+                } else
                        return k;

-                if (asprintf(&r,
-                             "%u-%lu-%lu",
-                             nr,
-                             (unsigned long) ucred.pid,
-                             (unsigned long) ucred.uid) < 0)
-                        return -ENOMEM;
-
                break;
        }