diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-06-19 17:38:12 +0200 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-06-19 17:58:37 +0200 |
commit | e6f9a3da1d9b0e5eb09b48cc1ae0ade11fbf16f2 (patch) | |
tree | 568a489d643d69d322f1ca0bde7aa59f54ddf019 | |
parent | 1fa0de5175075a841e24925f76fc472927a5308d (diff) | |
download | rebel-e6f9a3da1d9b0e5eb09b48cc1ae0ade11fbf16f2.tar rebel-e6f9a3da1d9b0e5eb09b48cc1ae0ade11fbf16f2.zip |
unshare: use nix types for BUILD_UID/BUILD_GID
-rw-r--r-- | Cargo.lock | 14 | ||||
-rw-r--r-- | Cargo.toml | 2 | ||||
-rw-r--r-- | src/runner/runc/run.rs | 11 | ||||
-rw-r--r-- | src/runner/runc/spec.rs | 4 | ||||
-rw-r--r-- | src/unshare.rs | 10 |
5 files changed, 23 insertions, 18 deletions
@@ -199,6 +199,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00" [[package]] +name = "memoffset" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +dependencies = [ + "autocfg", +] + +[[package]] name = "mio" version = "0.6.23" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -242,14 +251,15 @@ dependencies = [ [[package]] name = "nix" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa9b4819da1bc61c0ea48b63b7bc8604064dd43013e7cc325df098d49cd7c18a" +checksum = "5c3728fec49d363a50a8828a190b379a446cc5cf085c06259bbbeb34447e4ec7" dependencies = [ "bitflags", "cc", "cfg-if 1.0.0", "libc", + "memoffset", ] [[package]] @@ -10,7 +10,7 @@ edition = "2018" [dependencies] ipc-channel = { git = "https://github.com/servo/ipc-channel.git" } libc = "0.2.84" -nix = "0.20.0" +nix = "0.21.0" oci-spec = "0.2.8" serde = { version = "1", features = ["derive"] } serde_json = "1.0.62" diff --git a/src/runner/runc/run.rs b/src/runner/runc/run.rs index 09bd875..0735128 100644 --- a/src/runner/runc/run.rs +++ b/src/runner/runc/run.rs @@ -58,12 +58,7 @@ fn init_task() -> Result<(), Error> { let workdir = "build/tmp/runc/workdir"; DirBuilder::new().create(workdir)?; - unistd::chown( - workdir, - Some(unistd::Uid::from_raw(unshare::BUILD_UID)), - Some(unistd::Gid::from_raw(unshare::BUILD_GID)), - ) - .to_io_result()?; + unistd::chown(workdir, Some(unshare::BUILD_UID), Some(unshare::BUILD_GID)).to_io_result()?; Ok(()) } @@ -76,8 +71,8 @@ fn collect_output(task: TaskRef, task_def: Task) -> Result<(), io::Error> { // Temporarily switch to the user running Rebel to get the right // owner for the tar files let file = { - let _setegid = util::setegid(unistd::Gid::from_raw(unshare::BUILD_GID))?; - let _seteuid = util::seteuid(unistd::Uid::from_raw(unshare::BUILD_UID))?; + let _setegid = util::setegid(unshare::BUILD_GID)?; + let _seteuid = util::seteuid(unshare::BUILD_UID)?; File::create(output_filename(task))? }; diff --git a/src/runner/runc/spec.rs b/src/runner/runc/spec.rs index 42e748c..bc226cb 100644 --- a/src/runner/runc/spec.rs +++ b/src/runner/runc/spec.rs @@ -10,8 +10,8 @@ pub fn generate_spec(run: &str) -> runtime::Spec { "process": { "terminal": false, "user": { - "uid": unshare::BUILD_UID, - "gid": unshare::BUILD_GID + "uid": unshare::BUILD_UID.as_raw(), + "gid": unshare::BUILD_GID.as_raw(), }, "args": [ "sh", diff --git a/src/unshare.rs b/src/unshare.rs index 717bf53..00a6f14 100644 --- a/src/unshare.rs +++ b/src/unshare.rs @@ -7,7 +7,7 @@ use std::{ process, }; -use nix::unistd; +use nix::unistd::{self, Gid, Uid}; // use crate::prepared_command::PreparedCommand; use crate::util::Checkable; @@ -62,8 +62,8 @@ struct SubIDMap { count: ID, } -pub const BUILD_UID: ID = 800; -pub const BUILD_GID: ID = 800; +pub const BUILD_UID: Uid = Uid::from_raw(800); +pub const BUILD_GID: Gid = Gid::from_raw(800); fn generate_idmap(id: ID, mapped_id: ID, mut ranges: Vec<SubIDRange>) -> Vec<SubIDMap> { let mut map = Vec::new(); @@ -104,13 +104,13 @@ fn generate_idmap(id: ID, mapped_id: ID, mut ranges: Vec<SubIDRange>) -> Vec<Sub fn get_uid_map() -> Result<Vec<SubIDMap>> { let uid = users::get_effective_uid(); let uid_ranges = read_id_ranges(Path::new("/etc/subuid"))?; - Ok(generate_idmap(uid, BUILD_UID, uid_ranges)) + Ok(generate_idmap(uid, BUILD_UID.as_raw(), uid_ranges)) } fn get_gid_map() -> Result<Vec<SubIDMap>> { let gid = users::get_effective_gid(); let gid_ranges = read_id_ranges(Path::new("/etc/subgid"))?; - Ok(generate_idmap(gid, BUILD_GID, gid_ranges)) + Ok(generate_idmap(gid, BUILD_GID.as_raw(), gid_ranges)) } fn run_idmap_cmd(cmd: &str, pid: &str, map: &Vec<SubIDMap>) -> Result<()> { |