16280725298

Committed 14 Jul 2025 08:16PM UTC coverage: 72.166% (-0.006%) from 72.172%

Build # 16280725298

Build Type

push

github

Committed by

web-flow

Commit Message

Two fixlets for coverage test (#38183)

Run Details

302135 of 418667 relevant lines covered (72.17%)

773261.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

76.54

/src/nspawn/nspawn-bind-user.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "sd-json.h"

#include "alloc-util.h"
#include "fileio.h"
#include "format-util.h"
#include "log.h"
#include "nspawn.h"
#include "machine-bind-user.h"
#include "nspawn-bind-user.h"
#include "user-record.h"
#include "group-record.h"
#include "path-util.h"
#include "string-util.h"
#include "user-util.h"

static int write_and_symlink(
                const char *root,
                sd_json_variant *v,
                const char *name,
                uid_t uid,
                const char *suffix,
                WriteStringFileFlags extra_flags) {

        _cleanup_free_ char *j = NULL, *f = NULL, *p = NULL, *q = NULL;
        int r;

        assert(root);
        assert(v);
        assert(name);
        assert(uid_is_valid(uid));
        assert(suffix);

        r = sd_json_variant_format(v, SD_JSON_FORMAT_NEWLINE, &j);
        if (r < 0)
                return log_error_errno(r, "Failed to format user record JSON: %m");

        f = strjoin(name, suffix);
        if (!f)
                return log_oom();

        p = path_join(root, "/run/host/userdb/", f);
        if (!p)
                return log_oom();

        if (asprintf(&q, "%s/run/host/userdb/" UID_FMT "%s", root, uid, suffix) < 0)
                return log_oom();

        if (symlink(f, q) < 0)
                return log_error_errno(errno, "Failed to create symlink '%s': %m", q);

        r = userns_lchown(q, 0, 0);
        if (r < 0)
                return log_error_errno(r, "Failed to adjust access mode of '%s': %m", q);

        r = write_string_file(p, j, WRITE_STRING_FILE_CREATE|extra_flags);
        if (r < 0)
                return log_error_errno(r, "Failed to write %s: %m", p);

        r = userns_lchown(p, 0, 0);
        if (r < 0)
                return log_error_errno(r, "Failed to adjust access mode of '%s': %m", p);

        return 0;
}

int bind_user_setup(const MachineBindUserContext *c, const char *root) {
        static const UserRecordLoadFlags strip_flags = /* Removes privileged info */
                USER_RECORD_LOAD_MASK_PRIVILEGED|
                USER_RECORD_PERMISSIVE;
        static const UserRecordLoadFlags shadow_flags = /* Extracts privileged info */
                USER_RECORD_EXTRACT_PRIVILEGED|
                USER_RECORD_EMPTY_OK|
                USER_RECORD_PERMISSIVE;
        int r;

        assert(root);

        if (!c || c->n_data == 0)
                return 0;

        r = make_run_host(root);
        if (r < 0)
                return r;

        r = userns_mkdir(root, "/run/host/home", 0755, 0, 0);
        if (r < 0)
                return log_error_errno(r, "Failed to create /run/host/home: %m");

        r = userns_mkdir(root, "/run/host/userdb", 0755, 0, 0);
        if (r < 0)
                return log_error_errno(r, "Failed to create /run/host/userdb: %m");

        FOREACH_ARRAY(d, c->data, c->n_data) {
                _cleanup_(group_record_unrefp) GroupRecord *stripped_group = NULL, *shadow_group = NULL;
                _cleanup_(user_record_unrefp) UserRecord *stripped_user = NULL, *shadow_user = NULL;

                /* First, write shadow (i.e. privileged) data for group record */
                r = group_record_clone(d->payload_group, shadow_flags, &shadow_group);
                if (r < 0)
                        return log_error_errno(r, "Failed to extract privileged information from group record: %m");

                if (!sd_json_variant_is_blank_object(shadow_group->json)) {
                        r = write_and_symlink(
                                        root,
                                        shadow_group->json,
                                        d->payload_group->group_name,
                                        d->payload_group->gid,
                                        ".group-privileged",
                                        WRITE_STRING_FILE_MODE_0600);
                        if (r < 0)
                                return r;
                }

                /* Second, write main part of group record. */
                r = group_record_clone(d->payload_group, strip_flags, &stripped_group);
                if (r < 0)
                        return log_error_errno(r, "Failed to strip privileged information from group record: %m");

                r = write_and_symlink(
                                root,
                                stripped_group->json,
                                d->payload_group->group_name,
                                d->payload_group->gid,
                                ".group",
                                0);
                if (r < 0)
                        return r;

                /* Third, write out user shadow data. i.e. extract privileged info from user record */
                r = user_record_clone(d->payload_user, shadow_flags, &shadow_user);
                if (r < 0)
                        return log_error_errno(r, "Failed to extract privileged information from user record: %m");

                if (!sd_json_variant_is_blank_object(shadow_user->json)) {
                        r = write_and_symlink(
                                        root,
                                        shadow_user->json,
                                        d->payload_user->user_name,
                                        d->payload_user->uid,
                                        ".user-privileged",
                                        WRITE_STRING_FILE_MODE_0600);
                        if (r < 0)
                                return r;
                }

                /* Finally write out the main part of the user record */
                r = user_record_clone(d->payload_user, strip_flags, &stripped_user);
                if (r < 0)
                        return log_error_errno(r, "Failed to strip privileged information from user record: %m");

                r = write_and_symlink(
                                root,
                                stripped_user->json,
                                d->payload_user->user_name,
                                d->payload_user->uid,
                                ".user",
                                0);
                if (r < 0)
                        return r;
        }

        return 1;
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <unistd.h>
4
5	#include "sd-json.h"
6
7	#include "alloc-util.h"
8	#include "fileio.h"
9	#include "format-util.h"
10	#include "log.h"
11	#include "nspawn.h"
12	#include "machine-bind-user.h"
13	#include "nspawn-bind-user.h"
14	#include "user-record.h"
15	#include "group-record.h"
16	#include "path-util.h"
17	#include "string-util.h"
18	#include "user-util.h"
19
20	static int write_and_symlink(	90✔
21	const char *root,
22	sd_json_variant *v,
23	const char *name,
24	uid_t uid,
25	const char *suffix,
26	WriteStringFileFlags extra_flags) {
27
28	_cleanup_free_ char j = NULL, f = NULL, p = NULL, q = NULL;	90✔
29	int r;	90✔
30
31	assert(root);	90✔
32	assert(v);	90✔
33	assert(name);	90✔
34	assert(uid_is_valid(uid));	90✔
35	assert(suffix);	90✔
36
37	r = sd_json_variant_format(v, SD_JSON_FORMAT_NEWLINE, &j);	90✔
38	if (r < 0)	90✔
39	return log_error_errno(r, "Failed to format user record JSON: %m");	×
40
41	f = strjoin(name, suffix);	90✔
42	if (!f)	90✔
43	return log_oom();	×
44
45	p = path_join(root, "/run/host/userdb/", f);	90✔
46	if (!p)	90✔
47	return log_oom();	×
48
49	if (asprintf(&q, "%s/run/host/userdb/" UID_FMT "%s", root, uid, suffix) < 0)	90✔
50	return log_oom();	×
51
52	if (symlink(f, q) < 0)	90✔
53	return log_error_errno(errno, "Failed to create symlink '%s': %m", q);	×
54
55	r = userns_lchown(q, 0, 0);	90✔
56	if (r < 0)	90✔
57	return log_error_errno(r, "Failed to adjust access mode of '%s': %m", q);	×
58
59	r = write_string_file(p, j, WRITE_STRING_FILE_CREATE\|extra_flags);	90✔
60	if (r < 0)	90✔
61	return log_error_errno(r, "Failed to write %s: %m", p);	×
62
63	r = userns_lchown(p, 0, 0);	90✔
64	if (r < 0)	90✔
65	return log_error_errno(r, "Failed to adjust access mode of '%s': %m", p);	×
66
67	return 0;
68	}
69
70	int bind_user_setup(const MachineBindUserContext c, const char root) {	233✔
71	static const UserRecordLoadFlags strip_flags = /* Removes privileged info */	233✔
72	USER_RECORD_LOAD_MASK_PRIVILEGED\|
73	USER_RECORD_PERMISSIVE;
74	static const UserRecordLoadFlags shadow_flags = /* Extracts privileged info */	233✔
75	USER_RECORD_EXTRACT_PRIVILEGED\|
76	USER_RECORD_EMPTY_OK\|
77	USER_RECORD_PERMISSIVE;
78	int r;	233✔
79
80	assert(root);	233✔
81
82	if (!c \|\| c->n_data == 0)	233✔
83	return 0;
84
85	r = make_run_host(root);	22✔
86	if (r < 0)	22✔
87	return r;
88
89	r = userns_mkdir(root, "/run/host/home", 0755, 0, 0);	22✔
90	if (r < 0)	22✔
91	return log_error_errno(r, "Failed to create /run/host/home: %m");	×
92
93	r = userns_mkdir(root, "/run/host/userdb", 0755, 0, 0);	22✔
94	if (r < 0)	22✔
95	return log_error_errno(r, "Failed to create /run/host/userdb: %m");	×
96
97	FOREACH_ARRAY(d, c->data, c->n_data) {	52✔
98	_cleanup_(group_record_unrefp) GroupRecord stripped_group = NULL, shadow_group = NULL;	30✔
99	_cleanup_(user_record_unrefp) UserRecord stripped_user = NULL, shadow_user = NULL;	30✔
100
101	/* First, write shadow (i.e. privileged) data for group record */
102	r = group_record_clone(d->payload_group, shadow_flags, &shadow_group);	30✔
103	if (r < 0)	30✔
104	return log_error_errno(r, "Failed to extract privileged information from group record: %m");	×
105
106	if (!sd_json_variant_is_blank_object(shadow_group->json)) {	30✔
107	r = write_and_symlink(	×
108	root,
109	shadow_group->json,	×
110	d->payload_group->group_name,	×
111	d->payload_group->gid,	×
112	".group-privileged",
113	WRITE_STRING_FILE_MODE_0600);
114	if (r < 0)	×
115	return r;
116	}
117
118	/* Second, write main part of group record. */
119	r = group_record_clone(d->payload_group, strip_flags, &stripped_group);	30✔
120	if (r < 0)	30✔
121	return log_error_errno(r, "Failed to strip privileged information from group record: %m");	×
122
123	r = write_and_symlink(	60✔
124	root,
125	stripped_group->json,	30✔
126	d->payload_group->group_name,	30✔
127	d->payload_group->gid,	30✔
128	".group",
129	0);
130	if (r < 0)	30✔
131	return r;
132
133	/* Third, write out user shadow data. i.e. extract privileged info from user record */
134	r = user_record_clone(d->payload_user, shadow_flags, &shadow_user);	30✔
135	if (r < 0)	30✔
136	return log_error_errno(r, "Failed to extract privileged information from user record: %m");	×
137
138	if (!sd_json_variant_is_blank_object(shadow_user->json)) {	30✔
139	r = write_and_symlink(	60✔
140	root,
141	shadow_user->json,	30✔
142	d->payload_user->user_name,	30✔
143	d->payload_user->uid,	30✔
144	".user-privileged",
145	WRITE_STRING_FILE_MODE_0600);
146	if (r < 0)	30✔
147	return r;
148	}
149
150	/* Finally write out the main part of the user record */
151	r = user_record_clone(d->payload_user, strip_flags, &stripped_user);	30✔
152	if (r < 0)	30✔
153	return log_error_errno(r, "Failed to strip privileged information from user record: %m");	×
154
155	r = write_and_symlink(	60✔
156	root,
157	stripped_user->json,	30✔
158	d->payload_user->user_name,	30✔
159	d->payload_user->uid,	30✔
160	".user",
161	0);
162	if (r < 0)	30✔
163	return r;
164	}
165
166	return 1;
167	}

systemd / systemd / 16280725298

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous