• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

systemd / systemd / 17872489626

19 Sep 2025 10:01PM UTC coverage: 72.323% (-0.003%) from 72.326%
17872489626

push

github

YHNdnzj
core/manager: honor show_status_overridden in manager_watch_jobs_next_time()

Prompted by #39029

1 of 1 new or added line in 1 file covered. (100.0%)

8275 existing lines in 112 files now uncovered.

302883 of 418794 relevant lines covered (72.32%)

1056411.46 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.22
/src/shared/machine-bind-user.c
1
/* SPDX-License-Identifier: LGPL-2.1-or-later */
2

3
#include <grp.h>
4
#include <pwd.h>
5

6
#include "alloc-util.h"
7
#include "chase.h"
8
#include "fd-util.h"
9
#include "format-util.h"
10
#include "json-util.h"
11
#include "log.h"
12
#include "machine-bind-user.h"
13
#include "path-util.h"
14
#include "string-util.h"
15
#include "strv.h"
16
#include "user-util.h"
17
#include "userdb.h"
18

19
static int check_etc_passwd_collisions(
68✔
20
                const char *directory,
21
                const char *name,
22
                uid_t uid) {
23

24
        _cleanup_fclose_ FILE *f = NULL;
68✔
25
        int r;
68✔
26

27
        assert(name || uid_is_valid(uid));
68✔
28

29
        if (!directory)
68✔
30
                return 0;
31

32
        r = chase_and_fopen_unlocked("/etc/passwd", directory, CHASE_PREFIX_ROOT, "re", NULL, &f);
68✔
33
        if (r == -ENOENT)
68✔
34
                return 0; /* no user database? then no user, hence no collision */
35
        if (r < 0)
64✔
UNCOV
36
                return log_error_errno(r, "Failed to open /etc/passwd of container: %m");
×
37

38
        for (;;) {
543✔
39
                struct passwd *pw;
607✔
40

41
                r = fgetpwent_sane(f, &pw);
607✔
42
                if (r < 0)
607✔
43
                        return log_error_errno(r, "Failed to iterate through /etc/passwd of container: %m");
64✔
44
                if (r == 0) /* EOF */
607✔
45
                        return 0; /* no collision */
46

47
                if (name && streq_ptr(pw->pw_name, name))
544✔
48
                        return 1; /* name collision */
49
                if (uid_is_valid(uid) && pw->pw_uid == uid)
543✔
50
                        return 1; /* UID collision */
51
        }
52
}
53

54
static int check_etc_group_collisions(
67✔
55
                const char *directory,
56
                const char *name,
57
                gid_t gid) {
58

59
        _cleanup_fclose_ FILE *f = NULL;
67✔
60
        int r;
67✔
61

62
        assert(name || gid_is_valid(gid));
101✔
63

64
        if (!directory)
67✔
65
                return 0;
66

67
        r = chase_and_fopen_unlocked("/etc/group", directory, CHASE_PREFIX_ROOT, "re", NULL, &f);
67✔
68
        if (r == -ENOENT)
67✔
69
                return 0; /* no group database? then no group, hence no collision */
70
        if (r < 0)
67✔
UNCOV
71
                return log_error_errno(r, "Failed to open /etc/group of container: %m");
×
72

73
        for (;;) {
1,452✔
74
                struct group *gr;
1,519✔
75

76
                r = fgetgrent_sane(f, &gr);
1,519✔
77
                if (r < 0)
1,519✔
78
                        return log_error_errno(r, "Failed to iterate through /etc/group of container: %m");
67✔
79
                if (r == 0)
1,519✔
80
                        return 0; /* no collision */
81

82
                if (name && streq_ptr(gr->gr_name, name))
1,453✔
83
                        return 1; /* name collision */
84
                if (gid_is_valid(gid) && gr->gr_gid == gid)
1,452✔
85
                        return 1; /* gid collision */
86
        }
87
}
88

89
static int convert_user(
34✔
90
                const char *directory,
91
                UserRecord *u,
92
                GroupRecord *g,
93
                uid_t allocate_uid,
94
                const char *shell,
95
                bool shell_copy,
96
                UserRecord **ret_converted_user,
97
                GroupRecord **ret_converted_group) {
98

99
        _cleanup_(group_record_unrefp) GroupRecord *converted_group = NULL;
34✔
UNCOV
100
        _cleanup_(user_record_unrefp) UserRecord *converted_user = NULL;
×
101
        _cleanup_free_ char *h = NULL;
34✔
102
        sd_json_variant *p, *hp = NULL, *ssh = NULL;
34✔
103
        int r;
34✔
104

105
        assert(u);
34✔
106
        assert(g);
34✔
107
        assert(user_record_gid(u) == g->gid);
34✔
108

109
        if (shell_copy)
34✔
110
                shell = u->shell;
6✔
111

112
        r = check_etc_passwd_collisions(directory, u->user_name, UID_INVALID);
34✔
113
        if (r < 0)
34✔
114
                return r;
115
        if (r > 0)
34✔
116
                return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
1✔
117
                                       "Sorry, the user '%s' already exists in the container.", u->user_name);
118

119
        r = check_etc_group_collisions(directory, g->group_name, GID_INVALID);
33✔
120
        if (r < 0)
33✔
121
                return r;
122
        if (r > 0)
33✔
123
                return log_error_errno(SYNTHETIC_ERRNO(EBUSY),
1✔
124
                                       "Sorry, the group '%s' already exists in the container.", g->group_name);
125

126
        h = path_join("/run/host/home/", u->user_name);
32✔
127
        if (!h)
32✔
UNCOV
128
                return log_oom();
×
129

130
        /* Acquire the source hashed password array as-is, so that it retains the JSON_VARIANT_SENSITIVE flag */
131
        p = sd_json_variant_by_key(u->json, "privileged");
32✔
132
        if (p) {
32✔
133
                hp = sd_json_variant_by_key(p, "hashedPassword");
32✔
134
                ssh = sd_json_variant_by_key(p, "sshAuthorizedKeys");
32✔
135
        }
136

137
        r = user_record_build(
96✔
138
                        &converted_user,
139
                        SD_JSON_BUILD_OBJECT(
64✔
140
                                        SD_JSON_BUILD_PAIR("userName", SD_JSON_BUILD_STRING(u->user_name)),
141
                                        SD_JSON_BUILD_PAIR("uid", SD_JSON_BUILD_UNSIGNED(allocate_uid)),
142
                                        SD_JSON_BUILD_PAIR("gid", SD_JSON_BUILD_UNSIGNED(allocate_uid)),
143
                                        SD_JSON_BUILD_PAIR_CONDITION(u->disposition >= 0, "disposition", SD_JSON_BUILD_STRING(user_disposition_to_string(u->disposition))),
144
                                        SD_JSON_BUILD_PAIR("homeDirectory", SD_JSON_BUILD_STRING(h)),
145
                                        SD_JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.NSpawn")),
146
                                        JSON_BUILD_PAIR_STRING_NON_EMPTY("shell", shell),
147
                                        SD_JSON_BUILD_PAIR("privileged", SD_JSON_BUILD_OBJECT(
148
                                                                           SD_JSON_BUILD_PAIR_CONDITION(!strv_isempty(u->hashed_password), "hashedPassword", SD_JSON_BUILD_VARIANT(hp)),
149
                                                                           SD_JSON_BUILD_PAIR_CONDITION(!!ssh, "sshAuthorizedKeys", SD_JSON_BUILD_VARIANT(ssh))))));
150
        if (r < 0)
32✔
UNCOV
151
                return log_error_errno(r, "Failed to build container user record: %m");
×
152

153
        r = group_record_build(
96✔
154
                        &converted_group,
155
                        SD_JSON_BUILD_OBJECT(
32✔
156
                                        SD_JSON_BUILD_PAIR("groupName", SD_JSON_BUILD_STRING(g->group_name)),
157
                                        SD_JSON_BUILD_PAIR("gid", SD_JSON_BUILD_UNSIGNED(allocate_uid)),
158
                                        SD_JSON_BUILD_PAIR_CONDITION(g->disposition >= 0, "disposition", SD_JSON_BUILD_STRING(user_disposition_to_string(g->disposition))),
159
                                        SD_JSON_BUILD_PAIR("service", JSON_BUILD_CONST_STRING("io.systemd.NSpawn"))));
160
        if (r < 0)
32✔
UNCOV
161
                return log_error_errno(r, "Failed to build container group record: %m");
×
162

163
        *ret_converted_user = TAKE_PTR(converted_user);
32✔
164
        *ret_converted_group = TAKE_PTR(converted_group);
32✔
165

166
        return 0;
32✔
167
}
168

169
static int find_free_uid(const char *directory, uid_t *current_uid) {
34✔
170
        int r;
34✔
171

172
        assert(current_uid);
34✔
173

UNCOV
174
        for (;; (*current_uid)++) {
×
175
                if (*current_uid > MAP_UID_MAX)
34✔
UNCOV
176
                        return log_error_errno(
×
177
                                        SYNTHETIC_ERRNO(EBUSY),
178
                                        "No suitable available UID in range " UID_FMT "…" UID_FMT " in container detected, can't map user.",
179
                                        MAP_UID_MIN, MAP_UID_MAX);
180

181
                r = check_etc_passwd_collisions(directory, NULL, *current_uid);
34✔
182
                if (r < 0)
34✔
183
                        return r;
184
                if (r > 0) /* already used */
34✔
UNCOV
185
                        continue;
×
186

187
                /* We want to use the UID also as GID, hence check for it in /etc/group too */
188
                r = check_etc_group_collisions(directory, NULL, (gid_t) *current_uid);
34✔
189
                if (r <= 0)
34✔
190
                        return r;
191
        }
192
}
193

194
MachineBindUserContext* machine_bind_user_context_free(MachineBindUserContext *c) {
13✔
195
        if (!c)
13✔
196
                return NULL;
197

198
        FOREACH_ARRAY(d, c->data, c->n_data) {
30✔
199
                user_record_unref(d->host_user);
17✔
200
                group_record_unref(d->host_group);
17✔
201
                user_record_unref(d->payload_user);
17✔
202
                group_record_unref(d->payload_group);
17✔
203
        }
204

205
        return mfree(c);
13✔
206
}
207

208
int machine_bind_user_prepare(
251✔
209
                const char *directory,
210
                char **bind_user,
211
                const char *bind_user_shell,
212
                bool bind_user_shell_copy,
213
                MachineBindUserContext **ret) {
214

215
        _cleanup_(machine_bind_user_context_freep) MachineBindUserContext *c = NULL;
251✔
216
        uid_t current_uid = MAP_UID_MIN;
251✔
217
        int r;
251✔
218

219
        assert(ret);
251✔
220

221
        /* This resolves the users specified in 'bind_user', generates a minimalized JSON user + group record
222
         * for it to stick in the container, allocates a UID/GID for it, and updates the custom mount table,
223
         * to include an appropriate bind mount mapping.
224
         *
225
         * This extends the passed custom_mounts/n_custom_mounts with the home directories, and allocates a
226
         * new BindUserContext for the user records */
227

228
        if (strv_isempty(bind_user)) {
251✔
229
                *ret = NULL;
227✔
230
                return 0;
227✔
231
        }
232

233
        c = new0(MachineBindUserContext, 1);
24✔
234
        if (!c)
24✔
UNCOV
235
                return log_oom();
×
236

237
        STRV_FOREACH(n, bind_user) {
56✔
238
                _cleanup_(user_record_unrefp) UserRecord *u = NULL, *cu = NULL;
34✔
239
                _cleanup_(group_record_unrefp) GroupRecord *g = NULL, *cg = NULL;
34✔
240

241
                r = userdb_by_name(*n, /* match= */ NULL, USERDB_DONT_SYNTHESIZE_INTRINSIC|USERDB_DONT_SYNTHESIZE_FOREIGN, &u);
34✔
242
                if (r < 0)
34✔
UNCOV
243
                        return log_error_errno(r, "Failed to resolve user '%s': %m", *n);
×
244

245
                /* For now, let's refuse mapping the root/nobody users explicitly. The records we generate
246
                 * are strictly additive, nss-systemd is typically placed last in /etc/nsswitch.conf. Thus
247
                 * even if we wanted, we couldn't override the root or nobody user records. Note we also
248
                 * check for name conflicts in /etc/passwd + /etc/group later on, which would usually filter
249
                 * out root/nobody too, hence these checks might appear redundant — but they actually are
250
                 * not, as we want to support environments where /etc/passwd and /etc/group are non-existent,
251
                 * and the user/group databases fully synthesized at runtime. Moreover, the name of the
252
                 * user/group name of the "nobody" account differs between distros, hence a check by numeric
253
                 * UID is safer. */
254
                if (user_record_is_root(u))
34✔
UNCOV
255
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'root' user not supported, sorry.");
×
256

257
                if (user_record_is_nobody(u))
34✔
UNCOV
258
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Mapping 'nobody' user not supported, sorry.");
×
259

260
                if (!uid_is_valid(u->uid))
34✔
UNCOV
261
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot bind user with no UID, refusing.");
×
262

263
                r = groupdb_by_gid(user_record_gid(u), /* match= */ NULL, USERDB_DONT_SYNTHESIZE_INTRINSIC|USERDB_DONT_SYNTHESIZE_FOREIGN, &g);
34✔
264
                if (r < 0)
34✔
UNCOV
265
                        return log_error_errno(r, "Failed to resolve group of user '%s': %m", u->user_name);
×
266

267
                /* We want to synthesize exactly one user + group from the host into the container. This only
268
                 * makes sense if the user on the host has its own private group. We can't reasonably check
269
                 * this, so we just check of the name of user and group match.
270
                 *
271
                 * One of these days we might want to support users in a shared/common group too, but it's
272
                 * not clear to me how this would have to be mapped, precisely given that the common group
273
                 * probably already exists in the container. */
274
                if (!streq(u->user_name, g->group_name))
34✔
UNCOV
275
                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
×
276
                                               "Sorry, mapping users without private groups is currently not supported.");
277

278
                r = find_free_uid(directory, &current_uid);
34✔
279
                if (r < 0)
34✔
280
                        return r;
281

282
                r = convert_user(directory, u, g, current_uid, bind_user_shell, bind_user_shell_copy, &cu, &cg);
34✔
283
                if (r < 0)
34✔
284
                        return r;
285

286
                if (!GREEDY_REALLOC(c->data, c->n_data + 1))
32✔
UNCOV
287
                        return log_oom();
×
288

289
                c->data[c->n_data++] = (MachineBindUserData) {
32✔
290
                        .host_user = TAKE_PTR(u),
32✔
291
                        .host_group = TAKE_PTR(g),
32✔
292
                        .payload_user = TAKE_PTR(cu),
32✔
293
                        .payload_group = TAKE_PTR(cg),
32✔
294
                };
295

296
                current_uid++;
32✔
297
        }
298

299
        *ret = TAKE_PTR(c);
22✔
300
        return 1;
22✔
301
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc