| Message ID | 20221013132312.294095-1-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 0fb988c86b66 |
| Headers | show |
| Series | [1/2] sandbox: Do not try to remove tmpdir twice if uid == 0 | expand |
On Thu, Oct 13, 2022 at 9:24 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > If the user is root, tmpdir is already wiped out. > > Fixes: > # sandbox -T /root/tmp -- id > uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:sandbox_t:s0:c696,c756 > Failed to remove directory /tmp/.sandbox-root-KIlB59: No such file or directory > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> For these two patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > sandbox/seunshare.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c > index 8917a0f9bd42..dd1d7ddbdc89 100644 > --- a/sandbox/seunshare.c > +++ b/sandbox/seunshare.c > @@ -414,7 +414,7 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src, > rc++; > } > > - if (rmdir(tmpdir) == -1) > + if (pwd->pw_uid != 0 && rmdir(tmpdir) == -1) > fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno)); > if ((uid_t)setfsuid(pwd->pw_uid) != 0) { > fprintf(stderr, _("unable to switch back to user after clearing tmp dir\n")); > -- > 2.37.3 >
On Fri, Nov 4, 2022 at 2:38 PM James Carter <jwcart2@gmail.com> wrote: > > On Thu, Oct 13, 2022 at 9:24 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > > > If the user is root, tmpdir is already wiped out. > > > > Fixes: > > # sandbox -T /root/tmp -- id > > uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:sandbox_t:s0:c696,c756 > > Failed to remove directory /tmp/.sandbox-root-KIlB59: No such file or directory > > > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > > For these two patches: > Acked-by: James Carter <jwcart2@gmail.com> > These two patches have been merged. Thanks, Jim > > --- > > sandbox/seunshare.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c > > index 8917a0f9bd42..dd1d7ddbdc89 100644 > > --- a/sandbox/seunshare.c > > +++ b/sandbox/seunshare.c > > @@ -414,7 +414,7 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src, > > rc++; > > } > > > > - if (rmdir(tmpdir) == -1) > > + if (pwd->pw_uid != 0 && rmdir(tmpdir) == -1) > > fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno)); > > if ((uid_t)setfsuid(pwd->pw_uid) != 0) { > > fprintf(stderr, _("unable to switch back to user after clearing tmp dir\n")); > > -- > > 2.37.3 > >
diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c index 8917a0f9bd42..dd1d7ddbdc89 100644 --- a/sandbox/seunshare.c +++ b/sandbox/seunshare.c @@ -414,7 +414,7 @@ static int cleanup_tmpdir(const char *tmpdir, const char *src, rc++; } - if (rmdir(tmpdir) == -1) + if (pwd->pw_uid != 0 && rmdir(tmpdir) == -1) fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno)); if ((uid_t)setfsuid(pwd->pw_uid) != 0) { fprintf(stderr, _("unable to switch back to user after clearing tmp dir\n"));
If the user is root, tmpdir is already wiped out. Fixes: # sandbox -T /root/tmp -- id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:sandbox_t:s0:c696,c756 Failed to remove directory /tmp/.sandbox-root-KIlB59: No such file or directory Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- sandbox/seunshare.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)