mirror of
https://github.com/morgan9e/systemd
synced 2026-04-15 00:47:10 +09:00
852de7ed70
Aside from the usual boilerplate of moving the shared logic to shared/, we also rework the implementation of --bind-user= to be similar to what we'll do in systemd-vmspawn. Instead of messing with the nspawn container user namespace, we use idmapped mounts to map the user's home directory on the host to the mapped uid in the container. Ideally we'd also use the "userdb.transient" credentials to provision the user records, but this would only work for booted containers, whereas the current logic works for non-booted containers as well. Aside from being similar to how we'll implement --bind-user= in vmspawn, using idmapped mounts also allows supporting --bind-user= without having to use --private-users=.
31 lines
921 B
C
31 lines
921 B
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
#pragma once
|
|
|
|
#include "forward.h"
|
|
|
|
typedef struct MachineBindUserData {
|
|
/* The host's user/group records */
|
|
UserRecord *host_user;
|
|
GroupRecord *host_group;
|
|
|
|
/* The mapped records to place into the container */
|
|
UserRecord *payload_user;
|
|
GroupRecord *payload_group;
|
|
} MachineBindUserData;
|
|
|
|
typedef struct MachineBindUserContext {
|
|
MachineBindUserData *data;
|
|
size_t n_data;
|
|
} MachineBindUserContext;
|
|
|
|
MachineBindUserContext* machine_bind_user_context_free(MachineBindUserContext *c);
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(MachineBindUserContext*, machine_bind_user_context_free);
|
|
|
|
int machine_bind_user_prepare(
|
|
const char *directory,
|
|
char **bind_user,
|
|
const char *bind_user_shell,
|
|
bool bind_user_shell_copy,
|
|
MachineBindUserContext **ret);
|