libpam_cgfs: don't create new path if we are under /user.slice/user-$uid.slice

(relative to our init's path)

Closes #117

Signed-off-by: Serge Hallyn <serge@hallyn.com>

diff --git a/pam/pam_cgfs.c b/pam/pam_cgfs.c
index 003b36b27ceefdfa0dc1b05f826000d8ce7442c6..3fd11d8ef33e37bb0aa0102380d4e689eb3f11f7 100644 (file)
--- a/pam/pam_cgfs.c
+++ b/pam/pam_cgfs.c
@@ -461,6 +461,25 @@ static bool systemd_v1_created_slice(struct controller *c, const char *in, uid_t
        return true;
 }
 
+/*
+ * So long as our path relative to init starts with /user.slice/user-$uid.slice,
+ * assumem it belongs to $uid and chown it
+ */
+static bool under_systemd_user_slice(struct controller *c, uid_t uid)
+{
+       char buf[100];
+       size_t curlen, initlen;
+
+       curlen = strlen(c->cur_path);
+       initlen = strlen(c->init_path);
+       if (curlen <= initlen)
+               return false;
+       if (strncmp(c->cur_path, c->init_path, initlen) != 0)
+               return false;
+       snprintf(buf, 100, "/user.slice/user-%d.slice/", (int)uid);
+       return strncmp(c->cur_path + initlen, buf, strlen(buf)) == 0;
+}
+
 /*
  * the systemd-created path is: user-$uid.slice/session-c$session.scope
  * If that is not the end of our systemd path, then we're not part of
@@ -482,6 +501,9 @@ static bool systemd_created_slice_for_us(struct controller *c, const char *in, u
        if (systemd_v1_created_slice(c, in, uid))
                return true;
 
+       if (under_systemd_user_slice(c, uid))
+               return true;
+
        if (strlen(copy) < strlen("/user-0.slice/session-0.scope"))
                return false;
        p = copy + strlen(copy) - 1;