proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-17 11:20:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix to work lxc-destroy with unprivileged containers on recent kernel

Browse Source 
Change idmap_add_id() to add both ID_TYPE_UID and ID_TYPE_GID entries
to an existing lxc_conf, not just an ID_TYPE_UID entry, so as to work
lxc-destroy with unprivileged containers on recent kernel.

Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
TAMUKI Shoichi 2014-06-28 18:39:54 +09:00 committed by Stéphane Graber
parent 7b50c609e4
commit 8b227008f6
1 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/lxc/conf.c
View File

@ -4508,14 +4508,14 @@ static int run_userns_fn(void *data)
} }
/* /*
* Add a ID_TYPE_UID entry to an existing lxc_conf, if it is not * Add ID_TYPE_UID/ID_TYPE_GID entries to an existing lxc_conf,
* alread there. * if they are not already there.
* We may want to generalize this to do gids as well as uids, but right now
* it's not necessary.
*/ */
static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid) static struct lxc_list *idmap_add_id(struct lxc_conf *conf,
uid_t uid, gid_t gid)
{ {
int hostid_mapped = mapped_hostid(uid, conf, ID_TYPE_UID); int hostuid_mapped = mapped_hostid(uid, conf, ID_TYPE_UID);
int hostgid_mapped = mapped_hostid(gid, conf, ID_TYPE_GID);
struct lxc_list *new = NULL, *tmp, *it, *next; struct lxc_list *new = NULL, *tmp, *it, *next;
struct id_map *entry; struct id_map *entry;
@ -4526,9 +4526,9 @@ static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid)
} }
lxc_list_init(new); lxc_list_init(new);
if (hostid_mapped < 0) { if (hostuid_mapped < 0) {
hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID); hostuid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
if (hostid_mapped < 0) if (hostuid_mapped < 0)
goto err; goto err;
tmp = malloc(sizeof(*tmp)); tmp = malloc(sizeof(*tmp));
if (!tmp) if (!tmp)
@ -4540,8 +4540,27 @@ static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid)
} }
tmp->elem = entry; tmp->elem = entry;
entry->idtype = ID_TYPE_UID; entry->idtype = ID_TYPE_UID;
entry->nsid = hostid_mapped; entry->nsid = hostuid_mapped;
entry->hostid = (unsigned long)uid; entry->hostid = (unsigned long) uid;
entry->range = 1;
lxc_list_add_tail(new, tmp);
}
if (hostgid_mapped < 0) {
hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
if (hostgid_mapped < 0)
goto err;
tmp = malloc(sizeof(*tmp));
if (!tmp)
goto err;
entry = malloc(sizeof(*entry));
if (!entry) {
free(tmp);
goto err;
}
tmp->elem = entry;
entry->idtype = ID_TYPE_GID;
entry->nsid = hostgid_mapped;
entry->hostid = (unsigned long) gid;
entry->range = 1; entry->range = 1;
lxc_list_add_tail(new, tmp); lxc_list_add_tail(new, tmp);
} }
@ -4563,7 +4582,7 @@ static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid)
return new; return new;
err: err:
ERROR("Out of memory building a new uid map"); ERROR("Out of memory building a new uid/gid map");
if (new) if (new)
lxc_free_idmap(new); lxc_free_idmap(new);
free(new); free(new);
@ -4572,7 +4591,7 @@ err:
/* /*
* Run a function in a new user namespace. * Run a function in a new user namespace.
* The caller's euid will be mapped in if it is not already. * The caller's euid/egid will be mapped in if it is not already.
*/ */
int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data) int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
{ {
@ -4597,8 +4616,8 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data)
close(p[0]); close(p[0]);
p[0] = -1; p[0] = -1;
if ((idmap = idmap_add_id(conf, geteuid())) == NULL) { if ((idmap = idmap_add_id(conf, geteuid(), getegid())) == NULL) {
ERROR("Error adding self to container uid map"); ERROR("Error adding self to container uid/gid map");
goto err; goto err;
} }