proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2026-03-28 15:35:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Pass UID/GID explicitly through flags

Browse Source 
Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>
This commit is contained in:
Patrick Toomey 2015-08-18 16:26:28 -06:00
parent 56f8ff00e3
commit c5cd20ce8e
5 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/lxc/arguments.h
View File

@ -88,6 +88,10 @@ struct lxc_arguments {
char *lvname, *vgname, *thinpool;
char *zfsroot, *lowerdir, *dir;
/* lxc-execute */
uid_t uid;
gid_t gid;
/* auto-start */
int all;
int ignore_auto;

3
src/lxc/conf.c
View File

@ -2604,9 +2604,6 @@ struct lxc_conf *lxc_conf_init(void)
for (i = 0; i < LXC_NS_MAX; i++)
new->inherit_ns_fd[i] = -1;
new->parent_uid = getuid();
new->parent_gid = getgid();
return new;
}

6
src/lxc/conf.h
View File

@ -366,9 +366,9 @@ struct lxc_conf {
/* init command */
char *init_cmd;
/* The UID/GID of the process creating the container */
uid_t parent_uid;
gid_t parent_gid;
/* the UID/GID that COMMAND for lxc-execute should run under */
uid_t init_uid;
gid_t init_gid;
};
#ifdef HAVE_TLS

16
src/lxc/lxc_execute.c
View File

@ -59,7 +59,9 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
{
switch (c) {
case 'f': args->rcfile = arg; break;
case 's': return lxc_config_define_add(&defines, arg);
case 's': return lxc_config_define_add(&defines, arg); break;
case 'u': args->uid = atoi(arg); break;
case 'g': args->gid = atoi(arg);
}
return 0;
}
@ -67,6 +69,8 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
static const struct option my_longopts[] = {
{"rcfile", required_argument, 0, 'f'},
{"define", required_argument, 0, 's'},
{"uid", required_argument, 0, 'u'},
{"gid", required_argument, 0, 'g'},
LXC_COMMON_OPTIONS
};
@ -81,7 +85,9 @@ and execs COMMAND into this container.\n\
Options :\n\
-n, --name=NAME NAME for name of the container\n\
-f, --rcfile=FILE Load configuration file FILE\n\
-s, --define KEY=VAL Assign VAL to configuration variable KEY\n",
-s, --define KEY=VAL Assign VAL to configuration variable KEY\n\
-u, --uid=UID Execute COMMAND with UID inside the container\n\
-g, --gid=GID Execute COMMAND with GID inside the container\n",
.options = my_longopts,
.parser = my_parser,
.checker = my_checker,
@ -139,6 +145,12 @@ int main(int argc, char *argv[])
if (lxc_config_define_load(&defines, conf))
return 1;
if (my_args.uid)
conf->init_uid = my_args.uid;
if (my_args.gid)
conf->init_gid = my_args.gid;
ret = lxc_execute(my_args.name, my_args.argv, my_args.quiet, conf, my_args.lxcpath[0], false);
lxc_conf_free(conf);

10
src/lxc/start.c
View File

@ -668,8 +668,14 @@ static int do_start(void *data)
* the intent is to execute a command as the original user.
*/
if (!lxc_list_empty(&handler->conf->id_map)) {
gid_t new_gid = handler->conf->is_execute ? handler->conf->parent_gid : 0;
gid_t new_uid = handler->conf->is_execute ? handler->conf->parent_uid : 0;
gid_t new_gid = 0;
if (handler->conf->is_execute && handler->conf->init_gid)
new_gid = handler->conf->init_gid;
uid_t new_uid = 0;
if (handler->conf->is_execute && handler->conf->init_uid)
new_uid = handler->conf->init_uid;
NOTICE("switching to gid/uid %d/%d in new user namespace", new_gid, new_uid);
if (setgid(new_gid)) {
SYSERROR("setgid");