proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-08 04:36:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

confile: rework lxc_fill_elevated_privileges()

Browse Source 
Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2021-08-24 09:54:27 +02:00
parent d34bbcb71a
commit d253a09f9b
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
3 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/lxc/confile.c
View File

@ -3256,10 +3256,10 @@ int lxc_config_parse_arch(const char *arch, signed long *persona)
return ret_errno(EINVAL); return ret_errno(EINVAL);
} }
int lxc_fill_elevated_privileges(char *flaglist, int *flags) int lxc_fill_elevated_privileges(char *flaglist, unsigned int *flags)
{ {
unsigned int flags_tmp = 0;
char *token; char *token;
int i, aflag;
struct { struct {
const char *token; const char *token;
int flag; int flag;
@ -3271,28 +3271,33 @@ int lxc_fill_elevated_privileges(char *flaglist, int *flags)
}; };
if (!flaglist) { if (!flaglist) {
/* For the sake of backward compatibility, drop all privileges /*
* if none is specified. * For the sake of backward compatibility, keep all privileges
* if no specific privileges are specified.
*/ */
for (i = 0; all_privs[i].token; i++) for (unsigned int i = 0; all_privs[i].token; i++)
*flags |= all_privs[i].flag; flags_tmp |= all_privs[i].flag;
*flags = flags_tmp;
return 0; return 0;
} }
lxc_iterate_parts(token, flaglist, "|") { lxc_iterate_parts(token, flaglist, "|") {
aflag = -1; bool valid_token = false;
for (i = 0; all_privs[i].token; i++) for (unsigned int i = 0; all_privs[i].token; i++) {
if (strequal(all_privs[i].token, token)) if (!strequal(all_privs[i].token, token))
aflag = all_privs[i].flag; continue;
if (aflag < 0) valid_token = true;
return ret_errno(EINVAL); flags_tmp |= all_privs[i].flag;
*flags |= aflag;
} }
if (!valid_token)
return syserror_set(-EINVAL, "Invalid elevated privilege \"%s\" requested", token);
}
*flags = flags_tmp;
return 0; return 0;
} }

2
src/lxc/confile.h
View File

@ -89,7 +89,7 @@ __hidden extern void lxc_config_define_free(struct lxc_list *defines);
*/ */
__hidden extern int lxc_config_parse_arch(const char *arch, signed long *persona); __hidden extern int lxc_config_parse_arch(const char *arch, signed long *persona);
__hidden extern int lxc_fill_elevated_privileges(char *flaglist, int *flags); __hidden extern int lxc_fill_elevated_privileges(char *flaglist, unsigned int *flags);
__hidden extern int lxc_clear_config_item(struct lxc_conf *c, const char *key); __hidden extern int lxc_clear_config_item(struct lxc_conf *c, const char *key);

2
src/lxc/tools/lxc_attach.c
View File

@ -52,7 +52,7 @@ static int add_to_simple_array(char ***array, ssize_t *capacity, char *value);
static bool stdfd_is_pty(void); static bool stdfd_is_pty(void);
static int lxc_attach_create_log_file(const char *log_file); static int lxc_attach_create_log_file(const char *log_file);
static int elevated_privileges; static unsigned int elevated_privileges;
static signed long new_personality = -1; static signed long new_personality = -1;
static int namespace_flags = -1; static int namespace_flags = -1;
static int remount_sys_proc; static int remount_sys_proc;