[lxc-devel] [lxc/master] start: don't call lxc_map_ids() without id map

brauner on Github lxc-bot at linuxcontainers.org
Sat May 13 15:18:27 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 488 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170513/78d2ad23/attachment.bin>
-------------- next part --------------
From 57927bf2550feccadba2127a193023e7c54d9ca4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 13 May 2017 17:16:25 +0200
Subject: [PATCH] start: don't call lxc_map_ids() without id map

So far, we somehow always called lxc_map_ids(), even when no id map was
configured. Let's not do this.

Closes #1555.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/start.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 4f54012..3963a40 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1086,8 +1086,12 @@ static int lxc_spawn(struct lxc_handler *handler)
 	int saved_ns_fd[LXC_NS_MAX];
 	int preserve_mask = 0, i, flags;
 	int netpipepair[2], nveths;
+	bool wants_to_map_ids;
+	struct lxc_list *id_map;
 
 	netpipe = -1;
+	id_map = &handler->conf->id_map;
+	wants_to_map_ids = !lxc_list_empty(id_map);
 
 	for (i = 0; i < LXC_NS_MAX; i++)
 		if (handler->conf->inherit_ns_fd[i] != -1)
@@ -1149,7 +1153,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	 * it readonly.
 	 * If the container is unprivileged then skip rootfs pinning.
 	 */
-	if (lxc_list_empty(&handler->conf->id_map)) {
+	if (wants_to_map_ids) {
 		handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
 		if (handler->pinfd == -1)
 			INFO("Failed to pin the rootfs for container \"%s\".", handler->name);
@@ -1203,7 +1207,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	 * mapped to something else on the host.) later to become a valid uid
 	 * again.
 	 */
-	if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
+	if (wants_to_map_ids && lxc_map_ids(id_map, handler->pid)) {
 		ERROR("Failed to set up id mapping.");
 		goto out_delete_net;
 	}

More information about the lxc-devel mailing list