[lxc-devel] [go-lxc/v2] Add support for additional groups ids on attach.
Drachenfels-GmbH on Github
lxc-bot at linuxcontainers.org
Thu Nov 5 10:25:12 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 368 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201105/dc9df6d6/attachment.bin>
-------------- next part --------------
From 4295ad8f042e6ddd8ebb866bc0629eb1a9b42143 Mon Sep 17 00:00:00 2001
From: Ruben Jenster <r.jenster at drachenfels.de>
Date: Fri, 30 Oct 2020 20:57:55 +0100
Subject: [PATCH] Add support for additional groups ids on attach.
Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
---
container.go | 20 ++++++++++++++++++++
lxc-binding.c | 9 ++++++---
lxc-binding.h | 6 +++---
options.go | 4 ++++
4 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/container.go b/container.go
index caa2d72..cb8aa29 100644
--- a/container.go
+++ b/container.go
@@ -1294,12 +1294,15 @@ func (c *Container) AttachShell(options AttachOptions) error {
cwd := C.CString(options.Cwd)
defer C.free(unsafe.Pointer(cwd))
+ groups := makeGroups(options.Groups)
+
ret := int(C.go_lxc_attach(c.container,
C.bool(options.ClearEnv),
C.int(options.Namespaces),
C.long(options.Arch),
C.uid_t(options.UID),
C.gid_t(options.GID),
+ groups,
C.int(options.StdinFd),
C.int(options.StdoutFd),
C.int(options.StderrFd),
@@ -1313,6 +1316,17 @@ func (c *Container) AttachShell(options AttachOptions) error {
return nil
}
+func makeGroups(groups []int) C.struct_lxc_groups_t {
+ if len(groups) == 0 {
+ return C.struct_lxc_groups_t{size: 0, list: nil}
+ }
+ l := make([]C.gid_t, len(groups))
+ for i, g := range groups {
+ l[i] = C.gid_t(g)
+ }
+ return C.struct_lxc_groups_t{size: C.int(len(groups)), list: &l[0]}
+}
+
func (c *Container) runCommandStatus(args []string, options AttachOptions) (int, error) {
if len(args) == 0 {
return -1, ErrInsufficientNumberOfArguments
@@ -1343,6 +1357,8 @@ func (c *Container) runCommandStatus(args []string, options AttachOptions) (int,
cwd := C.CString(options.Cwd)
defer C.free(unsafe.Pointer(cwd))
+ groups := makeGroups(options.Groups)
+
ret := int(C.go_lxc_attach_run_wait(
c.container,
C.bool(options.ClearEnv),
@@ -1350,6 +1366,7 @@ func (c *Container) runCommandStatus(args []string, options AttachOptions) (int,
C.long(options.Arch),
C.uid_t(options.UID),
C.gid_t(options.GID),
+ groups,
C.int(options.StdinFd),
C.int(options.StdoutFd),
C.int(options.StderrFd),
@@ -1412,6 +1429,8 @@ func (c *Container) RunCommandNoWait(args []string, options AttachOptions) (int,
cwd := C.CString(options.Cwd)
defer C.free(unsafe.Pointer(cwd))
+ groups := makeGroups(options.Groups)
+
var attachedPid C.pid_t
ret := int(C.go_lxc_attach_no_wait(
c.container,
@@ -1420,6 +1439,7 @@ func (c *Container) RunCommandNoWait(args []string, options AttachOptions) (int,
C.long(options.Arch),
C.uid_t(options.UID),
C.gid_t(options.GID),
+ groups,
C.int(options.StdinFd),
C.int(options.StdoutFd),
C.int(options.StderrFd),
diff --git a/lxc-binding.c b/lxc-binding.c
index 7dcf55d..119a70a 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -289,7 +289,7 @@ int go_lxc_attach_no_wait(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
@@ -311,6 +311,7 @@ int go_lxc_attach_no_wait(struct lxc_container *c,
attach_options.uid = uid;
attach_options.gid = gid;
+ attach_options.groups = groups;
attach_options.stdin_fd = stdinfd;
attach_options.stdout_fd = stdoutfd;
@@ -334,7 +335,7 @@ int go_lxc_attach(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
@@ -354,6 +355,7 @@ int go_lxc_attach(struct lxc_container *c,
attach_options.uid = uid;
attach_options.gid = gid;
+ attach_options.groups = groups;
attach_options.stdin_fd = stdinfd;
attach_options.stdout_fd = stdoutfd;
@@ -391,7 +393,7 @@ int go_lxc_attach_run_wait(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
@@ -411,6 +413,7 @@ int go_lxc_attach_run_wait(struct lxc_container *c,
attach_options.uid = uid;
attach_options.gid = gid;
+ attach_options.groups = groups;
attach_options.stdin_fd = stdinfd;
attach_options.stdout_fd = stdoutfd;
diff --git a/lxc-binding.h b/lxc-binding.h
index a3e616b..993e2c2 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -50,7 +50,7 @@ extern int go_lxc_attach_run_wait(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
@@ -60,7 +60,7 @@ extern int go_lxc_attach(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
@@ -69,7 +69,7 @@ extern int go_lxc_attach_no_wait(struct lxc_container *c,
bool clear_env,
int namespaces,
long personality,
- uid_t uid, gid_t gid,
+ uid_t uid, gid_t gid, lxc_groups_t groups,
int stdinfd, int stdoutfd, int stderrfd,
char *initial_cwd,
char **extra_env_vars,
diff --git a/options.go b/options.go
index 08a64eb..8a9ad0c 100644
--- a/options.go
+++ b/options.go
@@ -28,6 +28,9 @@ type AttachOptions struct {
// GID specifies the group id to run as.
GID int
+ // Groups specifies the list of additional group ids to run with.
+ Groups []int
+
// If ClearEnv is true the environment is cleared before running the command.
ClearEnv bool
@@ -54,6 +57,7 @@ var DefaultAttachOptions = AttachOptions{
Cwd: "/",
UID: -1,
GID: -1,
+ Groups: nil,
ClearEnv: false,
Env: nil,
EnvToKeep: nil,
More information about the lxc-devel
mailing list