[lxc-devel] [PATCH 1/1] userns: clear and save id_map

Dwight Engen dwight.engen at oracle.com
Mon Jul 15 20:32:25 UTC 2013


On Mon, 15 Jul 2013 13:47:40 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> 
> Otherwise (a) there is a memory leak when using user namespaces and
> clearing a config, and (b) saving a container configuration file
> doesn't maintain the userns mapping.  For instance, if container c1
> has lxc.id_map configuration entries, then
> 
> python3
> import lxc
> c=lxc.Container("c1")
> c.save_config("/tmp/config1")
> 
> should show 'lxc.id_map =' entries in /tmp/config1.
> 
> Reported-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> ---
>  src/lxc/conf.c    | 13 +++++++++++++
>  src/lxc/confile.c |  6 ++++++
>  2 files changed, 19 insertions(+)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index dc521b5..21614d9 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -3123,6 +3123,18 @@ int lxc_clear_config_caps(struct lxc_conf *c)
>  	return 0;
>  }
>  
> +int lxc_clear_idmaps(struct lxc_conf *c)
> +{
> +	struct lxc_list *it, *next;
> +
> +	lxc_list_for_each_safe(it, &c->id_map, next) {
> +		lxc_list_del(it);
> +		free(it->elem);
> +		free(it);
> +	}
> +	return 0;
> +}
> +
>  int lxc_clear_cgroups(struct lxc_conf *c, const char *key)
>  {
>  	struct lxc_list *it,*next;
> @@ -3226,5 +3238,6 @@ void lxc_conf_free(struct lxc_conf *conf)
>  	lxc_clear_hooks(conf, "lxc.hook");
>  	lxc_clear_mount_entries(conf);
>  	lxc_clear_saved_nics(conf);
> +	lxc_clear_idmaps(conf);
>  	free(conf);
>  }
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index a7db117..05370f0 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -1945,6 +1945,12 @@ void write_config(FILE *fout, struct lxc_conf
> *c) }
>  	lxc_list_for_each(it, &c->caps)
>  		fprintf(fout, "lxc.cap.drop = %s\n", (char
> *)it->elem);
> +	lxc_list_for_each(it, &c->id_map) {
> +		struct id_map *idmap = it->elem;
> +		fprintf(fout, "lxc.id_map = %c %lu %lu %lu\n",
> +			idmap->type == ID_TYPE_UID ? 'u' : 'c',
> idmap->nsid,
> +			idmap->hostid, idmap->range);

Hi Serge, I'm getting:

confile.c:1951:9: error: ‘struct id_map’ has no member named ‘type’

I think you wanted idmap->idtype :) With that change, it builds but I'm
getting a segfault when doing a lxc-clone -s -o ol64-01 -n ol64-02 (and
ol64-01 has lxc.id_map entries). Here is the gdb backtrace, I'll look
into it if you don't have time.

Starting program: /usr/bin/lxc-clone -s -o ol64-01 -n ol64-04
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 28359.
Detaching after fork from child process 28361.

Program received signal SIGSEGV, Segmentation fault.
0x00007f99e689e08e in write_config (fout=fout at entry=0x1b79670, c=0x1b77400)
    at confile.c:1950
1950	confile.c: No such file or directory.
Missing separate debuginfos, use: debuginfo-install lxc-0.9.x-1.fc18.x86_64
(gdb) bt
#0  0x00007f99e689e08e in write_config (fout=fout at entry=0x1b79670, c=0x1b77400)
    at confile.c:1950
#1  0x00007f99e68a6c6b in lxcapi_save_config (c=0x1b764d0, alt_file=<optimized out>)
    at lxccontainer.c:1214
#2  0x00007f99e68a99b8 in lxcapi_clone (c=<optimized out>, newname=<optimized out>, 
    lxcpath=<optimized out>, flags=<optimized out>, bdevtype=0x0, bdevdata=0x0, 
    newsize=0, hookargs=0x0) at lxccontainer.c:1963
#3  0x0000000000400d2f in main ()

> +	}
>  	for (i=0; i<NUM_LXC_HOOKS; i++) {
>  		lxc_list_for_each(it, &c->hooks[i])
>  			fprintf(fout, "lxc.hook.%s = %s\n",





More information about the lxc-devel mailing list