[lxc-devel] [PATCH 3/3] lxc-attach: Allow the user to request uid/gid when attaching
Christian Seiler
christian at iwakd.de
Mon Mar 4 19:20:24 UTC 2013
This patch implements the -u and -g options for lxc-attach that allows
the user to ask for a specific user and group id when attaching to a
container.
NOTE: DO NOT APPLY THIS PATCH JUST YET, THERE ARE SECURITY IMPLICATIONS
THAT HAVE TO BE CONSIDERED BEFORE DOING SO. THIS IS JUST A DRAFT.
---
src/lxc/lxc_attach.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 6095b54..d39f5db 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -26,6 +26,7 @@
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
+#include <limits.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
@@ -55,6 +56,8 @@ static const struct option my_longopts[] = {
{"arch", required_argument, 0, 'a'},
{"namespaces", required_argument, 0, 's'},
{"remount-sys-proc", no_argument, 0, 'R'},
+ {"uid", required_argument, 0, 'u'},
+ {"gid", required_argument, 0, 'g'},
LXC_COMMON_OPTIONS
};
@@ -62,10 +65,13 @@ static int elevated_privileges = 0;
static signed long new_personality = -1;
static int namespace_flags = -1;
static int remount_sys_proc = 0;
+static long requested_uid = -1;
+static long requested_gid = -1;
static int my_parser(struct lxc_arguments* args, int c, char* arg)
{
int ret;
+ char *endptr;
switch (c) {
case 'e': elevated_privileges = 1; break;
@@ -85,6 +91,24 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
/* -s implies -e */
elevated_privileges = 1;
break;
+ case 'u':
+ endptr = NULL;
+ requested_uid = strtol(arg, &endptr, 10);
+ if (requested_uid < 0 || requested_uid == LONG_MAX ||
+ !endptr || *endptr || !*arg) {
+ lxc_error(args, "invalid user id specified: %s", arg);
+ return -1;
+ }
+ break;
+ case 'g':
+ endptr = NULL;
+ requested_gid = strtol(arg, &endptr, 10);
+ if (requested_gid < 0 || requested_gid == LONG_MAX ||
+ !endptr || *endptr || !*arg) {
+ lxc_error(args, "invalid group id specified: %s", arg);
+ return -1;
+ }
+ break;
}
return 0;
@@ -116,7 +140,10 @@ Options :\n\
Remount /sys and /proc if not attaching to the\n\
mount namespace when using -s in order to properly\n\
reflect the correct namespace context. See the\n\
- lxc-attach(1) manual page for details.\n",
+ lxc-attach(1) manual page for details.\n\
+ -u, --uid=UID setuid(UID) when entering the container\n\
+ -g, --gid=GID setgid(GID) when entering the container\n",
+
.options = my_longopts,
.parser = my_parser,
.checker = NULL,
@@ -425,6 +452,12 @@ int main(int argc, char *argv[])
*/
(void) lxc_attach_get_init_uidgid(&init_uid, &init_gid);
+ /* if the user whished for different credentials, use them */
+ if (requested_uid != -1)
+ init_uid = (uid_t) requested_uid;
+ if (requested_gid != -1)
+ init_gid = (gid_t) requested_gid;
+
/* try to set the uid/gid combination */
if (setgid(init_gid)) {
SYSERROR("switching to container gid");
@@ -434,6 +467,23 @@ int main(int argc, char *argv[])
SYSERROR("switching to container uid");
return -1;
}
+ } else {
+ /* by default, with no user namespaces, we don't need
+ * setgid()/setuid(), but we should use them if explicitly
+ * requested
+ */
+ if (requested_gid != -1) {
+ if (setgid((gid_t) requested_gid)) {
+ SYSERROR("switching to container gid");
+ return -1;
+ }
+ }
+ if (requested_uid != -1) {
+ if (setuid((uid_t) requested_uid)) {
+ SYSERROR("switching to container uid");
+ return -1;
+ }
+ }
}
if (my_args.argc) {
--
1.7.10.4
More information about the lxc-devel
mailing list