[lxc-devel] [PATCH] make [ug]id map ordering consistent with /proc/<nr>/[ug]id_map

Serge Hallyn serge.hallyn at ubuntu.com
Mon Mar 11 20:40:48 UTC 2013 

Quoting Dwight Engen (dwight.engen at oracle.com):
> The id ordering and case of u,g is also consistent with uidmapshift,
> reducing confusion.
> 
> doc: Moved example to the the EXAMPLES section, and used values
> corresponding to the defaults in the pending shadow-utils subuid patch.
> 
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>

Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>

I will also need to update the container-userns-convert script in
the nsexec package :)

> ---
>  doc/lxc.conf.sgml.in | 30 ++++++++++++++++--------------
>  src/lxc/conf.c       |  4 ++--
>  src/lxc/confile.c    |  8 ++++----
>  3 files changed, 22 insertions(+), 20 deletions(-)
> 
> diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in
> index ae91221..60e7baa 100644
> --- a/doc/lxc.conf.sgml.in
> +++ b/doc/lxc.conf.sgml.in
> @@ -709,21 +709,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>  	  <listitem>
>  	    <para>
>  	      Four values must be provided.  First a character, either
> -	      'U', or 'G', to specify whether user or group ids are
> -	      being mapped.  Next is the first userid as seen on the
> -	      host.  Next is the userid to be mapped in the container.
> -	      Finally, a range indicating the number of consecutive
> -	      ids to map.  For instance
> +	      'u', or 'g', to specify whether user or group ids are
> +	      being mapped.  Next is the first userid as seen in the
> +	      user namespace of the container.  Next is the userid as
> +	      seen on the host.  Finally, a range indicating the number
> +	      of consecutive ids to map.
>  	     </para>
> -<programlisting>
> -	lxc.id_map = U 200000 0 20000
> -	lxc.id_map = G 200000 0 20000
> -</programlisting>
> -	    <para>
> -	      will map both user and group ids in the
> -	      range 0-19999 in the container to the ids
> -	      200000-219999 on the host.
> -	    </para>
>  	  </listitem>
>  	</varlistentry>
>        </variablelist>
> @@ -953,6 +944,17 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>      </refsect2>
>  
>      <refsect2>
> +      <title>UID/GID mapping</title>
> +      <para>This configuration will map both user and group ids in the
> +        range 0-9999 in the container to the ids 100000-109999 on the host.
> +      </para>
> +      <programlisting>
> +	lxc.id_map = u 0 100000 10000
> +	lxc.id_map = g 0 100000 10000
> +      </programlisting>
> +    </refsect2>
> +
> +    <refsect2>
>        <title>Control group</title>
>        <para>This configuration will setup several control groups for
>        the application, cpuset.cpus restricts usage of the defined cpu,
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 97b4ae4..e2abc72 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2447,7 +2447,7 @@ int lxc_assign_network(struct lxc_list *network, pid_t pid)
>  	return 0;
>  }
>  
> -int add_id_mapping(enum idtype idtype, pid_t pid, uid_t host_start, uid_t ns_start, int range)
> +static int add_id_mapping(enum idtype idtype, pid_t pid, uid_t ns_start, uid_t host_start, int range)
>  {
>  	char path[PATH_MAX];
>  	int ret, closeret;
> @@ -2480,7 +2480,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
>  
>  	lxc_list_for_each(iterator, idmap) {
>  		map = iterator->elem;
> -		ret = add_id_mapping(map->idtype, pid, map->hostid, map->nsid, map->range);
> +		ret = add_id_mapping(map->idtype, pid, map->nsid, map->hostid, map->range);
>  		if (ret)
>  			break;
>  	}
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index d350f01..59cedef 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -1049,13 +1049,13 @@ static int config_idmap(const char *key, const char *value, struct lxc_conf *lxc
>  
>  	lxc_list_add_tail(&lxc_conf->id_map, idmaplist);
>  
> -	ret = sscanf(value, "%c %d %d %d", &type, &hostid, &nsid, &range);
> +	ret = sscanf(value, "%c %d %d %d", &type, &nsid, &hostid, &range);
>  	if (ret != 4)
>  		goto out;
> -	INFO("read uid map: type %c hostid %d nsid %d range %d", type, hostid, nsid, range);
> -	if (type == 'U')
> +	INFO("read uid map: type %c nsid %d hostid %d range %d", type, nsid, hostid, range);
> +	if (type == 'u')
>  		idmap->idtype = ID_TYPE_UID;
> -	else if (type == 'G')
> +	else if (type == 'g')
>  		idmap->idtype = ID_TYPE_GID;
>  	else
>  		goto out;
> -- 
> 1.7.12.3
>

More information about the lxc-devel mailing list