[lxc-devel] [PATCH] Invoke lxc_map_ids only when id_map is not empty

Serge Hallyn serge.hallyn at ubuntu.com
Wed Mar 13 15:15:28 UTC 2013 

Quoting Alexander Vladimirov (alexander.idkfa.vladimirov at gmail.com):
> With recent commits this code path prevents containers from starting
> on vanilla kernels, because there's no /proc/<pid>/{u,g}id_map support
> there.
> If it was intended to make user namespaces support mandatory, then
> disregard that patch please.

Absolutely not the intent.  But lxc_map_ids() is meant to not try to
write the map if there are no mappings - so the caller shouldn't ahve
to.

I see the bug now that you point it out :)  I'll fix it in the
mapping fn itself, and also make it only allocate the buf if
necessary - thanks!

> 2013/3/13 Serge Hallyn <serge.hallyn at ubuntu.com>:
> > Quoting Alexander Vladimirov (alexander.idkfa.vladimirov at gmail.com):
> >>
> >> Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
> >
> > Nothing wrong with this, but why do you want this?  It will save you
> > a 4096k allocation (which we could optimize away so it only happens
> > if needed), and one function call, but that is all...  Is there more
> > that I'm missing?
> >
> > (In general I do prefer to keep the caller shorter and easier to read
> > if we can)
> >
> >> ---
> >>  src/lxc/start.c | 8 +++++---
> >>  1 file changed, 5 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/src/lxc/start.c b/src/lxc/start.c
> >> index 3fdfa04..05646c2 100644
> >> --- a/src/lxc/start.c
> >> +++ b/src/lxc/start.c
> >> @@ -823,9 +823,11 @@ int lxc_spawn(struct lxc_handler *handler)
> >>        * call doesn't change anything immediately, but allows the
> >>        * container to setuid(0) (0 being mapped to something else on
> >>        * the host) later to become a valid uid again */
> >> -     if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
> >> -             ERROR("failed to set up id mapping");
> >> -             goto out_delete_net;
> >> +     if (!lxc_list_empty(&handler->conf->id_map)) {
> >> +             if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
> >> +                     ERROR("failed to set up id mapping");
> >> +                     goto out_delete_net;
> >> +             }
> >>       }
> >>
> >>       /* Tell the child to continue its initialization.  we'll get
> >> --
> >> 1.8.1.5
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> Everyone hates slow websites. So do we.
> >> Make your web apps faster with AppDynamics
> >> Download AppDynamics Lite for free today:
> >> http://p.sf.net/sfu/appdyn_d2d_mar
> >> _______________________________________________
> >> Lxc-devel mailing list
> >> Lxc-devel at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/lxc-devel

More information about the lxc-devel mailing list