[lxc-devel] [PATCH 1/1] chown_mapped_root: fix assumption that calling uid == guid

Stéphane Graber stgraber at ubuntu.com
Fri Nov 29 04:57:54 UTC 2013 

On Thu, Nov 28, 2013 at 10:53:13PM -0600, Serge Hallyn wrote:
> Because if they are not, then we'll fail trying to map that
> gid into the container.
> 
> The function doesn't change any gids, but lxc-usernsexec always does
> setgid(0), so just map getgid() to 0 in the container.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/conf.c | 21 ++++++++++++++-------
>  1 file changed, 14 insertions(+), 7 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 534e6e6..290a7bb 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -3331,19 +3331,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf)
>  	}
>  	if (!pid) {
>  		int hostuid = geteuid(), ret;
> -		char map1[100], map2[100];
> -		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", "chown",
> -				 "0", path, NULL};
> +		char map1[100], map2[100], map3[100];
> +		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m",
> +				 map3, "--", "chown", "0", path, NULL};
>  
> -		// "b:0:rootid:1"
> -		ret = snprintf(map1, 100, "b:0:%d:1", rootid);
> +		// "u:0:rootid:1"
> +		ret = snprintf(map1, 100, "u:0:%d:1", rootid);
>  		if (ret < 0 || ret >= 100) {
>  			ERROR("Error uid printing map string");
>  			return -1;
>  		}
>  
> -		// "b:hostuid:hostuid:1"
> -		ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid);
> +		// "u:hostuid:hostuid:1"
> +		ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid);
> +		if (ret < 0 || ret >= 100) {
> +			ERROR("Error uid printing map string");
> +			return -1;
> +		}
> +
> +		// "g:0:hostgid:1"
> +		ret = snprintf(map3, 100, "g:0:%d:1", getgid());
>  		if (ret < 0 || ret >= 100) {
>  			ERROR("Error uid printing map string");
>  			return -1;
> -- 
> 1.8.3.2
> 
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131128/78e0a83c/attachment.pgp>

More information about the lxc-devel mailing list