[lxc-devel] [PATCH] lxc-plamo: change redirection of fd and improve option parsing

Stéphane Graber stgraber at ubuntu.com
Wed Feb 5 14:36:36 UTC 2014


On Wed, Feb 05, 2014 at 05:31:01PM +0900, TAMUKI Shoichi wrote:
> 
> Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
> ---
>  templates/lxc-plamo.in | 71 +++++++++++++++++++++++++++++++-------------------
>  1 file changed, 44 insertions(+), 27 deletions(-)
> 
> diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
> index e9f681e..311067f 100644
> --- a/templates/lxc-plamo.in
> +++ b/templates/lxc-plamo.in
> @@ -28,15 +28,6 @@
>  # ref. https://github.com/Ponce/lxc-slackware/blob/master/lxc-slackware
>  #      lxc-ubuntu script
>  
> -# Detect use under userns (unsupported)
> -for arg in $*; do
> -    if [ "$arg" == "--mapped-uid" ]; then
> -        echo "This template can't be used for unprivileged containers." 1>&2
> -        echo "You may want to try the \"download\" template instead." 1>&2
> -        exit 1
> -    fi
> -done

Why do that change? Your change isn't technically wrong but makes plamo
the only template to do mapped-uid/mapped-gid parsing in getopt without
actually supporting it and the fact that it doesn't use the same code
I've put in all other templates will make it harder to get a clear view
of which templates support or don't support userns.

> -
>  [ -r /etc/default/lxc ] && . /etc/default/lxc
>  
>  DLSCHEME=${DLSCHEME:-"http"}
> @@ -108,7 +99,7 @@ copy_plamo() {
>  install_plamo() {
>    mkdir -p @LOCALSTATEDIR@/lock/subsys
>    (
> -    if ! flock -n 200 ; then
> +    if ! flock -n 9 ; then
>        echo "Cache repository is busy."
>        return 1
>      fi
> @@ -139,7 +130,7 @@ install_plamo() {
>        return 1
>      fi
>      return 0
> -  ) 200> @LOCALSTATEDIR@/lock/subsys/lxc-plamo
> +  ) 9> @LOCALSTATEDIR@/lock/subsys/lxc-plamo
>  }
>  
>  configure_plamo() {
> @@ -281,7 +272,7 @@ cleanup() {
>    [ -d $dlcache -a -d $rtcache ] || return 0
>    # lock, so we won't purge while someone is creating a repository
>    (
> -    if ! flock -n 200 ; then
> +    if ! flock -n 9 ; then
>        echo "Cache repository is busy."
>        return 1
>      fi
> @@ -289,17 +280,17 @@ cleanup() {
>      rm -rf --one-file-system $dlcache $rtcache || return 1
>      echo "Done."
>      return 0
> -  ) 200> @LOCALSTATEDIR@/lock/subsys/lxc-plamo
> +  ) 9> @LOCALSTATEDIR@/lock/subsys/lxc-plamo
>  }
>  
>  usage() {
>    cat <<- EOF
>  	$prog [-h|--help] -p|--path=<path> -n|--name=<name> --rootfs=<rootfs>
> -	          [--clean] [-r|--release=<release>] [-b|--bindhome=<user>]
> -	          [-a|--arch=<arch>]
> +	          [--clean] [-r|--release=<release>] [-a|--arch=<arch>]
> +	          [-b|--bindhome=<user>]
>  	release: $release
> -	bindhome: bind <user>'s home into the container
>  	arch: x86 or x86_64: defaults to host arch
> +	bindhome: bind <user>'s home into the container
>  	EOF
>  }
>  
> @@ -307,10 +298,12 @@ prog=`basename $0`
>  path="" ; name="" ; rootfs=""
>  clean=0
>  release=${release:-5.x}
> -bindhome=""
>  arch=`uname -m | sed 's/i.86/x86/'` ; hostarch=$arch
> -sopts=hp:n:cr:b:a:
> -lopts=help,path:,name:,rootfs:,clean,release:,bindhome:,arch:
> +mapped_uid=-1 ; mapped_gid=-1
> +bindhome=""
> +sopts=hp:n:cr:a:b:
> +lopts=help,path:,name:,rootfs:,clean,release:,arch:,mapped-uid:,mapped-gid:
> +lopts=$lopts,bindhome:
>  if ! options=`getopt -o $sopts -l $lopts -- "$@"` ; then
>    usage
>    exit 1
> @@ -318,14 +311,26 @@ fi
>  eval set -- "$options"
>  while true ; do
>    case "$1" in
> -  -h|--help) usage && exit 0 ;;
> -  -p|--path) path=$2 ; shift 2 ;;
> -  -n|--name) name=$2 ; shift 2 ;;
> -  --rootfs) rootfs=$2 ; shift 2 ;;
> -  -c|--clean) clean=1 ; shift 1 ;;
> -  -r|--release) release=$2 ; shift 2 ;;
> -  -b|--bindhome) bindhome=$2 ; shift 2 ;;
> -  -a|--arch) arch=$2 ; shift 2 ;;
> +  # --help
> +  -h|--h*) usage && exit 0 ;;
> +  # --path
> +  -p|--p*) path=$2 ; shift 2 ;;
> +  # --name
> +  -n|--n*) name=$2 ; shift 2 ;;
> +  # --rootfs
> +  --ro*) rootfs=$2 ; shift 2 ;;
> +  # --clean
> +  -c|--c*) clean=1 ; shift 1 ;;
> +  # --release
> +  -r|--re*) release=$2 ; shift 2 ;;
> +  # --arch
> +  -a|--a*) arch=$2 ; shift 2 ;;
> +  # --mapped-uid
> +  --mapped-u*) mapped_uid=$2 ; shift 2 ;;
> +  # --mapped-gid
> +  --mapped-g*) mapped_gid=$2 ; shift 2 ;;
> +  # --bindhome
> +  -b|--b*) bindhome=$2 ; shift 2 ;;
>    --) shift 1 ; break ;;
>    *) break ;;
>    esac
> @@ -346,6 +351,18 @@ if [ -z "$name" ] ; then
>    echo "'name' parameter is required."
>    exit 1
>  fi
> +# detect use under userns (unsupported)
> +if [ $mapped_uid -ne -1 ] ; then
> +  echo "This template can't be used for unprivileged containers."
> +  echo "You may want to try the 'download' template instead."
> +  exit 1
> +fi
> +# detect use under userns (unsupported)
> +if [ $mapped_gid -ne -1 ] ; then
> +  echo "This template can't be used for unprivileged containers."
> +  echo "You may want to try the 'download' template instead."
> +  exit 1
> +fi
>  if [ `id -u` -ne 0 ] ; then
>    echo "This script should be run as 'root'."
>    exit 1
> -- 
> 1.8.4.4
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140205/f4c93000/attachment.pgp>


More information about the lxc-devel mailing list