[lxc-devel] [PATCH] lxc-plamo: change redirection of fd and improve option parsing

TAMUKI Shoichi tamuki at linet.gr.jp
Thu Feb 6 08:32:59 UTC 2014 

Hello,

From: St\'ephane Graber <stgraber at ubuntu.com>
Subject: Re: [lxc-devel] [PATCH] lxc-plamo: change redirection of fd and improve option parsing
Date: Wed, 5 Feb 2014 09:36:36 -0500

> > diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
> > index e9f681e..311067f 100644
> > --- a/templates/lxc-plamo.in
> > +++ b/templates/lxc-plamo.in
> > @@ -28,15 +28,6 @@
> >  # ref. https://github.com/Ponce/lxc-slackware/blob/master/lxc-slackware
> >  #      lxc-ubuntu script
> >  
> > -# Detect use under userns (unsupported)
> > -for arg in $*; do
> > -    if [ "$arg" == "--mapped-uid" ]; then
> > -        echo "This template can't be used for unprivileged containers." 1>&2
> > -        echo "You may want to try the \"download\" template instead." 1>&2
> > -        exit 1
> > -    fi
> > -done
> 
> Why do that change? Your change isn't technically wrong but makes plamo
> the only template to do mapped-uid/mapped-gid parsing in getopt without
> actually supporting it and the fact that it doesn't use the same code
> I've put in all other templates will make it harder to get a clear view
> of which templates support or don't support userns.

Currently, lxc-plamo and all other templates, except lxc-ubuntu-cloud
and lxc-download, do not have --mapped-uid option.  If --mapped-uid
option is specified, the original behavior is: the template fails with
error message "getopt: unrecognized option '--mapped-uid'".

Due to "[PATCH] templates: Refuse to run unprivileged", the templates
come to detect --mapped-uid and error out, recommending the use of the
download template.

Long options may be abbreviated, as long as the abbreviation is not
ambiguous.  If --mapped-uid option is available and there is no other
long option which begins with --m, getopt also parses the following
abbreviations as well as --mapped-uid option and the script will go on
processing.

--m
--ma
--map
--mapp
--mappe
--mapped
--mapped-
--mapped-u
--mapped-ui
--mapped-uid

Thus, I think "[PATCH] templates: Refuse to run unprivileged" should
detect not only --mapped-uid option but also the abbreviations above.

That is why I changed to do mapped-uid/mapped-gid parsing in getopt.

However, in most cases, people may prefer the complete notation (i.e.,
--mapped-uid), so leaving the other abbreviations alone is good idea.

Ok, I will post the revised patch.

Regards,
TAMUKI Shoichi

More information about the lxc-devel mailing list