[lxc-devel] problem with user namespace as root
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Feb 12 17:42:26 UTC 2014
Quoting Stephan Sachse (ste.sachse at gmail.com):
> ok, maybe like this. but i need the in_userns()... how can i detect if
> i run in a userns?
Looks good. The easiest way actually might be to just try the mknod,
and if you get EPERM||EACCESS then try create+bind-mount.
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 81dcb42..a056935 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1396,6 +1396,7 @@ static int setup_autodev(const char *root)
> {
> int ret;
> char path[MAXPATHLEN];
> + char src[MAXPATHLEN];
> int i;
> mode_t cmask;
>
> @@ -1414,10 +1415,27 @@ static int setup_autodev(const char *root)
> ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name);
> if (ret < 0 || ret >= MAXPATHLEN)
> return -1;
> - ret = mknod(path, d->mode, makedev(d->maj, d->min));
> - if (ret && errno != EEXIST) {
> - SYSERROR("Error creating %s\n", d->name);
> - return -1;
> + if (in_userns()) {
> + ret = creat(path, 0440);
> + if (ret==-1 && errno != EEXIST) {
> + SYSERROR("error creating %s\n", path);
> + return -1;
> + }
> +
> + ret = snprintf(src, MAXPATHLEN, "/dev/%s" d->name);
> + if (ret < 0 || ret >= MAXPATHLEN)
> + return -1;
> +
> + if (mount(src, path, "none", MS_BIND, NULL)) {
> + SYSERROR("failed to mount '%s'->'%s'",
> src, path);
> + return -1
> + }
> + } else {
> + ret = mknod(path, d->mode, makedev(d->maj, d->min));
> + if (ret && errno != EEXIST) {
> + SYSERROR("Error creating %s\n", d->name);
> + return -1;
> + }
> }
> }
> umask(cmask);
>
> --
> Software is like sex, it's better when it's free!
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list