[lxc-devel] [PATCH] lxc-download: Detect unpriv created by real root
Stéphane Graber
stgraber at ubuntu.com
Wed Feb 26 19:16:47 UTC 2014
This adds yet another case in the in_userns function detecting the case
where an unprivileged container is created by the real uid 0, in which
case we want to share the system wide cache but still use the
unprivileged templates and unpack method.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
templates/lxc-download.in | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 53b06e7..732bd97 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -142,8 +142,11 @@ gpg_validate() {
in_userns() {
[ -e /proc/self/uid_map ] || { echo no; return; }
- line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
- [ "$line" = "0 0 4294967295" ] && { echo no; return; }
+ awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map | while read line; do
+ [ "$line" = "0 0 4294967295" ] && { echo no; return; }
+ echo $line | grep -q " 0 1$" && { echo userns-root; return; }
+ done
+
[ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
{ echo userns-root; return; }
echo yes
--
1.9.0
More information about the lxc-devel
mailing list