[lxc-devel] [lxc/lxc] 99b718: start: Fix print_top_failing_dir for /var/lib/lxc

GitHub noreply at github.com
Thu Feb 27 22:47:36 UTC 2014 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 99b71824347e3681edec0b5af46dd91e849eae94
      https://github.com/lxc/lxc/commit/99b71824347e3681edec0b5af46dd91e849eae94
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M src/lxc/start.c

  Log Message:
  -----------
  start: Fix print_top_failing_dir for /var/lib/lxc

In the case where /var/lib/lxc itself was not accessible,
print_top_failing_dir would fail to print the error message.

This fixes it and also change the initial access check for X_OK instead
of R_OK (to match what we actually need and print_top_failing_dir's own
check).

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>


  Commit: 0e6e3a41089c86447fef18e54c2796b312a57a94
      https://github.com/lxc/lxc/commit/0e6e3a41089c86447fef18e54c2796b312a57a94
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/lxc_usernsexec.c
    M src/lxc/lxccontainer.c
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  Fix unprivileged containers started by root

This change makes it possible to create unprivileged containers as root.
They will be stored in the usual system wide location, use the usual
system wide cache but will be running using a uid/gid map.

This also updates lxc_usernsexec to use the same function as the rest of
LXC, centralizing all the userns switch in a single function.

That function now detects the presence of newuidmap and newgidmap on the
system, if they are present, they will be used for containers created as
either user or root. If they're not and the user isn't root, an error is
shown. If they're not and the user is root, LXC will directly set the
uid_map and gid_map values.

All that should allow for a consistent experience as well as supporting
distributions that don't yet ship newuidmap/newgidmap.

To make things simpler in the future, an helper function "on_path" is
also introduced and used to detect the presence of newuidmap and
newgidmap.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/fda03e44e6db...0e6e3a41089c

More information about the lxc-devel mailing list