[lxc-devel] [lxc/lxc] ef325b: start: Fix print_top_failing_dir for /var/lib/lxc
GitHub
noreply at github.com
Thu Feb 27 22:48:07 UTC 2014
Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: ef325ba000929611384ccb5b896923b99b080da1
https://github.com/lxc/lxc/commit/ef325ba000929611384ccb5b896923b99b080da1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-02-27 (Thu, 27 Feb 2014)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: Fix print_top_failing_dir for /var/lib/lxc
In the case where /var/lib/lxc itself was not accessible,
print_top_failing_dir would fail to print the error message.
This fixes it and also change the initial access check for X_OK instead
of R_OK (to match what we actually need and print_top_failing_dir's own
check).
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 993625a03ab97891b5edabb00c69d06248b8bbca
https://github.com/lxc/lxc/commit/993625a03ab97891b5edabb00c69d06248b8bbca
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2014-02-27 (Thu, 27 Feb 2014)
Changed paths:
M src/lxc/conf.c
M src/lxc/lxc_usernsexec.c
M src/lxc/lxccontainer.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
Fix unprivileged containers started by root
This change makes it possible to create unprivileged containers as root.
They will be stored in the usual system wide location, use the usual
system wide cache but will be running using a uid/gid map.
This also updates lxc_usernsexec to use the same function as the rest of
LXC, centralizing all the userns switch in a single function.
That function now detects the presence of newuidmap and newgidmap on the
system, if they are present, they will be used for containers created as
either user or root. If they're not and the user isn't root, an error is
shown. If they're not and the user is root, LXC will directly set the
uid_map and gid_map values.
All that should allow for a consistent experience as well as supporting
distributions that don't yet ship newuidmap/newgidmap.
To make things simpler in the future, an helper function "on_path" is
also introduced and used to detect the presence of newuidmap and
newgidmap.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/969b7d7e874e...993625a03ab9
More information about the lxc-devel
mailing list