[lxc-devel] [PATCH 1/1] idmap_add_id: fix broken behavior

Stéphane Graber stgraber at ubuntu.com
Fri Jan 24 16:43:46 UTC 2014 

On Thu, Jan 23, 2014 at 10:23:24PM -0600, Serge Hallyn wrote:
> The geteuid() addition is being made the first element of the lxc_list,
> but the first element is just a head whose entry is ignored.  Therefore
> userns_exec_1() was starting its tasks without the caller's uid mapped
> into the namespace.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/conf.c | 52 +++++++++++++++++++++++++---------------------------
>  1 file changed, 25 insertions(+), 27 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index d2942cb..30d0d6b 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2170,9 +2170,9 @@ static int setup_caps(struct lxc_list *caps)
>  		DEBUG("drop capability '%s' (%d)", drop_entry, capid);
>  
>  		if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
> -                       SYSERROR("failed to remove %s capability", drop_entry);
> -                       return -1;
> -                }
> +			SYSERROR("failed to remove %s capability", drop_entry);
> +			return -1;
> +		}
>  
>  	}
>  
> @@ -2240,9 +2240,9 @@ static int dropcaps_except(struct lxc_list *caps)
>  		if (caplist[i])
>  			continue;
>  		if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0)) {
> -                       SYSERROR("failed to remove capability %d", i);
> -                       return -1;
> -                }
> +			SYSERROR("failed to remove capability %d", i);
> +			return -1;
> +		}
>  	}
>  
>  	DEBUG("capabilities have been setup");
> @@ -3135,7 +3135,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
>   * Return true if id was found, false otherwise.
>   */
>  bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
> -                        unsigned long *val)
> +			unsigned long *val)
>  {
>  	struct lxc_list *it;
>  	struct id_map *map;
> @@ -3266,7 +3266,7 @@ int lxc_create_tty(const char *name, struct lxc_conf *conf)
>  		DEBUG("allocated pty '%s' (%d/%d)",
>  		      pty_info->name, pty_info->master, pty_info->slave);
>  
> -                /* Prevent leaking the file descriptors to the container */
> +		/* Prevent leaking the file descriptors to the container */
>  		fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
>  		fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
>  
> @@ -3969,29 +3969,31 @@ static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid)
>  	struct lxc_list *new = NULL, *tmp, *it, *next;
>  	struct id_map *entry;
>  
> +	new = malloc(sizeof(*new)); 
> +	if (!new) { 
> +		ERROR("Out of memory building id map"); 
> +		return NULL; 
> +	} 
> +	lxc_list_init(new); 
> +
>  	if (hostid_mapped < 0) {
>  		hostid_mapped = find_unmapped_nsuid(conf);
> -		if (hostid_mapped < 0) {
> -			ERROR("Could not find free uid to map");
> -			return NULL;
> -		}
> -		new = malloc(sizeof(*new));
> -		if (!new) {
> -			ERROR("Out of memory building id map");
> -			return NULL;
> -		}
> +		if (hostid_mapped < 0)
> +			goto err;
> +		tmp = malloc(sizeof(*tmp));
> +		if (!tmp)
> +			goto err;
>  		entry = malloc(sizeof(*entry));
>  		if (!entry) {
> -			free(new);
> -			ERROR("Out of memory building idmap entry");
> -			return NULL;
> +			free(tmp);
> +			goto err;
>  		}
> -		new->elem = entry;
> +		tmp->elem = entry;
>  		entry->idtype = ID_TYPE_UID;
>  		entry->nsid = hostid_mapped;
>  		entry->hostid = (unsigned long)uid;
>  		entry->range = 1;
> -		lxc_list_init(new);
> +		lxc_list_add_tail(new, tmp);
>  	}
>  	lxc_list_for_each_safe(it, &conf->id_map, next) {
>  		tmp = malloc(sizeof(*tmp));
> @@ -4005,11 +4007,7 @@ static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid)
>  		memset(entry, 0, sizeof(*entry));
>  		memcpy(entry, it->elem, sizeof(*entry));
>  		tmp->elem = entry;
> -		if (!new) {
> -			new = tmp;
> -			lxc_list_init(new);
> -		} else
> -			lxc_list_add_tail(new, tmp);
> +		lxc_list_add_tail(new, tmp);
>  	}
>  
>  	return new;
> -- 
> 1.8.5.3
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140124/2f17638f/attachment.pgp>

More information about the lxc-devel mailing list