[lxc-devel] [PATCH] attach: get personality through get_config command
Stéphane Graber
stgraber at ubuntu.com
Sun May 25 14:40:09 UTC 2014
On Thu, May 22, 2014 at 04:53:40PM -0500, Serge Hallyn wrote:
> Newer kernels optionally disallow reading /proc/$$/personality by
> non-root users. We can get the personality through the lxc command
> interface, so do so.
>
> Also try to be more consistent about personality being a signed long.
> We had it as int, unsigned long, signed long throughout the code.
>
> (This addresses bug
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1322067 :
> 3.15.0-1.x breaks lxc-attach for unprivileged containers)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/attach.c | 39 ++++++++++++++++++++++-----------------
> src/lxc/attach.h | 2 +-
> src/lxc/conf.h | 2 +-
> 3 files changed, 24 insertions(+), 19 deletions(-)
>
> diff --git a/src/lxc/attach.c b/src/lxc/attach.c
> index 842a509..3bab957 100644
> --- a/src/lxc/attach.c
> +++ b/src/lxc/attach.c
> @@ -55,6 +55,7 @@
> #include "lxcseccomp.h"
> #include <lxc/lxccontainer.h>
> #include "lsm/lsm.h"
> +#include "confile.h"
>
> #if HAVE_SYS_PERSONALITY_H
> #include <sys/personality.h>
> @@ -116,23 +117,6 @@ static struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
> goto out_error;
> }
>
> - /* read personality */
> - snprintf(proc_fn, MAXPATHLEN, "/proc/%d/personality", pid);
> -
> - proc_file = fopen(proc_fn, "r");
> - if (!proc_file) {
> - SYSERROR("Could not open %s", proc_fn);
> - goto out_error;
> - }
> -
> - ret = fscanf(proc_file, "%lx", &info->personality);
> - fclose(proc_file);
> -
> - if (ret == EOF || ret == 0) {
> - SYSERROR("Could not read personality from %s", proc_fn);
> - errno = ENOENT;
> - goto out_error;
> - }
> info->lsm_label = lsm_process_label_get(pid);
>
> return info;
> @@ -635,6 +619,18 @@ static bool fetch_seccomp(const char *name, const char *lxcpath,
> return true;
> }
>
> +static signed long get_personality(const char *name, const char *lxcpath)
> +{
> + char *p = lxc_cmd_get_config_item(name, "lxc.personality", lxcpath);
> + signed long ret;
> +
> + if (!p)
> + return -1;
> + ret = lxc_config_parse_arch(p);
> + free(p);
> + return ret;
> +}
> +
> int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_function, void* exec_payload, lxc_attach_options_t* options, pid_t* attached_process)
> {
> int ret, status;
> @@ -643,6 +639,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
> char* cwd;
> char* new_cwd;
> int ipc_sockets[2];
> + signed long personality;
>
> if (!options)
> options = &attach_static_default_options;
> @@ -659,6 +656,14 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
> return -1;
> }
>
> + personality = get_personality(name, lxcpath);
> + if (init_ctx->personality < 0) {
> + ERROR("Failed to get personality of the container");
> + lxc_proc_put_context_info(init_ctx);
> + return -1;
> + }
> + init_ctx->personality = personality;
> +
> if (!fetch_seccomp(name, lxcpath, init_ctx, options))
> WARN("Failed to get seccomp policy");
>
> diff --git a/src/lxc/attach.h b/src/lxc/attach.h
> index 0fa0477..39fcab7 100644
> --- a/src/lxc/attach.h
> +++ b/src/lxc/attach.h
> @@ -32,7 +32,7 @@ struct lxc_conf;
> struct lxc_proc_context_info {
> char *lsm_label;
> struct lxc_container *container;
> - unsigned long personality;
> + signed long personality;
> unsigned long long capability_mask;
> };
>
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 74d90e3..8247124 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -288,7 +288,7 @@ struct lxc_conf {
> int pts;
> int reboot;
> int need_utmp_watch;
> - int personality;
> + signed long personality;
> struct utsname *utsname;
> struct lxc_list cgroup;
> struct lxc_list id_map;
> --
> 2.0.0.rc0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140525/4466638d/attachment.sig>
More information about the lxc-devel
mailing list