[lxc-devel] [PATCH v2 2/3] lxccontainer.c: split up create_run_template() again
TAMUKI Shoichi
tamuki at linet.gr.jp
Thu Oct 9 06:53:23 UTC 2014
Split prepend_lxc_usernsexec() off from create_run_template() to allow
common use of the function.
Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
---
v2:
- adjust to fit with the other patches.
- correct misspelling in commit message.
src/lxc/lxccontainer.c | 230 ++++++++++++++++++++++++++-----------------------
1 file changed, 121 insertions(+), 109 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 07ffc08..4df1a4b 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -878,6 +878,8 @@ static char *lxcbasename(char *path)
/* Require that callers free the returned string. */
static char *figureout_rootfs(struct lxc_conf *conf);
+static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
+ int nargs, char **newargv);
static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet,
char *const argv[])
@@ -964,115 +966,11 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
exit(1);
newargv[nargs - 1] = NULL;
- /*
- * If we're running the template in a mapped userns, then
- * we prepend the template command with:
- * lxc-usernsexec <-m map1> ... <-m mapn> --
- * and we append "--mapped-uid x", where x is the mapped uid
- * for our geteuid()
- */
- if (!lxc_list_empty(&conf->id_map)) {
- int n2args = 1;
- char txtuid[20];
- char txtgid[20];
- char **n2 = malloc(n2args * sizeof(*n2));
- struct lxc_list *it;
- struct id_map *map;
-
- if (!n2) {
- SYSERROR("out of memory");
- exit(1);
- }
- newargv[0] = tpath;
- tpath = "lxc-usernsexec";
- n2[0] = "lxc-usernsexec";
- lxc_list_for_each(it, &conf->id_map) {
- map = it->elem;
- n2args += 2;
- n2 = realloc(n2, n2args * sizeof(char *));
- if (!n2)
- exit(1);
- n2[n2args-2] = "-m";
- n2[n2args-1] = malloc(200);
- if (!n2[n2args-1])
- exit(1);
- ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
- map->idtype == ID_TYPE_UID ? 'u' : 'g',
- map->nsid, map->hostid, map->range);
- if (ret < 0 || ret >= 200)
- exit(1);
- }
- int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
- int extraargs = hostid_mapped >= 0 ? 1 : 3;
- n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
- if (!n2)
- exit(1);
- if (hostid_mapped < 0) {
- hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
- n2[n2args++] = "-m";
- if (hostid_mapped < 0) {
- ERROR("Could not find free uid to map");
- exit(1);
- }
- n2[n2args++] = malloc(200);
- if (!n2[n2args-1]) {
- SYSERROR("out of memory");
- exit(1);
- }
- ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
- hostid_mapped, geteuid());
- if (ret < 0 || ret >= 200) {
- ERROR("string too long");
- exit(1);
- }
- }
- int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
- extraargs = hostgid_mapped >= 0 ? 1 : 3;
- n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
- if (!n2)
- exit(1);
- if (hostgid_mapped < 0) {
- hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
- n2[n2args++] = "-m";
- if (hostgid_mapped < 0) {
- ERROR("Could not find free uid to map");
- exit(1);
- }
- n2[n2args++] = malloc(200);
- if (!n2[n2args-1]) {
- SYSERROR("out of memory");
- exit(1);
- }
- ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
- hostgid_mapped, getegid());
- if (ret < 0 || ret >= 200) {
- ERROR("string too long");
- exit(1);
- }
- }
- n2[n2args++] = "--";
- for (i = 0; i < nargs; i++)
- n2[i + n2args] = newargv[i];
- n2args += nargs;
- // Finally add "--mapped-uid $uid" to tell template what to chown
- // cached images to
- n2args += 4;
- n2 = realloc(n2, n2args * sizeof(char *));
- if (!n2) {
- SYSERROR("out of memory");
- exit(1);
- }
- // note n2[n2args-1] is NULL
- n2[n2args-5] = "--mapped-uid";
- snprintf(txtuid, 20, "%d", hostid_mapped);
- n2[n2args-4] = txtuid;
- n2[n2args-3] = "--mapped-gid";
- snprintf(txtgid, 20, "%d", hostgid_mapped);
- n2[n2args-2] = txtgid;
- n2[n2args-1] = NULL;
- free(newargv);
- newargv = n2;
- }
+ /* prepend the template command with lxc-usernsexec */
+ if (!lxc_list_empty(&conf->id_map))
+ newargv = prepend_lxc_usernsexec(&tpath, conf,
+ nargs, newargv);
+
/* execute */
execvp(tpath, newargv);
SYSERROR("failed to execute template %s", tpath);
@@ -1141,6 +1039,120 @@ out:
return rootfs;
}
+/*
+ * If we're running the template in a mapped userns, then
+ * we prepend the template command with:
+ * lxc-usernsexec <-m map1> ... <-m mapn> --
+ * and we append "--mapped-uid x", where x is the mapped uid
+ * for our geteuid()
+ */
+static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
+ int nargs, char **newargv)
+{
+ int n2args = 1;
+ char txtuid[20];
+ char txtgid[20];
+ int i, ret;
+ char **n2 = malloc(n2args * sizeof(*n2));
+ struct lxc_list *it;
+ struct id_map *map;
+
+ if (!n2) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ newargv[0] = *tpath;
+ *tpath = "lxc-usernsexec";
+ n2[0] = "lxc-usernsexec";
+ lxc_list_for_each(it, &conf->id_map) {
+ map = it->elem;
+ n2args += 2;
+ n2 = realloc(n2, n2args * sizeof(char *));
+ if (!n2)
+ exit(1);
+ n2[n2args-2] = "-m";
+ n2[n2args-1] = malloc(200);
+ if (!n2[n2args-1])
+ exit(1);
+ ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
+ map->idtype == ID_TYPE_UID ? 'u' : 'g',
+ map->nsid, map->hostid, map->range);
+ if (ret < 0 || ret >= 200)
+ exit(1);
+ }
+ int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
+ int extraargs = hostid_mapped >= 0 ? 1 : 3;
+ n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
+ if (!n2)
+ exit(1);
+ if (hostid_mapped < 0) {
+ hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
+ n2[n2args++] = "-m";
+ if (hostid_mapped < 0) {
+ ERROR("Could not find free uid to map");
+ exit(1);
+ }
+ n2[n2args++] = malloc(200);
+ if (!n2[n2args-1]) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
+ hostid_mapped, geteuid());
+ if (ret < 0 || ret >= 200) {
+ ERROR("string too long");
+ exit(1);
+ }
+ }
+ int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
+ extraargs = hostgid_mapped >= 0 ? 1 : 3;
+ n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
+ if (!n2)
+ exit(1);
+ if (hostgid_mapped < 0) {
+ hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
+ n2[n2args++] = "-m";
+ if (hostgid_mapped < 0) {
+ ERROR("Could not find free uid to map");
+ exit(1);
+ }
+ n2[n2args++] = malloc(200);
+ if (!n2[n2args-1]) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
+ hostgid_mapped, getegid());
+ if (ret < 0 || ret >= 200) {
+ ERROR("string too long");
+ exit(1);
+ }
+ }
+ n2[n2args++] = "--";
+ for (i = 0; i < nargs; i++)
+ n2[i + n2args] = newargv[i];
+ n2args += nargs;
+ // Finally add "--mapped-uid $uid" to tell template what to chown
+ // cached images to
+ n2args += 4;
+ n2 = realloc(n2, n2args * sizeof(char *));
+ if (!n2) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ // note n2[n2args-1] is NULL
+ n2[n2args-5] = "--mapped-uid";
+ snprintf(txtuid, 20, "%d", hostid_mapped);
+ n2[n2args-4] = txtuid;
+ n2[n2args-3] = "--mapped-gid";
+ snprintf(txtgid, 20, "%d", hostgid_mapped);
+ n2[n2args-2] = txtgid;
+ n2[n2args-1] = NULL;
+ free(newargv);
+ newargv = n2;
+ return newargv;
+}
+
static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
{
long flen;
--
1.9.0
More information about the lxc-devel
mailing list