[lxc-devel] [PATCH v2 2/3] lxccontainer.c: split up create_run_template() again
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Oct 9 18:19:05 UTC 2014
Quoting TAMUKI Shoichi (tamuki at linet.gr.jp):
> Split prepend_lxc_usernsexec() off from create_run_template() to allow
> common use of the function.
>
> Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> v2:
> - adjust to fit with the other patches.
> - correct misspelling in commit message.
>
> src/lxc/lxccontainer.c | 230 ++++++++++++++++++++++++++-----------------------
> 1 file changed, 121 insertions(+), 109 deletions(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 07ffc08..4df1a4b 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -878,6 +878,8 @@ static char *lxcbasename(char *path)
>
> /* Require that callers free the returned string. */
> static char *figureout_rootfs(struct lxc_conf *conf);
> +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> + int nargs, char **newargv);
>
> static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet,
> char *const argv[])
> @@ -964,115 +966,11 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
> exit(1);
> newargv[nargs - 1] = NULL;
>
> - /*
> - * If we're running the template in a mapped userns, then
> - * we prepend the template command with:
> - * lxc-usernsexec <-m map1> ... <-m mapn> --
> - * and we append "--mapped-uid x", where x is the mapped uid
> - * for our geteuid()
> - */
> - if (!lxc_list_empty(&conf->id_map)) {
> - int n2args = 1;
> - char txtuid[20];
> - char txtgid[20];
> - char **n2 = malloc(n2args * sizeof(*n2));
> - struct lxc_list *it;
> - struct id_map *map;
> -
> - if (!n2) {
> - SYSERROR("out of memory");
> - exit(1);
> - }
> - newargv[0] = tpath;
> - tpath = "lxc-usernsexec";
> - n2[0] = "lxc-usernsexec";
> - lxc_list_for_each(it, &conf->id_map) {
> - map = it->elem;
> - n2args += 2;
> - n2 = realloc(n2, n2args * sizeof(char *));
> - if (!n2)
> - exit(1);
> - n2[n2args-2] = "-m";
> - n2[n2args-1] = malloc(200);
> - if (!n2[n2args-1])
> - exit(1);
> - ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> - map->idtype == ID_TYPE_UID ? 'u' : 'g',
> - map->nsid, map->hostid, map->range);
> - if (ret < 0 || ret >= 200)
> - exit(1);
> - }
> - int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> - int extraargs = hostid_mapped >= 0 ? 1 : 3;
> - n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> - if (!n2)
> - exit(1);
> - if (hostid_mapped < 0) {
> - hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> - n2[n2args++] = "-m";
> - if (hostid_mapped < 0) {
> - ERROR("Could not find free uid to map");
> - exit(1);
> - }
> - n2[n2args++] = malloc(200);
> - if (!n2[n2args-1]) {
> - SYSERROR("out of memory");
> - exit(1);
> - }
> - ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> - hostid_mapped, geteuid());
> - if (ret < 0 || ret >= 200) {
> - ERROR("string too long");
> - exit(1);
> - }
> - }
> - int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> - extraargs = hostgid_mapped >= 0 ? 1 : 3;
> - n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> - if (!n2)
> - exit(1);
> - if (hostgid_mapped < 0) {
> - hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> - n2[n2args++] = "-m";
> - if (hostgid_mapped < 0) {
> - ERROR("Could not find free uid to map");
> - exit(1);
> - }
> - n2[n2args++] = malloc(200);
> - if (!n2[n2args-1]) {
> - SYSERROR("out of memory");
> - exit(1);
> - }
> - ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> - hostgid_mapped, getegid());
> - if (ret < 0 || ret >= 200) {
> - ERROR("string too long");
> - exit(1);
> - }
> - }
> - n2[n2args++] = "--";
> - for (i = 0; i < nargs; i++)
> - n2[i + n2args] = newargv[i];
> - n2args += nargs;
> - // Finally add "--mapped-uid $uid" to tell template what to chown
> - // cached images to
> - n2args += 4;
> - n2 = realloc(n2, n2args * sizeof(char *));
> - if (!n2) {
> - SYSERROR("out of memory");
> - exit(1);
> - }
> - // note n2[n2args-1] is NULL
> - n2[n2args-5] = "--mapped-uid";
> - snprintf(txtuid, 20, "%d", hostid_mapped);
> - n2[n2args-4] = txtuid;
> - n2[n2args-3] = "--mapped-gid";
> - snprintf(txtgid, 20, "%d", hostgid_mapped);
> - n2[n2args-2] = txtgid;
> - n2[n2args-1] = NULL;
> - free(newargv);
> - newargv = n2;
> - }
> + /* prepend the template command with lxc-usernsexec */
> + if (!lxc_list_empty(&conf->id_map))
> + newargv = prepend_lxc_usernsexec(&tpath, conf,
> + nargs, newargv);
> +
> /* execute */
> execvp(tpath, newargv);
> SYSERROR("failed to execute template %s", tpath);
> @@ -1141,6 +1039,120 @@ out:
> return rootfs;
> }
>
> +/*
> + * If we're running the template in a mapped userns, then
> + * we prepend the template command with:
> + * lxc-usernsexec <-m map1> ... <-m mapn> --
> + * and we append "--mapped-uid x", where x is the mapped uid
> + * for our geteuid()
> + */
> +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> + int nargs, char **newargv)
> +{
> + int n2args = 1;
> + char txtuid[20];
> + char txtgid[20];
> + int i, ret;
> + char **n2 = malloc(n2args * sizeof(*n2));
> + struct lxc_list *it;
> + struct id_map *map;
> +
> + if (!n2) {
> + SYSERROR("out of memory");
> + exit(1);
> + }
> + newargv[0] = *tpath;
> + *tpath = "lxc-usernsexec";
> + n2[0] = "lxc-usernsexec";
> + lxc_list_for_each(it, &conf->id_map) {
> + map = it->elem;
> + n2args += 2;
> + n2 = realloc(n2, n2args * sizeof(char *));
> + if (!n2)
> + exit(1);
> + n2[n2args-2] = "-m";
> + n2[n2args-1] = malloc(200);
> + if (!n2[n2args-1])
> + exit(1);
> + ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> + map->idtype == ID_TYPE_UID ? 'u' : 'g',
> + map->nsid, map->hostid, map->range);
> + if (ret < 0 || ret >= 200)
> + exit(1);
> + }
> + int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> + int extraargs = hostid_mapped >= 0 ? 1 : 3;
> + n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> + if (!n2)
> + exit(1);
> + if (hostid_mapped < 0) {
> + hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> + n2[n2args++] = "-m";
> + if (hostid_mapped < 0) {
> + ERROR("Could not find free uid to map");
> + exit(1);
> + }
> + n2[n2args++] = malloc(200);
> + if (!n2[n2args-1]) {
> + SYSERROR("out of memory");
> + exit(1);
> + }
> + ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> + hostid_mapped, geteuid());
> + if (ret < 0 || ret >= 200) {
> + ERROR("string too long");
> + exit(1);
> + }
> + }
> + int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> + extraargs = hostgid_mapped >= 0 ? 1 : 3;
> + n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> + if (!n2)
> + exit(1);
> + if (hostgid_mapped < 0) {
> + hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> + n2[n2args++] = "-m";
> + if (hostgid_mapped < 0) {
> + ERROR("Could not find free uid to map");
> + exit(1);
> + }
> + n2[n2args++] = malloc(200);
> + if (!n2[n2args-1]) {
> + SYSERROR("out of memory");
> + exit(1);
> + }
> + ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> + hostgid_mapped, getegid());
> + if (ret < 0 || ret >= 200) {
> + ERROR("string too long");
> + exit(1);
> + }
> + }
> + n2[n2args++] = "--";
> + for (i = 0; i < nargs; i++)
> + n2[i + n2args] = newargv[i];
> + n2args += nargs;
> + // Finally add "--mapped-uid $uid" to tell template what to chown
> + // cached images to
> + n2args += 4;
> + n2 = realloc(n2, n2args * sizeof(char *));
> + if (!n2) {
> + SYSERROR("out of memory");
> + exit(1);
> + }
> + // note n2[n2args-1] is NULL
> + n2[n2args-5] = "--mapped-uid";
> + snprintf(txtuid, 20, "%d", hostid_mapped);
> + n2[n2args-4] = txtuid;
> + n2[n2args-3] = "--mapped-gid";
> + snprintf(txtgid, 20, "%d", hostgid_mapped);
> + n2[n2args-2] = txtgid;
> + n2[n2args-1] = NULL;
> + free(newargv);
> + newargv = n2;
> + return newargv;
> +}
> +
> static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> {
> long flen;
> --
> 1.9.0
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list