[lxc-devel] [PATCH v2 2/3] lxccontainer.c: split up create_run_template() again

Serge Hallyn serge.hallyn at ubuntu.com
Thu Oct 9 18:19:05 UTC 2014


Quoting TAMUKI Shoichi (tamuki at linet.gr.jp):
> Split prepend_lxc_usernsexec() off from create_run_template() to allow
> common use of the function.
> 
> Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
> v2:
>   - adjust to fit with the other patches.
>   - correct misspelling in commit message.
> 
>  src/lxc/lxccontainer.c | 230 ++++++++++++++++++++++++++-----------------------
>  1 file changed, 121 insertions(+), 109 deletions(-)
> 
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 07ffc08..4df1a4b 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -878,6 +878,8 @@ static char *lxcbasename(char *path)
>  
>  /* Require that callers free the returned string. */
>  static char *figureout_rootfs(struct lxc_conf *conf);
> +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> +		int nargs, char **newargv);
>  
>  static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet,
>  				char *const argv[])
> @@ -964,115 +966,11 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
>  			exit(1);
>  		newargv[nargs - 1] = NULL;
>  
> -		/*
> -		 * If we're running the template in a mapped userns, then
> -		 * we prepend the template command with:
> -		 * lxc-usernsexec <-m map1> ... <-m mapn> --
> -		 * and we append "--mapped-uid x", where x is the mapped uid
> -		 * for our geteuid()
> -		 */
> -		if (!lxc_list_empty(&conf->id_map)) {
> -			int n2args = 1;
> -			char txtuid[20];
> -			char txtgid[20];
> -			char **n2 = malloc(n2args * sizeof(*n2));
> -			struct lxc_list *it;
> -			struct id_map *map;
> -
> -			if (!n2) {
> -				SYSERROR("out of memory");
> -				exit(1);
> -			}
> -			newargv[0] = tpath;
> -			tpath = "lxc-usernsexec";
> -			n2[0] = "lxc-usernsexec";
> -			lxc_list_for_each(it, &conf->id_map) {
> -				map = it->elem;
> -				n2args += 2;
> -				n2 = realloc(n2, n2args * sizeof(char *));
> -				if (!n2)
> -					exit(1);
> -				n2[n2args-2] = "-m";
> -				n2[n2args-1] = malloc(200);
> -				if (!n2[n2args-1])
> -					exit(1);
> -				ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> -					map->idtype == ID_TYPE_UID ? 'u' : 'g',
> -					map->nsid, map->hostid, map->range);
> -				if (ret < 0 || ret >= 200)
> -					exit(1);
> -			}
> -			int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> -			int extraargs = hostid_mapped >= 0 ? 1 : 3;
> -			n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> -			if (!n2)
> -				exit(1);
> -			if (hostid_mapped < 0) {
> -				hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> -				n2[n2args++] = "-m";
> -				if (hostid_mapped < 0) {
> -					ERROR("Could not find free uid to map");
> -					exit(1);
> -				}
> -				n2[n2args++] = malloc(200);
> -				if (!n2[n2args-1]) {
> -					SYSERROR("out of memory");
> -					exit(1);
> -				}
> -				ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> -					hostid_mapped, geteuid());
> -				if (ret < 0 || ret >= 200) {
> -					ERROR("string too long");
> -					exit(1);
> -				}
> -			}
> -			int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> -			extraargs = hostgid_mapped >= 0 ? 1 : 3;
> -			n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> -			if (!n2)
> -				exit(1);
> -			if (hostgid_mapped < 0) {
> -				hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> -				n2[n2args++] = "-m";
> -				if (hostgid_mapped < 0) {
> -					ERROR("Could not find free uid to map");
> -					exit(1);
> -				}
> -				n2[n2args++] = malloc(200);
> -				if (!n2[n2args-1]) {
> -					SYSERROR("out of memory");
> -					exit(1);
> -				}
> -				ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> -					hostgid_mapped, getegid());
> -				if (ret < 0 || ret >= 200) {
> -					ERROR("string too long");
> -					exit(1);
> -				}
> -			}
> -			n2[n2args++] = "--";
> -			for (i = 0; i < nargs; i++)
> -				n2[i + n2args] = newargv[i];
> -			n2args += nargs;
> -			// Finally add "--mapped-uid $uid" to tell template what to chown
> -			// cached images to
> -			n2args += 4;
> -			n2 = realloc(n2, n2args * sizeof(char *));
> -			if (!n2) {
> -				SYSERROR("out of memory");
> -				exit(1);
> -			}
> -			// note n2[n2args-1] is NULL
> -			n2[n2args-5] = "--mapped-uid";
> -			snprintf(txtuid, 20, "%d", hostid_mapped);
> -			n2[n2args-4] = txtuid;
> -			n2[n2args-3] = "--mapped-gid";
> -			snprintf(txtgid, 20, "%d", hostgid_mapped);
> -			n2[n2args-2] = txtgid;
> -			n2[n2args-1] = NULL;
> -			free(newargv);
> -			newargv = n2;
> -		}
> +		/* prepend the template command with lxc-usernsexec */
> +		if (!lxc_list_empty(&conf->id_map))
> +			newargv = prepend_lxc_usernsexec(&tpath, conf,
> +					nargs, newargv);
> +
>  		/* execute */
>  		execvp(tpath, newargv);
>  		SYSERROR("failed to execute template %s", tpath);
> @@ -1141,6 +1039,120 @@ out:
>  	return rootfs;
>  }
>  
> +/*
> + * If we're running the template in a mapped userns, then
> + * we prepend the template command with:
> + * lxc-usernsexec <-m map1> ... <-m mapn> --
> + * and we append "--mapped-uid x", where x is the mapped uid
> + * for our geteuid()
> + */
> +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> +		int nargs, char **newargv)
> +{
> +	int n2args = 1;
> +	char txtuid[20];
> +	char txtgid[20];
> +	int i, ret;
> +	char **n2 = malloc(n2args * sizeof(*n2));
> +	struct lxc_list *it;
> +	struct id_map *map;
> +
> +	if (!n2) {
> +		SYSERROR("out of memory");
> +		exit(1);
> +	}
> +	newargv[0] = *tpath;
> +	*tpath = "lxc-usernsexec";
> +	n2[0] = "lxc-usernsexec";
> +	lxc_list_for_each(it, &conf->id_map) {
> +		map = it->elem;
> +		n2args += 2;
> +		n2 = realloc(n2, n2args * sizeof(char *));
> +		if (!n2)
> +			exit(1);
> +		n2[n2args-2] = "-m";
> +		n2[n2args-1] = malloc(200);
> +		if (!n2[n2args-1])
> +			exit(1);
> +		ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> +			map->idtype == ID_TYPE_UID ? 'u' : 'g',
> +			map->nsid, map->hostid, map->range);
> +		if (ret < 0 || ret >= 200)
> +			exit(1);
> +	}
> +	int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> +	int extraargs = hostid_mapped >= 0 ? 1 : 3;
> +	n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> +	if (!n2)
> +		exit(1);
> +	if (hostid_mapped < 0) {
> +		hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> +		n2[n2args++] = "-m";
> +		if (hostid_mapped < 0) {
> +			ERROR("Could not find free uid to map");
> +			exit(1);
> +		}
> +		n2[n2args++] = malloc(200);
> +		if (!n2[n2args-1]) {
> +			SYSERROR("out of memory");
> +			exit(1);
> +		}
> +		ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> +			hostid_mapped, geteuid());
> +		if (ret < 0 || ret >= 200) {
> +			ERROR("string too long");
> +			exit(1);
> +		}
> +	}
> +	int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> +	extraargs = hostgid_mapped >= 0 ? 1 : 3;
> +	n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> +	if (!n2)
> +		exit(1);
> +	if (hostgid_mapped < 0) {
> +		hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> +		n2[n2args++] = "-m";
> +		if (hostgid_mapped < 0) {
> +			ERROR("Could not find free uid to map");
> +			exit(1);
> +		}
> +		n2[n2args++] = malloc(200);
> +		if (!n2[n2args-1]) {
> +			SYSERROR("out of memory");
> +			exit(1);
> +		}
> +		ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> +			hostgid_mapped, getegid());
> +		if (ret < 0 || ret >= 200) {
> +			ERROR("string too long");
> +			exit(1);
> +		}
> +	}
> +	n2[n2args++] = "--";
> +	for (i = 0; i < nargs; i++)
> +		n2[i + n2args] = newargv[i];
> +	n2args += nargs;
> +	// Finally add "--mapped-uid $uid" to tell template what to chown
> +	// cached images to
> +	n2args += 4;
> +	n2 = realloc(n2, n2args * sizeof(char *));
> +	if (!n2) {
> +		SYSERROR("out of memory");
> +		exit(1);
> +	}
> +	// note n2[n2args-1] is NULL
> +	n2[n2args-5] = "--mapped-uid";
> +	snprintf(txtuid, 20, "%d", hostid_mapped);
> +	n2[n2args-4] = txtuid;
> +	n2[n2args-3] = "--mapped-gid";
> +	snprintf(txtgid, 20, "%d", hostgid_mapped);
> +	n2[n2args-2] = txtgid;
> +	n2[n2args-1] = NULL;
> +	free(newargv);
> +	newargv = n2;
> +	return newargv;
> +}
> +
>  static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
>  {
>  	long flen;
> -- 
> 1.9.0
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list