[lxc-devel] [PATCH v2 2/3] lxccontainer.c: split up create_run_template() again

Serge Hallyn serge.hallyn at ubuntu.com
Mon Oct 20 21:43:16 UTC 2014 

(Just a note to clarify - I'm waiting on pushing 1/3 and 2/3 until 3/3 is
agreed-upon)

Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
> Quoting TAMUKI Shoichi (tamuki at linet.gr.jp):
> > Split prepend_lxc_usernsexec() off from create_run_template() to allow
> > common use of the function.
> > 
> > Signed-off-by: TAMUKI Shoichi <tamuki at linet.gr.jp>
> 
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> 
> > ---
> > v2:
> >   - adjust to fit with the other patches.
> >   - correct misspelling in commit message.
> > 
> >  src/lxc/lxccontainer.c | 230 ++++++++++++++++++++++++++-----------------------
> >  1 file changed, 121 insertions(+), 109 deletions(-)
> > 
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index 07ffc08..4df1a4b 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -878,6 +878,8 @@ static char *lxcbasename(char *path)
> >  
> >  /* Require that callers free the returned string. */
> >  static char *figureout_rootfs(struct lxc_conf *conf);
> > +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> > +		int nargs, char **newargv);
> >  
> >  static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet,
> >  				char *const argv[])
> > @@ -964,115 +966,11 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
> >  			exit(1);
> >  		newargv[nargs - 1] = NULL;
> >  
> > -		/*
> > -		 * If we're running the template in a mapped userns, then
> > -		 * we prepend the template command with:
> > -		 * lxc-usernsexec <-m map1> ... <-m mapn> --
> > -		 * and we append "--mapped-uid x", where x is the mapped uid
> > -		 * for our geteuid()
> > -		 */
> > -		if (!lxc_list_empty(&conf->id_map)) {
> > -			int n2args = 1;
> > -			char txtuid[20];
> > -			char txtgid[20];
> > -			char **n2 = malloc(n2args * sizeof(*n2));
> > -			struct lxc_list *it;
> > -			struct id_map *map;
> > -
> > -			if (!n2) {
> > -				SYSERROR("out of memory");
> > -				exit(1);
> > -			}
> > -			newargv[0] = tpath;
> > -			tpath = "lxc-usernsexec";
> > -			n2[0] = "lxc-usernsexec";
> > -			lxc_list_for_each(it, &conf->id_map) {
> > -				map = it->elem;
> > -				n2args += 2;
> > -				n2 = realloc(n2, n2args * sizeof(char *));
> > -				if (!n2)
> > -					exit(1);
> > -				n2[n2args-2] = "-m";
> > -				n2[n2args-1] = malloc(200);
> > -				if (!n2[n2args-1])
> > -					exit(1);
> > -				ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> > -					map->idtype == ID_TYPE_UID ? 'u' : 'g',
> > -					map->nsid, map->hostid, map->range);
> > -				if (ret < 0 || ret >= 200)
> > -					exit(1);
> > -			}
> > -			int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> > -			int extraargs = hostid_mapped >= 0 ? 1 : 3;
> > -			n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> > -			if (!n2)
> > -				exit(1);
> > -			if (hostid_mapped < 0) {
> > -				hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> > -				n2[n2args++] = "-m";
> > -				if (hostid_mapped < 0) {
> > -					ERROR("Could not find free uid to map");
> > -					exit(1);
> > -				}
> > -				n2[n2args++] = malloc(200);
> > -				if (!n2[n2args-1]) {
> > -					SYSERROR("out of memory");
> > -					exit(1);
> > -				}
> > -				ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> > -					hostid_mapped, geteuid());
> > -				if (ret < 0 || ret >= 200) {
> > -					ERROR("string too long");
> > -					exit(1);
> > -				}
> > -			}
> > -			int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> > -			extraargs = hostgid_mapped >= 0 ? 1 : 3;
> > -			n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> > -			if (!n2)
> > -				exit(1);
> > -			if (hostgid_mapped < 0) {
> > -				hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> > -				n2[n2args++] = "-m";
> > -				if (hostgid_mapped < 0) {
> > -					ERROR("Could not find free uid to map");
> > -					exit(1);
> > -				}
> > -				n2[n2args++] = malloc(200);
> > -				if (!n2[n2args-1]) {
> > -					SYSERROR("out of memory");
> > -					exit(1);
> > -				}
> > -				ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> > -					hostgid_mapped, getegid());
> > -				if (ret < 0 || ret >= 200) {
> > -					ERROR("string too long");
> > -					exit(1);
> > -				}
> > -			}
> > -			n2[n2args++] = "--";
> > -			for (i = 0; i < nargs; i++)
> > -				n2[i + n2args] = newargv[i];
> > -			n2args += nargs;
> > -			// Finally add "--mapped-uid $uid" to tell template what to chown
> > -			// cached images to
> > -			n2args += 4;
> > -			n2 = realloc(n2, n2args * sizeof(char *));
> > -			if (!n2) {
> > -				SYSERROR("out of memory");
> > -				exit(1);
> > -			}
> > -			// note n2[n2args-1] is NULL
> > -			n2[n2args-5] = "--mapped-uid";
> > -			snprintf(txtuid, 20, "%d", hostid_mapped);
> > -			n2[n2args-4] = txtuid;
> > -			n2[n2args-3] = "--mapped-gid";
> > -			snprintf(txtgid, 20, "%d", hostgid_mapped);
> > -			n2[n2args-2] = txtgid;
> > -			n2[n2args-1] = NULL;
> > -			free(newargv);
> > -			newargv = n2;
> > -		}
> > +		/* prepend the template command with lxc-usernsexec */
> > +		if (!lxc_list_empty(&conf->id_map))
> > +			newargv = prepend_lxc_usernsexec(&tpath, conf,
> > +					nargs, newargv);
> > +
> >  		/* execute */
> >  		execvp(tpath, newargv);
> >  		SYSERROR("failed to execute template %s", tpath);
> > @@ -1141,6 +1039,120 @@ out:
> >  	return rootfs;
> >  }
> >  
> > +/*
> > + * If we're running the template in a mapped userns, then
> > + * we prepend the template command with:
> > + * lxc-usernsexec <-m map1> ... <-m mapn> --
> > + * and we append "--mapped-uid x", where x is the mapped uid
> > + * for our geteuid()
> > + */
> > +static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
> > +		int nargs, char **newargv)
> > +{
> > +	int n2args = 1;
> > +	char txtuid[20];
> > +	char txtgid[20];
> > +	int i, ret;
> > +	char **n2 = malloc(n2args * sizeof(*n2));
> > +	struct lxc_list *it;
> > +	struct id_map *map;
> > +
> > +	if (!n2) {
> > +		SYSERROR("out of memory");
> > +		exit(1);
> > +	}
> > +	newargv[0] = *tpath;
> > +	*tpath = "lxc-usernsexec";
> > +	n2[0] = "lxc-usernsexec";
> > +	lxc_list_for_each(it, &conf->id_map) {
> > +		map = it->elem;
> > +		n2args += 2;
> > +		n2 = realloc(n2, n2args * sizeof(char *));
> > +		if (!n2)
> > +			exit(1);
> > +		n2[n2args-2] = "-m";
> > +		n2[n2args-1] = malloc(200);
> > +		if (!n2[n2args-1])
> > +			exit(1);
> > +		ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
> > +			map->idtype == ID_TYPE_UID ? 'u' : 'g',
> > +			map->nsid, map->hostid, map->range);
> > +		if (ret < 0 || ret >= 200)
> > +			exit(1);
> > +	}
> > +	int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
> > +	int extraargs = hostid_mapped >= 0 ? 1 : 3;
> > +	n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> > +	if (!n2)
> > +		exit(1);
> > +	if (hostid_mapped < 0) {
> > +		hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
> > +		n2[n2args++] = "-m";
> > +		if (hostid_mapped < 0) {
> > +			ERROR("Could not find free uid to map");
> > +			exit(1);
> > +		}
> > +		n2[n2args++] = malloc(200);
> > +		if (!n2[n2args-1]) {
> > +			SYSERROR("out of memory");
> > +			exit(1);
> > +		}
> > +		ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
> > +			hostid_mapped, geteuid());
> > +		if (ret < 0 || ret >= 200) {
> > +			ERROR("string too long");
> > +			exit(1);
> > +		}
> > +	}
> > +	int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
> > +	extraargs = hostgid_mapped >= 0 ? 1 : 3;
> > +	n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
> > +	if (!n2)
> > +		exit(1);
> > +	if (hostgid_mapped < 0) {
> > +		hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
> > +		n2[n2args++] = "-m";
> > +		if (hostgid_mapped < 0) {
> > +			ERROR("Could not find free uid to map");
> > +			exit(1);
> > +		}
> > +		n2[n2args++] = malloc(200);
> > +		if (!n2[n2args-1]) {
> > +			SYSERROR("out of memory");
> > +			exit(1);
> > +		}
> > +		ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
> > +			hostgid_mapped, getegid());
> > +		if (ret < 0 || ret >= 200) {
> > +			ERROR("string too long");
> > +			exit(1);
> > +		}
> > +	}
> > +	n2[n2args++] = "--";
> > +	for (i = 0; i < nargs; i++)
> > +		n2[i + n2args] = newargv[i];
> > +	n2args += nargs;
> > +	// Finally add "--mapped-uid $uid" to tell template what to chown
> > +	// cached images to
> > +	n2args += 4;
> > +	n2 = realloc(n2, n2args * sizeof(char *));
> > +	if (!n2) {
> > +		SYSERROR("out of memory");
> > +		exit(1);
> > +	}
> > +	// note n2[n2args-1] is NULL
> > +	n2[n2args-5] = "--mapped-uid";
> > +	snprintf(txtuid, 20, "%d", hostid_mapped);
> > +	n2[n2args-4] = txtuid;
> > +	n2[n2args-3] = "--mapped-gid";
> > +	snprintf(txtgid, 20, "%d", hostgid_mapped);
> > +	n2[n2args-2] = txtgid;
> > +	n2[n2args-1] = NULL;
> > +	free(newargv);
> > +	newargv = n2;
> > +	return newargv;
> > +}
> > +
> >  static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
> >  {
> >  	long flen;
> > -- 
> > 1.9.0
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

More information about the lxc-devel mailing list