[lxc-devel] [PATCH] c/r: remember to chown the cgroup path (correctly)
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jan 13 21:47:50 UTC 2016
Quoting Tycho Andersen (tycho.andersen at canonical.com):
> 1. remember to chown the cgroup path when migrating a container
> 2. when restoring the cgroup path, try to compute the euid for root vs.
> using geteuid(); geteuid works for start, but it doesn't work for
> migration since we're still real root at that point.
>
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
> ---
> src/lxc/cgmanager.c | 6 +++++-
> src/lxc/criu.c | 5 +++++
> 2 files changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
> index 357182a..54e6912 100644
> --- a/src/lxc/cgmanager.c
> +++ b/src/lxc/cgmanager.c
> @@ -488,7 +488,11 @@ static bool chown_cgroup(const char *cgroup_path, struct lxc_conf *conf)
> return true;
>
> data.cgroup_path = cgroup_path;
> - data.origuid = geteuid();
> + data.origuid = mapped_hostid(0, conf, ID_TYPE_UID);
> + if (data.origuid < 0) {
Can you confirm that this does not break
sudo lxc-create -t download -n x1 -- -d ubuntu -r trusty -a amd64
sudo lxc-start -n x1
Because in that case I think we have no mappings, and mapped_hostid() will
return -1.
> + ERROR("failed to get mapped root id");
> + return false;
> + }
>
> /* Unpriv users can't chown it themselves, so chown from
> * a child namespace mapping both our own and the target uid
> diff --git a/src/lxc/criu.c b/src/lxc/criu.c
> index 6ef4905..f442612 100644
> --- a/src/lxc/criu.c
> +++ b/src/lxc/criu.c
> @@ -466,6 +466,11 @@ void do_restore(struct lxc_container *c, int pipe, char *directory, bool verbose
> goto out_fini_handler;
> }
>
> + if (!cgroup_chown(handler)) {
> + ERROR("failed creating groups");
> + goto out_fini_handler;
> + }
> +
> if (!restore_net_info(c)) {
> ERROR("failed restoring network info");
> goto out_fini_handler;
> --
> 2.6.4
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list