[lxc-devel] [cgmanager/master] 2016 02 29/ubuntu

[hallyn on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 345 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160301/de9c0416/attachment.bin>
-------------- next part --------------
From 0b8fd22b2c499c47c3d3fa8a01071186db0d7538 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon, 29 Feb 2016 17:46:06 -0800
Subject: [PATCH 1/2] libpam_cgm: do handle the name=systemd controller

It's required if we want to run systemd in a container.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 pam/pam_cgm.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/pam/pam_cgm.c b/pam/pam_cgm.c
index 1e6ce80..ea08d79 100644
--- a/pam/pam_cgm.c
+++ b/pam/pam_cgm.c
@@ -4,9 +4,8 @@
  * Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  *
  * When a user logs in, this pam module will create cgroups which
- * the user may administer, for all controllers except name=systemd,
- * or for any controllers listed on the command line (if any are
- * listed).
+ * the user may administer, for any controllers listed on the command
+ * line or, if none are listed, then all available controllers.
  *
  * The cgroup created will be "user/$user/0" for the first session,
  * "user/$user/1" for the second, etc.
@@ -62,8 +61,6 @@ static void get_active_controllers(void)
 		return;
 	}
 	for (i = 0; list[i]; i++) {
-		if (strcmp(list[i], "name=systemd") == 0)
-			continue;
 		NIH_MUST( nih_strcat_sprintf(&ctrl_list, NULL, "%s%s",
 			ctrl_list ? "," : "", list[i]) );
 	}

From 832f678d1f88ad3d4161650c5bc56177bdf32c85 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon, 29 Feb 2016 17:50:45 -0800
Subject: [PATCH 2/2] libpam-cgm: handle comounts

When checking whether a controller is in a list, we need to
accept that the controller may also be a list.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 pam/pam_cgm.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/pam/pam_cgm.c b/pam/pam_cgm.c
index ea08d79..ad5d4fa 100644
--- a/pam/pam_cgm.c
+++ b/pam/pam_cgm.c
@@ -68,10 +68,18 @@ static void get_active_controllers(void)
 
 static bool is_in_list(char *which, char **list) {
 	int i;
+	size_t wlen = strlen(which);
 
 	for (i = 0; list[i]; i++) {
-		if (strcmp(which, list[i]) == 0)
-			return true;
+		char *o = list[i];
+		while (o) {
+			char *p = index(o, ',');
+			size_t len = p ? p - o : strlen(o);
+
+			if (len == wlen && strncmp(o, which, wlen) == 0)
+				return true;
+			o = p ? p + 1 : NULL;
+		}
 	}
 	return false;
 }
@@ -188,8 +196,14 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
 		mysyslog(LOG_ERR, "Failed to connect to cgmanager\n");
 		return PAM_SESSION_ERR;
 	}
-	if (argc > 1 && strcmp(argv[0], "-c") == 0)
+	if (argc > 1 && strcmp(argv[0], "-c") == 0) {
 		ctrl_list = validate_and_dup(argv[1]);
+		if (!ctrl_list) {
+			cgm_dbus_disconnect();
+			mysyslog(LOG_ERR, "PAM-CGM: bad controller arguments\n");
+			return PAM_SESSION_ERR;
+		}
+	}
 	if (!ctrl_list)
 		get_active_controllers();
 	cgm_escape();