[lxc-devel] [lxd/master] Don't stop at an unsatisfactory sub?id entry

hallyn on Github lxc-bot at linuxcontainers.org
Tue Mar 1 23:32:05 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 639 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160301/ce8cbd27/attachment.bin>
-------------- next part --------------
From 5d62b2f70bf043735f08b1b4d4d44250af239c64 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue, 1 Mar 2016 15:29:54 -0800
Subject: [PATCH] Don't stop at an unsatisfactory sub?id entry

We parse /etc/sub?id and stop when we find an entry for the user.  If
that isn't big enough, we later refuse to start unpriv containers.  But
sub?id may have later entries which are big enough - so just always
make sure to only return entries which will suffice.

Closes #1687

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 shared/idmapset_linux.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shared/idmapset_linux.go b/shared/idmapset_linux.go
index b524d7e..d041acd 100644
--- a/shared/idmapset_linux.go
+++ b/shared/idmapset_linux.go
@@ -322,6 +322,9 @@ func getFromMap(fname string, username string) (int, int, error) {
 			}
 			min = int(bigmin)
 			idrange = int(bigIdrange)
+			if idrange < 65536 {
+				continue
+			}
 			return min, idrange, nil
 		}
 	}


More information about the lxc-devel mailing list