[lxc-devel] [lxd/master] Bugfixes

stgraber on Github lxc-bot at linuxcontainers.org
Sun May 1 18:20:05 UTC 2016


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160501/c36e7837/attachment.bin>
-------------- next part --------------
From 31c9400d06ca0d270e97fe485baef231225ce4ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 10:30:17 -0400
Subject: [PATCH 1/3] zfs: Don't ignore errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/storage_zfs.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lxd/storage_zfs.go b/lxd/storage_zfs.go
index 9c73fc3..4d8d932 100644
--- a/lxd/storage_zfs.go
+++ b/lxd/storage_zfs.go
@@ -667,7 +667,10 @@ func (s *storageZfs) ImageDelete(fingerprint string) error {
 	}
 
 	if shared.PathExists(shared.VarPath(fs + ".zfs")) {
-		os.Remove(shared.VarPath(fs + ".zfs"))
+		err := os.Remove(shared.VarPath(fs + ".zfs"))
+		if err != nil {
+			return err
+		}
 	}
 
 	return nil

From 2eaad4ab40e9c527e06f2054a7aa937ed204edf7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 11:51:27 -0400
Subject: [PATCH 2/3] Properly update the mode, uid and gid on existing files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1975

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 client.go            |  2 +-
 lxd/container.go     |  2 +-
 lxd/container_lxc.go | 11 +++++++++--
 lxd/nsexec.go        | 41 ++++++++++++++++++++++++++++++++++++++---
 shared/util.go       | 18 ++++++++++--------
 5 files changed, 59 insertions(+), 15 deletions(-)

diff --git a/client.go b/client.go
index 7a1e163..0254b5b 100644
--- a/client.go
+++ b/client.go
@@ -1662,7 +1662,7 @@ func (c *Client) PushFile(container string, p string, gid int, uid int, mode os.
 	return err
 }
 
-func (c *Client) PullFile(container string, p string) (int, int, os.FileMode, io.ReadCloser, error) {
+func (c *Client) PullFile(container string, p string) (int, int, int, io.ReadCloser, error) {
 	if c.Remote.Public {
 		return 0, 0, 0, nil, fmt.Errorf("This function isn't supported by public remotes.")
 	}
diff --git a/lxd/container.go b/lxd/container.go
index 89b7ac1..b460410 100644
--- a/lxd/container.go
+++ b/lxd/container.go
@@ -327,7 +327,7 @@ type container interface {
 
 	// File handling
 	FilePull(srcpath string, dstpath string) (int, int, os.FileMode, error)
-	FilePush(srcpath string, dstpath string, uid int, gid int, mode os.FileMode) error
+	FilePush(srcpath string, dstpath string, uid int, gid int, mode int) error
 
 	// Command execution
 	Exec(command []string, env map[string]string, stdin *os.File, stdout *os.File, stderr *os.File) (int, error)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index eb00220..c2d683d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -2927,7 +2927,10 @@ func (c *containerLXC) FilePull(srcpath string, dstpath string) (int, int, os.Fi
 	return uid, gid, os.FileMode(mode), nil
 }
 
-func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int, mode os.FileMode) error {
+func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int, mode int) error {
+	var rootUid = 0
+	var rootGid = 0
+
 	// Map uid and gid if needed
 	idmapset, err := c.LastIdmapSet()
 	if err != nil {
@@ -2936,6 +2939,7 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int
 
 	if idmapset != nil {
 		uid, gid = idmapset.ShiftIntoNs(uid, gid)
+		rootUid, rootGid = idmapset.ShiftIntoNs(0, 0)
 	}
 
 	// Setup container storage if needed
@@ -2956,7 +2960,10 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int
 		dstpath,
 		fmt.Sprintf("%d", uid),
 		fmt.Sprintf("%d", gid),
-		fmt.Sprintf("%d", mode&os.ModePerm),
+		fmt.Sprintf("%d", mode),
+		fmt.Sprintf("%d", rootUid),
+		fmt.Sprintf("%d", rootGid),
+		fmt.Sprintf("%d", int(os.FileMode(0640)&os.ModePerm)),
 	).CombinedOutput()
 
 	// Tear down container storage if needed
diff --git a/lxd/nsexec.go b/lxd/nsexec.go
index a25c739..836adad 100644
--- a/lxd/nsexec.go
+++ b/lxd/nsexec.go
@@ -117,11 +117,12 @@ int dosetns(int pid, char *nstype) {
 	return 0;
 }
 
-int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is_put, uid_t uid, gid_t gid, mode_t mode) {
+int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is_put, uid_t uid, gid_t gid, mode_t mode, uid_t defaultUid, gid_t defaultGid, mode_t defaultMode) {
 	int host_fd, container_fd;
 	int ret = -1;
 	int container_open_flags;
 	struct stat st;
+	int exists = 1;
 
 	host_fd = open(host, O_RDWR);
 	if (host_fd < 0) {
@@ -150,19 +151,41 @@ int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is
 		}
 	}
 
+	if (is_put && stat(container, &st) < 0)
+		exists = 0;
+
 	umask(0);
-	container_fd = open(container, container_open_flags, mode);
+	container_fd = open(container, container_open_flags, 0);
 	if (container_fd < 0) {
 		perror("error: open");
 		goto close_host;
 	}
 
 	if (is_put) {
+		if (!exists) {
+			if (mode == -1) {
+				mode = defaultMode;
+			}
+
+			if (uid == -1) {
+				uid = defaultUid;
+			}
+
+			if (gid == -1) {
+				gid = defaultGid;
+			}
+		}
+
 		if (copy(container_fd, host_fd) < 0) {
 			perror("error: copy");
 			goto close_container;
 		}
 
+		if (mode != -1 && fchmod(container_fd, mode) < 0) {
+			perror("error: chmod");
+			goto close_container;
+		}
+
 		if (fchown(container_fd, uid, gid) < 0) {
 			perror("error: chown");
 			goto close_container;
@@ -332,6 +355,9 @@ void forkdofile(char *buf, char *cur, bool is_put, ssize_t size) {
 	uid_t uid = 0;
 	gid_t gid = 0;
 	mode_t mode = 0;
+	uid_t defaultUid = 0;
+	gid_t defaultGid = 0;
+	mode_t defaultMode = 0;
 	char *command = cur, *rootfs = NULL, *source = NULL, *target = NULL;
 	pid_t pid;
 
@@ -356,9 +382,18 @@ void forkdofile(char *buf, char *cur, bool is_put, ssize_t size) {
 
 		ADVANCE_ARG_REQUIRED();
 		mode = atoi(cur);
+
+		ADVANCE_ARG_REQUIRED();
+		defaultUid = atoi(cur);
+
+		ADVANCE_ARG_REQUIRED();
+		defaultGid = atoi(cur);
+
+		ADVANCE_ARG_REQUIRED();
+		defaultMode = atoi(cur);
 	}
 
-	_exit(manip_file_in_ns(rootfs, pid, source, target, is_put, uid, gid, mode));
+	_exit(manip_file_in_ns(rootfs, pid, source, target, is_put, uid, gid, mode, defaultUid, defaultGid, defaultMode));
 }
 
 void forkgetnet(char *buf, char *cur, ssize_t size) {
diff --git a/shared/util.go b/shared/util.go
index ec25140..e449532 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -96,24 +96,26 @@ func LogPath(path ...string) string {
 	return filepath.Join(items...)
 }
 
-func ParseLXDFileHeaders(headers http.Header) (uid int, gid int, mode os.FileMode) {
+func ParseLXDFileHeaders(headers http.Header) (uid int, gid int, mode int) {
 	uid, err := strconv.Atoi(headers.Get("X-LXD-uid"))
 	if err != nil {
-		uid = 0
+		uid = -1
 	}
 
 	gid, err = strconv.Atoi(headers.Get("X-LXD-gid"))
 	if err != nil {
-		gid = 0
+		gid = -1
 	}
 
-	/* Allow people to send stuff with a leading 0 for octal or a regular
-	 * int that represents the perms when redered in octal. */
-	rawMode, err := strconv.ParseInt(headers.Get("X-LXD-mode"), 0, 0)
+	mode, err = strconv.Atoi(headers.Get("X-LXD-mode"))
 	if err != nil {
-		rawMode = 0644
+		mode = -1
+	} else {
+		rawMode, err := strconv.ParseInt(headers.Get("X-LXD-mode"), 0, 0)
+		if err == nil {
+			mode = int(os.FileMode(rawMode) & os.ModePerm)
+		}
 	}
-	mode = os.FileMode(rawMode)
 
 	return uid, gid, mode
 }

From cdf81853acd98c3989a5664ec39f11e3216b48f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 12:26:46 -0400
Subject: [PATCH 3/3] Detect invalid certificate files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1977

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 shared/cert.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/shared/cert.go b/shared/cert.go
index 618ed02..f28c016 100644
--- a/shared/cert.go
+++ b/shared/cert.go
@@ -197,5 +197,9 @@ func ReadCert(fpath string) (*x509.Certificate, error) {
 	}
 
 	certBlock, _ := pem.Decode(cf)
+	if certBlock == nil {
+		return nil, fmt.Errorf("Invalid certificate file")
+	}
+
 	return x509.ParseCertificate(certBlock.Bytes)
 }


More information about the lxc-devel mailing list