[lxc-devel] [lxd/master] Bugfixes
stgraber on Github
lxc-bot at linuxcontainers.org
Sun May 1 18:20:05 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160501/c36e7837/attachment.bin>
-------------- next part --------------
From 31c9400d06ca0d270e97fe485baef231225ce4ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 10:30:17 -0400
Subject: [PATCH 1/3] zfs: Don't ignore errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/storage_zfs.go | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lxd/storage_zfs.go b/lxd/storage_zfs.go
index 9c73fc3..4d8d932 100644
--- a/lxd/storage_zfs.go
+++ b/lxd/storage_zfs.go
@@ -667,7 +667,10 @@ func (s *storageZfs) ImageDelete(fingerprint string) error {
}
if shared.PathExists(shared.VarPath(fs + ".zfs")) {
- os.Remove(shared.VarPath(fs + ".zfs"))
+ err := os.Remove(shared.VarPath(fs + ".zfs"))
+ if err != nil {
+ return err
+ }
}
return nil
From 2eaad4ab40e9c527e06f2054a7aa937ed204edf7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 11:51:27 -0400
Subject: [PATCH 2/3] Properly update the mode, uid and gid on existing files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #1975
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
client.go | 2 +-
lxd/container.go | 2 +-
lxd/container_lxc.go | 11 +++++++++--
lxd/nsexec.go | 41 ++++++++++++++++++++++++++++++++++++++---
shared/util.go | 18 ++++++++++--------
5 files changed, 59 insertions(+), 15 deletions(-)
diff --git a/client.go b/client.go
index 7a1e163..0254b5b 100644
--- a/client.go
+++ b/client.go
@@ -1662,7 +1662,7 @@ func (c *Client) PushFile(container string, p string, gid int, uid int, mode os.
return err
}
-func (c *Client) PullFile(container string, p string) (int, int, os.FileMode, io.ReadCloser, error) {
+func (c *Client) PullFile(container string, p string) (int, int, int, io.ReadCloser, error) {
if c.Remote.Public {
return 0, 0, 0, nil, fmt.Errorf("This function isn't supported by public remotes.")
}
diff --git a/lxd/container.go b/lxd/container.go
index 89b7ac1..b460410 100644
--- a/lxd/container.go
+++ b/lxd/container.go
@@ -327,7 +327,7 @@ type container interface {
// File handling
FilePull(srcpath string, dstpath string) (int, int, os.FileMode, error)
- FilePush(srcpath string, dstpath string, uid int, gid int, mode os.FileMode) error
+ FilePush(srcpath string, dstpath string, uid int, gid int, mode int) error
// Command execution
Exec(command []string, env map[string]string, stdin *os.File, stdout *os.File, stderr *os.File) (int, error)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index eb00220..c2d683d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -2927,7 +2927,10 @@ func (c *containerLXC) FilePull(srcpath string, dstpath string) (int, int, os.Fi
return uid, gid, os.FileMode(mode), nil
}
-func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int, mode os.FileMode) error {
+func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int, mode int) error {
+ var rootUid = 0
+ var rootGid = 0
+
// Map uid and gid if needed
idmapset, err := c.LastIdmapSet()
if err != nil {
@@ -2936,6 +2939,7 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int
if idmapset != nil {
uid, gid = idmapset.ShiftIntoNs(uid, gid)
+ rootUid, rootGid = idmapset.ShiftIntoNs(0, 0)
}
// Setup container storage if needed
@@ -2956,7 +2960,10 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int
dstpath,
fmt.Sprintf("%d", uid),
fmt.Sprintf("%d", gid),
- fmt.Sprintf("%d", mode&os.ModePerm),
+ fmt.Sprintf("%d", mode),
+ fmt.Sprintf("%d", rootUid),
+ fmt.Sprintf("%d", rootGid),
+ fmt.Sprintf("%d", int(os.FileMode(0640)&os.ModePerm)),
).CombinedOutput()
// Tear down container storage if needed
diff --git a/lxd/nsexec.go b/lxd/nsexec.go
index a25c739..836adad 100644
--- a/lxd/nsexec.go
+++ b/lxd/nsexec.go
@@ -117,11 +117,12 @@ int dosetns(int pid, char *nstype) {
return 0;
}
-int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is_put, uid_t uid, gid_t gid, mode_t mode) {
+int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is_put, uid_t uid, gid_t gid, mode_t mode, uid_t defaultUid, gid_t defaultGid, mode_t defaultMode) {
int host_fd, container_fd;
int ret = -1;
int container_open_flags;
struct stat st;
+ int exists = 1;
host_fd = open(host, O_RDWR);
if (host_fd < 0) {
@@ -150,19 +151,41 @@ int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is
}
}
+ if (is_put && stat(container, &st) < 0)
+ exists = 0;
+
umask(0);
- container_fd = open(container, container_open_flags, mode);
+ container_fd = open(container, container_open_flags, 0);
if (container_fd < 0) {
perror("error: open");
goto close_host;
}
if (is_put) {
+ if (!exists) {
+ if (mode == -1) {
+ mode = defaultMode;
+ }
+
+ if (uid == -1) {
+ uid = defaultUid;
+ }
+
+ if (gid == -1) {
+ gid = defaultGid;
+ }
+ }
+
if (copy(container_fd, host_fd) < 0) {
perror("error: copy");
goto close_container;
}
+ if (mode != -1 && fchmod(container_fd, mode) < 0) {
+ perror("error: chmod");
+ goto close_container;
+ }
+
if (fchown(container_fd, uid, gid) < 0) {
perror("error: chown");
goto close_container;
@@ -332,6 +355,9 @@ void forkdofile(char *buf, char *cur, bool is_put, ssize_t size) {
uid_t uid = 0;
gid_t gid = 0;
mode_t mode = 0;
+ uid_t defaultUid = 0;
+ gid_t defaultGid = 0;
+ mode_t defaultMode = 0;
char *command = cur, *rootfs = NULL, *source = NULL, *target = NULL;
pid_t pid;
@@ -356,9 +382,18 @@ void forkdofile(char *buf, char *cur, bool is_put, ssize_t size) {
ADVANCE_ARG_REQUIRED();
mode = atoi(cur);
+
+ ADVANCE_ARG_REQUIRED();
+ defaultUid = atoi(cur);
+
+ ADVANCE_ARG_REQUIRED();
+ defaultGid = atoi(cur);
+
+ ADVANCE_ARG_REQUIRED();
+ defaultMode = atoi(cur);
}
- _exit(manip_file_in_ns(rootfs, pid, source, target, is_put, uid, gid, mode));
+ _exit(manip_file_in_ns(rootfs, pid, source, target, is_put, uid, gid, mode, defaultUid, defaultGid, defaultMode));
}
void forkgetnet(char *buf, char *cur, ssize_t size) {
diff --git a/shared/util.go b/shared/util.go
index ec25140..e449532 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -96,24 +96,26 @@ func LogPath(path ...string) string {
return filepath.Join(items...)
}
-func ParseLXDFileHeaders(headers http.Header) (uid int, gid int, mode os.FileMode) {
+func ParseLXDFileHeaders(headers http.Header) (uid int, gid int, mode int) {
uid, err := strconv.Atoi(headers.Get("X-LXD-uid"))
if err != nil {
- uid = 0
+ uid = -1
}
gid, err = strconv.Atoi(headers.Get("X-LXD-gid"))
if err != nil {
- gid = 0
+ gid = -1
}
- /* Allow people to send stuff with a leading 0 for octal or a regular
- * int that represents the perms when redered in octal. */
- rawMode, err := strconv.ParseInt(headers.Get("X-LXD-mode"), 0, 0)
+ mode, err = strconv.Atoi(headers.Get("X-LXD-mode"))
if err != nil {
- rawMode = 0644
+ mode = -1
+ } else {
+ rawMode, err := strconv.ParseInt(headers.Get("X-LXD-mode"), 0, 0)
+ if err == nil {
+ mode = int(os.FileMode(rawMode) & os.ModePerm)
+ }
}
- mode = os.FileMode(rawMode)
return uid, gid, mode
}
From cdf81853acd98c3989a5664ec39f11e3216b48f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sun, 1 May 2016 12:26:46 -0400
Subject: [PATCH 3/3] Detect invalid certificate files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #1977
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
shared/cert.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/shared/cert.go b/shared/cert.go
index 618ed02..f28c016 100644
--- a/shared/cert.go
+++ b/shared/cert.go
@@ -197,5 +197,9 @@ func ReadCert(fpath string) (*x509.Certificate, error) {
}
certBlock, _ := pem.Decode(cf)
+ if certBlock == nil {
+ return nil, fmt.Errorf("Invalid certificate file")
+ }
+
return x509.ParseCertificate(certBlock.Bytes)
}
More information about the lxc-devel
mailing list