[lxc-devel] [lxc/lxc] 4bc3b7: conf: lxc_map_ids() non-functional changes

GitHub noreply at github.com
Sun Apr 16 15:20:51 UTC 2017 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 4bc3b759578023f3b1592fe080d6fa605c6e022a
      https://github.com/lxc/lxc/commit/4bc3b759578023f3b1592fe080d6fa605c6e022a
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-04-15 (Sat, 15 Apr 2017)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/utils.h

  Log Message:
  -----------
  conf: lxc_map_ids() non-functional changes

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 207c4c71ee7b18bca65b02cffe11d65831d85342
      https://github.com/lxc/lxc/commit/207c4c71ee7b18bca65b02cffe11d65831d85342
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-04-15 (Sat, 15 Apr 2017)

  Changed paths:
    M src/lxc/caps.c
    M src/lxc/caps.h
    M src/lxc/start.c

  Log Message:
  -----------
  caps: add lxc_{proc,file}_cap_is_set()

Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: df6a2945484ed626168c43f95059923c2d4c88ab
      https://github.com/lxc/lxc/commit/df6a2945484ed626168c43f95059923c2d4c88ab
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-04-16 (Sun, 16 Apr 2017)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  conf: check for {filecaps,setuid} on new{g,u}idmap

The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.

Closes #296.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 91c3e2814c5e0a1974c935ab7c47669a42cd1f6b
      https://github.com/lxc/lxc/commit/91c3e2814c5e0a1974c935ab7c47669a42cd1f6b
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-04-16 (Sun, 16 Apr 2017)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: improve log when mounting rootfs

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 93caf97185e85bedee65ff190221933f53888e2d
      https://github.com/lxc/lxc/commit/93caf97185e85bedee65ff190221933f53888e2d
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-04-16 (Sun, 16 Apr 2017)

  Changed paths:
    M src/lxc/caps.c
    M src/lxc/caps.h
    M src/lxc/conf.c
    M src/lxc/start.c
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  Merge pull request #1509 from brauner/2017-04-15/improve_lxc_id_map

idmap improvements


Compare: https://github.com/lxc/lxc/compare/1a35a74623d8...93caf97185e8

More information about the lxc-devel mailing list