[lxc-devel] [lxc/master] cmd: lxc-usernsexec fixes + macro: move declarations + config_utils: macvlan fixes
brauner on Github
lxc-bot at linuxcontainers.org
Sun Aug 19 18:16:01 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180819/9b73f449/attachment.bin>
-------------- next part --------------
From 8e2f6d914f5a90f04bebe9765ec0252ad633188a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 19:30:59 +0200
Subject: [PATCH 1/7] cmd: lxc-usernsexec reorder includes
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 5ff23400d..837ed3428 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -21,25 +21,25 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+
#include "config.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <libgen.h>
+#include <pwd.h>
#include <sched.h>
-#include <sys/syscall.h>
#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
-#include <errno.h>
-#include <libgen.h>
-#include <fcntl.h>
+#include <sys/mount.h>
#include <sys/stat.h>
+#include <sys/syscall.h>
#include <sys/types.h>
-#include <sys/mount.h>
#include <sys/wait.h>
-#include <sched.h>
-#include <pwd.h>
-#include <grp.h>
+#include <unistd.h>
#include "conf.h"
#include "list.h"
From 80a6b5bcecc0954195f03858d8a22309e908bc11 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 19:32:38 +0200
Subject: [PATCH 2/7] cmd: move declarations to macro.h
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/Makefile.am | 1 +
src/lxc/cmd/lxc_usernsexec.c | 11 +----------
src/lxc/macro.h | 9 +++++++++
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 14db7cb47..f868c5108 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -329,6 +329,7 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
conf.c conf.h \
list.h \
log.c log.h \
+ macro.h \
namespace.c namespace.h \
utils.c utils.h
endif
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 837ed3428..35c00c8d3 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -44,21 +44,12 @@
#include "conf.h"
#include "list.h"
#include "log.h"
+#include "macro.h"
#include "namespace.h"
#include "utils.h"
-#ifndef MS_REC
-#define MS_REC 16384
-#endif
-
-#ifndef MS_SLAVE
-#define MS_SLAVE (1 << 19)
-#endif
-
extern int lxc_log_fd;
-int unshare(int flags);
-
static void usage(const char *name)
{
printf("usage: %s [-h] [-m <uid-maps>] -- [command [arg ..]]\n", name);
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 75c63c7c1..8eb54f163 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -187,4 +187,13 @@ extern int __build_bug_on_failed;
#define NLMSG_ERROR 0x2
#endif
+/* mount */
+#ifndef MS_REC
+#define MS_REC 16384
+#endif
+
+#ifndef MS_SLAVE
+#define MS_SLAVE (1 << 19)
+#endif
+
#endif /* __LXC_MACRO_H */
From 850a6dc5ee8082dce3b5c9cd7132ffe14384a361 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 19:33:25 +0200
Subject: [PATCH 3/7] cmd: use utils.{c,h} helpers in lxc-usernsexec
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 18 ++++--------------
1 file changed, 4 insertions(+), 14 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 35c00c8d3..fa1b6a233 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -104,23 +104,13 @@ static int do_child(void *vargv)
char **argv = (char **)vargv;
/* Assume we want to become root */
- ret = setgid(0);
- if (ret < 0) {
- CMD_SYSERROR("Failed to set gid to");
- return -1;
- }
-
- ret = setuid(0);
- if (ret < 0) {
- CMD_SYSERROR("Failed to set uid to 0");
+ ret = lxc_switch_uid_gid(0, 0);
+ if (ret < 0)
return -1;
- }
- ret = setgroups(0, NULL);
- if (ret < 0) {
- CMD_SYSERROR("Failed to clear supplementary groups");
+ ret = lxc_setgroups(0, NULL);
+ if (ret < 0)
return -1;
- }
ret = unshare(CLONE_NEWNS);
if (ret < 0) {
From 3a0d5677a6995c879810be13c3a7a08a715772fd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 19:37:49 +0200
Subject: [PATCH 4/7] cmd: simplify lxc-usernsexec
Calculate length only once.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index fa1b6a233..a2c518005 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -194,8 +194,9 @@ static int parse_map(char *map)
* only use the first one for each of uid and gid, because otherwise we're not
* sure which entries the user wanted.
*/
-static int read_default_map(char *fnam, int which, char *username)
+static int read_default_map(char *fnam, int which, char *user)
{
+ size_t len;
char *p1, *p2;
FILE *fin;
struct id_map *newmap;
@@ -207,10 +208,9 @@ static int read_default_map(char *fnam, int which, char *username)
if (!fin)
return -1;
+ len = strlen(user);
while (getline(&line, &sz, fin) != -1) {
- if (sz <= strlen(username) ||
- strncmp(line, username, strlen(username)) != 0 ||
- line[strlen(username)] != ':')
+ if (sz <= len || strncmp(line, user, len) != 0 || line[len] != ':')
continue;
p1 = strchr(line, ':');
From 123ed74faecab0e526a16fdb1e3944018bb0467a Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 19:41:00 +0200
Subject: [PATCH 5/7] cmd: use safe number parsers in lxc-usernsexec
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index a2c518005..4909a9324 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -196,6 +196,7 @@ static int parse_map(char *map)
*/
static int read_default_map(char *fnam, int which, char *user)
{
+ int ret;
size_t len;
char *p1, *p2;
FILE *fin;
@@ -228,8 +229,20 @@ static int read_default_map(char *fnam, int which, char *user)
return -1;
}
- newmap->hostid = atol(p1 + 1);
- newmap->range = atol(p2 + 1);
+ ret = lxc_safe_ulong(p1 + 1, &newmap->hostid);
+ if (ret < 0) {
+ fclose(fin);
+ free(line);
+ return -1;
+ }
+
+ ret = lxc_safe_ulong(p2 + 1, &newmap->range);
+ if (ret < 0) {
+ fclose(fin);
+ free(line);
+ return -1;
+ }
+
newmap->nsid = 0;
newmap->idtype = which;
From d978301fb78ad2e2e64d61dc7f2b2ce0cbff63b5 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 20:01:45 +0200
Subject: [PATCH 6/7] macro: add missing headers
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/macro.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 8eb54f163..7536d6111 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -20,6 +20,16 @@
#ifndef __LXC_MACRO_H
#define __LXC_MACRO_H
+#include "config.h"
+
+#include <asm/types.h>
+#include <linux/if_link.h>
+#include <linux/loop.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <sys/mount.h>
+#include <sys/socket.h>
+
/* Define __S_ISTYPE if missing from the C library. */
#ifndef __S_ISTYPE
#define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask))
From 2c436ca48d0da3c442d2802d019ccb1b0eaf6c65 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 19 Aug 2018 20:14:25 +0200
Subject: [PATCH 7/7] macro: add macvlan properties
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/confile_utils.c | 10 +++++-----
src/lxc/confile_utils.h | 18 ++----------------
src/lxc/macro.h | 16 ++++++++++++++++
3 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index 2bb46d17b..9b133147a 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -32,6 +32,7 @@
#include "list.h"
#include "log.h"
#include "lxccontainer.h"
+#include "macro.h"
#include "network.h"
#include "parse.h"
#include "utils.h"
@@ -288,13 +289,12 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf)
TRACE("type: macvlan");
if (netdev->priv.macvlan_attr.mode > 0) {
- char *macvlan_mode;
+ char *mode;
- macvlan_mode = lxc_macvlan_flag_to_mode(
+ mode = lxc_macvlan_flag_to_mode(
netdev->priv.macvlan_attr.mode);
TRACE("macvlan mode: %s",
- macvlan_mode ? macvlan_mode
- : "(invalid mode)");
+ mode ? mode : "(invalid mode)");
}
break;
case LXC_NET_VLAN:
@@ -442,7 +442,7 @@ void lxc_free_networks(struct lxc_list *networks)
lxc_list_init(networks);
}
-static struct macvlan_mode {
+static struct lxc_macvlan_mode {
char *name;
int mode;
} macvlan_mode[] = {
diff --git a/src/lxc/confile_utils.h b/src/lxc/confile_utils.h
index b58ce47b2..eda6aa3dd 100644
--- a/src/lxc/confile_utils.h
+++ b/src/lxc/confile_utils.h
@@ -20,27 +20,13 @@
#ifndef __LXC_CONFILE_UTILS_H
#define __LXC_CONFILE_UTILS_H
+#include "config.h"
+
#include <stdbool.h>
#include "conf.h"
#include "confile_utils.h"
-#ifndef MACVLAN_MODE_PRIVATE
-#define MACVLAN_MODE_PRIVATE 1
-#endif
-
-#ifndef MACVLAN_MODE_VEPA
-#define MACVLAN_MODE_VEPA 2
-#endif
-
-#ifndef MACVLAN_MODE_BRIDGE
-#define MACVLAN_MODE_BRIDGE 4
-#endif
-
-#ifndef MACVLAN_MODE_PASSTHRU
-#define MACVLAN_MODE_PASSTHRU 8
-#endif
-
#define strprint(str, inlen, ...) \
do { \
if (str) \
diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 7536d6111..6113adc2e 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -197,6 +197,22 @@ extern int __build_bug_on_failed;
#define NLMSG_ERROR 0x2
#endif
+#ifndef MACVLAN_MODE_PRIVATE
+#define MACVLAN_MODE_PRIVATE 1
+#endif
+
+#ifndef MACVLAN_MODE_VEPA
+#define MACVLAN_MODE_VEPA 2
+#endif
+
+#ifndef MACVLAN_MODE_BRIDGE
+#define MACVLAN_MODE_BRIDGE 4
+#endif
+
+#ifndef MACVLAN_MODE_PASSTHRU
+#define MACVLAN_MODE_PASSTHRU 8
+#endif
+
/* mount */
#ifndef MS_REC
#define MS_REC 16384
More information about the lxc-devel
mailing list