[lxc-devel] [lxd/master] shared/idmap:DefaultIdmapSet(): take a user argument

hallyn on Github lxc-bot at linuxcontainers.org
Fri Jan 12 16:43:12 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 452 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180112/ff2b3c45/attachment.bin>
-------------- next part --------------
From a3e428a4877bc686cfc9e3c26660bb1f7a0b3841 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn at cisco.com>
Date: Fri, 12 Jan 2018 10:40:45 -0600
Subject: [PATCH] shared/idmap:DefaultIdmapSet(): take a user argument

Make this more generally useful by accepting a username.  If that
is "", then use the current user.

Signed-off-by: Serge Hallyn <shallyn at cisco.com>
---
 lxd/main_activateifneeded.go   |  2 +-
 lxd/main_init.go               |  2 +-
 lxd/util/sys.go                |  2 +-
 shared/idmap/idmapset_linux.go | 18 +++++++++++-------
 4 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/lxd/main_activateifneeded.go b/lxd/main_activateifneeded.go
index 4300f96b5..17174d5bd 100644
--- a/lxd/main_activateifneeded.go
+++ b/lxd/main_activateifneeded.go
@@ -45,7 +45,7 @@ func cmdActivateIfNeeded(args *Args) error {
 	}
 
 	// Load the idmap for unprivileged containers
-	d.os.IdmapSet, err = idmap.DefaultIdmapSet()
+	d.os.IdmapSet, err = idmap.DefaultIdmapSet("")
 	if err != nil {
 		return err
 	}
diff --git a/lxd/main_init.go b/lxd/main_init.go
index c08db11f2..f556599bb 100644
--- a/lxd/main_init.go
+++ b/lxd/main_init.go
@@ -827,7 +827,7 @@ func (cmd *CmdInit) askDefaultPrivileged() int {
 	// Detect lack of uid/gid
 	defaultPrivileged := -1
 	needPrivileged := false
-	idmapset, err := idmap.DefaultIdmapSet()
+	idmapset, err := idmap.DefaultIdmapSet("")
 	if err != nil || len(idmapset.Idmap) == 0 || idmapset.Usable() != nil {
 		needPrivileged = true
 	}
diff --git a/lxd/util/sys.go b/lxd/util/sys.go
index 9e40ea998..24a4c222c 100644
--- a/lxd/util/sys.go
+++ b/lxd/util/sys.go
@@ -40,7 +40,7 @@ func GetArchitectures() ([]int, error) {
 
 // GetIdmapSet reads the uid/gid allocation.
 func GetIdmapSet() *idmap.IdmapSet {
-	idmapSet, err := idmap.DefaultIdmapSet()
+	idmapSet, err := idmap.DefaultIdmapSet("")
 	if err != nil {
 		logger.Warn("Error reading default uid/gid map", log.Ctx{"err": err.Error()})
 		logger.Warnf("Only privileged containers will be able to run")
diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go
index b4f01e769..2f55547e6 100644
--- a/shared/idmap/idmapset_linux.go
+++ b/shared/idmap/idmapset_linux.go
@@ -661,20 +661,24 @@ func getFromProc(fname string) ([][]int64, error) {
 /*
  * Create a new default idmap
  */
-func DefaultIdmapSet() (*IdmapSet, error) {
+func DefaultIdmapSet(user string) (*IdmapSet, error) {
 	idmapset := new(IdmapSet)
 
-	// Check if shadow's uidmap tools are installed
-	newuidmap, _ := exec.LookPath("newuidmap")
-	newgidmap, _ := exec.LookPath("newgidmap")
-	if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") {
+	if user == "" {
 		currentUser, err := user.Current()
 		if err != nil {
 			return nil, err
 		}
 
+		user = currentUser.Username
+	}
+
+	// Check if shadow's uidmap tools are installed
+	newuidmap, _ := exec.LookPath("newuidmap")
+	newgidmap, _ := exec.LookPath("newgidmap")
+	if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") {
 		// Parse the shadow uidmap
-		entries, err := getFromShadow("/etc/subuid", currentUser.Username)
+		entries, err := getFromShadow("/etc/subuid", user)
 		if err != nil {
 			return nil, err
 		}
@@ -693,7 +697,7 @@ func DefaultIdmapSet() (*IdmapSet, error) {
 		}
 
 		// Parse the shadow gidmap
-		entries, err = getFromShadow("/etc/subgid", currentUser.Username)
+		entries, err = getFromShadow("/etc/subgid", user)
 		if err != nil {
 			return nil, err
 		}


More information about the lxc-devel mailing list