[lxc-devel] [lxd/master] idmap: get rid of new{u,g}idmap checks

tych0 on Github lxc-bot at linuxcontainers.org
Fri Mar 9 23:11:42 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 876 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180309/bcdf31cb/attachment.bin>
-------------- next part --------------
From 79388e509f7e48f5135250ba07e3d6e3b98465bf Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Fri, 9 Mar 2018 16:00:01 -0700
Subject: [PATCH] idmap: get rid of new{u,g}idmap checks

I believe these checks are intended as a heuristic to indicate whether or
not the current userspace understands idmaps. However, it is perfectly
possible to have a userspace that knows about /etc/subuid, but doesn't have
newuidmap installed. In fact, on my recent upgrade to bionic, it helpfully
uninstalled newuidmap, which is how I noticed this in the first place.

Given that there are additional checks to see if /etc/uidmap actually
exists, we should just go with those and assume people know what they're
doing.

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 shared/idmap/idmapset_linux.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go
index 7e55d87b5..f284ea2a6 100644
--- a/shared/idmap/idmapset_linux.go
+++ b/shared/idmap/idmapset_linux.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"os"
-	"os/exec"
 	"os/user"
 	"path"
 	"path/filepath"
@@ -673,10 +672,7 @@ func DefaultIdmapSet(username string) (*IdmapSet, error) {
 		username = currentUser.Username
 	}
 
-	// Check if shadow's uidmap tools are installed
-	newuidmap, _ := exec.LookPath("newuidmap")
-	newgidmap, _ := exec.LookPath("newgidmap")
-	if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") {
+	if shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") {
 		// Parse the shadow uidmap
 		entries, err := getFromShadow("/etc/subuid", username)
 		if err != nil {


More information about the lxc-devel mailing list