[lxc-devel] [lxc/master] suppress false-negative error in templates and nvidia hook

lpirl on Github lxc-bot at linuxcontainers.org
Mon Jul 22 12:44:41 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 859 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190722/86941be9/attachment.bin>
-------------- next part --------------
From 16a312e118749caf1c4bef3c9553b0564336626b Mon Sep 17 00:00:00 2001
From: Lukas Pirl <git at lukas-pirl.de>
Date: Mon, 22 Jul 2019 14:29:52 +0200
Subject: [PATCH] suppress false-negative error in templates and nvidia hook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

``/proc`` might be mounted with ``hidepid=2``.
This makes ``/proc/1/…`` appear absent for non-root users.
When using the templates or the nvidia hook as a non-root user
(e.g., when creating unprivileged containers) the error
"/proc/1/uid_map: No such file or directory" is printed.
Since the script works correctly despite the error, this error
message might be confusing for users.

Signed-off-by: Lukas Pirl <git at lukas-pirl.de>
---
 hooks/nvidia              | 8 ++++++--
 templates/lxc-busybox.in  | 7 ++++++-
 templates/lxc-download.in | 7 ++++++-
 templates/lxc-local.in    | 9 +++++++--
 templates/lxc-oci.in      | 7 ++++++-
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/hooks/nvidia b/hooks/nvidia
index fa943e387a..c105148087 100755
--- a/hooks/nvidia
+++ b/hooks/nvidia
@@ -58,8 +58,12 @@ in_userns() {
         echo $fields | grep -q " 0 1$" && { echo userns-root; return; } || true
     done < /proc/self/uid_map
 
-    [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
-        { echo userns-root; return; }
+    if [ -e /proc/1/uid_map ]; then
+        if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+            echo userns-root
+            return
+        fi
+    fi
     echo yes
 }
 
diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in
index c9f39872e3..2e59064408 100644
--- a/templates/lxc-busybox.in
+++ b/templates/lxc-busybox.in
@@ -42,7 +42,12 @@ in_userns() {
     fi
   done < /proc/self/uid_map
 
-  [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+  if [ -e /proc/1/uid_map ]; then
+    if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+      echo userns-root
+      return
+    fi
+  fi
   echo yes
 }
 
diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 413b85f35b..d05b995d11 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -179,7 +179,12 @@ in_userns() {
     fi
   done < /proc/self/uid_map
 
-  [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+  if [ -e /proc/1/uid_map ]; then
+    if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+      echo userns-root
+      return
+    fi
+  fi
   echo yes
 }
 
diff --git a/templates/lxc-local.in b/templates/lxc-local.in
index 552a4946de..d0d739aae6 100644
--- a/templates/lxc-local.in
+++ b/templates/lxc-local.in
@@ -51,8 +51,13 @@ in_userns() {
     fi
   done < /proc/self/uid_map
 
-  [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
-    echo yes
+  if [ -e /proc/1/uid_map ]; then
+    if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+      echo userns-root
+      return
+    fi
+  fi
+  echo yes
 }
 
 usage() {
diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 110d03cb62..8017c38c1e 100644
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -62,7 +62,12 @@ in_userns() {
     fi
   done < /proc/self/uid_map
 
-  [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && { echo userns-root; return; }
+  if [ -e /proc/1/uid_map ]; then
+    if [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ]; then
+      echo userns-root
+      return
+    fi
+  fi
   echo yes
 }
 


More information about the lxc-devel mailing list