[lxc-devel] [lxd/master] shared/idmap: Skip empty subuid/subgid

stgraber on Github lxc-bot at linuxcontainers.org
Tue Mar 31 01:06:07 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200330/43fab360/attachment.bin>
-------------- next part --------------
From 5510ab48c11f43c522274026e92ff0cebf7e807e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 30 Mar 2020 21:05:49 -0400
Subject: [PATCH] shared/idmap: Skip empty subuid/subgid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 shared/idmap/idmapset_linux.go |  4 +++-
 shared/util.go                 | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go
index 72c0c3bd60..9834f1a317 100644
--- a/shared/idmap/idmapset_linux.go
+++ b/shared/idmap/idmapset_linux.go
@@ -756,7 +756,9 @@ func DefaultIdmapSet(rootfs string, username string) (*IdmapSet, error) {
 	// Check if shadow's uidmap tools are installed
 	subuidPath := path.Join(rootfs, "/etc/subuid")
 	subgidPath := path.Join(rootfs, "/etc/subgid")
-	if shared.PathExists(subuidPath) && shared.PathExists(subgidPath) {
+	subuidEmpty, _ := shared.FileIsEmpty(subuidPath)
+	subgidEmpty, _ := shared.FileIsEmpty(subgidPath)
+	if shared.PathExists(subuidPath) && shared.PathExists(subgidPath) && subuidEmpty && subgidEmpty {
 		// Parse the shadow uidmap
 		entries, err := getFromShadow(subuidPath, username)
 		if err != nil {
diff --git a/shared/util.go b/shared/util.go
index 4813aa62f4..e48cedbfe3 100644
--- a/shared/util.go
+++ b/shared/util.go
@@ -87,6 +87,22 @@ func PathIsEmpty(path string) (bool, error) {
 	return false, err
 }
 
+// FileIsEmpty checks if the given file is empty.
+func FileIsEmpty(path string) (bool, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return false, err
+	}
+	defer f.Close()
+
+	stat, err := f.Stat()
+	if err != nil {
+		return false, err
+	}
+
+	return stat.Size() == 0, nil
+}
+
 // IsDir returns true if the given path is a directory.
 func IsDir(name string) bool {
 	stat, err := os.Stat(name)


More information about the lxc-devel mailing list