[lxc-devel] [lxc/master] lxc-usernsexec: improvements

brauner on Github lxc-bot at linuxcontainers.org
Wed May 20 10:16:01 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200520/db529e52/attachment.bin>
-------------- next part --------------
From 7cf6e24d079cb3654c2f9ac871e144735ee5325b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 20 May 2020 12:10:54 +0200
Subject: [PATCH 1/2] lxc-usernsexec: dumb down from error to warning message

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cmd/lxc_usernsexec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 6441fb3c86..79dfe42c94 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -61,7 +61,7 @@ static void opentty(const char *tty, int which)
 
 	fd = open(tty, O_RDWR | O_NONBLOCK);
 	if (fd < 0) {
-		CMD_SYSERROR("Failed to open tty");
+		CMD_SYSINFO("Failed to open tty");
 		return;
 	}
 

From 158d119f90ab10ba0b2e38f72254658cc4c90f00 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 20 May 2020 12:14:21 +0200
Subject: [PATCH 2/2] lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when
we are a fully unprivileged user.

Closes: 3420.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cmd/lxc_usernsexec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 79dfe42c94..3c22482f4f 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
 	int ret;
 	char **argv = (char **)vargv;
 
-	/* Assume we want to become root */
-	if (!lxc_switch_uid_gid(0, 0))
+	if (!lxc_setgroups(0, NULL))
 		return -1;
 
-	if (!lxc_setgroups(0, NULL))
+	/* Assume we want to become root */
+	if (!lxc_switch_uid_gid(0, 0))
 		return -1;
 
 	ret = unshare(CLONE_NEWNS);

More information about the lxc-devel mailing list