[lxc-devel] [lxc/master] lxc-usernsexec: improvements
brauner on Github
lxc-bot at linuxcontainers.org
Wed May 20 10:16:01 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200520/db529e52/attachment.bin>
-------------- next part --------------
From 7cf6e24d079cb3654c2f9ac871e144735ee5325b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 20 May 2020 12:10:54 +0200
Subject: [PATCH 1/2] lxc-usernsexec: dumb down from error to warning message
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 6441fb3c86..79dfe42c94 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -61,7 +61,7 @@ static void opentty(const char *tty, int which)
fd = open(tty, O_RDWR | O_NONBLOCK);
if (fd < 0) {
- CMD_SYSERROR("Failed to open tty");
+ CMD_SYSINFO("Failed to open tty");
return;
}
From 158d119f90ab10ba0b2e38f72254658cc4c90f00 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 20 May 2020 12:14:21 +0200
Subject: [PATCH 2/2] lxc-usernsexec: don't fail on setgroups()
We can fail to setgroups() when "deny" has been set which we need to set when
we are a fully unprivileged user.
Closes: 3420.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cmd/lxc_usernsexec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 79dfe42c94..3c22482f4f 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
int ret;
char **argv = (char **)vargv;
- /* Assume we want to become root */
- if (!lxc_switch_uid_gid(0, 0))
+ if (!lxc_setgroups(0, NULL))
return -1;
- if (!lxc_setgroups(0, NULL))
+ /* Assume we want to become root */
+ if (!lxc_switch_uid_gid(0, 0))
return -1;
ret = unshare(CLONE_NEWNS);
More information about the lxc-devel
mailing list