[lxc-devel] [go-lxc/v2] Add support for additional groups ids on attach.

Drachenfels-GmbH on Github lxc-bot at linuxcontainers.org
Thu Nov 5 10:25:12 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 368 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201105/dc9df6d6/attachment.bin>
-------------- next part --------------
From 4295ad8f042e6ddd8ebb866bc0629eb1a9b42143 Mon Sep 17 00:00:00 2001
From: Ruben Jenster <r.jenster at drachenfels.de>
Date: Fri, 30 Oct 2020 20:57:55 +0100
Subject: [PATCH] Add support for additional groups ids on attach.

Signed-off-by: Ruben Jenster <r.jenster at drachenfels.de>
---
 container.go  | 20 ++++++++++++++++++++
 lxc-binding.c |  9 ++++++---
 lxc-binding.h |  6 +++---
 options.go    |  4 ++++
 4 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/container.go b/container.go
index caa2d72..cb8aa29 100644
--- a/container.go
+++ b/container.go
@@ -1294,12 +1294,15 @@ func (c *Container) AttachShell(options AttachOptions) error {
 	cwd := C.CString(options.Cwd)
 	defer C.free(unsafe.Pointer(cwd))
 
+	groups := makeGroups(options.Groups)
+
 	ret := int(C.go_lxc_attach(c.container,
 		C.bool(options.ClearEnv),
 		C.int(options.Namespaces),
 		C.long(options.Arch),
 		C.uid_t(options.UID),
 		C.gid_t(options.GID),
+		groups,
 		C.int(options.StdinFd),
 		C.int(options.StdoutFd),
 		C.int(options.StderrFd),
@@ -1313,6 +1316,17 @@ func (c *Container) AttachShell(options AttachOptions) error {
 	return nil
 }
 
+func makeGroups(groups []int) C.struct_lxc_groups_t {
+	if len(groups) == 0 {
+		return C.struct_lxc_groups_t{size: 0, list: nil}
+	}
+	l := make([]C.gid_t, len(groups))
+	for i, g := range groups {
+		l[i] = C.gid_t(g)
+	}
+	return C.struct_lxc_groups_t{size: C.int(len(groups)), list: &l[0]}
+}
+
 func (c *Container) runCommandStatus(args []string, options AttachOptions) (int, error) {
 	if len(args) == 0 {
 		return -1, ErrInsufficientNumberOfArguments
@@ -1343,6 +1357,8 @@ func (c *Container) runCommandStatus(args []string, options AttachOptions) (int,
 	cwd := C.CString(options.Cwd)
 	defer C.free(unsafe.Pointer(cwd))
 
+	groups := makeGroups(options.Groups)
+
 	ret := int(C.go_lxc_attach_run_wait(
 		c.container,
 		C.bool(options.ClearEnv),
@@ -1350,6 +1366,7 @@ func (c *Container) runCommandStatus(args []string, options AttachOptions) (int,
 		C.long(options.Arch),
 		C.uid_t(options.UID),
 		C.gid_t(options.GID),
+		groups,
 		C.int(options.StdinFd),
 		C.int(options.StdoutFd),
 		C.int(options.StderrFd),
@@ -1412,6 +1429,8 @@ func (c *Container) RunCommandNoWait(args []string, options AttachOptions) (int,
 	cwd := C.CString(options.Cwd)
 	defer C.free(unsafe.Pointer(cwd))
 
+	groups := makeGroups(options.Groups)
+
 	var attachedPid C.pid_t
 	ret := int(C.go_lxc_attach_no_wait(
 		c.container,
@@ -1420,6 +1439,7 @@ func (c *Container) RunCommandNoWait(args []string, options AttachOptions) (int,
 		C.long(options.Arch),
 		C.uid_t(options.UID),
 		C.gid_t(options.GID),
+		groups,
 		C.int(options.StdinFd),
 		C.int(options.StdoutFd),
 		C.int(options.StderrFd),
diff --git a/lxc-binding.c b/lxc-binding.c
index 7dcf55d..119a70a 100644
--- a/lxc-binding.c
+++ b/lxc-binding.c
@@ -289,7 +289,7 @@ int go_lxc_attach_no_wait(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
@@ -311,6 +311,7 @@ int go_lxc_attach_no_wait(struct lxc_container *c,
 
 	attach_options.uid = uid;
 	attach_options.gid = gid;
+	attach_options.groups = groups;
 
 	attach_options.stdin_fd = stdinfd;
 	attach_options.stdout_fd = stdoutfd;
@@ -334,7 +335,7 @@ int go_lxc_attach(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
@@ -354,6 +355,7 @@ int go_lxc_attach(struct lxc_container *c,
 
 	attach_options.uid = uid;
 	attach_options.gid = gid;
+	attach_options.groups = groups;
 
 	attach_options.stdin_fd = stdinfd;
 	attach_options.stdout_fd = stdoutfd;
@@ -391,7 +393,7 @@ int go_lxc_attach_run_wait(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
@@ -411,6 +413,7 @@ int go_lxc_attach_run_wait(struct lxc_container *c,
 
 	attach_options.uid = uid;
 	attach_options.gid = gid;
+	attach_options.groups = groups;
 
 	attach_options.stdin_fd = stdinfd;
 	attach_options.stdout_fd = stdoutfd;
diff --git a/lxc-binding.h b/lxc-binding.h
index a3e616b..993e2c2 100644
--- a/lxc-binding.h
+++ b/lxc-binding.h
@@ -50,7 +50,7 @@ extern int go_lxc_attach_run_wait(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
@@ -60,7 +60,7 @@ extern int go_lxc_attach(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
@@ -69,7 +69,7 @@ extern int go_lxc_attach_no_wait(struct lxc_container *c,
 		bool clear_env,
 		int namespaces,
 		long personality,
-		uid_t uid, gid_t gid,
+		uid_t uid, gid_t gid, lxc_groups_t groups,
 		int stdinfd, int stdoutfd, int stderrfd,
 		char *initial_cwd,
 		char **extra_env_vars,
diff --git a/options.go b/options.go
index 08a64eb..8a9ad0c 100644
--- a/options.go
+++ b/options.go
@@ -28,6 +28,9 @@ type AttachOptions struct {
 	// GID specifies the group id to run as.
 	GID int
 
+	// Groups specifies the list of additional group ids to run with.
+	Groups []int
+
 	// If ClearEnv is true the environment is cleared before running the command.
 	ClearEnv bool
 
@@ -54,6 +57,7 @@ var DefaultAttachOptions = AttachOptions{
 	Cwd:        "/",
 	UID:        -1,
 	GID:        -1,
+	Groups:     nil,
 	ClearEnv:   false,
 	Env:        nil,
 	EnvToKeep:  nil,


More information about the lxc-devel mailing list