[lxc-users] PAM-CGFS error messages

Andreas Kirbach akirbach at forumhome.com
Mon Aug 22 11:26:24 UTC 2016


Serge E. Hallyn wrote:
> Hi,
> 
> thanks for commenting on this.  Indeed the current behavior is wrong.
> The right thing is not as simple as returning true though.  If you
> look at handle_login(), it checks for existed == 1 and continues with
> the next index if so.  But it will have bailed due to cgfs_create()
> returning false before that.  That is the bug.  So handle_login()
> should be doing:
> 
> 	*existed = false;
> 	if (!cgfs_create(cg, uid, gid, &existed) && !existed) {
> 		mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user);
> 		return PAM_SESSION_ERR;
> 	}
> 	if (existed) {
> 		idx++;
> 		continue;
> 	}
> 
> then !cgfs_create_forone() should return false when existed == true,
> not true.  I *think* that should handle all the cases correctly.
> 
> Does it look right to you?  Do you want to send a patch for this?  (Else
> I can push it tonight)
Hi Serge,

thanks for your feedback.

I've applied the attached patch and the error messages seem to have gone
away and I haven't noticed any other problems, but I can't say if this
is now working correctly or not as I am not familiar with the code.

I'd therefore highly appreciate if you could push a patch.

Kind regards,
Andreas Kirbach
-- 
forumhome GmbH & Co. KG
Bruchstr. 54a
67098 Bad Dürkheim
Tel.: +49-6322-91 995-15
Fax:  +49-6322-91 995-19

Andreas Kirbach
Technischer Leiter

akirbach at forumhome.com
www.forumhome.com

Geschäftsführer: Carsten Grentrup

Handelsregister: Ludwigshafen/ Rhein HRA 60968
USt-Id: DE 285 908 418

----------------------------------
----------------------------------
Forumhome sucht Praktikanten im Bereich Online-Marketing, Webdesign und
Webbasierte Softwareentwicklung!
Interesse? Informieren Sie sich unter
http://de.forumhome.com/content/10-jobs und schicken Sie uns Ihre
Bewerbungsunterlagen an jobs at forumhome.com
Wir freuen uns auf Sie!
----------------------------------
----------------------------------

Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen.
Wenn Sie nicht der beabsichtigte Empfänger oder dessen Vertreter sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.

The information contained in this message is confidential or protected
by law. If you are not the intended recipient, please contact the sender
and delete this message.
Any unauthorised copying of this message or unauthorised distribution of
the information contained herein is prohibited.


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus
-------------- next part --------------
--- pam/pam_cgfs.c       2016-08-22 09:41:23.408340195 +0200
+++ pam/pam_cgfs.c       2016-08-22 09:46:24.244340573 +0200
@@ -568,6 +568,8 @@

 static bool cgfs_create_forone(struct controller *c, uid_t uid, gid_t gid, const char *cg, bool *existed)
 {
+       *existed = false;
+
        while (c) {
                if (!c->mount_path || !c->init_path)
                        goto next;
@@ -585,10 +587,21 @@
 #if DEBUG
                        fprintf(stderr, "%s existed\n", path);
 #endif
-                       return true;
+                       return false;
                }

                bool pass = mkdir_p(c->mount_path, path);
+
+               if (!pass && exists(path)) {
+                       free(path);
+                       *existed = true;
+#if DEBUG
+                       fprintf(stderr, "%s existed\n", path);
+#endif
+                       return false;
+               }
+
+
 #if DEBUG
                fprintf(stderr, "Creating %s %s\n", path, pass ? "succeeded" : "failed");
 #endif
@@ -794,7 +807,8 @@
                        return PAM_SESSION_ERR;
                }

-               if (!cgfs_create(cg, uid, gid, &existed)) {
+               existed = false;
+               if (!cgfs_create(cg, uid, gid, &existed) && !existed) {
                        mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user);
                        return PAM_SESSION_ERR;
                }


More information about the lxc-users mailing list