[lxc-devel] [PATCH 1/1] chown_mapped_root: fix assumption that calling uid == guid

Thu, 28 Nov 2013 20:55:58 -0800 

Because if they are not, then we'll fail trying to map that
gid into the container.

The function doesn't change any gids, but lxc-usernsexec always does
setgid(0), so just map getgid() to 0 in the container.

Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
 src/lxc/conf.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 534e6e6..290a7bb 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3331,19 +3331,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf)
        }
        if (!pid) {
                int hostuid = geteuid(), ret;
-               char map1[100], map2[100];
-               char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", 
"chown",
-                                "0", path, NULL};
+               char map1[100], map2[100], map3[100];
+               char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m",
+                                map3, "--", "chown", "0", path, NULL};
 
-               // "b:0:rootid:1"
-               ret = snprintf(map1, 100, "b:0:%d:1", rootid);
+               // "u:0:rootid:1"
+               ret = snprintf(map1, 100, "u:0:%d:1", rootid);
                if (ret < 0 || ret >= 100) {
                        ERROR("Error uid printing map string");
                        return -1;
                }
 
-               // "b:hostuid:hostuid:1"
-               ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid);
+               // "u:hostuid:hostuid:1"
+               ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid);
+               if (ret < 0 || ret >= 100) {
+                       ERROR("Error uid printing map string");
+                       return -1;
+               }
+
+               // "g:0:hostgid:1"
+               ret = snprintf(map3, 100, "g:0:%d:1", getgid());
                if (ret < 0 || ret >= 100) {
                        ERROR("Error uid printing map string");
                        return -1;
-- 
1.8.3.2


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to