Quoting Stéphane Graber ([email protected]): > Signed-off-by: Stéphane Graber <[email protected]>
(the snprintf wasn't really needed but we can yank that out later) Acked-by: Serge E. Hallyn <[email protected]> > --- > lxc.spec.in | 2 +- > src/lxc/Makefile.am | 35 +++++++++++++++++++---------------- > src/lxc/conf.c | 13 +++++++++++-- > src/lxc/monitor.c | 11 +++++++++-- > src/tests/lxc-test-usernic | 16 +++++++++------- > 5 files changed, 49 insertions(+), 28 deletions(-) > > diff --git a/lxc.spec.in b/lxc.spec.in > index c8ff08e..5e68df2 100644 > --- a/lxc.spec.in > +++ b/lxc.spec.in > @@ -124,7 +124,6 @@ rm -rf %{buildroot} > %files > %defattr(-,root,root) > %{_bindir}/* > -%attr(4111,root,root) %{_bindir}/lxc-user-nic > %{_mandir}/man1/lxc* > %{_mandir}/man5/lxc* > %{_mandir}/man7/lxc* > @@ -150,6 +149,7 @@ rm -rf %{buildroot} > %endif > %{_localstatedir}/* > %attr(4555,root,root) %{_libexecdir}/%{name}/lxc-init > +%attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic > %if %{with_systemd} > %attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup > %endif > diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am > index 602447e..25cdf6d 100644 > --- a/src/lxc/Makefile.am > +++ b/src/lxc/Makefile.am > @@ -113,6 +113,7 @@ AM_CFLAGS=-I$(top_srcdir)/src \ > -DLXCPATH=\"$(LXCPATH)\" \ > -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ > -DLXCINITDIR=\"$(LXCINITDIR)\" \ > + -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ > -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ > -DLOGPATH=\"$(LOGPATH)\" \ > -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ > @@ -181,28 +182,28 @@ endif > bin_PROGRAMS = \ > lxc-attach \ > lxc-autostart \ > - lxc-unshare \ > - lxc-stop \ > - lxc-start \ > + lxc-cgroup \ > lxc-clone \ > - lxc-execute \ > - lxc-monitor \ > - lxc-monitord \ > - lxc-wait \ > + lxc-config \ > lxc-console \ > + lxc-create \ > + lxc-destroy \ > + lxc-execute \ > lxc-freeze \ > lxc-info \ > - lxc-cgroup \ > - lxc-unfreeze \ > - lxc-config \ > - lxc-destroy \ > - lxc-create \ > - lxc-user-nic \ > + lxc-monitor \ > lxc-snapshot \ > - lxc-usernsexec > + lxc-start \ > + lxc-stop \ > + lxc-unfreeze \ > + lxc-unshare \ > + lxc-usernsexec \ > + lxc-wait > > pkglibexec_PROGRAMS = \ > - lxc-init > + lxc-init \ > + lxc-monitord \ > + lxc-user-nic > > AM_LDFLAGS = -Wl,-E > if ENABLE_RPATH > @@ -245,7 +246,9 @@ install-exec-local: install-soPROGRAMS > cd $(DESTDIR)$(libdir); \ > ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., > ,$(VERSION))); \ > ln -sf liblxc.so.$(firstword $(subst ., ,$(VERSION))) liblxc.so > - chmod u+s $(DESTDIR)$(bindir)/lxc-user-nic > + > +install-exec-hook: > + chmod u+s $(DESTDIR)$(libexecdir)/lxc/lxc-user-nic > > uninstall-local: > $(RM) $(DESTDIR)$(libdir)/liblxc.so* > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index 8ce783b..0eb9fc4 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -2982,6 +2982,7 @@ void lxc_delete_network(struct lxc_handler *handler) > static int unpriv_assign_nic(struct lxc_netdev *netdev, pid_t pid) > { > pid_t child; > + int ret; > > if (netdev->type != LXC_NET_VETH) { > ERROR("nic type %d not support for unprivileged use", > @@ -2998,11 +2999,19 @@ static int unpriv_assign_nic(struct lxc_netdev > *netdev, pid_t pid) > return wait_for_pid(child); > > // Call lxc-user-nic pid type bridge > + char lxc_usernic_path[PATH_MAX]; > + > + ret = snprintf(lxc_usernic_path, PATH_MAX, LIBEXECDIR > "/lxc/lxc-user-nic"); > + if (ret < 0 || ret >= PATH_MAX) { > + ERROR("pathname too long"); > + return -1; > + } > + > char pidstr[20]; > - char *args[] = { "lxc-user-nic", pidstr, "veth", netdev->link, > netdev->name, NULL }; > + char *args[] = {lxc_usernic_path, pidstr, "veth", netdev->link, > netdev->name, NULL }; > snprintf(pidstr, 19, "%lu", (unsigned long) pid); > pidstr[19] = '\0'; > - execvp("lxc-user-nic", args); > + execvp(args[0], args); > SYSERROR("execvp lxc-user-nic"); > exit(1); > } > diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c > index 1fe1170..3473758 100644 > --- a/src/lxc/monitor.c > +++ b/src/lxc/monitor.c > @@ -276,11 +276,18 @@ int lxc_monitor_read(int fd, struct lxc_msg *msg) > int lxc_monitord_spawn(const char *lxcpath) > { > pid_t pid1,pid2; > - int pipefd[2]; > + int pipefd[2], ret; > char pipefd_str[11]; > + char monitord_path[PATH_MAX]; > + > + ret = snprintf(monitord_path, PATH_MAX, LIBEXECDIR "/lxc/lxc-monitord"); > + if (ret < 0 || ret >= PATH_MAX) { > + ERROR("pathname too long"); > + return -1; > + } > > char * const args[] = { > - "lxc-monitord", > + monitord_path, > (char *)lxcpath, > pipefd_str, > NULL, > diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic > index 801419a..e641cb9 100755 > --- a/src/tests/lxc-test-usernic > +++ b/src/tests/lxc-test-usernic > @@ -68,13 +68,15 @@ brctl addbr usernic-br1 > ifconfig usernic-br0 0.0.0.0 up > ifconfig usernic-br1 0.0.0.0 up > > +LXC_USERNIC_PATH=$(ls -1 /usr/lib/*/lxc/lxc-user-nic | head -1) > + > # Create three containers > su -l usernic-user -c "lxc-create -P /tmp/usernic-test/lxcbase -t busybox -n > b1 -f /tmp/lxc-usernic.conf" > su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d" > p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'` > > # Assign one veth, should fail as no allowed entries yet > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx1" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx1" > if [ $? -eq 0 ]; then > echo "FAIL: able to create nic with no entries" > cleanup 1 > @@ -86,26 +88,26 @@ sed -i '/^lxc-usernet/d' /etc/lxc/lxc-usernet > echo "lxc-usernet veth usernic-br0 2" >> /etc/lxc/lxc-usernet > > # Assign one veth to second bridge, should fail > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br1 xx1" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br1 xx1" > if [ $? -eq 0 ]; then > echo "FAIL: able to create nic with no entries" > cleanup 1 > fi > > # Assign two veths, should succeed > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx2" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx2" > if [ $? -ne 0 ]; then > echo "FAIL: unable to create first nic" > cleanup 1 > fi > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx3" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx3" > if [ $? -ne 0 ]; then > echo "FAIL: unable to create second nic" > cleanup 1 > fi > > # Assign one more veth, should fail. > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx4" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx4" > if [ $? -eq 0 ]; then > echo "FAIL: able to create third nic" > cleanup 1 > @@ -115,7 +117,7 @@ fi > su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1" > su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d" > p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'` > -su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx5" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx5" > if [ $? -ne 0 ]; then > echo "FAIL: unable to create nic after destroying the old" > cleanup 1 > @@ -129,7 +131,7 @@ lxc-start -n usernic-c1 -d > p2=`lxc-info -n usernic-c1 -p | awk -F: '{ print $2}'` > > # assign veth to it - should fail > -su -l usernic-user -c "lxc-user-nic $p2 veth usernic-br0 xx6" > +su -l usernic-user -c "$LXC_USERNIC_PATH $p2 veth usernic-br0 xx6" > ret=$? > lxc-stop -n usernic-c1 > lxc-destroy -n usernic-c1 > -- > 1.8.5.3 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
