Quoting KATOH Yasufumi ([email protected]): > Hi, > > I applied this patch and test. lxc-destroy work fine. :-) > > >>> On Sat, 28 Jun 2014 18:39:54 +0900 > in message "[lxc-devel] [PATCH] Fix to work lxc-destroy with > unprivileged containers on recent kernel" > TAMUKI Shoichi-san wrote: > > > Change idmap_add_id() to add both ID_TYPE_UID and ID_TYPE_GID entries > > to an existing lxc_conf, not just an ID_TYPE_UID entry, so as to work > > lxc-destroy with unprivileged containers on recent kernel. > > > Signed-off-by: TAMUKI Shoichi <[email protected]> > > Acked-by: KATOH Yasufumi <[email protected]>
Thanks again! Acked-by: Serge E. Hallyn <[email protected]> > > --- > > src/lxc/conf.c | 49 ++++++++++++++++++++++++++++++++++--------------- > > 1 file changed, 34 insertions(+), 15 deletions(-) > > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > > index df2f7cc..70f57af 100644 > > --- a/src/lxc/conf.c > > +++ b/src/lxc/conf.c > > @@ -4508,14 +4508,14 @@ static int run_userns_fn(void *data) > > } > > > /* > > - * Add a ID_TYPE_UID entry to an existing lxc_conf, if it is not > > - * alread there. > > - * We may want to generalize this to do gids as well as uids, but right now > > - * it's not necessary. > > + * Add ID_TYPE_UID/ID_TYPE_GID entries to an existing lxc_conf, > > + * if they are not already there. > > */ > > -static struct lxc_list *idmap_add_id(struct lxc_conf *conf, uid_t uid) > > +static struct lxc_list *idmap_add_id(struct lxc_conf *conf, > > + uid_t uid, gid_t gid) > > { > > - int hostid_mapped = mapped_hostid(uid, conf, ID_TYPE_UID); > > + int hostuid_mapped = mapped_hostid(uid, conf, ID_TYPE_UID); > > + int hostgid_mapped = mapped_hostid(gid, conf, ID_TYPE_GID); > > struct lxc_list *new = NULL, *tmp, *it, *next; > > struct id_map *entry; > > > @@ -4526,9 +4526,9 @@ static struct lxc_list *idmap_add_id(struct lxc_conf > > *conf, uid_t uid) > > } > > lxc_list_init(new); > > > - if (hostid_mapped < 0) { > > - hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID); > > - if (hostid_mapped < 0) > > + if (hostuid_mapped < 0) { > > + hostuid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID); > > + if (hostuid_mapped < 0) > > goto err; > > tmp = malloc(sizeof(*tmp)); > > if (!tmp) > > @@ -4540,8 +4540,27 @@ static struct lxc_list *idmap_add_id(struct lxc_conf > > *conf, uid_t uid) > > } > > tmp->elem = entry; > > entry->idtype = ID_TYPE_UID; > > - entry->nsid = hostid_mapped; > > - entry->hostid = (unsigned long)uid; > > + entry->nsid = hostuid_mapped; > > + entry->hostid = (unsigned long) uid; > > + entry->range = 1; > > + lxc_list_add_tail(new, tmp); > > + } > > + if (hostgid_mapped < 0) { > > + hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID); > > + if (hostgid_mapped < 0) > > + goto err; > > + tmp = malloc(sizeof(*tmp)); > > + if (!tmp) > > + goto err; > > + entry = malloc(sizeof(*entry)); > > + if (!entry) { > > + free(tmp); > > + goto err; > > + } > > + tmp->elem = entry; > > + entry->idtype = ID_TYPE_GID; > > + entry->nsid = hostgid_mapped; > > + entry->hostid = (unsigned long) gid; > > entry->range = 1; > > lxc_list_add_tail(new, tmp); > > } > > @@ -4563,7 +4582,7 @@ static struct lxc_list *idmap_add_id(struct lxc_conf > > *conf, uid_t uid) > > return new; > > > err: > > - ERROR("Out of memory building a new uid map"); > > + ERROR("Out of memory building a new uid/gid map"); > > if (new) > > lxc_free_idmap(new); > > free(new); > > @@ -4572,7 +4591,7 @@ err: > > > /* > > * Run a function in a new user namespace. > > - * The caller's euid will be mapped in if it is not already. > > + * The caller's euid/egid will be mapped in if it is not already. > > */ > > int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data) > > { > > @@ -4597,8 +4616,8 @@ int userns_exec_1(struct lxc_conf *conf, int > > (*fn)(void *), void *data) > > close(p[0]); > > p[0] = -1; > > > - if ((idmap = idmap_add_id(conf, geteuid())) == NULL) { > > - ERROR("Error adding self to container uid map"); > > + if ((idmap = idmap_add_id(conf, geteuid(), getegid())) == NULL) { > > + ERROR("Error adding self to container uid/gid map"); > > goto err; > > } > > > -- > > 1.9.0 > > _______________________________________________ > > lxc-devel mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-devel > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
