[lxc-devel] [PATCH 1/1] lxc_map_ids: add a comment

Serge Hallyn Mon, 15 Sep 2014 15:23:01 -0700

(Sent this before in the middle of a thread, sending it separately
so it doesn't get lost)


Explain why we insist that root use newuidmap if it is available.

Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
 src/lxc/conf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 5e61c35..e61002b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3429,6 +3429,12 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
        enum idtype type;
        char *buf = NULL, *pos, *cmdpath = NULL;
 
+       /*
+        * If newuidmap exists, that is, if shadow is handing out subuid
+        * ranges, then insist that root also reserve ranges in subuid.  This
+        * will protected it by preventing another user from being handed the
+        * range by shadow.
+        */
        cmdpath = on_path("newuidmap", NULL);
        if (cmdpath) {
                use_shadow = 1;
-- 
2.1.0

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [PATCH 1/1] lxc_map_ids: add a comment

Reply via email to