Split prepend_lxc_usernsexec() off from cleate_run_template() to allow
common use of the function.
Signed-off-by: TAMUKI Shoichi <tam...@linet.gr.jp>
---
src/lxc/lxccontainer.c | 230 ++++++++++++++++++++++++++-----------------------
1 file changed, 121 insertions(+), 109 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index b2ecfb3..dbbd24a 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -877,6 +877,8 @@ static char *lxcbasename(char *path)
}
static char *figureout_rootfs(struct lxc_conf *conf);
+static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
+ int nargs, char **newargv);
static bool create_run_template(struct lxc_container *c, char *tpath, bool
quiet,
char *const argv[])
@@ -961,115 +963,11 @@ static bool create_run_template(struct lxc_container *c,
char *tpath, bool quiet
exit(1);
newargv[nargs - 1] = NULL;
- /*
- * If we're running the template in a mapped userns, then
- * we prepend the template command with:
- * lxc-usernsexec <-m map1> ... <-m mapn> --
- * and we append "--mapped-uid x", where x is the mapped uid
- * for our geteuid()
- */
- if (!lxc_list_empty(&conf->id_map)) {
- int n2args = 1;
- char txtuid[20];
- char txtgid[20];
- char **n2 = malloc(n2args * sizeof(*n2));
- struct lxc_list *it;
- struct id_map *map;
-
- if (!n2) {
- SYSERROR("out of memory");
- exit(1);
- }
- newargv[0] = tpath;
- tpath = "lxc-usernsexec";
- n2[0] = "lxc-usernsexec";
- lxc_list_for_each(it, &conf->id_map) {
- map = it->elem;
- n2args += 2;
- n2 = realloc(n2, n2args * sizeof(char *));
- if (!n2)
- exit(1);
- n2[n2args-2] = "-m";
- n2[n2args-1] = malloc(200);
- if (!n2[n2args-1])
- exit(1);
- ret = snprintf(n2[n2args-1], 200,
"%c:%lu:%lu:%lu",
- map->idtype == ID_TYPE_UID ? 'u' : 'g',
- map->nsid, map->hostid, map->range);
- if (ret < 0 || ret >= 200)
- exit(1);
- }
- int hostid_mapped = mapped_hostid(geteuid(), conf,
ID_TYPE_UID);
- int extraargs = hostid_mapped >= 0 ? 1 : 3;
- n2 = realloc(n2, (nargs + n2args + extraargs) *
sizeof(char *));
- if (!n2)
- exit(1);
- if (hostid_mapped < 0) {
- hostid_mapped = find_unmapped_nsuid(conf,
ID_TYPE_UID);
- n2[n2args++] = "-m";
- if (hostid_mapped < 0) {
- ERROR("Could not find free uid to map");
- exit(1);
- }
- n2[n2args++] = malloc(200);
- if (!n2[n2args-1]) {
- SYSERROR("out of memory");
- exit(1);
- }
- ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
- hostid_mapped, geteuid());
- if (ret < 0 || ret >= 200) {
- ERROR("string too long");
- exit(1);
- }
- }
- int hostgid_mapped = mapped_hostid(getegid(), conf,
ID_TYPE_GID);
- extraargs = hostgid_mapped >= 0 ? 1 : 3;
- n2 = realloc(n2, (nargs + n2args + extraargs) *
sizeof(char *));
- if (!n2)
- exit(1);
- if (hostgid_mapped < 0) {
- hostgid_mapped = find_unmapped_nsuid(conf,
ID_TYPE_GID);
- n2[n2args++] = "-m";
- if (hostgid_mapped < 0) {
- ERROR("Could not find free uid to map");
- exit(1);
- }
- n2[n2args++] = malloc(200);
- if (!n2[n2args-1]) {
- SYSERROR("out of memory");
- exit(1);
- }
- ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
- hostgid_mapped, getegid());
- if (ret < 0 || ret >= 200) {
- ERROR("string too long");
- exit(1);
- }
- }
- n2[n2args++] = "--";
- for (i = 0; i < nargs; i++)
- n2[i + n2args] = newargv[i];
- n2args += nargs;
- // Finally add "--mapped-uid $uid" to tell template
what to chown
- // cached images to
- n2args += 4;
- n2 = realloc(n2, n2args * sizeof(char *));
- if (!n2) {
- SYSERROR("out of memory");
- exit(1);
- }
- // note n2[n2args-1] is NULL
- n2[n2args-5] = "--mapped-uid";
- snprintf(txtuid, 20, "%d", hostid_mapped);
- n2[n2args-4] = txtuid;
- n2[n2args-3] = "--mapped-gid";
- snprintf(txtgid, 20, "%d", hostgid_mapped);
- n2[n2args-2] = txtgid;
- n2[n2args-1] = NULL;
- free(newargv);
- newargv = n2;
- }
+ /* prepend the template command with lxc-usernsexec */
+ if (!lxc_list_empty(&conf->id_map))
+ newargv = prepend_lxc_usernsexec(&tpath, conf,
+ nargs, newargv);
+
/* execute */
execvp(tpath, newargv);
SYSERROR("failed to execute template %s", tpath);
@@ -1135,6 +1033,120 @@ static char *figureout_rootfs(struct lxc_conf *conf)
return bdev->dest;
}
+/*
+ * If we're running the template in a mapped userns, then
+ * we prepend the template command with:
+ * lxc-usernsexec <-m map1> ... <-m mapn> --
+ * and we append "--mapped-uid x", where x is the mapped uid
+ * for our geteuid()
+ */
+static char **prepend_lxc_usernsexec(char **tpath, struct lxc_conf *conf,
+ int nargs, char **newargv)
+{
+ int n2args = 1;
+ char txtuid[20];
+ char txtgid[20];
+ int i, ret;
+ char **n2 = malloc(n2args * sizeof(*n2));
+ struct lxc_list *it;
+ struct id_map *map;
+
+ if (!n2) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ newargv[0] = *tpath;
+ *tpath = "lxc-usernsexec";
+ n2[0] = "lxc-usernsexec";
+ lxc_list_for_each(it, &conf->id_map) {
+ map = it->elem;
+ n2args += 2;
+ n2 = realloc(n2, n2args * sizeof(char *));
+ if (!n2)
+ exit(1);
+ n2[n2args-2] = "-m";
+ n2[n2args-1] = malloc(200);
+ if (!n2[n2args-1])
+ exit(1);
+ ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
+ map->idtype == ID_TYPE_UID ? 'u' : 'g',
+ map->nsid, map->hostid, map->range);
+ if (ret < 0 || ret >= 200)
+ exit(1);
+ }
+ int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
+ int extraargs = hostid_mapped >= 0 ? 1 : 3;
+ n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
+ if (!n2)
+ exit(1);
+ if (hostid_mapped < 0) {
+ hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
+ n2[n2args++] = "-m";
+ if (hostid_mapped < 0) {
+ ERROR("Could not find free uid to map");
+ exit(1);
+ }
+ n2[n2args++] = malloc(200);
+ if (!n2[n2args-1]) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
+ hostid_mapped, geteuid());
+ if (ret < 0 || ret >= 200) {
+ ERROR("string too long");
+ exit(1);
+ }
+ }
+ int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
+ extraargs = hostgid_mapped >= 0 ? 1 : 3;
+ n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
+ if (!n2)
+ exit(1);
+ if (hostgid_mapped < 0) {
+ hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
+ n2[n2args++] = "-m";
+ if (hostgid_mapped < 0) {
+ ERROR("Could not find free uid to map");
+ exit(1);
+ }
+ n2[n2args++] = malloc(200);
+ if (!n2[n2args-1]) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
+ hostgid_mapped, getegid());
+ if (ret < 0 || ret >= 200) {
+ ERROR("string too long");
+ exit(1);
+ }
+ }
+ n2[n2args++] = "--";
+ for (i = 0; i < nargs; i++)
+ n2[i + n2args] = newargv[i];
+ n2args += nargs;
+ // Finally add "--mapped-uid $uid" to tell template what to chown
+ // cached images to
+ n2args += 4;
+ n2 = realloc(n2, n2args * sizeof(char *));
+ if (!n2) {
+ SYSERROR("out of memory");
+ exit(1);
+ }
+ // note n2[n2args-1] is NULL
+ n2[n2args-5] = "--mapped-uid";
+ snprintf(txtuid, 20, "%d", hostid_mapped);
+ n2[n2args-4] = txtuid;
+ n2[n2args-3] = "--mapped-gid";
+ snprintf(txtgid, 20, "%d", hostgid_mapped);
+ n2[n2args-2] = txtgid;
+ n2[n2args-1] = NULL;
+ free(newargv);
+ newargv = n2;
+ return newargv;
+}
+
static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
{
long flen;
--
1.9.0
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
