The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1688
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
We parse /etc/sub?id and stop when we find an entry for the user. If
that isn't big enough, we later refuse to start unpriv containers. But
sub?id may have later entries which are big enough - so just always
make sure to only return entries which will suffice.
Closes #1687
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
From 5d62b2f70bf043735f08b1b4d4d44250af239c64 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hal...@ubuntu.com>
Date: Tue, 1 Mar 2016 15:29:54 -0800
Subject: [PATCH] Don't stop at an unsatisfactory sub?id entry
We parse /etc/sub?id and stop when we find an entry for the user. If
that isn't big enough, we later refuse to start unpriv containers. But
sub?id may have later entries which are big enough - so just always
make sure to only return entries which will suffice.
Closes #1687
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
shared/idmapset_linux.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/shared/idmapset_linux.go b/shared/idmapset_linux.go
index b524d7e..d041acd 100644
--- a/shared/idmapset_linux.go
+++ b/shared/idmapset_linux.go
@@ -322,6 +322,9 @@ func getFromMap(fname string, username string) (int, int,
error) {
}
min = int(bigmin)
idrange = int(bigIdrange)
+ if idrange < 65536 {
+ continue
+ }
return min, idrange, nil
}
}
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
