The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4170
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Make this more generally useful by accepting a username. If that is "", then use the current user. Signed-off-by: Serge Hallyn <[email protected]>
From a3e428a4877bc686cfc9e3c26660bb1f7a0b3841 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <[email protected]> Date: Fri, 12 Jan 2018 10:40:45 -0600 Subject: [PATCH] shared/idmap:DefaultIdmapSet(): take a user argument Make this more generally useful by accepting a username. If that is "", then use the current user. Signed-off-by: Serge Hallyn <[email protected]> --- lxd/main_activateifneeded.go | 2 +- lxd/main_init.go | 2 +- lxd/util/sys.go | 2 +- shared/idmap/idmapset_linux.go | 18 +++++++++++------- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/lxd/main_activateifneeded.go b/lxd/main_activateifneeded.go index 4300f96b5..17174d5bd 100644 --- a/lxd/main_activateifneeded.go +++ b/lxd/main_activateifneeded.go @@ -45,7 +45,7 @@ func cmdActivateIfNeeded(args *Args) error { } // Load the idmap for unprivileged containers - d.os.IdmapSet, err = idmap.DefaultIdmapSet() + d.os.IdmapSet, err = idmap.DefaultIdmapSet("") if err != nil { return err } diff --git a/lxd/main_init.go b/lxd/main_init.go index c08db11f2..f556599bb 100644 --- a/lxd/main_init.go +++ b/lxd/main_init.go @@ -827,7 +827,7 @@ func (cmd *CmdInit) askDefaultPrivileged() int { // Detect lack of uid/gid defaultPrivileged := -1 needPrivileged := false - idmapset, err := idmap.DefaultIdmapSet() + idmapset, err := idmap.DefaultIdmapSet("") if err != nil || len(idmapset.Idmap) == 0 || idmapset.Usable() != nil { needPrivileged = true } diff --git a/lxd/util/sys.go b/lxd/util/sys.go index 9e40ea998..24a4c222c 100644 --- a/lxd/util/sys.go +++ b/lxd/util/sys.go @@ -40,7 +40,7 @@ func GetArchitectures() ([]int, error) { // GetIdmapSet reads the uid/gid allocation. func GetIdmapSet() *idmap.IdmapSet { - idmapSet, err := idmap.DefaultIdmapSet() + idmapSet, err := idmap.DefaultIdmapSet("") if err != nil { logger.Warn("Error reading default uid/gid map", log.Ctx{"err": err.Error()}) logger.Warnf("Only privileged containers will be able to run") diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go index b4f01e769..2f55547e6 100644 --- a/shared/idmap/idmapset_linux.go +++ b/shared/idmap/idmapset_linux.go @@ -661,20 +661,24 @@ func getFromProc(fname string) ([][]int64, error) { /* * Create a new default idmap */ -func DefaultIdmapSet() (*IdmapSet, error) { +func DefaultIdmapSet(user string) (*IdmapSet, error) { idmapset := new(IdmapSet) - // Check if shadow's uidmap tools are installed - newuidmap, _ := exec.LookPath("newuidmap") - newgidmap, _ := exec.LookPath("newgidmap") - if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { + if user == "" { currentUser, err := user.Current() if err != nil { return nil, err } + user = currentUser.Username + } + + // Check if shadow's uidmap tools are installed + newuidmap, _ := exec.LookPath("newuidmap") + newgidmap, _ := exec.LookPath("newgidmap") + if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { // Parse the shadow uidmap - entries, err := getFromShadow("/etc/subuid", currentUser.Username) + entries, err := getFromShadow("/etc/subuid", user) if err != nil { return nil, err } @@ -693,7 +697,7 @@ func DefaultIdmapSet() (*IdmapSet, error) { } // Parse the shadow gidmap - entries, err = getFromShadow("/etc/subgid", currentUser.Username) + entries, err = getFromShadow("/etc/subgid", user) if err != nil { return nil, err }
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
