The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2549
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <[email protected]>
From 8e2f6d914f5a90f04bebe9765ec0252ad633188a Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 19:30:59 +0200 Subject: [PATCH 1/7] cmd: lxc-usernsexec reorder includes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/cmd/lxc_usernsexec.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index 5ff23400d..837ed3428 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -21,25 +21,25 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ + #include "config.h" -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> +#include <errno.h> +#include <fcntl.h> +#include <grp.h> +#include <libgen.h> +#include <pwd.h> #include <sched.h> -#include <sys/syscall.h> #include <signal.h> +#include <stdio.h> +#include <stdlib.h> #include <string.h> -#include <errno.h> -#include <libgen.h> -#include <fcntl.h> +#include <sys/mount.h> #include <sys/stat.h> +#include <sys/syscall.h> #include <sys/types.h> -#include <sys/mount.h> #include <sys/wait.h> -#include <sched.h> -#include <pwd.h> -#include <grp.h> +#include <unistd.h> #include "conf.h" #include "list.h" From 80a6b5bcecc0954195f03858d8a22309e908bc11 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 19:32:38 +0200 Subject: [PATCH 2/7] cmd: move declarations to macro.h Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/Makefile.am | 1 + src/lxc/cmd/lxc_usernsexec.c | 11 +---------- src/lxc/macro.h | 9 +++++++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 14db7cb47..f868c5108 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -329,6 +329,7 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \ conf.c conf.h \ list.h \ log.c log.h \ + macro.h \ namespace.c namespace.h \ utils.c utils.h endif diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index 837ed3428..35c00c8d3 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -44,21 +44,12 @@ #include "conf.h" #include "list.h" #include "log.h" +#include "macro.h" #include "namespace.h" #include "utils.h" -#ifndef MS_REC -#define MS_REC 16384 -#endif - -#ifndef MS_SLAVE -#define MS_SLAVE (1 << 19) -#endif - extern int lxc_log_fd; -int unshare(int flags); - static void usage(const char *name) { printf("usage: %s [-h] [-m <uid-maps>] -- [command [arg ..]]\n", name); diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 75c63c7c1..8eb54f163 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -187,4 +187,13 @@ extern int __build_bug_on_failed; #define NLMSG_ERROR 0x2 #endif +/* mount */ +#ifndef MS_REC +#define MS_REC 16384 +#endif + +#ifndef MS_SLAVE +#define MS_SLAVE (1 << 19) +#endif + #endif /* __LXC_MACRO_H */ From 850a6dc5ee8082dce3b5c9cd7132ffe14384a361 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 19:33:25 +0200 Subject: [PATCH 3/7] cmd: use utils.{c,h} helpers in lxc-usernsexec Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/cmd/lxc_usernsexec.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index 35c00c8d3..fa1b6a233 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -104,23 +104,13 @@ static int do_child(void *vargv) char **argv = (char **)vargv; /* Assume we want to become root */ - ret = setgid(0); - if (ret < 0) { - CMD_SYSERROR("Failed to set gid to"); - return -1; - } - - ret = setuid(0); - if (ret < 0) { - CMD_SYSERROR("Failed to set uid to 0"); + ret = lxc_switch_uid_gid(0, 0); + if (ret < 0) return -1; - } - ret = setgroups(0, NULL); - if (ret < 0) { - CMD_SYSERROR("Failed to clear supplementary groups"); + ret = lxc_setgroups(0, NULL); + if (ret < 0) return -1; - } ret = unshare(CLONE_NEWNS); if (ret < 0) { From 3a0d5677a6995c879810be13c3a7a08a715772fd Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 19:37:49 +0200 Subject: [PATCH 4/7] cmd: simplify lxc-usernsexec Calculate length only once. Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/cmd/lxc_usernsexec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index fa1b6a233..a2c518005 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -194,8 +194,9 @@ static int parse_map(char *map) * only use the first one for each of uid and gid, because otherwise we're not * sure which entries the user wanted. */ -static int read_default_map(char *fnam, int which, char *username) +static int read_default_map(char *fnam, int which, char *user) { + size_t len; char *p1, *p2; FILE *fin; struct id_map *newmap; @@ -207,10 +208,9 @@ static int read_default_map(char *fnam, int which, char *username) if (!fin) return -1; + len = strlen(user); while (getline(&line, &sz, fin) != -1) { - if (sz <= strlen(username) || - strncmp(line, username, strlen(username)) != 0 || - line[strlen(username)] != ':') + if (sz <= len || strncmp(line, user, len) != 0 || line[len] != ':') continue; p1 = strchr(line, ':'); From 123ed74faecab0e526a16fdb1e3944018bb0467a Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 19:41:00 +0200 Subject: [PATCH 5/7] cmd: use safe number parsers in lxc-usernsexec Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/cmd/lxc_usernsexec.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c index a2c518005..4909a9324 100644 --- a/src/lxc/cmd/lxc_usernsexec.c +++ b/src/lxc/cmd/lxc_usernsexec.c @@ -196,6 +196,7 @@ static int parse_map(char *map) */ static int read_default_map(char *fnam, int which, char *user) { + int ret; size_t len; char *p1, *p2; FILE *fin; @@ -228,8 +229,20 @@ static int read_default_map(char *fnam, int which, char *user) return -1; } - newmap->hostid = atol(p1 + 1); - newmap->range = atol(p2 + 1); + ret = lxc_safe_ulong(p1 + 1, &newmap->hostid); + if (ret < 0) { + fclose(fin); + free(line); + return -1; + } + + ret = lxc_safe_ulong(p2 + 1, &newmap->range); + if (ret < 0) { + fclose(fin); + free(line); + return -1; + } + newmap->nsid = 0; newmap->idtype = which; From d978301fb78ad2e2e64d61dc7f2b2ce0cbff63b5 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 20:01:45 +0200 Subject: [PATCH 6/7] macro: add missing headers Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/macro.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 8eb54f163..7536d6111 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -20,6 +20,16 @@ #ifndef __LXC_MACRO_H #define __LXC_MACRO_H +#include "config.h" + +#include <asm/types.h> +#include <linux/if_link.h> +#include <linux/loop.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <sys/mount.h> +#include <sys/socket.h> + /* Define __S_ISTYPE if missing from the C library. */ #ifndef __S_ISTYPE #define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask)) From 2c436ca48d0da3c442d2802d019ccb1b0eaf6c65 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sun, 19 Aug 2018 20:14:25 +0200 Subject: [PATCH 7/7] macro: add macvlan properties Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/confile_utils.c | 10 +++++----- src/lxc/confile_utils.h | 18 ++---------------- src/lxc/macro.h | 16 ++++++++++++++++ 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c index 2bb46d17b..9b133147a 100644 --- a/src/lxc/confile_utils.c +++ b/src/lxc/confile_utils.c @@ -32,6 +32,7 @@ #include "list.h" #include "log.h" #include "lxccontainer.h" +#include "macro.h" #include "network.h" #include "parse.h" #include "utils.h" @@ -288,13 +289,12 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf) TRACE("type: macvlan"); if (netdev->priv.macvlan_attr.mode > 0) { - char *macvlan_mode; + char *mode; - macvlan_mode = lxc_macvlan_flag_to_mode( + mode = lxc_macvlan_flag_to_mode( netdev->priv.macvlan_attr.mode); TRACE("macvlan mode: %s", - macvlan_mode ? macvlan_mode - : "(invalid mode)"); + mode ? mode : "(invalid mode)"); } break; case LXC_NET_VLAN: @@ -442,7 +442,7 @@ void lxc_free_networks(struct lxc_list *networks) lxc_list_init(networks); } -static struct macvlan_mode { +static struct lxc_macvlan_mode { char *name; int mode; } macvlan_mode[] = { diff --git a/src/lxc/confile_utils.h b/src/lxc/confile_utils.h index b58ce47b2..eda6aa3dd 100644 --- a/src/lxc/confile_utils.h +++ b/src/lxc/confile_utils.h @@ -20,27 +20,13 @@ #ifndef __LXC_CONFILE_UTILS_H #define __LXC_CONFILE_UTILS_H +#include "config.h" + #include <stdbool.h> #include "conf.h" #include "confile_utils.h" -#ifndef MACVLAN_MODE_PRIVATE -#define MACVLAN_MODE_PRIVATE 1 -#endif - -#ifndef MACVLAN_MODE_VEPA -#define MACVLAN_MODE_VEPA 2 -#endif - -#ifndef MACVLAN_MODE_BRIDGE -#define MACVLAN_MODE_BRIDGE 4 -#endif - -#ifndef MACVLAN_MODE_PASSTHRU -#define MACVLAN_MODE_PASSTHRU 8 -#endif - #define strprint(str, inlen, ...) \ do { \ if (str) \ diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 7536d6111..6113adc2e 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -197,6 +197,22 @@ extern int __build_bug_on_failed; #define NLMSG_ERROR 0x2 #endif +#ifndef MACVLAN_MODE_PRIVATE +#define MACVLAN_MODE_PRIVATE 1 +#endif + +#ifndef MACVLAN_MODE_VEPA +#define MACVLAN_MODE_VEPA 2 +#endif + +#ifndef MACVLAN_MODE_BRIDGE +#define MACVLAN_MODE_BRIDGE 4 +#endif + +#ifndef MACVLAN_MODE_PASSTHRU +#define MACVLAN_MODE_PASSTHRU 8 +#endif + /* mount */ #ifndef MS_REC #define MS_REC 16384
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
