[lxc-devel] [lxc/master] lxc-usernsexec: improvements

Wed, 20 May 2020 03:17:09 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3422

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

From 7cf6e24d079cb3654c2f9ac871e144735ee5325b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 20 May 2020 12:10:54 +0200
Subject: [PATCH 1/2] lxc-usernsexec: dumb down from error to warning message

Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/cmd/lxc_usernsexec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 6441fb3c86..79dfe42c94 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -61,7 +61,7 @@ static void opentty(const char *tty, int which)
 
        fd = open(tty, O_RDWR | O_NONBLOCK);
        if (fd < 0) {
-               CMD_SYSERROR("Failed to open tty");
+               CMD_SYSINFO("Failed to open tty");
                return;
        }
 

From 158d119f90ab10ba0b2e38f72254658cc4c90f00 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 20 May 2020 12:14:21 +0200
Subject: [PATCH 2/2] lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when
we are a fully unprivileged user.

Closes: 3420.
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/cmd/lxc_usernsexec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 79dfe42c94..3c22482f4f 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
        int ret;
        char **argv = (char **)vargv;
 
-       /* Assume we want to become root */
-       if (!lxc_switch_uid_gid(0, 0))
+       if (!lxc_setgroups(0, NULL))
                return -1;
 
-       if (!lxc_setgroups(0, NULL))
+       /* Assume we want to become root */
+       if (!lxc_switch_uid_gid(0, 0))
                return -1;
 
        ret = unshare(CLONE_NEWNS);

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to