From 98e5ba5156d47436b9445a106f2014f71191c3df Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Thu, 28 Nov 2013 22:53:13 -0600 Subject: [PATCH] chown_mapped_root: fix assumption that calling uid == gid MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Because if they are not, then we'll fail trying to map that gid into the container. The function doesn't change any gids, but lxc-usernsexec always does setgid(0), so just map getgid() to 0 in the container. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber --- src/lxc/conf.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index a841d797d..daf491f49 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3349,19 +3349,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf) } if (!pid) { int hostuid = geteuid(), ret; - char map1[100], map2[100]; - char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", "chown", - "0", path, NULL}; + char map1[100], map2[100], map3[100]; + char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m", + map3, "--", "chown", "0", path, NULL}; - // "b:0:rootid:1" - ret = snprintf(map1, 100, "b:0:%d:1", rootid); + // "u:0:rootid:1" + ret = snprintf(map1, 100, "u:0:%d:1", rootid); if (ret < 0 || ret >= 100) { ERROR("Error uid printing map string"); return -1; } - // "b:hostuid:hostuid:1" - ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid); + // "u:hostuid:hostuid:1" + ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid); + if (ret < 0 || ret >= 100) { + ERROR("Error uid printing map string"); + return -1; + } + + // "g:0:hostgid:1" + ret = snprintf(map3, 100, "g:0:%d:1", getgid()); if (ret < 0 || ret >= 100) { ERROR("Error uid printing map string"); return -1; -- 2.47.3