userns: clear and save id_map (v2)

Otherwise (a) there is a memory leak when using user namespaces and
clearing a config, and (b) saving a container configuration file doesn't
maintain the userns mapping.  For instance, if container c1 has
lxc.id_map configuration entries, then

python3
import lxc
c=lxc.Container("c1")
c.save_config("/tmp/config1")

should show 'lxc.id_map =' entries in /tmp/config1.

Changelog for v2:
   1. fix incorrect saving of group types (s/'c'/'g')
   2. fix typo -> idmap->type should be idmap->idtype

Reported-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
Tested-by: Dwight Engen <dwight.engen@oracle.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a69c4f88d7d4cdce903ecab0c9c9f3a8ec611b24..46320dd00599261e942245c1508c7c903d93d6a3 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3079,6 +3079,18 @@ int lxc_clear_config_caps(struct lxc_conf *c)
        return 0;
 }
 
+int lxc_clear_idmaps(struct lxc_conf *c)
+{
+       struct lxc_list *it, *next;
+
+       lxc_list_for_each_safe(it, &c->id_map, next) {
+               lxc_list_del(it);
+               free(it->elem);
+               free(it);
+       }
+       return 0;
+}
+
 int lxc_clear_cgroups(struct lxc_conf *c, const char *key)
 {
        struct lxc_list *it,*next;
@@ -3182,5 +3194,6 @@ void lxc_conf_free(struct lxc_conf *conf)
        lxc_clear_hooks(conf, "lxc.hook");
        lxc_clear_mount_entries(conf);
        lxc_clear_saved_nics(conf);
+       lxc_clear_idmaps(conf);
        free(conf);
 }

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a7db1178a32274f6941800465bfc2a3a778b3a79..bb02e1c75618b7aeb8f64ee057dc35984aafd54f 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1945,6 +1945,12 @@ void write_config(FILE *fout, struct lxc_conf *c)
        }
        lxc_list_for_each(it, &c->caps)
                fprintf(fout, "lxc.cap.drop = %s\n", (char *)it->elem);
+       lxc_list_for_each(it, &c->id_map) {
+               struct id_map *idmap = it->elem;
+               fprintf(fout, "lxc.id_map = %c %lu %lu %lu\n",
+                       idmap->idtype == ID_TYPE_UID ? 'u' : 'g', idmap->nsid,
+                       idmap->hostid, idmap->range);
+       }
        for (i=0; i<NUM_LXC_HOOKS; i++) {
                lxc_list_for_each(it, &c->hooks[i])
                        fprintf(fout, "lxc.hook.%s = %s\n",