Add support for setting lxc-execute init UID/GID via configuration file

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 9870455b3caeccb7470b822d995a74f46893ff79..07aecb758f996a2d413ba6658d3504b18aa2dbd3 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2604,6 +2604,11 @@ struct lxc_conf *lxc_conf_init(void)
        for (i = 0; i < LXC_NS_MAX; i++)
                new->inherit_ns_fd[i] = -1;
 
+       /* if running in a new user namespace, init and COMMAND
+        * default to running as UID/GID 0 when using lxc-execute */
+       new->init_uid = 0;
+       new->init_gid = 0;
+
        return new;
 }
 

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index b9f93f954c18b15cd1ba4601cba8b4d1afeef38d..dc5328a3fed588cb5f7c23c3e4f756c1211beb7b 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -366,8 +366,8 @@ struct lxc_conf {
        /* init command */
        char *init_cmd;
 
-       /* if running in a new user namespace, the UID/GID that COMMAND for
-        * lxc-execute should run under */
+       /* if running in a new user namespace, the UID/GID that init and COMMAND
+        * should run under when using lxc-execute */
        uid_t init_uid;
        gid_t init_gid;
 };

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index b045689d59c15b47b758a397834cb432d96efbe4..bb39ee05e77e5932c0e6553e2a55aa2ae33d002f 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -104,6 +104,8 @@ static int config_start(const char *, const char *, struct lxc_conf *);
 static int config_group(const char *, const char *, struct lxc_conf *);
 static int config_environment(const char *, const char *, struct lxc_conf *);
 static int config_init_cmd(const char *, const char *, struct lxc_conf *);
+static int config_init_uid(const char *, const char *, struct lxc_conf *);
+static int config_init_gid(const char *, const char *, struct lxc_conf *);
 
 static struct lxc_config_t config[] = {
 
@@ -168,6 +170,8 @@ static struct lxc_config_t config[] = {
        { "lxc.group",                config_group                },
        { "lxc.environment",          config_environment          },
        { "lxc.init_cmd",             config_init_cmd             },
+       { "lxc.init_uid",             config_init_uid             },
+       { "lxc.init_gid",             config_init_gid             },
 };
 
 struct signame {
@@ -1034,11 +1038,25 @@ static int config_init_cmd(const char *key, const char *value,
        return config_path_item(&lxc_conf->init_cmd, value);
 }
 
+static int config_init_uid(const char *key, const char *value,
+                                struct lxc_conf *lxc_conf)
+{
+       lxc_conf->init_uid = atoi(value);
+       return 0;
+}
+
+static int config_init_gid(const char *key, const char *value,
+                                struct lxc_conf *lxc_conf)
+{
+       lxc_conf->init_gid = atoi(value);
+       return 0;
+}
+
 static int config_hook(const char *key, const char *value,
                                 struct lxc_conf *lxc_conf)
 {
        char *copy;
-       
+
        if (!value || strlen(value) == 0)
                return lxc_clear_hooks(lxc_conf, key);