chown_mapped_root: fix assumption that calling uid == gid

Because if they are not, then we'll fail trying to map that gid into the
container.

The function doesn't change any gids, but lxc-usernsexec always does
setgid(0), so just map getgid() to 0 in the container.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a841d797d87ce1bf02017ed56fc45c45ae7fb0cd..daf491f4977d2db6345cb33f2f8938dde6b18d9f 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3349,19 +3349,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf)
        }
        if (!pid) {
                int hostuid = geteuid(), ret;
-               char map1[100], map2[100];
-               char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", "chown",
-                                "0", path, NULL};
+               char map1[100], map2[100], map3[100];
+               char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m",
+                                map3, "--", "chown", "0", path, NULL};
 
-               // "b:0:rootid:1"
-               ret = snprintf(map1, 100, "b:0:%d:1", rootid);
+               // "u:0:rootid:1"
+               ret = snprintf(map1, 100, "u:0:%d:1", rootid);
                if (ret < 0 || ret >= 100) {
                        ERROR("Error uid printing map string");
                        return -1;
                }
 
-               // "b:hostuid:hostuid:1"
-               ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid);
+               // "u:hostuid:hostuid:1"
+               ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid);
+               if (ret < 0 || ret >= 100) {
+                       ERROR("Error uid printing map string");
+                       return -1;
+               }
+
+               // "g:0:hostgid:1"
+               ret = snprintf(map3, 100, "g:0:%d:1", getgid());
                if (ret < 0 || ret >= 100) {
                        ERROR("Error uid printing map string");
                        return -1;