{
switch (c) {
case 'f': args->rcfile = arg; break;
- case 's': return lxc_config_define_add(&defines, arg);
+ case 's': return lxc_config_define_add(&defines, arg); break;
+ case 'u': args->uid = atoi(arg); break;
+ case 'g': args->gid = atoi(arg);
}
return 0;
}
static const struct option my_longopts[] = {
{"rcfile", required_argument, 0, 'f'},
{"define", required_argument, 0, 's'},
+ {"uid", required_argument, 0, 'u'},
+ {"gid", required_argument, 0, 'g'},
LXC_COMMON_OPTIONS
};
Options :\n\
-n, --name=NAME NAME for name of the container\n\
-f, --rcfile=FILE Load configuration file FILE\n\
- -s, --define KEY=VAL Assign VAL to configuration variable KEY\n",
+ -s, --define KEY=VAL Assign VAL to configuration variable KEY\n\
+ -u, --uid=UID Execute COMMAND with UID inside the container\n\
+ -g, --gid=GID Execute COMMAND with GID inside the container\n",
.options = my_longopts,
.parser = my_parser,
.checker = my_checker,
if (lxc_config_define_load(&defines, conf))
return 1;
+ if (my_args.uid)
+ conf->init_uid = my_args.uid;
+
+ if (my_args.gid)
+ conf->init_gid = my_args.gid;
+
ret = lxc_execute(my_args.name, my_args.argv, my_args.quiet, conf, my_args.lxcpath[0], false);
lxc_conf_free(conf);
* the intent is to execute a command as the original user.
*/
if (!lxc_list_empty(&handler->conf->id_map)) {
- gid_t new_gid = handler->conf->is_execute ? handler->conf->parent_gid : 0;
- gid_t new_uid = handler->conf->is_execute ? handler->conf->parent_uid : 0;
+ gid_t new_gid = 0;
+ if (handler->conf->is_execute && handler->conf->init_gid)
+ new_gid = handler->conf->init_gid;
+
+ uid_t new_uid = 0;
+ if (handler->conf->is_execute && handler->conf->init_uid)
+ new_uid = handler->conf->init_uid;
+
NOTICE("switching to gid/uid %d/%d in new user namespace", new_gid, new_uid);
if (setgid(new_gid)) {
SYSERROR("setgid");
projects / thirdparty / lxc.git / commitdiff
