From: Christian Brauner Date: Tue, 2 Jan 2018 22:27:55 +0000 (+0100) Subject: conf{ile}: detect ns{g,u}id mapping for root X-Git-Tag: lxc-3.0.0.beta1~89^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46ad64ab261e01780b9058e26824b91d7fd5ceb6;p=thirdparty%2Flxc.git conf{ile}: detect ns{g,u}id mapping for root Closes #2033. Signed-off-by: Christian Brauner --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index de661c004..9f7f8d8fa 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2573,6 +2573,8 @@ struct lxc_conf *lxc_conf_init(void) lxc_list_init(&new->caps); lxc_list_init(&new->keepcaps); lxc_list_init(&new->id_map); + new->root_nsuid_map = NULL; + new->root_nsgid_map = NULL; lxc_list_init(&new->includes); lxc_list_init(&new->aliens); lxc_list_init(&new->environment); diff --git a/src/lxc/conf.h b/src/lxc/conf.h index b7ddf1d3f..371238220 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -282,7 +282,15 @@ struct lxc_conf { signed long personality; struct utsname *utsname; struct lxc_list cgroup; - struct lxc_list id_map; + struct { + struct lxc_list id_map; + /* Pointer to the idmap entry for the container's root uid in + * the id_map list. Do not free! */ + struct id_map *root_nsuid_map; + /* Pointer to the idmap entry for the container's root gid in + * the id_map list. Do not free! */ + struct id_map *root_nsgid_map; + }; struct lxc_list network; int auto_mounts; struct lxc_list mount_list; diff --git a/src/lxc/confile.c b/src/lxc/confile.c index cde4f3e86..0033d5597 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1681,6 +1681,16 @@ static int set_config_idmaps(const char *key, const char *value, idmap->range = range; idmaplist->elem = idmap; lxc_list_add_tail(&lxc_conf->id_map, idmaplist); + + if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_UID) + if (idmap->nsid == 0) + lxc_conf->root_nsuid_map = idmap; + + + if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_GID) + if (idmap->nsid == 0) + lxc_conf->root_nsgid_map = idmap; + idmap = NULL; return 0;