From: Serge Hallyn Date: Thu, 8 Feb 2018 19:04:23 +0000 (-0600) Subject: Restore most cases of am_guest_unpriv X-Git-Tag: lxc-2.0.10~343 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b76e59dbcb777928e46e129e7711ad43c88cbda;p=thirdparty%2Flxc.git Restore most cases of am_guest_unpriv The only cases where we really need to be privileged with respect to the host is when we are trying to mknod, and in some cases to do with a physical network device. This patch leaves the detection of the network device cases as a TODO. This should fix the currently broken case of starting a privileged container with at least one veth nic, nested inside an unprivileged container. Cc: Tycho Andersen Signed-off-by: Serge Hallyn --- diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index de996acb5..5b211211d 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -2511,7 +2511,7 @@ static bool has_snapshots(struct lxc_container *c) static bool do_destroy_container(struct lxc_conf *conf) { int ret; - if (am_unpriv()) { + if (am_guest_unpriv()) { ret = userns_exec_full(conf, storage_destroy_wrapper, conf, "storage_destroy_wrapper"); if (ret < 0) @@ -2597,7 +2597,7 @@ static bool container_destroy(struct lxc_container *c) const char *p1 = do_lxcapi_get_config_path(c); char *path = alloca(strlen(p1) + strlen(c->name) + 2); sprintf(path, "%s/%s", p1, c->name); - if (am_unpriv()) + if (am_guest_unpriv()) ret = userns_exec_full(conf, lxc_rmdir_onedev_wrapper, path, "lxc_rmdir_onedev_wrapper"); else @@ -3334,7 +3334,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char goto out; } - if (am_unpriv()) { + if (am_guest_unpriv()) { if (chown_mapped_root(newpath, c->lxc_conf) < 0) { ERROR("Error chowning %s to container root", newpath); goto out; @@ -3410,7 +3410,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char data.c1 = c2; data.flags = flags; data.hookargs = hookargs; - if (am_unpriv()) + if (am_guest_unpriv()) ret = userns_exec_full(c->lxc_conf, clone_update_rootfs_wrapper, &data, "clone_update_rootfs_wrapper"); else @@ -4072,7 +4072,7 @@ static bool add_remove_device_node(struct lxc_container *c, const char *src_path static bool do_lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) { - if (am_unpriv()) { + if (am_host_unpriv()) { ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); return false; } @@ -4083,7 +4083,7 @@ WRAP_API_2(bool, lxcapi_add_device_node, const char *, const char *) static bool do_lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) { - if (am_unpriv()) { + if (am_host_unpriv()) { ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); return false; } @@ -4099,7 +4099,7 @@ static bool do_lxcapi_attach_interface(struct lxc_container *c, pid_t init_pid; int ret = 0; - if (am_unpriv()) { + if (am_guest_unpriv()) { ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); return false; } @@ -4138,7 +4138,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, int ret; pid_t pid, pid_outside; - if (am_unpriv()) { + if (am_guest_unpriv()) { ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); return false; } diff --git a/src/lxc/network.c b/src/lxc/network.c index 1f46996a3..713ac9068 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -2365,7 +2365,7 @@ int lxc_network_move_created_netdev_priv(const char *lxcpath, const char *lxcnam char ifname[IFNAMSIZ]; struct lxc_list *iterator; - if (am_unpriv()) + if (am_guest_unpriv()) return 0; lxc_list_for_each(iterator, network) { @@ -2403,7 +2403,7 @@ int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname, { struct lxc_list *iterator; - if (!am_unpriv()) + if (!am_guest_unpriv()) return 0; lxc_list_for_each(iterator, network) { diff --git a/src/lxc/start.c b/src/lxc/start.c index 5c567fef9..eee5799ee 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -656,11 +656,11 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf, memset(handler, 0, sizeof(*handler)); - /* Note that am_unpriv() checks the effective uid. We probably don't + /* Note that am_guest_unpriv() checks the effective uid. We probably don't * care if we are real root only if we are running as root so this * should be fine. */ - handler->am_root = !am_unpriv(); + handler->am_root = !am_guest_unpriv(); handler->data_sock[0] = handler->data_sock[1] = -1; handler->conf = conf; handler->lxcpath = lxcpath; diff --git a/src/lxc/storage/aufs.c b/src/lxc/storage/aufs.c index 567a597f6..1a8d2be52 100644 --- a/src/lxc/storage/aufs.c +++ b/src/lxc/storage/aufs.c @@ -61,7 +61,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, if (mkdir_p(new->dest, 0755) < 0) return -1; - if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(new->dest, conf) < 0) WARN("Failed to update ownership of %s", new->dest); if (strcmp(orig->type, "dir") == 0) { @@ -88,7 +88,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, free(delta); return -1; } - if (am_unpriv() && chown_mapped_root(delta, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(delta, conf) < 0) WARN("Failed to update ownership of %s", delta); // the src will be 'aufs:lowerdir:upperdir' @@ -129,13 +129,13 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, free(ndelta); return -1; } - if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(ndelta, conf) < 0) WARN("Failed to update ownership of %s", ndelta); struct rsync_data_char rdata; rdata.src = odelta; rdata.dest = ndelta; - if (am_unpriv()) + if (am_guest_unpriv()) ret = userns_exec_full(conf, rsync_delta_wrapper, &rdata, "rsync_delta_wrapper"); else diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c index 2537e9efc..bbfc9c8fe 100644 --- a/src/lxc/storage/btrfs.c +++ b/src/lxc/storage/btrfs.c @@ -393,7 +393,7 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, if (snap) { struct rsync_data_char sdata; - if (!am_unpriv()) + if (!am_guest_unpriv()) return btrfs_snapshot(orig->dest, new->dest); sdata.dest = new->dest; sdata.src = orig->dest; diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c index 770821663..d8504cdb7 100644 --- a/src/lxc/storage/overlay.c +++ b/src/lxc/storage/overlay.c @@ -73,7 +73,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char if (mkdir_p(new->dest, 0755) < 0) return -1; - if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(new->dest, conf) < 0) WARN("Failed to update ownership of %s", new->dest); if (strcmp(orig->type, "dir") == 0) { @@ -105,7 +105,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char free(delta); return -1; } - if (am_unpriv() && chown_mapped_root(delta, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(delta, conf) < 0) WARN("Failed to update ownership of %s", delta); /* @@ -130,7 +130,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char free(work); return -1; } - if (am_unpriv() && chown_mapped_root(work, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(work, conf) < 0) WARN("Failed to update ownership of %s", work); free(work); @@ -174,7 +174,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char free(ndelta); return -1; } - if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(ndelta, conf) < 0) WARN("Failed to update ownership of %s", ndelta); /* @@ -205,7 +205,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char free(work); return -1; } - if (am_unpriv() && chown_mapped_root(work, conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(work, conf) < 0) WARN("Failed to update ownership of %s", work); free(work); @@ -751,7 +751,7 @@ static int ovl_do_rsync(struct lxc_storage *orig, struct lxc_storage *new, rdata.orig = orig; rdata.new = new; - if (am_unpriv()) + if (am_guest_unpriv()) ret = userns_exec_full(conf, ovl_rsync_wrapper, &rdata, "ovl_rsync_wrapper"); else diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c index 765ba8278..6ecb6b8ca 100644 --- a/src/lxc/storage/storage.c +++ b/src/lxc/storage/storage.c @@ -372,7 +372,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname, if (!bdevtype && !keepbdevtype && snap && (!strcmp(orig->type, "dir") || !strcmp(orig->type, "overlayfs"))) bdevtype = "overlayfs"; - if (am_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) { + if (am_guest_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) { ERROR("Unsupported snapshot type \"%s\" for unprivileged users", bdevtype ? bdevtype : "(null)"); storage_put(orig); @@ -409,7 +409,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname, goto err; } - if (am_unpriv() && chown_mapped_root(new->src, c0->lxc_conf) < 0) + if (am_guest_unpriv() && chown_mapped_root(new->src, c0->lxc_conf) < 0) WARN("Failed to update ownership of %s", new->dest); if (snap) @@ -458,7 +458,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname, data.orig = orig; data.new = new; - if (am_unpriv()) + if (am_guest_unpriv()) ret = userns_exec_full(c0->lxc_conf, rsync_rootfs_wrapper, &data, "rsync_rootfs_wrapper"); else diff --git a/src/lxc/utils.h b/src/lxc/utils.h index 260738d85..a2bad89db 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -432,7 +432,7 @@ inline static bool am_guest_unpriv(void) { } /* are we unprivileged with respect to init_user_ns */ -inline static bool am_unpriv(void) +inline static bool am_host_unpriv(void) { FILE *f; uid_t user, host, count;