From: Patrick Toomey <ptoomey3@biasedcoin.com>
Date: Wed, 19 Aug 2015 17:04:38 +0000 (-0600)
Subject: Add support for setting lxc-execute init UID/GID via configuration file
X-Git-Tag: lxc-2.0.0.beta1~164^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72bb04e4b879de066cef0445bfb7d79ac922d43e;p=thirdparty%2Flxc.git

Add support for setting lxc-execute init UID/GID via configuration file

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 9870455b3..07aecb758 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2604,6 +2604,11 @@ struct lxc_conf *lxc_conf_init(void)
 	for (i = 0; i < LXC_NS_MAX; i++)
 		new->inherit_ns_fd[i] = -1;
 
+	/* if running in a new user namespace, init and COMMAND
+	 * default to running as UID/GID 0 when using lxc-execute */
+	new->init_uid = 0;
+	new->init_gid = 0;
+
 	return new;
 }
 
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index b9f93f954..dc5328a3f 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -366,8 +366,8 @@ struct lxc_conf {
 	/* init command */
 	char *init_cmd;
 
-	/* if running in a new user namespace, the UID/GID that COMMAND for
-	 * lxc-execute should run under */
+	/* if running in a new user namespace, the UID/GID that init and COMMAND
+	 * should run under when using lxc-execute */
 	uid_t init_uid;
 	gid_t init_gid;
 };
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index b045689d5..bb39ee05e 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -104,6 +104,8 @@ static int config_start(const char *, const char *, struct lxc_conf *);
 static int config_group(const char *, const char *, struct lxc_conf *);
 static int config_environment(const char *, const char *, struct lxc_conf *);
 static int config_init_cmd(const char *, const char *, struct lxc_conf *);
+static int config_init_uid(const char *, const char *, struct lxc_conf *);
+static int config_init_gid(const char *, const char *, struct lxc_conf *);
 
 static struct lxc_config_t config[] = {
 
@@ -168,6 +170,8 @@ static struct lxc_config_t config[] = {
 	{ "lxc.group",                config_group                },
 	{ "lxc.environment",          config_environment          },
 	{ "lxc.init_cmd",             config_init_cmd             },
+	{ "lxc.init_uid",             config_init_uid             },
+	{ "lxc.init_gid",             config_init_gid             },
 };
 
 struct signame {
@@ -1034,11 +1038,25 @@ static int config_init_cmd(const char *key, const char *value,
 	return config_path_item(&lxc_conf->init_cmd, value);
 }
 
+static int config_init_uid(const char *key, const char *value,
+				 struct lxc_conf *lxc_conf)
+{
+	lxc_conf->init_uid = atoi(value);
+	return 0;
+}
+
+static int config_init_gid(const char *key, const char *value,
+				 struct lxc_conf *lxc_conf)
+{
+	lxc_conf->init_gid = atoi(value);
+	return 0;
+}
+
 static int config_hook(const char *key, const char *value,
 				 struct lxc_conf *lxc_conf)
 {
 	char *copy;
-	
+
 	if (!value || strlen(value) == 0)
 		return lxc_clear_hooks(lxc_conf, key);