From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Fri, 29 Nov 2013 04:53:13 +0000 (-0600)
Subject: chown_mapped_root: fix assumption that calling uid == gid
X-Git-Tag: lxc-1.0.0.beta1~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=98e5ba5156d47436b9445a106f2014f71191c3df;p=thirdparty%2Flxc.git

chown_mapped_root: fix assumption that calling uid == gid

Because if they are not, then we'll fail trying to map that gid into the
container.

The function doesn't change any gids, but lxc-usernsexec always does
setgid(0), so just map getgid() to 0 in the container.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a841d797d..daf491f49 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3349,19 +3349,26 @@ int chown_mapped_root(char *path, struct lxc_conf *conf)
 	}
 	if (!pid) {
 		int hostuid = geteuid(), ret;
-		char map1[100], map2[100];
-		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "--", "chown",
-				 "0", path, NULL};
+		char map1[100], map2[100], map3[100];
+		char *args[] = {"lxc-usernsexec", "-m", map1, "-m", map2, "-m",
+				 map3, "--", "chown", "0", path, NULL};
 
-		// "b:0:rootid:1"
-		ret = snprintf(map1, 100, "b:0:%d:1", rootid);
+		// "u:0:rootid:1"
+		ret = snprintf(map1, 100, "u:0:%d:1", rootid);
 		if (ret < 0 || ret >= 100) {
 			ERROR("Error uid printing map string");
 			return -1;
 		}
 
-		// "b:hostuid:hostuid:1"
-		ret = snprintf(map2, 100, "b:%d:%d:1", hostuid, hostuid);
+		// "u:hostuid:hostuid:1"
+		ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid);
+		if (ret < 0 || ret >= 100) {
+			ERROR("Error uid printing map string");
+			return -1;
+		}
+
+		// "g:0:hostgid:1"
+		ret = snprintf(map3, 100, "g:0:%d:1", getgid());
 		if (ret < 0 || ret >= 100) {
 			ERROR("Error uid printing map string");
 			return -1;