From: Stéphane Graber <stgraber@ubuntu.com>
Date: Wed, 26 Feb 2014 19:15:27 +0000 (-0500)
Subject: lxc-download: Detect unpriv created by real root
X-Git-Tag: lxc-1.1.0.alpha1~264
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1b6244eb510affcd448a9ddf25603e532f4dec6;p=thirdparty%2Flxc.git

lxc-download: Detect unpriv created by real root

This adds yet another case in the in_userns function detecting the case
where an unprivileged container is created by the real uid 0, in which
case we want to share the system wide cache but still use the
unprivileged templates and unpack method.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 53b06e73f..732bd97b9 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -142,8 +142,11 @@ gpg_validate() {
 
 in_userns() {
     [ -e /proc/self/uid_map ] || { echo no; return; }
-    line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
-    [ "$line" = "0 0 4294967295" ] && { echo no; return; }
+    awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map | while read line; do
+        [ "$line" = "0 0 4294967295" ] && { echo no; return; }
+        echo $line | grep -q " 0 1$" && { echo userns-root; return; }
+    done
+
     [ "$(cat /proc/self/uid_map)" = "$(cat /proc/1/uid_map)" ] && \
         { echo userns-root; return; }
     echo yes