From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Thu, 21 Aug 2014 16:02:18 +0000 (+0000)
Subject: chmod container dir to 0770 (v2)
X-Git-Tag: lxc-1.1.0.alpha2~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5752559f8d6971dfd189fcc5ff17f0bef99498c;p=thirdparty%2Flxc.git

chmod container dir to 0770 (v2)

This prevents u2 from going into /home/u1/.local/share/lxc/u1/rootfs
and running setuid-root applications to get write access to u1's
container rootfs.

v2: set umask to 002 for the mkdir.  Otherwise if umask happens to be,
say, 022, then user does not have write permissions under the container
dir and creation of $containerdir/partial file will fail.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 98174f44c..172e667e2 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -735,6 +735,31 @@ static bool lxcapi_stop(struct lxc_container *c)
 	return ret == 0;
 }
 
+static int do_create_container_dir(const char *path, struct lxc_conf *conf)
+{
+	int ret = -1, lasterr;
+	char *p = alloca(strlen(path)+1);
+	mode_t mask = umask(0002);
+	ret = mkdir(path, 0770);
+	lasterr = errno;
+	umask(mask);
+	errno = lasterr;
+	if (ret) {
+		if (errno == EEXIST)
+			ret = 0;
+		else {
+			SYSERROR("failed to create container path %s", path);
+			return -1;
+		}
+	}
+	strcpy(p, path);
+	if (!lxc_list_empty(&conf->id_map) && chown_mapped_root(p, conf) != 0) {
+		ERROR("Failed to chown container dir");
+		ret = -1;
+	}
+	return ret;
+}
+
 /*
  * create the standard expected container dir
  */
@@ -752,13 +777,7 @@ static bool create_container_dir(struct lxc_container *c)
 		free(s);
 		return false;
 	}
-	ret = mkdir(s, 0755);
-	if (ret) {
-		if (errno == EEXIST)
-			ret = 0;
-		else
-			SYSERROR("failed to create container path for %s", c->name);
-	}
+	ret = do_create_container_dir(s, c->lxc_conf);
 	free(s);
 	return ret == 0;
 }
@@ -2705,17 +2724,15 @@ sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \
 only rootfs gets converted (copied/snapshotted) on clone.
 */
 
-static int create_file_dirname(char *path)
+static int create_file_dirname(char *path, struct lxc_conf *conf)
 {
 	char *p = strrchr(path, '/');
-	int ret;
+	int ret = -1;
 
 	if (!p)
 		return -1;
 	*p = '\0';
-	ret = mkdir(path, 0755);
-	if (ret && errno != EEXIST)
-		SYSERROR("creating container path %s", path);
+        ret = do_create_container_dir(path, conf);
 	*p = '/';
 	return ret;
 }
@@ -2759,7 +2776,7 @@ static struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *n
 		goto out;
 	}
 
-	ret = create_file_dirname(newpath);
+	ret = create_file_dirname(newpath, c->lxc_conf);
 	if (ret < 0 && errno != EEXIST) {
 		ERROR("Error creating container dir for %s", newpath);
 		goto out;