From 41885a0224850c4aedd429e07d95be7f2eda5695 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Mon, 28 Jul 2014 22:59:17 +0200 Subject: [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux kernel commit 23adbe12 ("fs,userns: Change inode_capable to capable_wrt_inode_uidgid") uncovered that issue. Signed-off-by: Richard Weinberger Signed-off-by: Ján Tomko --- src/lxc/lxc_controller.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb44b..1861dd6fdb 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,20 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static unsigned int +virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, + int num, + unsigned int src) +{ + size_t i; + + for (i = 0; i < num; i++) { + if (src > map[i].start && src < map[i].start + map[i].count) + return map[i].target + (src - map[i].start); + } + + return src; +} static int virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map, @@ -1930,6 +1944,7 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) char *opts = NULL; char *devpts = NULL; int ret = -1; + gid_t ptsgid = 5; VIR_DEBUG("Setting up private /dev/pts"); @@ -1949,10 +1964,15 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) goto cleanup; } + if (ctrl->def->idmap.ngidmap) + ptsgid = virLXCControllerLookupUsernsMap(ctrl->def->idmap.gidmap, + ctrl->def->idmap.ngidmap, + ptsgid); + /* XXX should we support gid=X for X!=5 for distros which use * a different gid for tty? */ - if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=5%s", - (mount_options ? mount_options : "")) < 0) + if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=%u%s", + ptsgid, (mount_options ? mount_options : "")) < 0) goto cleanup; VIR_DEBUG("Mount devpts on %s type=tmpfs flags=%x, opts=%s", -- 2.47.2