From a427e2686bd9f99c7c943590c2bec69d99acc340 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 16 Oct 2017 12:50:49 +0200 Subject: [PATCH] conf: error out on too many mappings The kernel only allows 4k writes to most files in /proc including {g,u}id_map so let's not try to write partial mappings. (This will obviously become a lot more relevant when my patch to extend the idmap limit in the kernel is merged.) Signed-off-by: Christian Brauner --- src/lxc/conf.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 6871b83a0..88ed2b7a6 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2701,9 +2701,6 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid) pos += sprintf(mapbuf, "new%cidmap %d", u_or_g, pid); lxc_list_for_each(iterator, idmap) { - /* The kernel only takes <= 4k for writes to - * /proc//[ug]id_map - */ map = iterator->elem; if (map->idtype != type) continue; @@ -2715,8 +2712,13 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid) use_shadow ? " " : "", map->nsid, map->hostid, map->range, use_shadow ? "" : "\n"); - if (fill <= 0 || fill >= left) - SYSERROR("Too many {g,u}id mappings defined."); + if (fill <= 0 || fill >= left) { + /* The kernel only takes <= 4k for writes to + * /proc//{g,u}id_map + */ + SYSERROR("Too many %cid mappings defined", u_or_g); + return -1; + } pos += fill; } -- 2.47.2