The geteuid() addition is being made the first element of the lxc_list,
but the first element is just a head whose entry is ignored. Therefore
userns_exec_1() was starting its tasks without the caller's uid mapped
into the namespace.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
src/lxc/conf.c | 52 +++++++++++++++++++++++++---------------------------
1 file changed, 25 insertions(+), 27 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index d2942cb..30d0d6b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2170,9 +2170,9 @@ static int setup_caps(struct lxc_list *caps)
DEBUG("drop capability '%s' (%d)", drop_entry, capid);
if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
- SYSERROR("failed to remove %s capability", drop_entry);
- return -1;
- }
+ SYSERROR("failed to remove %s capability", drop_entry);
+ return -1;
+ }
}
@@ -2240,9 +2240,9 @@ static int dropcaps_except(struct lxc_list *caps)
if (caplist[i])
continue;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0)) {
- SYSERROR("failed to remove capability %d", i);
- return -1;
- }
+ SYSERROR("failed to remove capability %d", i);
+ return -1;
+ }
}
DEBUG("capabilities have been setup");
@@ -3135,7 +3135,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
* Return true if id was found, false otherwise.
*/
bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
- unsigned long *val)
+ unsigned long *val)
{
struct lxc_list *it;
struct id_map *map;
@@ -3266,7 +3266,7 @@ int lxc_create_tty(const char *name, struct lxc_conf
*conf)
DEBUG("allocated pty '%s' (%d/%d)",
pty_info->name, pty_info->master, pty_info->slave);
- /* Prevent leaking the file descriptors to the container */
+ /* Prevent leaking the file descriptors to the container */
fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
@@ -3969,29 +3969,31 @@ static struct lxc_list *idmap_add_id(struct lxc_conf
*conf, uid_t uid)
struct lxc_list *new = NULL, *tmp, *it, *next;
struct id_map *entry;
+ new = malloc(sizeof(*new));
+ if (!new) {
+ ERROR("Out of memory building id map");
+ return NULL;
+ }
+ lxc_list_init(new);
+
if (hostid_mapped < 0) {
hostid_mapped = find_unmapped_nsuid(conf);
- if (hostid_mapped < 0) {
- ERROR("Could not find free uid to map");
- return NULL;
- }
- new = malloc(sizeof(*new));
- if (!new) {
- ERROR("Out of memory building id map");
- return NULL;
- }
+ if (hostid_mapped < 0)
+ goto err;
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ goto err;
entry = malloc(sizeof(*entry));
if (!entry) {
- free(new);
- ERROR("Out of memory building idmap entry");
- return NULL;
+ free(tmp);
+ goto err;
}
- new->elem = entry;
+ tmp->elem = entry;
entry->idtype = ID_TYPE_UID;
entry->nsid = hostid_mapped;
entry->hostid = (unsigned long)uid;
entry->range = 1;
- lxc_list_init(new);
+ lxc_list_add_tail(new, tmp);
}
lxc_list_for_each_safe(it, &conf->id_map, next) {
tmp = malloc(sizeof(*tmp));
@@ -4005,11 +4007,7 @@ static struct lxc_list *idmap_add_id(struct lxc_conf
*conf, uid_t uid)
memset(entry, 0, sizeof(*entry));
memcpy(entry, it->elem, sizeof(*entry));
tmp->elem = entry;
- if (!new) {
- new = tmp;
- lxc_list_init(new);
- } else
- lxc_list_add_tail(new, tmp);
+ lxc_list_add_tail(new, tmp);
}
return new;
--
1.8.5.3
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
