On Wed, Jan 13, 2016 at 09:47:50PM +0000, Serge Hallyn wrote: > Quoting Tycho Andersen (tycho.ander...@canonical.com): > > 1. remember to chown the cgroup path when migrating a container > > 2. when restoring the cgroup path, try to compute the euid for root vs. > > using geteuid(); geteuid works for start, but it doesn't work for > > migration since we're still real root at that point. > > > > Signed-off-by: Tycho Andersen <tycho.ander...@canonical.com> > > --- > > src/lxc/cgmanager.c | 6 +++++- > > src/lxc/criu.c | 5 +++++ > > 2 files changed, 10 insertions(+), 1 deletion(-) > > > > diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c > > index 357182a..54e6912 100644 > > --- a/src/lxc/cgmanager.c > > +++ b/src/lxc/cgmanager.c > > @@ -488,7 +488,11 @@ static bool chown_cgroup(const char *cgroup_path, > > struct lxc_conf *conf) > > return true; > > > > data.cgroup_path = cgroup_path; > > - data.origuid = geteuid(); > > + data.origuid = mapped_hostid(0, conf, ID_TYPE_UID); > > + if (data.origuid < 0) { > > Can you confirm that this does not break > > sudo lxc-create -t download -n x1 -- -d ubuntu -r trusty -a amd64 > sudo lxc-start -n x1 > > Because in that case I think we have no mappings, and mapped_hostid() will > return -1.
You can't see it in the patch, but just above this is a lxc_list_empty() test, and this whole path isn't executed if lxc_list_empty() is true, so I think it should be ok. Tycho > > + ERROR("failed to get mapped root id"); > > + return false; > > + } > > > > /* Unpriv users can't chown it themselves, so chown from > > * a child namespace mapping both our own and the target uid > > diff --git a/src/lxc/criu.c b/src/lxc/criu.c > > index 6ef4905..f442612 100644 > > --- a/src/lxc/criu.c > > +++ b/src/lxc/criu.c > > @@ -466,6 +466,11 @@ void do_restore(struct lxc_container *c, int pipe, > > char *directory, bool verbose > > goto out_fini_handler; > > } > > > > + if (!cgroup_chown(handler)) { > > + ERROR("failed creating groups"); > > + goto out_fini_handler; > > + } > > + > > if (!restore_net_info(c)) { > > ERROR("failed restoring network info"); > > goto out_fini_handler; > > -- > > 2.6.4 > > > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel