[lxc-devel] [lxd/master] Container: Fix export crash when shiftfs is in use

Wed, 16 Sep 2020 09:59:32 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7879

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===


From 2012aab0046ad5367f521626647819c0ff0b3ef9 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 16 Sep 2020 17:57:11 +0100
Subject: [PATCH 1/2] shared/idmap/shift/linux: Handle nil IdmapSet in
 UnshiftACL and UnshiftCaps

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 shared/idmap/shift_linux.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/shared/idmap/shift_linux.go b/shared/idmap/shift_linux.go
index f0d7393fb8..05fdd6cd6f 100644
--- a/shared/idmap/shift_linux.go
+++ b/shared/idmap/shift_linux.go
@@ -440,6 +440,10 @@ func SupportsVFS3Fscaps(prefix string) bool {
 }
 
 func UnshiftACL(value string, set *IdmapSet) (string, error) {
+       if set == nil {
+               return "", fmt.Errorf("Invalid IdmapSet supplied")
+       }
+
        buf := []byte(value)
        cBuf := C.CBytes(buf)
        defer C.free(cBuf)
@@ -502,6 +506,10 @@ func UnshiftACL(value string, set *IdmapSet) (string, 
error) {
 }
 
 func UnshiftCaps(value string, set *IdmapSet) (string, error) {
+       if set == nil {
+               return "", fmt.Errorf("Invalid IdmapSet supplied")
+       }
+
        buf := []byte(value)
        cBuf := C.CBytes(buf)
        defer C.free(cBuf)

From b66d417b088ec9149fed0ca1d1818d69ef77f28c Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 16 Sep 2020 17:57:46 +0100
Subject: [PATCH 2/2] shared/instancewriter/instance/tar/writer: Handle nil
 idmapSet and log shifting errors in WriteFile

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 shared/instancewriter/instance_tar_writer.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/shared/instancewriter/instance_tar_writer.go 
b/shared/instancewriter/instance_tar_writer.go
index 9d842664f6..3a1599ad36 100644
--- a/shared/instancewriter/instance_tar_writer.go
+++ b/shared/instancewriter/instance_tar_writer.go
@@ -108,24 +108,24 @@ func (ctw *InstanceTarWriter) WriteFile(name string, 
srcPath string, fi os.FileI
 
                hdr.PAXRecords = make(map[string]string, len(xattrs))
                for key, val := range xattrs {
-                       if key == "system.posix_acl_access" {
+                       if key == "system.posix_acl_access" && ctw.idmapSet != 
nil {
                                aclAccess, err := idmap.UnshiftACL(val, 
ctw.idmapSet)
                                if err != nil {
-                                       logger.Debugf("%s - Failed to unshift 
ACL access permissions", err)
+                                       logger.Debugf("Failed to unshift ACL 
access permissions of %q: %v", srcPath, err)
                                        continue
                                }
                                hdr.PAXRecords["SCHILY.acl.access"] = aclAccess
-                       } else if key == "system.posix_acl_default" {
+                       } else if key == "system.posix_acl_default" && 
ctw.idmapSet != nil {
                                aclDefault, err := idmap.UnshiftACL(val, 
ctw.idmapSet)
                                if err != nil {
-                                       logger.Debugf("%s - Failed to unshift 
ACL default permissions", err)
+                                       logger.Debugf("Failed to unshift ACL 
default permissions of %q: %v", srcPath, err)
                                        continue
                                }
                                hdr.PAXRecords["SCHILY.acl.default"] = 
aclDefault
-                       } else if key == "security.capability" {
+                       } else if key == "security.capability" && ctw.idmapSet 
!= nil {
                                vfsCaps, err := idmap.UnshiftCaps(val, 
ctw.idmapSet)
                                if err != nil {
-                                       logger.Debugf("%s - Failed to unshift 
vfs capabilities", err)
+                                       logger.Debugf("Failed to unshift VFS 
capabilities of %q: %v", srcPath, err)
                                        continue
                                }
                                hdr.PAXRecords["SCHILY.xattr."+key] = vfsCaps

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to