Re: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
On 07/28/2014 10:59 PM, Richard Weinberger wrote: The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 s/commit commit/kernel commit/ (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at --- src/lxc/lxc_controller.c | 25 +++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb..82ecf12 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static uint32_t I've changed this to 'unsigned int' to match the type used by virDomainIdMapEntry. +virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, int num, +uint32_t src) +{ +int i; This should be size_t to pass 'make syntax-check'. + +for (i = 0; i num; i++) { +if (src map[i].start src map[i].start + map[i].count) +return map[i].target + (src - map[i].start); +} + +return src; +} static int virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map, ACK; pushed now. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
Am 14.08.2014 14:35, schrieb Ján Tomko: On 07/28/2014 10:59 PM, Richard Weinberger wrote: The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 s/commit commit/kernel commit/ (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at --- src/lxc/lxc_controller.c | 25 +++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb..82ecf12 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static uint32_t I've changed this to 'unsigned int' to match the type used by virDomainIdMapEntry. Why is uint32_t wrong? :) +virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, int num, +uint32_t src) +{ +int i; This should be size_t to pass 'make syntax-check'. /me pushes 'make syntax-check' to TODO list. Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
On 08/14/2014 02:45 PM, Richard Weinberger wrote: Am 14.08.2014 14:35, schrieb Ján Tomko: On 07/28/2014 10:59 PM, Richard Weinberger wrote: The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 s/commit commit/kernel commit/ (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at --- src/lxc/lxc_controller.c | 25 +++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb..82ecf12 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static uint32_t I've changed this to 'unsigned int' to match the type used by virDomainIdMapEntry. Why is uint32_t wrong? :) Not really wrong, uint32_t should have the same range as unsigned int on Linux. I just wanted them to be consistent. Jan signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
Am 29.07.2014 05:45, schrieb chenhanx...@cn.fujitsu.com: -Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Richard Weinberger Sent: Tuesday, July 29, 2014 4:59 AM To: libvir-list@redhat.com Cc: Richard Weinberger; da...@sigma-star.at Subject: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com ping Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at --- src/lxc/lxc_controller.c | 25 +++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 2d220eb..82ecf12 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl) return rc; } +static uint32_t +virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, int num, +uint32_t src) +{ +int i; + +for (i = 0; i num; i++) { +if (src map[i].start src map[i].start + map[i].count) +return map[i].target + (src - map[i].start); +} + +return src; +} static int virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map, @@ -1930,6 +1943,7 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) char *opts = NULL; char *devpts = NULL; int ret = -1; +gid_t ptsgid = 5; VIR_DEBUG(Setting up private /dev/pts); @@ -1949,10 +1963,17 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl) goto cleanup; } +if (ctrl-def-idmap.ngidmap) +ptsgid = +virLXCControllerLookupUsernsMap(ctrl-def-idmap.gidmap, +ctrl-def-idmap.ngidmap, +ptsgid); + /* XXX should we support gid=X for X!=5 for distros which use * a different gid for tty? */ -if (virAsprintf(opts, newinstance,ptmxmode=0666,mode=0620,gid=5%s, -(mount_options ? mount_options : )) 0) +if (virAsprintf +(opts, newinstance,ptmxmode=0666,mode=0620,gid=%u%s, ptsgid, + (mount_options ? mount_options : )) 0) goto cleanup; VIR_DEBUG(Mount devpts on %s type=tmpfs flags=%x, opts=%s, -- 2.0.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
-Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Richard Weinberger Sent: Tuesday, July 29, 2014 4:59 AM To: libvir-list@redhat.com Cc: Richard Weinberger; da...@sigma-star.at Subject: [libvirt] [PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces The gid value passed to devpts has to be translated by hand as virLXCControllerSetupDevPTS() is called before setting up the user and group mappings. Otherwise devpts will use an unmapped gid and openpty() will fail within containers. Linux commit commit 23adbe12 (fs,userns: Change inode_capable to capable_wrt_inode_uidgid) uncovered that issue. Signed-off-by: Richard Weinberger rich...@nod.at Reviewed-by: Chen Hanxiao chenhanx...@cn.fujitsu.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list