The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4676
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Since this code is handy, let's allow it to parse other roots on the filesystem than just /. Signed-off-by: Tycho Andersen <ty...@tycho.ws>
From a1c243ae27ef2ab958fb35919e3231fa0e5630fc Mon Sep 17 00:00:00 2001 From: Tycho Andersen <ty...@tycho.ws> Date: Wed, 21 Feb 2018 09:29:30 -0700 Subject: [PATCH] allow uidmaps to be parsed from alternate roots Since this code is handy, let's allow it to parse other roots on the filesystem than just /. Signed-off-by: Tycho Andersen <ty...@tycho.ws> --- lxd/main_activateifneeded.go | 2 +- lxd/main_init_interactive.go | 2 +- lxd/util/sys.go | 2 +- shared/idmap/idmapset_linux.go | 11 +++++++---- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lxd/main_activateifneeded.go b/lxd/main_activateifneeded.go index 760478f0a..01806aef8 100644 --- a/lxd/main_activateifneeded.go +++ b/lxd/main_activateifneeded.go @@ -85,7 +85,7 @@ func (c *cmdActivateifneeded) Run(cmd *cobra.Command, args []string) error { } // Load the idmap for unprivileged containers - d.os.IdmapSet, err = idmap.DefaultIdmapSet("") + d.os.IdmapSet, err = idmap.DefaultIdmapSet("", "") if err != nil { return err } diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go index 73ae50d59..24a940c76 100644 --- a/lxd/main_init_interactive.go +++ b/lxd/main_init_interactive.go @@ -586,7 +586,7 @@ your Linux distribution and run "lxd init" again afterwards. func (c *cmdInit) askDaemon(config *initData, d lxd.ContainerServer) error { // Detect lack of uid/gid - idmapset, err := idmap.DefaultIdmapSet("") + idmapset, err := idmap.DefaultIdmapSet("", "") if (err != nil || len(idmapset.Idmap) == 0 || idmapset.Usable() != nil) && shared.RunningInUserNS() { fmt.Printf(` We detected that you are running inside an unprivileged container. diff --git a/lxd/util/sys.go b/lxd/util/sys.go index 681ee79c2..2b227b2f8 100644 --- a/lxd/util/sys.go +++ b/lxd/util/sys.go @@ -40,7 +40,7 @@ func GetArchitectures() ([]int, error) { // GetIdmapSet reads the uid/gid allocation. func GetIdmapSet() *idmap.IdmapSet { - idmapSet, err := idmap.DefaultIdmapSet("") + idmapSet, err := idmap.DefaultIdmapSet("", "") if err != nil { logger.Warn("Error reading default uid/gid map", log.Ctx{"err": err.Error()}) logger.Warnf("Only privileged containers will be able to run") diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go index f284ea2a6..a13572410 100644 --- a/shared/idmap/idmapset_linux.go +++ b/shared/idmap/idmapset_linux.go @@ -660,7 +660,7 @@ func getFromProc(fname string) ([][]int64, error) { /* * Create a new default idmap */ -func DefaultIdmapSet(username string) (*IdmapSet, error) { +func DefaultIdmapSet(rootfs string, username string) (*IdmapSet, error) { idmapset := new(IdmapSet) if username == "" { @@ -672,9 +672,12 @@ func DefaultIdmapSet(username string) (*IdmapSet, error) { username = currentUser.Username } - if shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { + // Check if shadow's uidmap tools are installed + subuidPath := path.Join(rootfs, "/etc/subuid") + subgidPath := path.Join(rootfs, "/etc/subgid") + if shared.PathExists(subuidPath) && shared.PathExists(subgidPath) { // Parse the shadow uidmap - entries, err := getFromShadow("/etc/subuid", username) + entries, err := getFromShadow(subuidPath, username) if err != nil { return nil, err } @@ -693,7 +696,7 @@ func DefaultIdmapSet(username string) (*IdmapSet, error) { } // Parse the shadow gidmap - entries, err = getFromShadow("/etc/subgid", username) + entries, err = getFromShadow(subgidPath, username) if err != nil { return nil, err }
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel