The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4318
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === I believe these checks are intended as a heuristic to indicate whether or not the current userspace understands idmaps. However, it is perfectly possible to have a userspace that knows about /etc/subuid, but doesn't have newuidmap installed. In fact, on my recent upgrade to bionic, it helpfully uninstalled newuidmap, which is how I noticed this in the first place. Given that there are additional checks to see if /etc/uidmap actually exists, we should just go with those and assume people know what they're doing. Signed-off-by: Tycho Andersen <ty...@tycho.ws>
From 79388e509f7e48f5135250ba07e3d6e3b98465bf Mon Sep 17 00:00:00 2001 From: Tycho Andersen <ty...@tycho.ws> Date: Fri, 9 Mar 2018 16:00:01 -0700 Subject: [PATCH] idmap: get rid of new{u,g}idmap checks I believe these checks are intended as a heuristic to indicate whether or not the current userspace understands idmaps. However, it is perfectly possible to have a userspace that knows about /etc/subuid, but doesn't have newuidmap installed. In fact, on my recent upgrade to bionic, it helpfully uninstalled newuidmap, which is how I noticed this in the first place. Given that there are additional checks to see if /etc/uidmap actually exists, we should just go with those and assume people know what they're doing. Signed-off-by: Tycho Andersen <ty...@tycho.ws> --- shared/idmap/idmapset_linux.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go index 7e55d87b5..f284ea2a6 100644 --- a/shared/idmap/idmapset_linux.go +++ b/shared/idmap/idmapset_linux.go @@ -4,7 +4,6 @@ import ( "bufio" "fmt" "os" - "os/exec" "os/user" "path" "path/filepath" @@ -673,10 +672,7 @@ func DefaultIdmapSet(username string) (*IdmapSet, error) { username = currentUser.Username } - // Check if shadow's uidmap tools are installed - newuidmap, _ := exec.LookPath("newuidmap") - newgidmap, _ := exec.LookPath("newgidmap") - if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { + if shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { // Parse the shadow uidmap entries, err := getFromShadow("/etc/subuid", username) if err != nil {
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel