[PATCH] LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The gid value passed to devpts has to be translated by hand as
virLXCControllerSetupDevPTS() is called before setting up the user
and group mappings.
Otherwise devpts will use an unmapped gid and openpty()
will fail within containers.
Linux commit commit 23adbe12
("fs,userns: Change inode_capable to capable_wrt_inode_uidgid")
uncovered that issue.

Signed-off-by: Richard Weinberger <richard@xxxxxx>
---
 src/lxc/lxc_controller.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 2d220eb..82ecf12 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1164,6 +1164,19 @@ static int virLXCControllerMain(virLXCControllerPtr ctrl)
     return rc;
 }
 
+static uint32_t
+virLXCControllerLookupUsernsMap(virDomainIdMapEntryPtr map, int num,
+                                uint32_t src)
+{
+    int i;
+
+    for (i = 0; i < num; i++) {
+        if (src > map[i].start && src < map[i].start + map[i].count)
+            return map[i].target + (src - map[i].start);
+    }
+
+    return src;
+}
 
 static int
 virLXCControllerSetupUsernsMap(virDomainIdMapEntryPtr map,
@@ -1930,6 +1943,7 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
     char *opts = NULL;
     char *devpts = NULL;
     int ret = -1;
+    gid_t ptsgid = 5;
 
     VIR_DEBUG("Setting up private /dev/pts");
 
@@ -1949,10 +1963,17 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
         goto cleanup;
     }
 
+    if (ctrl->def->idmap.ngidmap)
+        ptsgid =
+            virLXCControllerLookupUsernsMap(ctrl->def->idmap.gidmap,
+                                            ctrl->def->idmap.ngidmap,
+                                            ptsgid);
+
     /* XXX should we support gid=X for X!=5 for distros which use
      * a different gid for tty?  */
-    if (virAsprintf(&opts, "newinstance,ptmxmode=0666,mode=0620,gid=5%s",
-                    (mount_options ? mount_options : "")) < 0)
+    if (virAsprintf
+        (&opts, "newinstance,ptmxmode=0666,mode=0620,gid=%u%s", ptsgid,
+         (mount_options ? mount_options : "")) < 0)
         goto cleanup;
 
     VIR_DEBUG("Mount devpts on %s type=tmpfs flags=%x, opts=%s",
-- 
2.0.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]