Make sure the mapping line contains the root user of container is the first element of idmap array. So we can get the real user id on host for the container easily. This patch also check the map information, User must map the root user of container to any user of host. Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> --- src/conf/domain_conf.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 46be458..5bc4b8c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -9815,7 +9815,8 @@ virDomainIdmapDefParseXML(const xmlNodePtr *node, ssize_t num) { int i; - struct idmap *idmap = NULL; + struct idmap *idmap = NULL, map; + int index = -1; xmlNodePtr save_ctxt = ctxt->node; if (VIR_ALLOC_N(idmap, num) < 0) { @@ -9828,7 +9829,29 @@ virDomainIdmapDefParseXML(const xmlNodePtr *node, virXPathUInt("string(./@start)", ctxt, &idmap[i].start); virXPathUInt("string(./@target)", ctxt, &idmap[i].target); virXPathUInt("string(./@count)", ctxt, &idmap[i].count); + + if (idmap[i].start == 0) { + index = i; + map.start = idmap[i].start; + map.target = idmap[i].target; + map.count = idmap[i].count; + } + } + /* Make sure the mapping line contains the root user of container + * is the first element of idmap array. So we can get the real + * user id on host for the container easily. */ + if (index != -1) { + idmap[index] = idmap[0]; + idmap[0] = map; + } else { + /* Root user of container isn't mapped to any user of host, + * return error. */ + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("You must map the root user of container")); + VIR_FREE(idmap); + idmap = NULL; } + error: ctxt->node = save_ctxt; return idmap; -- 1.8.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list