[PATCH v2 3/8] LXC: sort the uidmap/gidmap of domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Make sure the mapping line contains the root user of container
is the first element of idmap array. So we can get the real
user id on host for the container easily.

This patch also check the map information, User must map
the root user of container to any user of host.

Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
 src/conf/domain_conf.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 46be458..5bc4b8c 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9815,7 +9815,8 @@ virDomainIdmapDefParseXML(const xmlNodePtr *node,
                           ssize_t num)
 {
     int i;
-    struct idmap *idmap = NULL;
+    struct idmap *idmap = NULL, map;
+    int index = -1;
     xmlNodePtr save_ctxt = ctxt->node;
 
     if (VIR_ALLOC_N(idmap, num) < 0) {
@@ -9828,7 +9829,29 @@ virDomainIdmapDefParseXML(const xmlNodePtr *node,
         virXPathUInt("string(./@start)", ctxt, &idmap[i].start);
         virXPathUInt("string(./@target)", ctxt, &idmap[i].target);
         virXPathUInt("string(./@count)", ctxt, &idmap[i].count);
+
+        if (idmap[i].start == 0) {
+            index = i;
+            map.start = idmap[i].start;
+            map.target = idmap[i].target;
+            map.count = idmap[i].count;
+        }
+    }
+    /* Make sure the mapping line contains the root user of container
+     * is the first element of idmap array. So we can get the real
+     * user id on host for the container easily. */
+    if (index != -1) {
+        idmap[index] = idmap[0];
+        idmap[0] = map;
+    } else {
+        /* Root user of container isn't mapped to any user of host,
+         * return error. */
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("You must map the root user of container"));
+        VIR_FREE(idmap);
+        idmap = NULL;
     }
+
  error:
     ctxt->node = save_ctxt;
     return idmap;
-- 
1.8.1.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]