Since this devices are created for the container.
the owner should be the root user of the container.
Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
src/lxc/lxc_controller.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 2072e9a..f7bdf54 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1109,6 +1109,9 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
int ret = -1;
char *ptmx = NULL;
char *path = NULL;
+ uid_t uid = -1;
+ gid_t gid = -1;
+ bool userns_enabled = false;
const struct {
int maj;
int min;
@@ -1122,6 +1125,12 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
{ LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
};
+ if (ctrl->def->idmap.uidmap && ctrl->def->idmap.gidmap) {
+ uid = ctrl->def->idmap.uidmap[0].target;
+ gid = ctrl->def->idmap.gidmap[0].target;
+ userns_enabled = true;
+ }
+
/* Populate /dev/ with a few important bits */
for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) {
if (virAsprintf(&path, "/proc/%llu/root/%s",
@@ -1139,6 +1148,14 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
devs[i].path);
goto out;
}
+
+ if (userns_enabled && (chown(path, uid, gid) < 0)) {
+ virReportSystemError(errno,
+ _("Failed to change owner of device"
+ " %s to %u:%u"),
+ devs[i].path, uid, gid);
+ goto out;
+ }
}
if (virAsprintf(&ptmx, "/proc/%llu/root/dev/pts/ptmx",
@@ -1162,6 +1179,14 @@ static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
virReportSystemError(errno, _("Failed to make device %s"), path);
goto out;
}
+
+ if (userns_enabled && (chown(path, uid, gid) < 0)) {
+ virReportSystemError(errno,
+ _("Failed to change owner of device"
+ " %s to %u:%u"),
+ path, uid, gid);
+ goto out;
+ }
}
ret = 0;
--
1.8.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list