Re: [PATCH v4 03/10] LXC: sort the uidmap/gidmap of domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jun 07, 2013 at 03:12:20PM +0800, Gao feng wrote:
> Make sure the mapping line contains the root user of container
> is the first element of idmap array. So we can get the real
> user id on host for the container easily.
> 
> This patch also check the map information, User must map
> the root user of container to any user of host.
> 
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
>  src/conf/domain_conf.c | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index b001938..c4bb05e 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -10200,6 +10200,19 @@ cleanup:
>  }
>  
>  
> +static int virDomainIdMapEntrySort(const void *a, const void *b)
> +{
> +    const virDomainIdMapEntryPtr entrya = (const virDomainIdMapEntryPtr) a;
> +    const virDomainIdMapEntryPtr entryb = (const virDomainIdMapEntryPtr) b;
> +
> +    if (entrya->start > entryb->start)
> +        return 1;
> +    else if (entrya->start < entryb->start)
> +        return -1;
> +    else
> +        return 0;
> +}
> +
>  /* Parse the XML definition for user namespace id map.
>   *
>   * idmap has the form of
> @@ -10227,6 +10240,18 @@ virDomainIdmapDefParseXML(xmlXPathContextPtr ctxt,
>          virXPathUInt("string(./@target)", ctxt, &idmap[i].target);
>          virXPathUInt("string(./@count)", ctxt, &idmap[i].count);
>      }
> +
> +    qsort(idmap, num, sizeof(idmap[0]), virDomainIdMapEntrySort);
> +
> +    if (idmap[0].start != 0) {
> +        /* Root user of container hasn't been mapped to any user of host,
> +         * return error. */
> +        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                       _("You must map the root user of container"));
> +        VIR_FREE(idmap);
> +        idmap = NULL;
> +    }
> +
>   error:
>      ctxt->node = save_ctxt;
>      return idmap;

ACK


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]