conf{ile}: detect ns{g,u}id mapping for root

Closes #2033. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf{ile}: detect ns{g,u}id mapping for root
46ad64ab · Christian Brauner · db7cfe23 · 46ad64ab · 46ad64ab · 46ad64ab
Unverified Commit 46ad64ab authored Jan 02, 2018 by Christian Brauner
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

conf.c src/lxc/conf.c +2 -0

conf.h src/lxc/conf.h +8 -0

confile.c src/lxc/confile.c +10 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2573,6 +2573,8 @@ struct lxc_conf *lxc_conf_init(void)
 	lxc_list_init(&new->caps);
 	lxc_list_init(&new->keepcaps);
 	lxc_list_init(&new->id_map);
+	new->root_nsuid_map = NULL;
+	new->root_nsgid_map = NULL;
 	lxc_list_init(&new->includes);
 	lxc_list_init(&new->aliens);
 	lxc_list_init(&new->environment);

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -282,7 +282,15 @@ struct lxc_conf {
 	signed long personality;
 	struct utsname *utsname;
 	struct lxc_list cgroup;
+	struct {
 		struct lxc_list id_map;
+		/* Pointer to the idmap entry for the container's root uid in
+		 * the id_map list. Do not free! */
+		struct id_map *root_nsuid_map;
+		/* Pointer to the idmap entry for the container's root gid in
+		 * the id_map list. Do not free! */
+		struct id_map *root_nsgid_map;
+	};
 	struct lxc_list network;
 	int auto_mounts;
 	struct lxc_list mount_list;

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1681,6 +1681,16 @@ static int set_config_idmaps(const char *key, const char *value,
 	idmap->range = range;
 	idmaplist->elem = idmap;
 	lxc_list_add_tail(&lxc_conf->id_map, idmaplist);
+	if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_UID)
+		if (idmap->nsid == 0)
+			lxc_conf->root_nsuid_map = idmap;
+	if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_GID)
+		if (idmap->nsid == 0)
+			lxc_conf->root_nsgid_map = idmap;
 	idmap = NULL;
 	return 0;