Restore most cases of am_guest_unpriv

The only cases where we really need to be privileged with respect to the host is when we are trying to mknod, and in some cases to do with a physical network device. This patch leaves the detection of the network device cases as a TODO. This should fix the currently broken case of starting a privileged container with at least one veth nic, nested inside an unprivileged container. Cc: Tycho Andersen <tycho@tycho.ws> Signed-off-by: Serge Hallyn <shallyn@cisco.com>

Restore most cases of am_guest_unpriv
6b76e59d · Serge Hallyn · Christian Brauner · dcc035de · 6b76e59d · 6b76e59d
Unverified Commit 6b76e59d authored Feb 08, 2018 by Serge Hallyn Committed by Christian Brauner Feb 12, 2018
8 changed files
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2511,7 +2511,7 @@ static bool has_snapshots(struct lxc_container *c)
 static bool do_destroy_container(struct lxc_conf *conf) {
 	int ret;

-	if (am_unpriv()) {
+	if (am_guest_unpriv()) {
 		ret = userns_exec_full(conf, storage_destroy_wrapper, conf,
 				       "storage_destroy_wrapper");
 		if (ret < 0)
@@ -2597,7 +2597,7 @@ static bool container_destroy(struct lxc_container *c)
 	const char *p1 = do_lxcapi_get_config_path(c);
 	char *path = alloca(strlen(p1) + strlen(c->name) + 2);
 	sprintf(path, "%s/%s", p1, c->name);
-	if (am_unpriv())
+	if (am_guest_unpriv())
 		ret = userns_exec_full(conf, lxc_rmdir_onedev_wrapper, path,
 				       "lxc_rmdir_onedev_wrapper");
 	else
@@ -3334,7 +3334,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char
 		goto out;
 	}

-	if (am_unpriv()) {
+	if (am_guest_unpriv()) {
 		if (chown_mapped_root(newpath, c->lxc_conf) < 0) {
 			ERROR("Error chowning %s to container root", newpath);
 			goto out;
@@ -3410,7 +3410,7 @@ static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char
 	data.c1 = c2;
 	data.flags = flags;
 	data.hookargs = hookargs;
-	if (am_unpriv())
+	if (am_guest_unpriv())
 		ret = userns_exec_full(c->lxc_conf, clone_update_rootfs_wrapper,
 				       &data, "clone_update_rootfs_wrapper");
 	else
@@ -4072,7 +4072,7 @@ static bool add_remove_device_node(struct lxc_container *c, const char *src_path

 static bool do_lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
 {
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4083,7 +4083,7 @@ WRAP_API_2(bool, lxcapi_add_device_node, const char *, const char *)

 static bool do_lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
 {
-	if (am_unpriv()) {
+	if (am_host_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4099,7 +4099,7 @@ static bool do_lxcapi_attach_interface(struct lxc_container *c,
 	pid_t init_pid;
 	int ret = 0;

-	if (am_unpriv()) {
+	if (am_guest_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}
@@ -4138,7 +4138,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c,
 	int ret;
 	pid_t pid, pid_outside;

-	if (am_unpriv()) {
+	if (am_guest_unpriv()) {
 		ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
 		return false;
 	}

--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2365,7 +2365,7 @@ int lxc_network_move_created_netdev_priv(const char *lxcpath, const char *lxcnam
 	char ifname[IFNAMSIZ];
 	struct lxc_list *iterator;

-	if (am_unpriv())
+	if (am_guest_unpriv())
 		return 0;

 	lxc_list_for_each(iterator, network) {
@@ -2403,7 +2403,7 @@ int lxc_create_network_unpriv(const char *lxcpath, const char *lxcname,
 {
 	struct lxc_list *iterator;

-	if (!am_unpriv())
+	if (!am_guest_unpriv())
 		return 0;

 	lxc_list_for_each(iterator, network) {

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -656,11 +656,11 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,

 	memset(handler, 0, sizeof(*handler));

-	/* Note that am_unpriv() checks the effective uid. We probably don't
+	/* Note that am_guest_unpriv() checks the effective uid. We probably don't
 	 * care if we are real root only if we are running as root so this
 	 * should be fine.
 	 */
-	handler->am_root = !am_unpriv();
+	handler->am_root = !am_guest_unpriv();
 	handler->data_sock[0] = handler->data_sock[1] = -1;
 	handler->conf = conf;
 	handler->lxcpath = lxcpath;

--- a/src/lxc/storage/aufs.c
+++ b/src/lxc/storage/aufs.c
@@ -61,7 +61,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 	if (mkdir_p(new->dest, 0755) < 0)
 		return -1;

-	if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0)
+	if (am_guest_unpriv() && chown_mapped_root(new->dest, conf) < 0)
 		WARN("Failed to update ownership of %s", new->dest);

 	if (strcmp(orig->type, "dir") == 0) {
@@ -88,7 +88,7 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			free(delta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(delta, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(delta, conf) < 0)
 			WARN("Failed to update ownership of %s", delta);

 		// the src will be 'aufs:lowerdir:upperdir'
@@ -129,13 +129,13 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			free(ndelta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(ndelta, conf) < 0)
 			WARN("Failed to update ownership of %s", ndelta);

 		struct rsync_data_char rdata;
 		rdata.src = odelta;
 		rdata.dest = ndelta;
-		if (am_unpriv())
+		if (am_guest_unpriv())
 			ret = userns_exec_full(conf, rsync_delta_wrapper,
 					       &rdata, "rsync_delta_wrapper");
 		else

--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -393,7 +393,7 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,

 	if (snap) {
 		struct rsync_data_char sdata;
-		if (!am_unpriv())
+		if (!am_guest_unpriv())
 			return btrfs_snapshot(orig->dest, new->dest);
 		sdata.dest = new->dest;
 		sdata.src = orig->dest;

--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -73,7 +73,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 	if (mkdir_p(new->dest, 0755) < 0)
 		return -1;

-	if (am_unpriv() && chown_mapped_root(new->dest, conf) < 0)
+	if (am_guest_unpriv() && chown_mapped_root(new->dest, conf) < 0)
 		WARN("Failed to update ownership of %s", new->dest);

 	if (strcmp(orig->type, "dir") == 0) {
@@ -105,7 +105,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			free(delta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(delta, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(delta, conf) < 0)
 			WARN("Failed to update ownership of %s", delta);

 		/*
@@ -130,7 +130,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			free(work);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(work, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(work, conf) < 0)
 			WARN("Failed to update ownership of %s", work);
 		free(work);

@@ -174,7 +174,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			free(ndelta);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(ndelta, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(ndelta, conf) < 0)
 			WARN("Failed to update ownership of %s", ndelta);

 		/*
@@ -205,7 +205,7 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 			free(work);
 			return -1;
 		}
-		if (am_unpriv() && chown_mapped_root(work, conf) < 0)
+		if (am_guest_unpriv() && chown_mapped_root(work, conf) < 0)
 			WARN("Failed to update ownership of %s", work);
 		free(work);

@@ -751,7 +751,7 @@ static int ovl_do_rsync(struct lxc_storage *orig, struct lxc_storage *new,

 	rdata.orig = orig;
 	rdata.new = new;
-	if (am_unpriv())
+	if (am_guest_unpriv())
 		ret = userns_exec_full(conf, ovl_rsync_wrapper, &rdata,
 				       "ovl_rsync_wrapper");
 	else

--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -372,7 +372,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
 	if (!bdevtype && !keepbdevtype && snap && (!strcmp(orig->type, "dir") || !strcmp(orig->type, "overlayfs")))
 		bdevtype = "overlayfs";

-	if (am_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) {
+	if (am_guest_unpriv() && !unpriv_snap_allowed(orig, bdevtype, snap, maybe_snap)) {
 		ERROR("Unsupported snapshot type \"%s\" for unprivileged users",
 		      bdevtype ? bdevtype : "(null)");
 		storage_put(orig);
@@ -409,7 +409,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
 		goto err;
 	}

-	if (am_unpriv() && chown_mapped_root(new->src, c0->lxc_conf) < 0)
+	if (am_guest_unpriv() && chown_mapped_root(new->src, c0->lxc_conf) < 0)
 		WARN("Failed to update ownership of %s", new->dest);

 	if (snap)
@@ -458,7 +458,7 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,

 	data.orig = orig;
 	data.new = new;
-	if (am_unpriv())
+	if (am_guest_unpriv())
 		ret = userns_exec_full(c0->lxc_conf, rsync_rootfs_wrapper,
 				       &data, "rsync_rootfs_wrapper");
 	else

--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -432,7 +432,7 @@ inline static bool am_guest_unpriv(void) {
 }

 /* are we unprivileged with respect to init_user_ns */
-inline static bool am_unpriv(void)
+inline static bool am_host_unpriv(void)
 {
 	FILE *f;
 	uid_t user, host, count;