Merge pull request #2549 from brauner/2018-08-19/cmd_usernsexec_fixes

src/lxc/Makefile.am

@@ -330,6 +330,7 @@ lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \
 			 conf.c conf.h \
 			 list.h \
 			 log.c log.h \
+			 macro.h \
 			 namespace.c namespace.h \
 			 utils.c utils.h
 endif

src/lxc/cmd/lxc_usernsexec.c

@@ -21,44 +21,35 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
+
 #include "config.h"
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <libgen.h>
+#include <pwd.h>
 #include <sched.h>
-#include <sys/syscall.h>
 #include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
-#include <errno.h>
-#include <libgen.h>
-#include <fcntl.h>
+#include <sys/mount.h>
 #include <sys/stat.h>
+#include <sys/syscall.h>
 #include <sys/types.h>
-#include <sys/mount.h>
 #include <sys/wait.h>
-#include <sched.h>
-#include <pwd.h>
-#include <grp.h>
+#include <unistd.h>
 
 #include "conf.h"
 #include "list.h"
 #include "log.h"
+#include "macro.h"
 #include "namespace.h"
 #include "utils.h"
 
-#ifndef MS_REC
-#define MS_REC 16384
-#endif
-
-#ifndef MS_SLAVE
-#define MS_SLAVE (1 << 19)
-#endif
-
 extern int lxc_log_fd;
 
-int unshare(int flags);
-
 static void usage(const char *name)
 {
 	printf("usage: %s [-h] [-m <uid-maps>] -- [command [arg ..]]\n", name);
@@ -113,23 +104,13 @@ static int do_child(void *vargv)
 	char **argv = (char **)vargv;
 
 	/* Assume we want to become root */
-	ret = setgid(0);
-	if (ret < 0) {
-		CMD_SYSERROR("Failed to set gid to");
-		return -1;
-	}
-
-	ret = setuid(0);
-	if (ret < 0) {
-		CMD_SYSERROR("Failed to set uid to 0");
+	ret = lxc_switch_uid_gid(0, 0);
+	if (ret < 0)
 		return -1;
-	}
 
-	ret = setgroups(0, NULL);
-	if (ret < 0) {
-		CMD_SYSERROR("Failed to clear supplementary groups");
+	ret = lxc_setgroups(0, NULL);
+	if (ret < 0)
 		return -1;
-	}
 
 	ret = unshare(CLONE_NEWNS);
 	if (ret < 0) {
@@ -213,23 +194,24 @@ static int parse_map(char *map)
  * only use the first one for each of uid and gid, because otherwise we're not
  * sure which entries the user wanted.
  */
-static int read_default_map(char *fnam, int which, char *username)
+static int read_default_map(char *fnam, int which, char *user)
 {
+	size_t len;
 	char *p1, *p2;
 	FILE *fin;
-	struct id_map *newmap;
+	int ret = -1;
 	size_t sz = 0;
 	char *line = NULL;
 	struct lxc_list *tmp = NULL;
+	struct id_map *newmap = NULL;
 
 	fin = fopen(fnam, "r");
 	if (!fin)
 		return -1;
 
+	len = strlen(user);
 	while (getline(&line, &sz, fin) != -1) {
-		if (sz <= strlen(username) ||
-		    strncmp(line, username, strlen(username)) != 0 ||
-		    line[strlen(username)] != ':')
+		if (sz <= len || strncmp(line, user, len) != 0 || line[len] != ':')
 			continue;
 
 		p1 = strchr(line, ':');
@@ -241,34 +223,38 @@ static int read_default_map(char *fnam, int which, char *username)
 			continue;
 
 		newmap = malloc(sizeof(*newmap));
-		if (!newmap) {
-			fclose(fin);
-			free(line);
-			return -1;
-		}
+		if (!newmap)
+			goto on_error;
+
+		ret = lxc_safe_ulong(p1 + 1, &newmap->hostid);
+		if (ret < 0)
+			goto on_error;
+
+		ret = lxc_safe_ulong(p2 + 1, &newmap->range);
+		if (ret < 0)
+			goto on_error;
 
-		newmap->hostid = atol(p1 + 1);
-		newmap->range = atol(p2 + 1);
 		newmap->nsid = 0;
 		newmap->idtype = which;
 
+		ret = -1;
 		tmp = malloc(sizeof(*tmp));
-		if (!tmp) {
-			fclose(fin);
-			free(line);
-			free(newmap);
-			return -1;
-		}
+		if (!tmp)
+			goto on_error;
 
 		tmp->elem = newmap;
 		lxc_list_add_tail(&active_map, tmp);
 		break;
 	}
 
-	free(line);
+	ret = 0;
+
+on_error:
 	fclose(fin);
+	free(line);
+	free(newmap);
 
-	return 0;
+	return ret;
 }
 
 static int find_default_map(void)

src/lxc/confile_utils.c

@@ -32,6 +32,7 @@
 #include "list.h"
 #include "log.h"
 #include "lxccontainer.h"
+#include "macro.h"
 #include "network.h"
 #include "parse.h"
 #include "utils.h"
@@ -288,13 +289,12 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf)
 			TRACE("type: macvlan");
 
 			if (netdev->priv.macvlan_attr.mode > 0) {
-				char *macvlan_mode;
+				char *mode;
 
-				macvlan_mode = lxc_macvlan_flag_to_mode(
+				mode = lxc_macvlan_flag_to_mode(
 				    netdev->priv.macvlan_attr.mode);
 				TRACE("macvlan mode: %s",
-				      macvlan_mode ? macvlan_mode
-						   : "(invalid mode)");
+				      mode ? mode : "(invalid mode)");
 			}
 			break;
 		case LXC_NET_VLAN:
@@ -442,7 +442,7 @@ void lxc_free_networks(struct lxc_list *networks)
 	lxc_list_init(networks);
 }
 
-static struct macvlan_mode {
+static struct lxc_macvlan_mode {
 	char *name;
 	int mode;
 } macvlan_mode[] = {

src/lxc/confile_utils.h

@@ -20,27 +20,13 @@
 #ifndef __LXC_CONFILE_UTILS_H
 #define __LXC_CONFILE_UTILS_H
 
+#include "config.h"
+
 #include <stdbool.h>
 
 #include "conf.h"
 #include "confile_utils.h"
 
-#ifndef MACVLAN_MODE_PRIVATE
-#define MACVLAN_MODE_PRIVATE 1
-#endif
-
-#ifndef MACVLAN_MODE_VEPA
-#define MACVLAN_MODE_VEPA 2
-#endif
-
-#ifndef MACVLAN_MODE_BRIDGE
-#define MACVLAN_MODE_BRIDGE 4
-#endif
-
-#ifndef MACVLAN_MODE_PASSTHRU
-#define MACVLAN_MODE_PASSTHRU 8
-#endif
-
 #define strprint(str, inlen, ...)                                       \
 	do {                                                            \
 		if (str)                                                \

src/lxc/macro.h

@@ -20,6 +20,16 @@
 #ifndef __LXC_MACRO_H
 #define __LXC_MACRO_H
 
+#include "config.h"
+
+#include <asm/types.h>
+#include <linux/if_link.h>
+#include <linux/loop.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <sys/mount.h>
+#include <sys/socket.h>
+
 /* Define __S_ISTYPE if missing from the C library. */
 #ifndef __S_ISTYPE
 #define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask))
@@ -187,4 +197,29 @@ extern int __build_bug_on_failed;
 #define NLMSG_ERROR 0x2
 #endif
 
+#ifndef MACVLAN_MODE_PRIVATE
+#define MACVLAN_MODE_PRIVATE 1
+#endif
+
+#ifndef MACVLAN_MODE_VEPA
+#define MACVLAN_MODE_VEPA 2
+#endif
+
+#ifndef MACVLAN_MODE_BRIDGE
+#define MACVLAN_MODE_BRIDGE 4
+#endif
+
+#ifndef MACVLAN_MODE_PASSTHRU
+#define MACVLAN_MODE_PASSTHRU 8
+#endif
+
+/* mount */
+#ifndef MS_REC
+#define MS_REC 16384
+#endif
+
+#ifndef MS_SLAVE
+#define MS_SLAVE (1 << 19)
+#endif
+
 #endif /* __LXC_MACRO_H */